SecurityX Practice Exam #3 (Dion) Flashcards
An organization integrates APIs into its Zero Trust architecture. To ensure security, the organization mandates that all APIs are validated for authentication and data integrity. Which of the following practices best aligns with Zero Trust principles for API integration?
Implementing a shared API key for all clients to simplify access
Using IP allowlisting to control access to APIs
Enforcing token-based authentication for all API requests
Allowing unauthenticated access to APIs for internal systems only
Enforcing token-based authentication for all API requests
Explanation:
OBJ 2.6: Token-based authentication ensures each API request is authenticated and authorized, which aligns with Zero Trust principles of verifying every request and minimizing trust assumptions. Allowing unauthenticated access violates Zero Trust principles of continuous verification. IP allowlisting is static and less effective in dynamic, cloud-based environments. A shared API key compromises security by failing to enforce unique authentication for each client. For support or reporting issues, include Question ID: 6751010723df37e1b5ec6009 in your ticket. Thank you.
Your company is adopting a cloud-first architecture model. Management wants to decommission the on-premises SIEM your analysts use and migrate it to the cloud. Which of the following is an issue with using this approach?
A VM escape exploit could allow an attacker to gain access to the SIEM
The company will be dependent on the cloud provider’s backup capabilities
Legal and regulatory issues may prevent data migration to the cloud
The company will have less control over the SIEM
Legal and regulatory issues may prevent data migration to the cloud
Explanation:
OBJ 2.5: If there are legal or regulatory requirements that require the company to host their security audit data on-premises, then moving to the cloud will not be possible without violating applicable laws. For example, some companies must host their data within their national borders, even if migrating to the cloud. The other options presented are all low risk and can be overcome with proper planning and mitigations. Most cloud providers have degrees of redundancy far above what any individual on-premises provider will be able to generate, making the concern over backups a minimal risk. If the SIEM is moved to a cloud-based server, it could still be operated and controlled in the same manner as the previous on-premise solution using a virtualized cloud-based server. While a VM or hypervisor escape is possible, they are rare and can be mitigated with additional controls. For support or reporting issues, include Question ID: 63fe06c13b7322449ddbc564 in your ticket. Thank you.
As part of the reconnaissance stage of a penetration test, Kumar wants to retrieve information about an organization’s network infrastructure without causing an IPS alert. Which of the following is his best course of action?
Perform a DNS brute-force attack
Perform a DNS zone transfer
Use a nmap stealth scan
Use a nmap ping sweep
Perform a DNS brute-force attack
Explanation:
OBJ 4.2: The best course of action is to perform a DNS brute-force attack. The DNS brute-force attack queries a list of IPs and typically bypasses IDS/IPS systems that do not alert on DNS queries. A ping sweep or a stealth scan can be easily detected by the IPS, depending on the signatures and settings being used. A DNS zone transfer is also something that often has a signature search for it and will be alerted upon since it is a common attack technique. For support or reporting issues, include Question ID: 63fe07183b7322449ddbc99a in your ticket. Thank you.
Which of the following identity and access management controls relies upon using a certificate-based authentication mechanism?
Proximity card
TOTP
Smart card
HOTP
Smart card
Explanation:
OBJ 3.1: Smart cards, PIV, and CAC devices are used as an identity and access management control. These devices contain a digital certificate embedded within the smart card (PIV/CAC) presented to the system when it is inserted into the smart card reader. When combined with a PIN, the smart card can be used as a multi-factor authentication mechanism. The PIN unlocks the card and allows the digital certificate to be presented to the system. For support or reporting issues, include Question ID: 63fe06db3b7322449ddbc6a8 in your ticket. Thank you.
Which of the following layers within software-defined networking focuses on providing network administrators the ability to oversee network operations, monitor traffic conditions, and display the status of the network?
