Question 1

While reviewing recent modem reports, a security officer discovers that several employees were contacted by the same individual who impersonated a recruiter. Which of the following best describes this type of correlation?

Options :

A : Spear-phishing campaign

B : Threat modeling

C : Red team assessment

D : Attack pattern analysis

Answer: A

Question 2

Developers have been creating and managing cryptographic material on their personal laptops fix use in production environment. A security engineer needs to initiate a more secure process. Which of the following is the best strategy for the engineer to use?

Options :

A : Disabling the BIOS and moving to UEFI

B : Managing secrets on the vTPM hardware

C : Employing shielding lo prevent LMI

D : Managing key material on a HSM

Answer: D

Question 3

A security engineer performed a code scan that resulted in many false positives. The security engineer must find a solution that improves the quality of scanning results before application deployment. Which of the following is the best solution?

Options :

A : Limiting the tool to a specific coding language and tuning the rule set

B : Configuring branch protection rules and dependency checks

C : Using an application vulnerability scanner to identify coding flaws in production

D : Performing updates on code libraries before code development

Answer: A

Question 4

A vulnerability can on a web server identified the following:

Which of the following actions would most likely eliminate on path decryption attacks? (Select two).

Options :

A : Disallowing cipher suites that use ephemeral modes of operation for key agreement

B : Removing support for CBC-based key exchange and signing algorithms

C : Adding TLS_ECDHE_ECDSA_WITH_AE3_256_GCMS_HA256

D : Implementing HIPS rules to identify and block BEAST attack attempts

E : Restricting cipher suites to only allow TLS_RSA_WITH_AES_128_CBC_SHA

F : Increasing the key length to 256 for TLS_RSA_WITH_AES_128_CBC_SHA

Answer: B,C

Question 5

A security analyst is reviewing suspicious log-in activity and sees the following data in the SICM:

Which of the following is the most appropriate action for the analyst to take?

Options :

A : Update the log configuration settings on the directory server that Is not being captured properly.

B : Have the admin account owner change their password to avoid credential stuffing.

C : Block employees from logging in to applications that are not part of their business area.

D : implement automation to disable accounts that nave been associated with high-risk activity.

Answer: D