The results of an external penetration test for a software development company show a small number of applications account for the largest number of findings. While analyzing the content and purpose of the applications, the following matrix is created.

The findings are then categorized according to the following chart:

Which of the following would BEST reduce the amount of immediate risk incurred by the organization from a compliance and legal standpoint? (Select TWO)

• A.Implement an IDS/IPS on the same network segment as Application 3
• B.Move Application 3 to a secure VLAN and require employees to use a jump server for access.
• C.Use network segmentation and ACLs to control access to Application 5.
• D.Install a FIM on the server hosting Application 4
• E.Place a WAF in line with Application 2
• F.Apply the missing OS and software patches to the server hosting Application 4

Comment: *

Name: *

Email: *

Verification: *

An advanced threat emulation engineer is conducting testing against a client's network.
The engineer conducts the testing in as realistic a manner as possible. Consequently, the engineer has been gradually ramping up the volume of attacks over a long period of time.
Which of the following combinations of techniques would the engineer MOST likely use in this testing? (Choose three.)

• A.Black box testing
• B.Vulnerability assessment
• C.Social engineering
• D.Code review
• E.Gray box testing
• F.Self-assessment
• G.Pivoting
• H.External auditing
• I.White teaming

Comment: *

Name: *

Email: *

Verification: *

An information security officer is responsible for one secure network and one office network. Recent intelligence suggests there is an opportunity for attackers to gain access to the secure network due to similar login credentials across networks. To determine the users who should change their information, the information security officer uses a tool to scan a file with hashed values on both networks and receives the following data:

Which of the following tools was used to gather this information from the hashed values in the file?

• A.MD5 generator
• B.Vulnerability scanner
• C.Protocol analyzer
• D.Fuzzer
• E.Password cracker

Comment: *

Name: *

Email: *

Verification: *

A software development company lost customers recently because of a large number of software issues. These issues were related to integrity and availability defects, including buffer overflows, pointer deferences, and others. Which of the following should the company implement to improve code quality? (Select two).

• A.Development environment access controls
• B.Code obfuscation
• C.Static analysis tools
• D.Continuous integration
• E.Code comments and documentation
• F.Application containerization

Comment: *

Name: *

Email: *

Verification: *

A new security policy states all wireless and wired authentication must include the use of certificates when connecting to internal resources within the enterprise LAN by all employees.
Which of the following should be configured to comply with the new security policy? (Choose two.)

• A.Push-based authentication
• B.New pre-shared key
• C.PKI
• D.802.1X
• E.OAuth
• F.SSO

Comment: *

Name: *

Email: *

Verification: *