A healthcare provider is required to comply with the Health Insurance Portability and Accountability Act (HIPAA), which sets requirements for the protection of patient healthinformation. The provider uses various software applications to manage and store patient health information, which must be coded to protect its confidentiality and integrity.

Which protocol will meet the needs of this provider?

Which operation converts raw data into information?

What allows a user to query information from an online database with a web application without revealing what they are viewing?

An IT organization has seen a surge of ransomware and Trojan horse attacks recently.

Which action should the security team recommend to protect the IT infrastructure from commodity malware threats?

A security engineer has been asked to audit unapproved changes that have recently taken place in a corporate application.

Which logging mechanism will create an audit trail?

Which task is the responsibility of a database administrator?

Which two benefits do computer networks provide for businesses?

Choose 2 answers

An IT team has been tasked with improving the security of a company’s web applications.

Which threats should the IT team consider detecting when defending the network with a web application firewall (WAF)?

Which is true about access rights?

A financial services company is concerned about the potential risks associated with sensitive customer data stored on employee laptops. The company has decided to implement hardening techniques and endpoint security controls to mitigate the risk.

Which hardening technique will meet the needs of this company?

A company is concerned about the security of its users’ passwords and is looking for a solution to ensure that user credentials are kept safe.

What is the best solution?

When is it better to purchase software rather than build a software solution in-house?

Which type of systems testing includes having end users test the system with simulated data and the help of the developer?

A company is developing a new mobile application to support external customers and contractors. The application needs to allow users to sign in using third-party social identities.

What is the best protocol?

Which stream cipher is a variant of the Salsa20 cipher, designed to be fast, secure, and resistant to cryptanalysis, and is commonly used in combination with the Poly1305 authentication mode?

A large multinational corporation maintains a complex network of data centers across the world.

Which type of disaster recovery site will ensure business continuity in case of a disaster?

A company wants to secure its computer systems and prevent any unauthorized access to its network. The company wants to implement a security solution that can restrict network traffic to only approved services and applications.

Which security technology will meet the needs of this company?

A retail company has recently implemented a new point of sale (POS) system that is critical to its business.

Which security control is essential for protecting the availability of the POS system?

A retail company has recently implemented a new point of sale (POS) system that is critical to its business.

Which security control is essential for protecting the availability of the POS system?

A consultancy organization has many employees who travel with different mobile devices. Having the employees visit an office to update their devices is not feasible due to their travel schedule.

How should the organization ensure that its employees receive the latest security updates?

A small start-up is setting up its first network, and it needs to ensure that its network security is adequate. The start-up is aware of the latest cybersecurity threats and the need for strong security measures. In addition to network security, the start-up wants to ensure that it has a disaster recovery plan in place in case of any unexpected events.

Which approach will meet the needs of the start-up?

A company is moving its applications to the cloud and is concerned about cyber security threats. The security team has been tasked with providing a comprehensive view of how attackers gainaccess, move through networks, and carry out attacks.

Which framework identifies the seven phases of an attack, from initial infiltration to post-exploitation?

A software development company uses file transfer protocol (FTP) to transfer software code between different teams.

Which security control is essential for protecting the integrity of software code that is transferred using FTP?

A healthcare provider is developing a disaster recovery plan and wants to determine the longest duration that its systems or applications can be down before causing significant damage to the business.

What is the term used to describe this metric?

Which risk management strategy will ensure the secure storage of data on a new document management system?

A company has recently completed its disaster recovery plan and is preparing to test it. Thecompany's IT team has identified the need to simulate a disaster scenario to evaluate the effectiveness of the plan. The team has considered options including full interruption tests, walkthroughs, tabletop exercises, and checklists. They want to choose a testing method that will allow them to evaluate the plan in a controlled environment while minimizing the impact on the company’s operations.

Which testing method will meet the needs of the company?

What is an information system?

A healthcare organization would like to interoperate with another healthcare organization without needing to maintain individual accounts for members of the other organization.

Which technology concept should the company use?

An organization wants to implement a new encryption solution for a real-time video conferencing application. The organization wants to ensure that the encryption solution provides protection for the video stream without causing significant delays or latency in the conference.

Which type of encryption will meet the needs of the organization?

While undergoing a security audit, it is determined that an organization has several backup repositories nested in the cloud without any level of protection. Which action should be taken to protect the backup repositories first?

A cybersecurity analyst at a manufacturing company is tasked with analyzing the Indicators of Compromise (IOCs) to identify potential threats and vulnerabilities within the organization.While viewing the Security Information and Event Management (SIEM), the analyst notices an unknown IP address logging in to the company's Secure Shell (SSH) server.

A software development company is required to comply with the Payment Card Industry Data Security Standard (PCI DSS), which sets requirements for the protection of cardholder data. The company uses Secure Shell (SSH) to connect to its cloud-based development environment, which contains cardholder data.