Infrastructure layer
Control layer
Management plane
Application layer
Management plane
Explanation:
OBJ 2.3: The management plane is used to monitor traffic conditions, the status of the network, and allows network administrators to oversee the network and gain insight into its operations. The application layer focuses on the communication resource requests or information about the network. The control layer uses the information from applications to decide how to route a data packet on the network and to make decisions about how traffic should be prioritized, how it should be secured, and where it should be forwarded to. The infrastructure layer contains the physical networking devices that receive information from the control layer about where to move the data and then perform those movements. For support or reporting issues, include Question ID: 63fe07103b7322449ddbc932 in your ticket. Thank you.
An analyst’s vulnerability scanner did not have the latest set of signatures installed. Due to this, several unpatched servers may have vulnerabilities that were undetected by their scanner. You have directed the analyst to update their vulnerability scanner with the latest signatures at least 24 hours before conducting any scans. However, the results of their scans still appear to be the same. Which of the following logical controls should you use to address this situation?
Create a script to automatically update the signatures every 24 hours
Ensure the analyst manually validates that the updates are being performed as directed
Test the vulnerability remediations in a sandbox before deploying them into production
Configure the vulnerability scanners to run a credentialed scan
Create a script to automatically update the signatures every 24 hours
Explanation:
OBJ 2.4: Since the analyst appears not to be installing the latest vulnerability signatures according to your instructions, it would be best to create a script and automate the process to eliminate human error. The script will always ensure that the latest signatures are downloaded and installed in the scanner every 24 hours without any human intervention. While you may want the analyst to manually validate the updates were performed as part of their procedures, this is still error-prone and likely not to be conducted properly. Regardless of whether the scanners are being run in uncredentialed or credentialed mode, they will still miss vulnerabilities if using out-of-date signatures. Finally, the option to test the vulnerability remediations in a sandbox is a good suggestion. Still, it won’t solve this scenario since we are concerned with the scanning portion or vulnerability management and not remediation. For support or reporting issues, include Question ID: 63fe07203b7322449ddbc9fd in your ticket. Thank you.
Dion Training is evaluating the security of its endpoint configurations. During the evaluation, one of the analysts identified that data being stored on an internal solid state device is being encrypted using BitLocker. The analyst is concerned that the data-at-rest could be compromised if someone was able to collect the encryption key stored in the system’s RAM. Which of the following endpoint security controls would eliminate this vulnerability while still providing data-at-rest for the data stored on an internal solid state device or hard disk drive?
Local drive encryption
Self-encrypting drive (SED)
Secure encrypted enclaves
Attestation services
Self-encrypting drive (SED)
Explanation:
OBJ 3.4: A self-encrypting drive (SED) is a type of solid state device (SSD) or hard disk drive (HDD) that conducts transparent encryption of all data as it is written to the device using an embedded hardware cryptographic processor. A self-encrypting drive uses transparent encryption by implementing a cryptographic hardware processor with embedded encryption keys to prevent the theft of encryption keys from the system’s RAM. Local drive encryption protects the contents of a solid state device (SSD) or hard disk drive (HDD) when the operating system is not running through the use of software-based encryption such as BitLocker, FileVault, or TrueCrypt. Attestation services are used to ensure the integrity of the computer’s startup and runtime operations. Hardware-based attestation is designed to protect against threats and malicious code that could be loaded before the operating system is loaded. Secure encrypted enclaves protect CPU instructions, dedicated secure subsystems in a system on a chip (SoC), or a protected region of memory in a database engine by only allowing data to be decrypted on the fly within the CPU, SoC, or protected region. For support or reporting issues, include Question ID: 63fe07da3b7322449ddbd31d in your ticket. Thank you.
