A security analyst wishes to scan the network to view potentially vulnerable systems the way an attacker would. Which of the following would BEST enable the analyst to complete the objective?

• A.Conduct an intrusive scan.
• B.Execute a credentialed scan.
  Section: (none)
  Explanation
• C.Attempt escalation of privilege.
• D.Perform a non-credentialed scan.

Comment: *

Name: *

Email: *

Verification: *

An attack has occurred against a company.
INSTRUCTIONS
You have been tasked to do the following:
Identify the type of attack that is occurring on the network by clicking on the attacker's tablet and reviewing the output. (Answer Area 1) Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server. (Answer area 2) All objects will be used, but not all placeholders may be filled. Objects may only be used once.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *

A company is implementing a system to transfer direct deposit information to a financial institution. One of the requirements is that the financial institution must be certain that the deposit amounts within the file have not been changed. Which of the following should be used to meet the requirement?

• A.Transport encryption
• B.Digital signatures
• C.Key escrow
• D.File encryption
• E.Perfect forward secrecy

Comment: *

Name: *

Email: *

Verification: *

An organization recently moved its custom web applications to the cloud, and it is obtaining managed services of the back-end environment as part of its subscription. Which of the following types of services is this company now using?

• A.SaaS
• B.CASB
• C.IaaS
• D.PaaS

Comment: *

Name: *

Email: *

Verification: *

The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the
entire corporate IT infrastructure. The architecture consists of a centralized cloud environment hosting the
majority of data, small server clusters at each corporate location to handle the majority of customer
transaction processing, ATMs, and a new mobile banking application accessible from smartphones,
tablets, and the Internet via HTTP. The corporation does business having varying data retention and
privacy laws.
Which of the following technical modifications to the architecture and corresponding security controls
should be implemented to provide the MOST complete protection of data?

• A.Ensure all data is encryption according to the most stringent regulatory guidance applicable, implement
  encryption for data in-transit between data centers, increase data availability by replicating all data,
  transaction data, logs between each corporate location
• B.Install redundant servers to handle corporate customer processing, encrypt all customer data to ease
  the transfer from one country to another, implement end-to-end encryption between mobile applications
  and the cloud.
• C.Store customer data based on national borders, ensure end-to end encryption between ATMs, end
  users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from
  one legal jurisdiction to another with more stringent regulations
• D.Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are
  digitally signed to minimize fraud, implement encryption for data in-transit between data centers

Comment: *

Name: *

Email: *

Verification: *