An organization's IT department is transitioning from an on-premise server system to a cloud platform. Evaluating the security concepts tied to this transformation, what security design paradigm requires any request to be authenticated before being allowed onto the system?

A. Deperimeterization

B. Zero trust

C. SD-WAN

D. SASE

An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

A. Exception

B. Segmentation

C. Risk transfer

D. Compensating controls

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

A. Private

B. Critical

C. Sensitive

D. Public

A digital forensic analyst at a healthcare company investigates a case involving a recent data breach. In evaluating the available data sources to assist in the investigation, what application protocol and event-logging format enables different appliances and software applications to transmit logs or event records to a central server?

A. Dashboard

B. Endpoint log

C. Application Log

D. Syslog

A leading healthcare provider must improve its network infrastructure to secure sensitive patient data. You are evaluating a Next-Generation Firewall (NGFW), which will play a key role in protecting the network from attack. What feature of a Next-Generation Firewall (NGFW) will help protect sensitive patient data in the healthcare organization's network?

A. High Availability (HA) modes

B. Bandwidth management

C. Application - level inspection

D. Virtual Private Network (VPN) support

You are the security analyst overseeing a Security Information and Event Management (SIEM) system deployment. The CISO has concerns about negatively impacting the system resources on individual computer systems. Which would minimize the resource usage on individual computer systems while maintaining effective data collection?

A. Deploying additional SIEM systems to distribute the data collection load

B. Using a sensor based collection method on the computer systems

C. Implementing an agentless collection method on the computer systems

D. Running regular vulnerability scans on the computer systems to optimize their performance

A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?

A. MSA

B. SLA

C. BPA

D. SOW

Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?

A. VM escape

B. SQL injection

C. Buffer overflow

D. Race condition

A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

A. Clustering servers

B. Geographic dispersion

C. Load balancers

D. Off-site backups

A company wants to get alerts when others are researching and doing reconnaissance on the company One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?

A. Watering hole

B. Bug bounty

C. DNS sinkhole

D. Honeypot