- (Exam Topic 3)
A security manager for a retailer needs to reduce the scope of a project to comply with PCI DSS. The PCI data is located in different offices than where credit cards are accepted. All the offices are connected via MPLS back to the primary datacenter. Which of the following should the security manager implement to achieve the objective?
Correct Answer:
A
- (Exam Topic 6)
Which of the following authentication methods sends out a unique password to be used within a specific number of seconds?
Correct Answer:
A
- (Exam Topic 1)
As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment?
Correct Answer:
D
A vulnerability scanner is essentially doing that. It scans every part of your network configuration that it can, and determines if known vulnerabilities are known at any point of that.
- (Exam Topic 5)
A security analyst is investigating a phishing email that contains a malicious document directed to the company's Chief Executive Officer (CEO). Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?
Correct Answer:
B
- (Exam Topic 3)
A company wants to deploy PKI on its Internet-facing website. The applications that are currently deployed are:
www.company.com (main website) contactus.company.com (for locating a nearby location) quotes.company.com (for requesting a price quote)
The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com. Which of the following certificate types would BEST meet the requirements?
Correct Answer:
B
