An organization is in the process of evaluating service providers for an upcoming migration to cloud-based services for the organization's ERP system. As part of the requirements defined by the project team, regulatory requirements specify segmentation and isolation of the organization's data. Which of the following should the vendor management team identify as a requirement during the procurement process?

• A.Public cloud services with private SaaS environments supported by private IaaS backbones
• B.Private cloud services with multitenancy in place for private SaaS environments
• C.Public cloud services with single-tenancy IaaS architectures
• D.Private cloud services with single-tenancy PaaS services

Comment: *

Name: *

Email: *

Verification: *

Since the implementation of IPv6 on the company network, the security administrator has been unable to identify the users associated with certain devices utilizing IPv6 addresses, even when the devices are centrally managed.
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether f8:1e:af:ab:10:a3
inet6 fw80::fa1e:dfff:fee6:9d8%en1 prefixlen 64 scopeid 0x5
inet 192.168.1.14 netmask 0xffffff00 broadcast 192.168.1.255
inet6 2001:200:5:922:1035:dfff:fee6:9dfe prefixlen 64 autoconf
inet6 2001:200:5:922:10ab:5e21:aa9a:6393 prefixlen 64 autoconf temporary nd6 options=1<PERFORMNUD> media: autoselect status: active Given this output, which of the following protocols is in use by the company and what can the system administrator do to positively map users with IPv6 addresses in the future? (Select TWO).

• A.The devices use EUI-64 format
• B.The routers implement NDP
• C.The network implements 6to4 tunneling
• D.The router IPv6 advertisement has been disabled
• E.The administrator must disable IPv6 tunneling
• F.The administrator must disable the mobile IPv6 router flag
• G.The administrator must disable the IPv6 privacy extensions
• H.The administrator must disable DHCPv6 option code 1

Comment: *

Name: *

Email: *

Verification: *

Company XYZ has employed a consultant to perform a controls assessment of the HR system, backend business operations, and the SCADA system used in the factory.
Which of the following correctly states the risk management options that the consultant should use during the assessment?

• A.Avoid, transfer, mitigate, and accept.
• B.Risk reduction, risk sharing, risk retention, and risk acceptance.
• C.Calculate risk by determining technical likelihood and potential business impact.
• D.Risk likelihood, asset value, and threat level.

Comment: *

Name: *

Email: *

Verification: *

The latest independent research shows that cyber attacks involving SCADA systems grew an average of 15% per year in each of the last four years, but that this year's growth has slowed to around 7%. Over the same time period, the number of attacks against applications has decreased or stayed flat each year. At the start of the measure period, the incidence of PC boot loader or BIOS based attacks was negligible. Starting two years ago, the growth in the number of PC boot loader attacks has grown exponentially. Analysis of these trends would seem to suggest which of the following strategies should be employed?

• A.Spending on SCADA protections should stay steady; application control spending should increase substantially and spending on PC boot loader controls should increase substantially.
• B.Spending on SCADA security controls should stay steady; application control spending should decrease slightly and spending on PC boot loader protections should increase substantially.
• C.Spending all controls should increase by 15% to start; spending on application controls should be suspended, and PC boot loader protection research should increase by 100%.
• D.Spending on SCADA security controls should increase by 15%; application control spending should increase slightly, and spending on PC boot loader protections should remain steady.

Comment: *

Name: *

Email: *

Verification: *

A security tester is testing a website and performs the following manual query:
https://www.comptia.com/cookies.jsp?products=5%20and%201=1
The following response is received in the payload:
"ORA-000001: SQL command not properly ended"
Which of the following is the response an example of?

• A.Fingerprinting
• B.Cross-site scripting
• C.SQL injection
• D.Privilege escalation

Comment: *

Name: *

Email: *

Verification: *