During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two).
A. Federation
B. Identity proofing
C. Password complexity
D. Default password changes
E. Password manager
F. Open authentication
Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?
A. Encryption
B. Hashing
C. Masking
D. Tokenization
A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?
A. Testing input validation on the user input fields
B. Performing code signing on company-developed software
C. Performing static code analysis on the software
D. Ensuring secure cookies are use
An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?
A. RDP server
B. Jump server
C. Proxy server
D. Hypervisor
A company is discarding a classified storage array and hires an outside vendor to complete the disposal. Which of the following should the company request from the vendor?
A. Certification
B. Inventory list
C. Classification
D. Proof of ownership
One of a company's vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch?
A. Virtualization
B. Firmware
C. Application
D. Operating system
A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network. Which of the following would have mitigated the spread?
A. IPS
B. IDS
C. WAF
D. UAT
A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?
A. Clustering servers
B. Geographic dispersion
C. Load balancers
D. Off-site backups
Which of the following would be best suited for constantly changing environments?
A. RTOS
B. Containers
C. Embedded systems
D. SCADA
Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule. Which of the following but describes this form of security control?
A. Physical
B. Managerial
C. Technical
D. Operational