Tamera just purchased a Wi-Fi-enabled Nest Thermostat for her home. She has hired you to install it, but she is worried about a hacker breaking into the thermostat since it is an IoT device. Which of the following is the BEST thing to do to mitigate Tamera’s security concerns? (Select TWO)
Configure the thermostat to use the WEP encryption standard for additional confidentiality
Configure the thermostat to use a segregated part of the network by installing it into a screened subnet
Upgrade the firmware of the wireless access point to the latest version to improve the security of the network
Disable wireless connectivity to the thermostat to ensure a hacker cannot access it
Enable two-factor authentication on the device’s website (if supported by the company)
Configure the thermostat to connect to the wireless network using WPA2 encryption and a long, strong password
Configure the thermostat to use a segregated part of the network by installing it into a screened subnet
Configure the thermostat to connect to the wireless network using WPA2 encryption and a long, strong password
Explanation:
OBJ 3.5: The BEST options are to configure the thermostat to use the WPA2 encryption standard (if supported) and place any Internet of Things (IoT) devices into a DMZ/screened subnet to segregate them from the production network. While enabling two-factor authentication on the device’s website is a good practice, it will not increase the IoT device’s security. While disabling the wireless connectivity to the thermostat will ensure it cannot be hacked, it also will make the device ineffective for the customer’s normal operational needs. WEP is considered a weak encryption scheme, so you should use WPA2 over WEP whenever possible. Finally, upgrading the wireless access point’s firmware is good for security, but it isn’t specific to the IoT device’s security. Therefore, it is not one of the two BEST options. For support or reporting issues, include Question ID: 63fe07e53b7322449ddbd3a0 in your ticket. Thank you.
You have noticed some unusual network traffic outbound from a certain host. The host is communicating with a known malicious server over port 443 using an encrypted TLS tunnel. You ran a full system anti-virus scan of the host with an updated anti-virus signature file, but the anti-virus did not find any infection signs. Which of the following has MOST likely occurred?
Directory traversal
Session hijacking
Zero-day attack
Password spraying
Zero-day attack
Explanation:
OBJ 4.1: Since you scanned the system with the latest anti-virus signatures and did not find any signs of infection, it would most likely be evidence of a zero-day attack. A zero-day attack has a clear sign of compromise (the web tunnel being established to a known malicious server). The anti-virus doesn’t have a signature yet for this particular malware variant. Password spraying occurs when an attacker tries to log in to multiple different user accounts with the same compromised password credentials. Session hijacking is exploiting a valid computer session to gain unauthorized access to information or services in a computer system. Based on the scenario, it doesn’t appear to be session hijacking since the user would not normally attempt to connect to a malicious server. Directory traversal is an HTTP attack that allows attackers to access restricted directories and execute commands outside of the web server’s root directory. A directory traversal is usually indicated by a dot dot slash (../) in the URL being attempted. For support or reporting issues, include Question ID: 63fe07203b7322449ddbca02 in your ticket. Thank you.
Alexa is an analyst for a large bank that has offices in multiple states. She wants to create an alert to detect if an employee from one bank office logs into a workstation located at an office in another state. What type of detection and analysis is Alexa configuring?
Behavior
Anomaly
Heuristic
Trend
Behavior
Explanation:
OBJ 4.3: This is an example of behavior-based detection. Behavior-based detection (or statistical- or profile-based detection) means that the engine is trained to recognize baseline traffic or expected events associated with a user account or network device. Anything that deviates from this baseline (outside a defined level of tolerance) generates an alert. The heuristic analysis determines whether several observed data points constitute an indicator and whether related indicators make up an incident depending on a good understanding of the relationship between the observed indicators. Human analysts are typically good at interpreting context but work painfully slowly, in computer terms, and cannot hope to cope with the sheer volume of data and traffic generated by a typical network. Anomaly analysis is the process of defining an expected outcome or pattern to events and then identifying any events that do not follow these patterns. This is useful in tools and environments that enable you to set rules. Trend analysis is not used for detection but instead to better understand capacity and the system’s normal baseline. Behavioral-based detection differs from anomaly-based detection. Behavioral-based detection records expected patterns concerning the entity being monitored (in this case, user logins). Anomaly-based detection prescribes the baseline for expected patterns based on its observation of what normal looks like. For support or reporting issues, include Question ID: 63fe07023b7322449ddbc88d in your ticket. Thank you.
You are conducting a review of a VPN device’s logs and found the following URL being accessed:
https://sslvpn/dana-na/../diontraining.html5acc/teach/../../../../../etc/passwd?/diontraining/html5acc/teach
Based upon this log entry alone, which of the following most likely occurred?
