CAS004: Set 13

An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization's headquarters and only data center are located in New York City. The Chief Information Security Officer wants to ensure specific requirements are met for the social media application. Which of the following should the organization implement to BEST ensure all requirements are met?

A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information especially regarding configuration settings. Which of the following scan types will provide the systems administrator with the MOST accurate information?

A company is repeatedly being breached by hackers who valid credentials. The company's Chief Information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?

Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution?

A company's product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company's reputation in the market. Which of the following should the company implement to address the risk of system unavailability?

Given the following log snippet from a web server: Which of the following BEST describes this type of attack?

The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified. Which of the following should the incident response team perform to understand the crash and prevent it in the future?

A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment. Which of the following should the security administrator do to mitigate the risk?

A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company's managed database, exposing customer information. The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?

A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack. Which of the following is the NEXT step of the incident response plan?