- (Exam Topic 2)
A security analyst is receiving several alerts per user and is trying to determine If various logins are malicious. The security analyst would like to create a baseline of normal operations and reduce noise. Which of the following actions should the security analyst perform?
Correct Answer:
D
- (Exam Topic 1)
Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps?
Correct Answer:
A
CVSS is maintained by the Forum of Incident Response and Security Teams (first.org/cvss). CVSS metrics generate a score from 0 to 10 based on characteristics of the vulnerability, such as whether it can be triggered remotely or needs local access, whether user intervention is required, and so on
- (Exam Topic 3)
A small company that does not have security staff wants to improve its security posture. Which of the following would BEST assist the company?
Correct Answer:
B
- (Exam Topic 3)
A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal?
Correct Answer:
C
- (Exam Topic 3)
When selecting a technical solution for identity management, an architect chooses to go from an in-house to a third-party SaaS provider. Which of the following risk management strategies is this an example of?
Correct Answer:
D