An SQL injection attack caused the VPN server to return the password file
An XML injection attack caused the VPN server to return the password file
The passwd file was downloaded using a directory traversal attack if input validation of the URL was not conducted
The passwd file was downloaded using a directory traversal attack
The passwd file was downloaded using a directory traversal attack if input validation of the URL was not conducted
Explanation:
OBJ 4.2: The exact string used here was the attack string used in CVE-2019-11510 to compromise thousands of VPN servers worldwide using a directory traversal approach. However, its presence in the logs does not prove that the attack was successful, only that it was attempted. To verify that the attacker successfully downloaded the passwd file, a cybersecurity analyst would require additional information and correlation. If the server utilizes proper input validation on URL entries, then the directory traversal would be prevented. As no SQL or XML language elements are present, this is not an SQL or XML injection attack. For support or reporting issues, include Question ID: 63fe07663b7322449ddbcd5e in your ticket. Thank you.
Vulnerability scans must be conducted continuously to meet regulatory compliance requirements for the storage of PHI. During the last vulnerability scan, a cybersecurity analyst received a report of 2,592 possible vulnerabilities and was asked by the Chief Information Security Officer (CISO) for a plan to remediate all the known issues. Which of the following should the analyst do next?
Place any assets that contain PHI in a sandbox environment and then remediate all the vulnerabilities
Filter the scan results to include only those items listed as critical in the asset inventory and remediate those vulnerabilities first
Attempt to identify all the false positives and exceptions, then resolve any remaining items
Wait to perform any additional scanning until the current list of vulnerabilities have been remediated fully
Filter the scan results to include only those items listed as critical in the asset inventory and remediate those vulnerabilities first
Explanation:
OBJ 3.6: PHI is an abbreviation for Personal Health Information. When attempting to remediate numerous vulnerabilities, it is crucial to prioritize the vulnerabilities to determine which ones should be remediated first. In this case, there is a regulatory requirement to ensure the security of the PHI data. Therefore, those critical assets to the secure handling or storage of PHI are of the highest risk should be prioritized for remediation first. It is impractical to resolve all 2,592 vulnerabilities at once. Therefore, you should not identify all the false positives and exceptions and then resolve any remaining items since they won’t be prioritized for remediation. You should also not wait to perform additional scanning because a scan is only a snapshot of your current status. If it takes 30 days to remediate all the vulnerabilities and do not scan, new vulnerabilities may have been introduced. Placing all the PHI assets into a sandbox will not work either because you have removed them from the production environment and can no longer serve their critical business functions. For support or reporting issues, include Question ID: 63fe077e3b7322449ddbce94 in your ticket. Thank you.
Fail to Pass Systems has recently moved its corporate offices from France to Westeros, a country with no meaningful privacy regulations. The marketing department believes that this move will allow the company to resell all of its customer’s data to third-party companies and shield the company from any legal responsibility. Which policy is violated by this scenario?
Data minimization
Data enrichment
Data sovereignty
Data limitation
Data sovereignty
Explanation:
OBJ 1.3: While the fictitious Westeros may have no privacy laws or regulations, the laws of the countries where the company’s customers reside may still retain sovereignty over the data obtained from those regions during the company’s business there. This is called Data Sovereignty. Data sovereignty refers to a jurisdiction (such as France or the European Union) preventing or restricting processing and storage from taking place on systems that do not physically reside within that jurisdiction. Data sovereignty may demand certain concessions on your part, such as using location-specific storage facilities in a cloud service. Fail to Pass Systems will likely face steep fines from different regions if they go through with their plan to sell all of their customers’ data to the highest bidders. Fail to Pass Systems may even be blocked from communicating with individual regions. Although data minimization and data limitation policies may be violated depending on the company’s internal policies, these policies are not legally binding like the provisions of GDPR are. Data enrichment means that the machine analytics behind the view of a particular alert can deliver more correlating and contextual information with a higher degree of confidence, both from within the local network’s data points and from external threat intelligence. For support or reporting issues, include Question ID: 63fe08043b7322449ddbd52c in your ticket. Thank you.
