- (Exam Topic 2)
What concept does the "T" represent in the STRIDE threat model?
Correct Answer:
C
Any application that sends data to the user will face the potential that the user could manipulate or alter the data, whether it resides in cookies, GET or POST commands, or headers, or manipulates client-side validations. If the user receives data from the application, it is crucial that the application validate and verify any data that is received back from the user.
- (Exam Topic 4)
Best practices for key management include all of the following, except:
Correct Answer:
A
We should do all of these except for requiring multifactor authentication, which is pointless in key management.
- (Exam Topic 3)
Where is a DLP solution generally installed when utilized for monitoring data at rest?
Correct Answer:
B
To monitor data at rest appropriately, the DLP solution would be installed on the host system where the data resides. A database server, in some situations, may be an appropriate answer, but the host system is the best answer because a database server is only one example of where data could reside. An application server processes data and typically sits between the data and presentation zones, and as such, does not store data at rest. A network firewall would be more appropriate for data in transit because it is not a place where data would reside.
- (Exam Topic 4)
DLP solutions can aid in deterring loss due to which of the following?
Correct Answer:
A
DLP solutions may protect against inadvertent disclosure. Randomization is a technique for obscuring data, not a risk to data. DLP tools will not protect against risks from natural disasters, or against impacts due to device failure.
- (Exam Topic 1)
Why does a Type 1 hypervisor typically offer tighter security controls than a Type 2 hypervisor?
Correct Answer:
B
Type 1 hypervisors run directly on top of the bare metal and only contain the code and functions required to perform their purpose. They do not rely on any other systems or contain extra features to secure.