Question 1

A vulnerability can on a web server identified the following:

Which of the following actions would most likely eliminate on path decryption attacks? (Select two).

Options :

A : Disallowing cipher suites that use ephemeral modes of operation for key agreement

B : Removing support for CBC-based key exchange and signing algorithms

C : Adding TLS_ECDHE_ECDSA_WITH_AE3_256_GCMS_HA256

D : Implementing HIPS rules to identify and block BEAST attack attempts

E : Restricting cipher suites to only allow TLS_RSA_WITH_AES_128_CBC_SHA

F : Increasing the key length to 256 for TLS_RSA_WITH_AES_128_CBC_SHA

Answer: B,C

Question 2

While reviewing recent modem reports, a security officer discovers that several employees were contacted by the same individual who impersonated a recruiter. Which of the following best describes this type of correlation?

Options :

A : Spear-phishing campaign

B : Threat modeling

C : Red team assessment

D : Attack pattern analysis

Answer: A

Question 3

After remote desktop capabilities were deployed in the environment, various vulnerabilities were noticed. • Exfiltration of intellectual property • Unencrypted files • Weak user passwords Which of the following is the best way to mitigate these vulnerabilities? (Select two).

Options :

A : Implementing data loss prevention

B : Deploying file integrity monitoring

C : Restricting access to critical file services only

D : Deploying directory-based group policies

E : Enabling modem authentication that supports MFA

F : Implementing a version control system

G : Implementing a CMDB platform

Answer: A,E

Question 4

A security engineer performed a code scan that resulted in many false positives. The security engineer must find a solution that improves the quality of scanning results before application deployment. Which of the following is the best solution?

Options :

A : Limiting the tool to a specific coding language and tuning the rule set

B : Configuring branch protection rules and dependency checks

C : Using an application vulnerability scanner to identify coding flaws in production

D : Performing updates on code libraries before code development

Answer: A

Question 5

A security analyst is reviewing suspicious log-in activity and sees the following data in the SICM:

Which of the following is the most appropriate action for the analyst to take?

Options :

A : Update the log configuration settings on the directory server that Is not being captured properly.

B : Have the admin account owner change their password to avoid credential stuffing.

C : Block employees from logging in to applications that are not part of their business area.

D : implement automation to disable accounts that nave been associated with high-risk activity.

Answer: D