Refer to the exhibit.

How are tokens authenticated when the REST API on a device is accessed from a REST API client?

1. A. The token is obtained by providing a passwor
2. B. The REST client requests access to a resource using the access toke
3. C. The REST API validates the access token and gives access to the resource.
4. D. The token is obtained by providing a passwor
5. E. The REST API requests access to a resource using the access token, validates the access token, and gives access to the resource.
6. F. The token is obtained before providing a passwor
7. G. The REST API provides resource access, refreshes tokens, and returns them to the REST clien
8. H. The REST client requests access to a resource using theaccess token.
9. I. The token is obtained before providing a passwor
10. J. The REST client provides access to a resource using the access toke
11. K. The REST API encrypts the access token and gives access to the resource.

Correct Answer: D

Refer to the exhibit.

A threat actor behind a single computer exploited a cloud-based application by sending multiple concurrent API requests. These requests made the application unresponsive. Which solution protects the application from being overloaded and ensures more equitable application access across the end-user community?

1. A. Limit the number of API calls that a single client is allowed to make
2. B. Add restrictions on the edge router on how often a single client can access the API
3. C. Reduce the amount of data that can be fetched from the total pool of active clients that call the API
4. D. Increase the application cache of the total pool of active clients that call the API

Correct Answer: A

Refer to the exhibit.

IDS is producing an increased amount of false positive events about brute force attempts on the organization’s mail server. How should the Snort rule be modified to improve performance?

1. A. Block list of internal IPs from the rule
2. B. Change the rule content match to case sensitive
3. C. Set the rule to track the source IP
4. D. Tune the count and seconds threshold of the rule

Correct Answer: B

An organization installed a new application server for IP phones. An automated process fetched user credentials from the Active Directory server, and the application will have access to on-premises and cloud services. Which security threat should be mitigated first?

1. A. aligning access control policies
2. B. exfiltration during data transfer
3. C. attack using default accounts
4. D. data exposure from backups

Correct Answer: B

An engineer notices that unauthorized software was installed on the network and discovers that it was installed by a dormant user account. The engineer suspects an escalation of privilege attack and responds to the incident. Drag and drop the activities from the left into the order for the response on the right.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A