Question 266
A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. In addition to the normal complement of security controls (e.g. antivirus, host hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on the VMs. Which of the following will meet this goal without requiring any hardware pass-through implementations?
Question 267
A developer is reviewing the following transaction logs from a web application:
Username: John Doe
Street name: Main St.
Street number: <script>alert('test')</alert>
Which of the following code snippets should the developer implement given the above transaction logs?
Question 268
An engineer is reviewing the security architecture for an enterprise network. During the review, the engineer notices an undocumented node on the network. Which of the following approaches can be utilized to determine how this node operates? (Choose two.)
Question 269
A security analyst has been assigned incident response duties and must instigate the response on a Windows device that appears to be compromised. Which of the following commands should be executed on the client FIRST?
A)
B)
C)
D)
Question 270
A business is growing and starting to branch out into other locations. In anticipation of opening an office in
a different country, the Chief Information Security Officer (CISO) and legal team agree they need to meet
the following criteria regarding data to open the new office:
Store taxation-related documents for five years
Store customer addresses in an encrypted format
Destroy customer information after one year
Keep data only in the customer's home country
Which of the following should the CISO implement to BEST meet these requirements? (Choose three.)