Which security control will meet the needs of the company?

How should a security analyst detect a potential structured query language (SQL) injection attack?

Why should an information technology (IT) professional be aware of professional associations?

What is true about an operating system?

A financial institution conducted a cybersecurity assessment, which identified several vulnerabilities including outdated software and weak password policies. The company also needs to implement a new core banking system that can handle a large number of transactions while ensuring the security of customer data.

Which risk mitigation process is the most effective approach to address these vulnerabilities, and what is the best topology for the new core banking system?

A company wants to ensure that the integrity of its systems is maintained during the startup process.

Which security technology can ensure the integrity of the system during startup by verifying that the system has not been compromised?

How does application software differ from operating systems?

Choose 2 answers

A cloud hosting provider is concerned about the potential risks associated with attacks that target the confidentiality and integrity of sensitive data stored on its servers’ volatile memory. The provider has decided to implement hardening techniques and endpoint security controls to mitigate the risk.

Which hardening technique will meet the needs of this provider?

An application team manages a large farm of web servers on virtual machines in the cloud. The team wants to reduce the server load by caching static content. Adding a second layer of protection is also a requirement.

What should this team recommend in this scenario?

A system analyst is reviewing risk documents and noticed that the date of many risks are more than three years old.

What should be proposed to leadership regarding these risks?

Which item is an input device?

A financial institution is planning to conduct a business impact analysis (BIA) to evaluate the criticality of its business processes and functions.

Which steps will allow the company to perform a BIA?

What is the correct order of project phases?

Which database has multiple tables with interrelated fields?

Which characteristic applies to machine-level languages?

In which type of network topology are the networked devices connected to a central device like a hub or switch?

A professional services organization deployed security edge devices in key locations on its corporate network.

How will these devices improve the organization's security posture?

A healthcare provider is developing a disaster recovery plan and wants to determine the longest duration that its systems or applications can be down before causing significant damage to the business.

What is the term used to describe this metric?

An organization needs to securely exchange confidential documents with a third-party vendor overan unsecured network connection. The organization wants to ensure that the documents can only be read by the intended recipient and cannot be intercepted or read by unauthorized parties.

Which type of encryption meets the needs of the organization?

A government agency is planning a hybrid cloud deployment. Strict controls must be in placethat can label classified data. The solution must ensure that access rights will be granted based on the user’s government security classification.

A company has recently experienced a data breach from an insider threat and wants to implement a policy to reduce the risk of similar incidents in the future. During the incident, the insider threat accessed sensitive information stored in the administrator account from their user account. The insider threat was not in a supervisory role at the time of the incident.

Which policy should the company implement?

A company has recently failed a security audit. Many of the end users have passwords older than 365 days.

Which password policy type will prevent this issue?

Which IT role is responsible for the installation and maintenance of hardware and software that make up a computer network?

A retail company wants to establish the frequency at which it needs to backup its critical data to ensure it can be restored in case of a disruption with the least amount of acceptable loss in recovery.

What is the term used to describe this metric?

Which motherboard component is used for short-term storage of data?

An organization wants to implement a new encryption solution to protect sensitive data stored in a database. The organization wants to ensure that the encryption solution provides strong protection for the data and is willing to sacrifice performance.

Which type of encryption meets the needs of the organization?

Which technique allows someone to obtain a password while it is in transit?

Which IT role is responsible for installing new hardware and troubleshooting existing hardware?

Why is business continuity planning essential?

What is scope creep?

A company is concerned about advanced persistent threats and wants to implement a security solution that can detect any unusual actions. The company wants to analyze the actions and trends of users and entities to identify any potential security risks.

Which security technology meets the needs of the company?

An IT organization needs to enable secure communication across virtual networks in Microsoft Azure and Amazon Web Services. Which protocol will offer the most reliable and secure method for data transport?

A software company is reviewing its disaster recovery plan and wants to identify the criticality of its business processes to prioritize its recovery efforts.

Which will determine the criticality of its business processes?

A government agency needs to deploy a secure network connection between its offices in Chicago and New York.

What should be used to facilitate this connection?

Which block cipher mode of operation for encrypting data is simple and efficient but provides no confidentiality beyond that of the underlying block cipher?

The cybersecurity analyst at a hardware company conducted a vulnerability assessment to identify potential security risks to the organization and discovered multiple vulnerabilities on the company's webpage. The analyst then provided the results to the chief information security officer (CISO), who then decided to decommission the website and create a new page with increased security controls.

Which risk mitigation strategy is demonstrated in this scenario?

Which risk management strategy will ensure the secure configuration and deployment of a new online banking system and help prevent credit card fraud?

An on-call security engineer has been notified after business hours that a possible threat could be impacting production applications.

Which type of threat intelligence should be used by first responders?