In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following best describes the security engineer's response?

• A.Risk tolerance
• B.Risk acceptance
• C.Risk importance
• D.Risk appetite

Comment: *

Name: *

Email: *

Verification: *

A security administrator observed the following in a web server log while investigating an incident:

Which of the following attacks did the security administrator most likely see?

• A.Privilege escalation
• B.Directory traversal
• C.Credential replay
• D.Brute force

Comment: *

Name: *

Email: *

Verification: *

Which of the following is an example of a data protection strategy that uses tokenization?

• A.Encrypting databases containing sensitive data
• B.Replacing sensitive data with surrogate values
• C.Removing sensitive data from production systems
• D.Hashing sensitive data in critical systems

Comment: *

Name: *

Email: *

Verification: *

Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

• A.Pass
• B.SaaS
• C.Private cloud
• D.Hybrid cloud
• E.IaaS

Comment: *

Name: *

Email: *

Verification: *

During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

• A.access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32
• B.access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0
• C.access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0
• D.access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

Comment: *

Name: *

Email: *

Verification: *