Security test 3

A finance company is legally required to maintain seven

years of tax records for all of their customers. Which of

the following would be the BEST way to implement this

requirement?

A system administrator is designing a data center for an

insurance company’s new public cloud and would like

to restrict user access to sensitive data. Which of the

following would provide ongoing visibility, data security,

and control of cloud-based applications?

A security administrator has identified an internally

developed application that allows users to modify SQL

queries through a web-based front-end. To prevent this

modification, the administrator has recommended that

all queries be completely removed from the application

front-end and placed onto the back-end of the application

server. Which of the following would describe this

implementation?

A system administrator is implementing a fingerprint

scanner to provide access to the data center. Which of

these metrics should be kept at a minimum in order to

prevent unauthorized persons from accessing the

data center?

The IT department of a transportation company

maintains an on-site inventory of chassis-based network

switch interface cards. If a failure occurs, the on-site

technician can replace the interface card and have the

system running again in sixty minutes. Which of the

following BEST describes this recovery metric?

A company maintains a server farm in a large data

center. These servers are for internal use only and are not

accessible externally. The security team has discovered

that a group of servers was breached before the latest

updates were applied. Breach attempts were not logged

on any other servers. Which of these threat actors would

be MOST likely involved in this breach?

An organization has contracted with a third-party to

perform a vulnerability scan of their Internet-facing

web servers. The report shows that the web servers

have multiple Sun Java Runtime Environment ( JRE)

vulnerabilities, but the server administrator has verified

that JRE is not installed. Which of the following would

be the BEST way to handle this report?

A user downloaded and installed a utility for

compressing and decompressing files. Immediately

after installing the utility, the user’s overall workstation

performance degraded, and it now takes twice as much

time to perform any tasks on the computer. Which of

the following is the BEST description of this malware

infection?

Which of the following is the process for replacing

sensitive data with a non-sensitive and functional

placeholder?