A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.
Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

• A.Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.
• B.Change privileged usernames, review the OS logs, and deploy hardware tokens.
• C.Scan the code with a static code analyzer, change privileged user passwords, and provide security training.
• D.Implement MFA, review the application logs, and deploy a WAF.

Comment: *

Name: *

Email: *

Verification: *

The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

• A.Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.
• B.Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier's post-contract renewal with a dedicated risk management team.
• C.Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.
• D.Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier's rating. Report finding units that rely on the suppliers and the various risk teams.

Comment: *

Name: *

Email: *

Verification: *

An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue.
Which of the following is the MOST cost-effective solution?

• A.Move the server to a cloud provider.
• B.Buy a new server and create an active-active cluster.
• C.Upgrade the server with a new one.
• D.Change the operating system.

Comment: *

Name: *

Email: *

Verification: *

A development team created a mobile application that contacts a company's back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.
Which of the following would BEST safeguard the APIs? (Choose two.)

• A.Rate limiting
• B.OAuth 2.0
• C.Input validation
• D.CSRF protection
• E.Autoscaling endpoints
• F.Bot protection

Comment: *

Name: *

Email: *

Verification: *

A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.
The technician will define this threat as:

• A.a decrypting RSA using obsolete and weakened encryption attack.
• B.an advanced persistent threat.
• C.an on-path attack.
• D.a zero-day attack.

Comment: *

Name: *

Email: *

Verification: *