An organization wants to implement a platform to better identify which specific assets are affected by a given vulnerability. Which of the following components provides the best foundation to achieve this goal?
A. SASE
B. CMDB
C. SBoM
D. SLM
B. CMDB
A Configuration Management Database (CMDB) provides the best foundation for identifying which specific assets are affected by a given vulnerability. A CMDB maintains detailed information about the IT environment, including hardware, software, configurations, and relationships between assets. This comprehensive view allows organizations to quickly identify and address vulnerabilities affecting specific assets.
References:
CompTIA SecurityX Study Guide: Discusses the role of CMDBs in asset management and vulnerability identification. ITIL (Information Technology Infrastructure Library) Framework: Recommends the use of CMDBs for effective configuration and asset management. "Configuration Management Best Practices" by Bob Aiello and Leslie Sachs: Covers the importance of CMDBs in managing IT assets and addressing vulnerabilities.
An audit finding reveals that a legacy platform has not retained loos for more than 30 days The platform has been segmented due to its interoperability with newer technology. As a temporary solution, the IT department changed the log retention to 120 days. Which of the following should the security engineer do to ensure the logs are being properly retained?
A. Configure a scheduled
task nightly to save the logs
B. Configure event-based
triggers to export the logs at a threshold.
C. Configure the SIEM to
aggregate the logs
D. Configure a Python
script to move the logs into a SQL database.
C. Configure the SIEM to
aggregate the logs
To ensure that logs from a legacy platform are properly retained beyond the default retention period, configuring the SIEM to aggregate the logs is the best approach. SIEM solutions are designed to collect, aggregate, and store logs from various sources, providing centralized log management and retention. This setup ensures that logs are retained according to policy and can be easily accessed for analysis and compliance purposes.
References:
CompTIA SecurityX Study Guide: Discusses the role of SIEM in log management and retention. NIST Special Publication 800-92, "Guide to Computer Security Log Management": Recommends the use of centralized log management solutions, such as SIEM, for effective log retention and analysis.
"Security Information and Event Management (SIEM) Implementation" by David Miller: Covers best practices for configuring SIEM systems to aggregate and retain logs from various sources.
A developer needs to improve the cryptographic strength of a password-storage component in a web application without completely replacing the crypto-module. Which of the following is the most appropriate technique?
A. Key splitting
B. Key escrow
C. Key rotation
D. Key encryption
E. Key stretching
E. Key stretching
The most appropriate technique to improve the cryptographic strength of a password-storage component in a web application without completely replacing the cryptomodule is key stretching. Here's why:
Enhanced Security: Key stretching algorithms, such as PBKDF2, bcrypt, and scrypt, increase the computational effort required to derive the encryption key from the password, making brute-force attacks more difficult and time-consuming.
Compatibility: Key stretching can be implemented alongside existing cryptographic modules, enhancing their security without the need for a complete overhaul.
Industry Best Practices: Key stretching is a widely recommended practice for securely storing passwords, as it significantly improves resistance to passwordcracking attacks.
A security engineer performed a code scan that resulted in many false positives. The security engineer must find a solution that improves the quality of scanning results before application deployment. Which of the following is the best solution?
A. Limiting the tool to
a specific coding language and tuning the rule set
B. Configuring branch
protection rules and dependency checks
C. Using an application
vulnerability scanner to identify coding flaws in production
D. Performing updates on code libraries before code development
A. Limiting the tool to
a specific coding language and tuning the rule set
To improve the quality of code scanning results and reduce false positives, the best solution is to limit the tool to a specific coding language and fine-tune the rule set. By configuring the code scanning tool to focus on the specific language used in the application, the tool can more accurately identify relevant issues and reduce the number of
false positives. Additionally, tuning the rule set ensures that the tool's checks are appropriate for the application's context, further improving the accuracy of the scan results.
References:
CompTIA SecurityX Study Guide: Discusses best practices for configuring code scanning tools, including language-specific tuning and rule set adjustments.
"Secure Coding: Principles and Practices" by Mark G. Graff and Kenneth R. van Wyk: Highlights the importance of customizing code analysis tools to reduce false positives.
OWASP (Open Web Application Security Project): Provides guidelines for configuring and tuning code scanning tools to improve accuracy.
Audit findings indicate several user endpoints are not utilizing full disk encryption During me remediation process, a compliance analyst reviews the testing details for the endpoints and notes the endpoint device configuration does not support full disk encryption Which of the following is the most likely reason me device must be replaced'
A. The HSM is outdated
and no longer supported by the manufacturer
B. The vTPM was not
properly initialized and is corrupt.
C. The HSM is vulnerable
to common exploits and a firmware upgrade is needed
D. The motherboard was
not configured with a TPM from the OEM supplier
E. The HSM does not
support sealing storage
D. The motherboard was
not configured with a TPM from the OEM supplier
The most likely reason the device must be replaced is that the motherboard was not configured with a TPM (Trusted Platform Module) from the OEM (Original Equipment Manufacturer) supplier.
Why TPM is Necessary for Full Disk Encryption:
Hardware-Based Security: TPM provides a hardware-based mechanism to store encryption keys securely, which is essential for full disk encryption.
Compatibility: Full disk encryption solutions, such as BitLocker, require TPM to ensure that the encryption keys are securely stored and managed.
Integrity Checks: TPM enables system integrity checks during boot, ensuring that the device has not been tampered with.
Other options do not directly address the requirement for TPM in supporting full disk encryption:
A. The HSM is outdated: While HSM (Hardware Security Module) is important for security, it is not typically used for full disk encryption.
B. The vTPM was not properly initialized: vTPM (virtual TPM) is less common and not typically a reason for requiring hardware replacement.
C. The HSM is vulnerable to common exploits: This would require a firmware upgrade, not replacement of the device.
E. The HSM does not support sealing storage: Sealing storage is relevant but not the primary reason for requiring TPM for full disk encryption.
References:
CompTIA SecurityX Study Guide
"Trusted Platform Module (TPM) Overview," Microsoft Documentation
"BitLocker Deployment Guide," Microsoft Documentation
