- Email support@dumps4free.com
Topic 1: Exam Pool A
You are the security manager for an online retail sales company with 100 employees
and a production environment hosted in a PaaS model with a major cloud provider.
Your company policies have allowed for a BYOD workforce that work equally from
the company offices and their own homes or other locations. The policies also allow
users to select which APIs they install and use on their own devices in order to
access and manipulate company data.
Of the following, what is a security control you’d like to implement to offset the
risk(s) incurred by this practice?
A.
Regular and widespread integrity checks on sampled data throughout the managed
environment
B.
More extensive and granular background checks on all employees, particularly new
hires
C.
Inclusion of references to all applicable regulations in the policy documents
D.
Increased enforcement of separation of duties for all workflows
Regular and widespread integrity checks on sampled data throughout the managed
environment
When an organization implements an SIEM solution and begins aggregating event
data, the configured event sources are only valid at the time it was configured.
Application modifications, patching, and other upgrades will change the events
generated and how they are represented over time.
What process is necessary to ensure events are collected and processed with this in
mind?
A.
Continual review
B.
Continuous optimization
C.
Aggregation updates
D.
Event elasticity
Continuous optimization
You are the security manager of a small firm that has just purchased a DLP solution to
implement in your cloud-based production environment.
What should you not expect the tool to address?
Response:
A.
Sensitive data sent inadvertently in user emails
B.
Sensitive data captured by screen shots
C.
Sensitive data moved to external devices
D.
Sensitive data in the contents of files sent via FTP
Sensitive data captured by screen shots
You are the security manager for a software development firm. Your company is
interested in using a managed cloud service provider for hosting its testing
environment. Previous releases have shipped with major flaws that were not
detected in the testing phase; leadership wants to avoid repeating that problem.
What tool/technique/technology might you suggest to aid in identifying
programming errors?
A.
Vulnerability scans
B.
Open source review
C.
SOC audits
D.
Regulatory review
Open source review
Which of the following types of organizations is most likely to make use of open
source software technologies?
A.
Government agencies
B.
Corporations
C.
Universities
D.
Military
Universities
| Page 18 out of 103 Pages |
| Previous |