An employee reports being unable to access a file share that their department uses frequently. Upon investigation, the security team confirms the user is assigned to the correct group with the necessary permissions. What should the team check next to resolve the issue?
Whether the file share is accessible over the network
If the file share permissions conflict with inherited group policies
Whether the user’s session token has expired or is invalid
If the user’s role was modified in the access control system
If the file share permissions conflict with inherited group policies
Explanation:
OBJ 3.1: Inherited group policies or permissions can override explicit permissions set for a resource, causing access issues despite correct group assignments. This is a common challenge in complex subject access control systems, where overlapping rules can create conflicts. While checking network accessibility or expired session tokens may identify other problems, they are not as likely to cause this specific issue, as the user already has the correct group assignment. Modifications to the user’s role could also be relevant but are less likely if the group permissions remain accurate. For support or reporting issues, include Question ID: 67513c39eb96f8a01c175369 in your ticket. Thank you.
William would like to use full-disk encryption on his laptop. He is worried about slow performance, though, so he has requested that the laptop have an onboard hardware-based cryptographic processor. Based on this requirement, what should William ensure the laptop contains?
TPM
PAM
AES
FDE
TPM
Explanation:
OBJ 3.4: This question is asking if you know what each acronym means. Trusted Platform Module (TPM) is a hardware-based cryptographic processing component that is a part of the motherboard. A Pluggable Authentication Module (PAM) is a device that looks like a USB thumb drive and is used as a software key in cryptography. Full Disk Encryption (FDE) can be hardware or software-based. Therefore, it isn’t the right answer. The Advanced Encryption System (AES) is a cryptographic algorithm. Therefore, it isn’t a hardware solution. For support or reporting issues, include Question ID: 63fe07d83b7322449ddbd2ff in your ticket. Thank you.
A software development team is implementing a CI/CD pipeline for an enterprise application. To ensure security in the coding phase, they want to enforce consistent code quality and identify potential vulnerabilities early in the process. Which of the following practices would best support these objectives?
Schedule monthly penetration tests for the application
Use linting tools to enforce coding standards during development
Implement code reviews after deployment to catch any vulnerabilities
Perform dynamic analysis after the code is pushed to production
Use linting tools to enforce coding standards during development
Explanation:
OBJ 2.2: Linting tools analyze source code during development to enforce coding standards and detect issues such as poor coding practices and potential vulnerabilities. This ensures consistent code quality and addresses problems early in the CI/CD process. Code reviews after deployment miss the opportunity to catch issues earlier, leading to higher costs for remediation. Monthly penetration tests focus on runtime vulnerabilities but do not address coding standards. Dynamic analysis in production identifies security issues but does not enforce coding quality during development. For support or reporting issues, include Question ID: 6750fc7223df37e1b5ec5f82 in your ticket. Thank you.
After completing an assessment, you create a chart listing the associated risks based on the vulnerabilities identified with your organization’s password policy. The chart contains the asset values and exposure factors for each server being protected by a single-factor complex password authentication system and their expected single loss expectancy values written in dollars. Which of the following types of assessments did you just complete?
Qualitative risk assessment
Vendor assessment
Quantitative risk assessment
Privacy impact assessment
Quantitative risk assessment
Explanation:
OBJ 1.2: Quantitative risk analysis involves the use of numbers (generally money) to evaluate impacts. Qualitative risk analysis describes the evaluation of risk through the use of words. For this reason, qualitative risk analysis is much more subjective than quantitative analysis. A privacy impact assessment is conducted by an organization for it to determine where its privacy data is stored and how that privacy data moves throughout an information system. It evaluates the impacts that may be realized by a compromise to the confidentiality, integrity, and/or availability of the data. A vendor assessment is used to determine the viability and reliability of a particular vendor or supplier in your supply chain. Based on the question, it appears that a quantitative risk analysis is performed since the table contains monetary values for the single loss expectancy of each server. For support or reporting issues, include Question ID: 63fe07ed3b7322449ddbd40a in your ticket. Thank you.
