181 Keith's organization wants to move a vital company process to the cloud. He is tasked with conducting a risk analysis to minimize the risk of hosting email in the cloud. What is the best path forward?All logins must be done over an encrypted channel and obtain an NDA and SLA from the cloud provider.Remind all users not to write down their passwords.Make sure that the OLA covers more than just operations.Require data classification.
182 What is a major security concern associated with IoT?Lack of encryptionUse of hard-coded passwordsLack of firmware supportAll of the above
183 Your company is recovering from a data breach. The breach was not deep but raised the security awareness profile of upper management. Realizing they have gaps in access control, upper management approved the purchase of password manager software for the organization. What else do you suggest they institute for end users?2FAPassword isolationDisaster recoveryIDR
184 Which of the following access control principles should you implement to create a system of checks and balances on employees with heightened privileged access?Rotation of dutiesNeed to knowMandatory access controlSeparation of duties
185 Your penetration testers' report shows that they obtained the credentials of specific user accounts through social engineering and phishing campaigns. Once on the organization's network, the penetration testers used these credentials to bypass access controls and to gain access to remote systems. In one case, they were able to switch from a user-level account to an administrator-level account. What is this type of attack called?XSRFPassword mitigationToken theftPrivilege escalation
186 You have an application that performs authentication, which makes checking for session management, brute forcing, and password complexity appropriate. What else might you check for?SQLiRansomwarePrivilege escalationStatic analysis
187 As the senior security architect, you create a security policy and standards that instruct employees to use strong passwords. You find that employees are still using weak passwords. Revising the procedures for creating strong passwords, which of these are you least likely to require for employees?Change your password every 90 days.Use a combination of numbers, letters, uppercase and lowercase letters, and special characters.Use a minimum number of characters.Use a Merriam-Webster dictionary.
188 You just accepted a CISO position for a small customer service business, and your first priority is to increase security and accessibility for current software-as-a-service (SaaS) applications. The applications are configured to use passwords. What do you implement first?Deploy password managers for all employees.Deploy password managers for only the employees who use the SaaS tool.Create a VPN between your organization and the SaaS provider.Implement a system for time-based, one-time passwords.
189 The collaboration tool that your company uses follows a username and password login model. If one of your employee's credentials are compromised, it could give attackers access to financial information, intellectual property, or client information. How would you mitigate this type of risk with a collaboration tool?Strict password guidelinesOnly use HTTPSRestrict usage to VPNDisable SSO
190 Wayne is a security manager for a small organization. He has evaluated several different types of access controls. Which of these are easiest for an attacker to bypass?FingerprintPasswordIris scanCAC card
191 What is FIM when it comes to obtaining access to networks?Fighting insidious malwareFederated identity managementForest integration modulesFact investigative modifications
192 If Domain A trusts Domain B and Domain B trusts Domain C, what is it called when Domain A trusts Domain C because of the previously stated relationships?Transitive tortTransitive trustTransitive tradeTransitive theory
193 You visit a website that requires credentials to log in. Besides providing the option of a username and password, you are also given the option to log in using your Facebook credentials. What type of authentication scheme is used?SAMLOAuthClosedIDOpenID
194 You need to find a web-based language that is used to exchange security information with single sign-on (SSO). Which of the following is the best language to use?SOAPKerberosSAML/ShibbolethAPI
195 Your IT manager wants to move from a centralized access control methodology to a decentralized access control methodology. You need a router that authenticates users from a locally stored database. This requires subjects to be added individually to the local database for access, which creates a security domain, or sphere of trust. What best describes this type of administration?Decentralized access control requires more administrative work.Decentralized access control creates a bottleneck.Decentralized access control requires a single authorization server.Decentralized access control stores all the users in the same administrative location using RADIUS.
196 The CISO is researching ways to reduce risk associated with the separation of duties. In the case where one person is not available, another needs to be able to perform all the duties of their co-workers. What should the CISO implement to reduce risk?Mandatory requirement of a shared account for administrative purposesAudit of all ongoing administration activitiesSeparation of duties to ensure no single administrator has accessRole-based security on the primary role and provisional access to the secondary role on a case-by-case basis
197 You implement mandatory access control for your secure data storage system. You change default passwords and enforce the use of strong passwords. What else should you do to make this storage system even more secure?Multifactor authenticationMultifactor authorizationIdentificationVerification
198 Your data owner must assign classifications to information assets and ensure regulation compliance. Which of these other criteria is determined by a data owner?AuthorizationAuthenticationVerificationValidation
199 As a security specialist for your organization, you are increasingly concerned about strong endpoint controls of developers' workstations as well as access control of servers running developer tools. Which of these is not a benefit of an attribute-based access control (ABAC) scheme?Helping meet security goals and standardsEnsuring only authorized users have access to code repositoriesHaving runtime self-protection controlsSafeguarding system integrity
200 As a security administrator at a high-security governmental agency, you rely on some assets running high-end customized legacy software. What type of access control do you implement to protect your organization?DACRBACMACABAC
201 Your organization needs an AAA server to support the users accessing the corporate network via a VPN. Which of the following will be used to provide AAA services?RADIUSL2TPLDAPAD
202 Your network administrator wants to use an authentication protocol to encrypt usernames and passwords on all Cisco devices. What is the best option for them to use?RADIUSDIAMETERCHAPTACACS+
203 Your company currently uses Kerberos authentication protocols and tickets to prove identity. You are looking for another means of authentication because Kerberos has several potential vulnerabilities, the biggest being which of the following?Single point of failureDynamic passwordsLimited read/write cyclesConsensus
204 You need an authorization framework that gives a third-party application access to resources without providing the owners' credentials to the application. Which of these is your best option?MACEAPSAMLOAuth
205 You need develop a security logging process for your mission-critical servers to hold users accountable for their actions on a system after they log in. What is this called?AuthorizationAuthentication2 -step verificationAccountability
206 Your credit card company identified that customers' top transaction on the web portal is resetting passwords. Many users forget their secret questions, so customers are calling to talk to tech support. You want to develop single-factor authentication to cut down on the overhead of the current solution. What solution do you suggest?Push notificationIn-band certificate or tokenLogin with third-party social media accountsSMS message to a customer's mobile number with an expiring OTP
207 Your CISO wants to implement a solution within the organization where employees are required to authenticate once and then permitted to access the various computer systems they are authorized to access. The organization uses primarily Microsoft products.