The human resources division is moving all of its applications to an IaaS cloud. The Chief Information Officer (CIO) has asked the security architect to design the environment securely to prevent the IaaS provider from accessing its data-at-rest and data-in-transit within the infrastructure. Which of the following security controls should the security architect recommend?

• A.Render data unreadable through the use of appropriate tools and techniques
• B.Ensure all backups are remote outside the control of the IaaS provider
• C.Implement a non-data breach agreement
• D.Ensure all of the IaaS provider's workforce passes stringent background checks

Comment: *

Name: *

Email: *

Verification: *

A security analyst is creating baseline system images to remediate vulnerabilities found in different
operating systems. Each image needs to be scanned before it is deployed. The security analyst must
ensure the configurations match industry standard benchmarks and the process can be repeated
frequently. Which of the following vulnerability options would BEST create the process requirements?

• A.Utilizing an operating system SCAP plugin
• B.Utilizing an authorized credential scan
• C.Utilizing a non-credential scan
• D.Utilizing a known malware plugin

Comment: *

Name: *

Email: *

Verification: *

A business-critical application is unable to support the requirements in the current password policy because it does not allow the use of special characters. Management does not want to accept the risk of a possible security incident due to weak password standards. Which of the following is an appropriate means to limit the risks related to the application?

• A.Creating new account management procedures
• B.A compensating control
• C.Altering the password policy
• D.Encrypting authentication traffic

Comment: *

Name: *

Email: *

Verification: *

A security analyst is creating baseline system images to remediate vulnerabilities found in different operating systems. Each image needs to be scanned before it is deployed. The security analyst must ensure the configurations match industry standard benchmarks and the process can be repeated frequently. Which of the following vulnerability options would BEST create the process requirements?

• A.Utilizing a known malware plugin
• B.Utilizing an operating system SCAP plugin
• C.Utilizing an authorized credential scan
• D.Utilizing a non-credential scan

Comment: *

Name: *

Email: *

Verification: *

Three similar production servers underwent a vulnerability scan. The scan results revealed that the three servers had two different vulnerabilities rated "Critical".
The administrator observed the following about the three servers:
The servers are not accessible by the Internet

AV programs indicate the servers have had malware as recently as two weeks ago

The SIEM shows unusual traffic in the last 20 days

Integrity validation of system files indicates unauthorized modifications

Which of the following assessments is valid and what is the most appropriate NEXT step? (Select TWO).

• A.Schedule recurring vulnerability scans on the servers
• B.Activate the incident response plan
• C.Immediately rebuild servers from known good configurations
• D.Servers may have been built inconsistently
• E.Servers may be generating false positives via the SIEM
• F.Servers may have been tampered with

Comment: *

Name: *

Email: *

Verification: *