A cybersecurity analyst is conducting packet analysis on the following:

Which of the following is occurring in the given packet capture?

• A.ARP spoofing
• B.Zero-day exploit
• C.Network enurneration
• D.Broadcast storm
• E.Smurf attack

Comment: *

Name: *

Email: *

Verification: *

A security engineer is designing a system in which offshore, outsourced staff can push code from the development environment to the production environment securely. The security engineer is concerned with data loss, while the business does not want to slow down its development process. Which of the following solutions BEST balances security requirements with business need?

• A.Set up a VDI environment that prevents copying and pasting to the local workstations of outsourced staff members
• B.Install a client-side VPN on the staff laptops and limit access to the development network
• C.Create an IPSec VPN tunnel from the development network to the office of the outsourced staff
• D.Use online collaboration tools to initiate workstation-sharing sessions with local staff who have access to the development network

Comment: *

Name: *

Email: *

Verification: *

An engineer is evaluating the control profile to assign to a system containing PII, financial, and proprietary
data.

Based on the data classification table above, which of the following BEST describes the overall
classification?

• A.High integrity, low availability
• B.High confidentiality, medium availability
• C.Low availability, low confidentiality
• D.High confidentiality, high availability

Comment: *

Name: *

Email: *

Verification: *

An organization has implemented an Agile development process for front end web application development. A new security architect has just joined the company and wants to integrate security activities into the SDLC.
Which of the following activities MUST be mandated to ensure code quality from a security perspective? (Select TWO).

• A.Static and dynamic analysis is run as part of integration
• B.Security standards and training is performed as part of the project
• C.Daily stand-up meetings are held to ensure security requirements are understood
• D.For each major iteration penetration testing is performed
• E.Security requirements are story boarded and make it into the build
• F.A security design is performed at the end of the requirements phase

Comment: *

Name: *

Email: *

Verification: *

While attending a meeting with the human resources department, an organization's information security
officer sees an employee using a username and password written on a memo pad to log into a specific
service. When the information security officer inquires further as to why passwords are being written down,
the response is that there are too many passwords to remember for all the different services the human
resources department is required to use.
Additionally, each password has specific complexity requirements and different expiration time frames.
Which of the following would be the BEST solution for the information security officer to recommend?

• A.Utilizing MFA
• B.Implementing TACACS
• C.Implementing SSO
• D.Pushing SAML adoption
• E.Deploying 802.1X

Comment: *

Name: *

Email: *

Verification: *