A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application.
Which of the following is the MOST likely cause?

• A.Old, vulnerable cipher suites are still being used.
• B.A certificate on the WAF is expired.
• C.HTTP traffic is not forwarding to HTTPS to decrypt.
• D.The user agent client is not compatible with the WAF.

Comment: *

Name: *

Email: *

Verification: *

The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.
Which of the following testing methods would be BEST for the engineer to utilize in this situation?

• A.Static analysis
• B.Software composition analysis
• C.Dynamic analysis
• D.Code obfuscation

Comment: *

Name: *

Email: *

Verification: *

A vulnerability analyst identified a zero-day vulnerability in a company's internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one.
Which of the following would be BEST suited to meet these requirements?

• A.ARF
• B.ISACs
• C.OVAL
• D.Node.js

Comment: *

Name: *

Email: *

Verification: *

A financial institution has several that currently employ the following controls:
* The severs follow a monthly patching cycle.
* All changes must go through a change management process.
* Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.
* The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.
An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

• A.Implement file integrity monitoring with automated alerts on the servers.
• B.Require more than one approver for all change management requests.
• C.Disable automatic patch update capabilities on the servers
• D.Enhanced audit logging on the jump servers and ship the logs to the SIEM.

Comment: *

Name: *

Email: *

Verification: *

An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment.
Which of the following BEST describes the reason why traditional methods of addressing risk may not be possible in the cloud?

• A.Cloud providers are unable to avoid risk.
• B.Migrating operations assumes the acceptance of all risk.
• C.Specific risks cannot be transferred to the cloud provider.
• D.Risks to data in the cloud cannot be mitigated.

Comment: *

Name: *

Email: *

Verification: *