An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key. Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?
Question 82
An application server was recently upgraded to prefer TLS 1. 3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCHWhich of the following is MOST likely the root cause?
Question 83
An organization is designing a network architecture that must meet the following requirements: - Users will only be able to access predefined services. - Each user will have a unique allow list defined for access. - The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
Question 84
An organization developed a social media application that is used by customers in multiple remote geographic __cpLocations around the world. The organization's headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application: - Low latency for all mobile users to improve the users' experience - SSL offloading to improve web server performance - Protection against DoS and DDoS attacks - High availabilityWhich of the following should the organization implement to BEST ensure all requirements are met?
Question 85
A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information especially regarding configuration settings. Which of the following scan types will provide the systems administrator with the MOST accurate information?
Question 86
A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment. Which of the following should the security administrator do to mitigate the risk?
Question 87
Given the following log snippet from a web server: Which of the following BEST describes this type of attack?
Question 88
A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company's managed database, exposing customer information. The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?
Question 89
A host on a company's network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis. Which of the following steps would be best to perform FIRST?
Question 90
SIMULATION -You are a security analyst tasked with interpreting an Nmap scan output from company's privileged network. The company's hardening guidelines indicate the following:
