An organization has decided to host its web application and database in the cloud. Which of the following BEST describes the security concerns for this decision?
A. Vendor support will cease when the hosting platforms reach EOL.
B. Access to the organization's servers could be exposed to other cloud-provider clients.
C. Outsourcing the code development adds risk to the cloud provider.
D. The cloud vendor is a new attack vector within the supply chain.
正解:D
質問 2:
Given the following:
Which of the following concepts of cryptography is shown?
A. Salting
B. Steganography
C. Collision
D. Stream cipher
正解:A
質問 3:
Which of the following is MOST likely caused by improper input handling?
A. Untrusted certificate warning
B. Breach of firewall ACLs
C. Power off reboot loop
D. Loss of database tables
正解:D
質問 4:
A systems administrator recently issued a public/private key pair that will be used for the company's DNSSEC implementation Which of the following configurations should the systems administrator implement NEXT?
A. Add TCP port 443 to the DNS listener
B. instant private key using the RRSIG record
C. Create DNSKEY resources with the public key.
D. Point the OS record to the company authoritative servers
正解:C
質問 5:
An attachment that was emailed to finance employees contained an embedded message. The security administrator investigates and finds the intent was to conceal the embedded information from public view. Which of the following BEST describes this type of message?
A. Steganography
B. BCRYPT
C. Obfuscation
D. Diffusion
正解:A
質問 6:
A security analyst performs a vulnerability scan on the local network. Several items are flagged on the report as being critical issues. The security analyst researches each of the vulnerabilities and discovers that one of the critical issues on the report was mitigated in a previous scan. Which of the following MOST likely happened?
A. A patch was removed
B. A necessary service was not running
C. A false positive occurred
D. The tool has a high crossover error rate
正解:C
質問 7:
A security engineer at a manufacturing company is implementing a third-party cloud application. Rather than creating users manually in the application, the engineer decides to use the SAML protocol. Which of the following is being used for this implementation?
A. The manufacturing company is the service provider, and the cloud company is the authorization provider.
B. The manufacturing company is the service provider, and the cloud company is the identity provider.
C. The manufacturing company is the identity provider, and the cloud company is the OAuth provider.
D. The manufacturing company is the identity provider, and the cloud company is the service provider.
E. The manufacturing company is the authorization provider, and the cloud company is the service provider.
正解:B