Dion Training has just acquired Small Time Tutors and ordered an analysis to determine the sensitivity level of the data contained in their databases. In addition to determining the sensitivity of the data, the company also wants to determine exactly how they have collected, used, and maintained the data throughout its data lifecycle. Once this is fully identified, Dion Training intends to update the terms and conditions on their website to inform their customers and prevent any possible legal issues from any possible mishandling of the data. Based on the information provided, which of the following types of analysis is the team at Dion Training going to perform?
Business impact analysis
Privacy impact analysis
Gap analysis
Tradeoff analysis
Privacy impact analysis
Explanation:
OBJ 1.1: A privacy impact assessment is conducted by an organization for it to determine where its privacy data is stored and how that privacy data moves throughout an information system. It evaluates the impacts that may be realized by a compromise to the confidentiality, integrity, and/or availability of the data. A tradeoff analysis compares potential benefits to potential risks and determines a course of action based on adjusting factors that contribute to each area. A business impact analysis describes the collaborative effort to identify those systems and software that perform essential functions, meaning the organization cannot run without them. A gap analysis measures the difference between the current state and desired state to assess the scope of work included in a project. By measuring ALE, MTTR, MTBF, TCO, and other factors, the organization can identify how closely it is performing to the desired outcomes or requirements. For support or reporting issues, include Question ID: 63fe08173b7322449ddbd612 in your ticket. Thank you.
Dion Consulting Group has been hired to analyze the cybersecurity model for a new videogame console system. The manufacturer’s team has come up with four recommendations to prevent intellectual property theft and piracy. As the cybersecurity consultant on this project, which of the following would you recommend they implement first?
Ensure that all games require excessive storage sizes so that it is difficult for unauthorized parties to distribute
Ensure that all games for the console are distributed as encrypted so that they can only be decrypted on the game console
Ensure that all screen capture content is visibly watermarked
Ensure that each individual console has a unique key for decrypting individual licenses and tracking which console has purchased which game
Ensure that each individual console has a unique key for decrypting individual licenses and tracking which console has purchased which game
Explanation:
OBJ 3.1: Ensuring that each console has a unique key will allow the console manufacturer to track who has purchased which games when using digital rights management licensing. This can be achieved using a hardware root of trust, such as a TPM module in the processor. While encrypting the games during distribution will provide some security, the games could be decrypted and distributed by unauthorized parties if the encryption key were ever compromised. The recommendation of making the game arbitrarily large will frustrate both authorized and unauthorized, which could negatively impact sales, so it is a poor recommendation to implement. Visibly watermarking everything will only aggravate the user, provide a negative customer experience, and not help fight software piracy. For support or reporting issues, include Question ID: 63fe06f03b7322449ddbc7ac in your ticket. Thank you.
An organization implements a new PKI to secure its internal communications. Shortly after deployment, users report being unable to validate server certificates issued by the new CA. The administrator verifies the certificates are correctly installed and have not expired. What is the most likely cause of this issue?
The CA uses an unsupported hashing algorithm
Revoked certificates have not been updated in the CRL
Certificates were issued with the wrong key length
The root CA certificate is not trusted by client systems
The root CA certificate is not trusted by client systems
Explanation
OBJ 3.3: If the root CA certificate is not trusted by client systems, they will reject all certificates issued by the CA, regardless of validity. Incorrect key lengths would lead to certificate generation failures, not trust issues. An unsupported hashing algorithm would cause issues during signature verification but is less common in new PKI implementations. A stale Certificate Revocation List (CRL) would only impact revoked certificates, not the validation of all issued certificates. For support or reporting issues, include Question ID: 6751abe397eb9dce4020fc09 in your ticket. Thank you.
Dion Automation Group specializes in installing ICS and SCADA systems. You have been asked to program a PLC to open the fill valve when the level of liquid in a tank reaches a sensor located at 1 foot above the bottom of the tank. Also, the value should shut again once the level reaches another sensor at 9 feet above the bottom of the tank. Which of the following would you use to create the control sequence used by the PLC?
Ladder logic
Data historian
Human-machine interface
Safety instrumented system
Ladder logic
Explanation:
OBJ 3.5: Ladder Logic is a graphical, flowchart-like programming language used to program the special sequential control sequences used by a programmable logic controller (PLC). The human-machine interface (HMI) provides the input and output controls on a PLC to allow a user to configure and monitor the system. The HMI is the manual way to open and shut the valve, but it is not used to create the programming or automated sequences described in the scenario. The data historian is a type of software that aggregates and catalogs data from multiple sources within an industrial control system’s control loop. A Safety Instrumented System (SIS) is composed of sensors, logic solvers, and final control elements (devices like horns, flashing lights, and/or sirens) used to return an industrial process to a safe state after predetermined conditions are detected. For support or reporting issues, include Question ID: 63fe07cc3b7322449ddbd269 in your ticket. Thank you.
Which of the following services should you install to connect multiple remote branch offices to your cloud service provider’s virtual private cloud (VPC) using an IPSec site-to-site connection?
API gateway
VPN gateway
XML gateway
NAT gateway
VPN gateway
Explanation:
OBJ 2.5: A VPN gateway is a type of networking device that connects two or more devices or networks in a VPN infrastructure. It is designed to bridge the connection or communication between two or more remote sites, networks, or devices and/or to connect multiple VPNs. An extensible markup language (XML) gateway acts as an application layer firewall specifically to monitor XML formatted messages as they enter or leave a network or system. An XML gateway is used for inbound pattern detection and the prevention of outbound data leaks. XML is a document structure that is both human and machine-readable. Information within an XML document is placed within tags that describe how the information within the document is structured. Application programming interface (API) gateway is a special cloud-based service that is used to centralize the functions provided by APIs. An API is a type of software interface that offers a service to other pieces of software to build or connect to specific functions or features. A NAT Gateway within a cloud platform allows private subnets in a Virtual Private Cloud (VPC) access to the Internet. For support or reporting issues, include Question ID: 63fe07113b7322449ddbc946 in your ticket. Thank you.
What mechanism ensures that users maintain a consistent session when interacting with a web application behind a load balancer?
Dynamic IP addressing
Active-active failover
Round-robin traffic distribution
Server affinity
Server affinity
Explanation:
OBJ 2.1 - Server affinity, or sticky sessions, ensures that a user’s session is consistently routed to the same server, which is critical for applications that store session data locally on the server. Round-robin distribution and dynamic IP addressing handle traffic routing but do not ensure session persistence. Active-active failover ensures availability but does not address session consistency. For support or reporting issues, include Question ID: 674f60406a7159c3dccefc51 in your ticket. Thank you.
Which of the following will an adversary do during the weaponization phase of the Lockheed Martin kill chain? (SELECT THREE)
Conduct social media interactions with targeted individuals
Select a decoy document to present to the victim
Compromise the targets servers
Select backdoor implant and appropriate command and control infrastructure for operation
Obtain a weaponizer
Harvest email addresses
Select a decoy document to present to the victim
Select backdoor implant and appropriate command and control infrastructure for operation
Obtain a weaponizer
Explanation:
OBJ 1.4: During the weaponization phase, the adversary is exploiting the knowledge gained during the reconnaissance phase. During this phase, the adversary is still not initiating any contact with the target, though. Therefore, obtaining a ‘weaponizer’ (a tool to couple malware and exploit into a deliverable payload), crafting the decoy document, determining C2 infrastructure, and the weaponization of the payload all occur during the weaponization phase. Social media interactions may present an opportunity to deliver a payload; therefore, it occurs in the delivery phase. Compromising a server is also beyond the scope of weaponization, as it occurs in the exploitation phase. Harvesting emails is considered a reconnaissance phase action. For support or reporting issues, include Question ID: 63fe07923b7322449ddbcf92 in your ticket. Thank you.
