An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?

1. A. Properly configure a secure file transfer system to ensure file integrity.
2. B. Have the external parties sign non-disclosure agreements before sending any image
3. C. Only share images with external parties that have worked with the firm previousl
4. D. Utilize watermarks in the images that are specific to each external party.

Correct Answer: D
Watermarking is a technique of adding an identifying image or pattern to an original image to protect its ownership and authenticity. Watermarks can be customized to include specific information about the external party, such as their name, logo, or date of receipt. This way, if any draft images are leaked to the public, the firm can trace back the source of the leak and take appropriate actions. Verified References:
https://en.wikipedia.org/wiki/Watermark
https://www.canva.com/features/watermark-photos/
https://www.mdpi.com/2078-2489/11/2/110

A security solution uses a sandbox environment to execute zero-day software and collect indicators of compromise. Which of the following should the organization do to BEST take advantage of this solution?

1. A. Develop an Nmap plug-in to detect the indicator of compromise.
2. B. Update the organization's group policy.
3. C. Include the signature in the vulnerability scanning tool.
4. D. Deliver an updated threat signature throughout the EDR system

Correct Answer: D

Delivering an updated threat signature throughout the endpoint detection and response (EDR) system is the best way to take advantage of the security solution that uses a sandbox environment to execute zero-day software and collect indicators of compromise.
An EDR system is a solution that monitors and analyzes the activities and behaviors of endpoints, such as computers, mobile devices, or servers, and detects and responds to potential threats. An EDR system can use threat signatures, which are patterns or characteristics of known malicious software or attacks, to identify and block malicious activities on endpoints. By delivering an updated threat signature based on the indicators of compromise collected from the sandbox environment, the organization can enhance its EDR system’s ability to detect and prevent zero-day attacks that exploit unknown vulnerabilities. Verified References:
✑https://www.cisco.com/c/en/us/products/security/what-is-endpoint-detection-response.html
✑ https://www.crowdstrike.com/epp-101/what-is-a-sandbox/

A small company recently developed prototype technology for a military program. The company’s security engineer is concerned about potential theft of the newly developed, proprietary information.
Which of the following should the security engineer do to BEST manage the threats proactively?

1. A. Join an information-sharing community that is relevant to the company.
2. B. Leverage the MITRE ATT&CK framework to map the TTR.
3. C. Use OSINT techniques to evaluate and analyze the threats.
4. D. Update security awareness training to address new threats, such as best practices for data security.

Correct Answer: A
An information-sharing community is a group or network of organizations that share threat intelligence, best practices, and mitigation strategies related to cybersecurity. An information-sharing community can help the company proactively manage the threats of potential theft of its newly developed, proprietary information by providing timely and actionable insights, alerts, and recommendations. An information- sharing community can also enable collaboration and coordination among its members to enhance their collective defense and resilience. References: https://us- cert.cisa.gov/ncas/tips/ST04-016 https://www.cisecurity.org/blog/what-is-an-information-sharing-community/

A cloud security architect has been tasked with finding a solution for hardening VMS. The solution must meet the following requirements:
• Data needs to be stored outside of the VMS.
• No unauthorized modifications to the VMS are allowed
• If a change needs to be done, a new VM needs to be deployed. Which of the following is the BEST solution?

1. A. Immutable system
2. B. Data loss prevention
3. C. Storage area network
4. D. Baseline template

Correct Answer: A

An immutable system is a system that does not change after it is deployed. Any changes or updates are done by creating a new system from a common image or template and replacing the old one. An immutable system meets the requirements of storing data outside of the VMs, preventing unauthorized modifications to the VMs, and deploying a new VM if a change needs to be done. An immutable system can improve the security, reliability, and consistency of the VMs by avoiding configuration drift, human errors, or malicious tampering. An immutable system can also simplify the deployment process and enable faster recovery from failures. Verified References:
✑ https://cloudinfrastructureservices.co.uk/vm-types-for-devops-pets-vs-cattle-vs-immutable/
✑ https://www.digitalocean.com/community/tutorials/what-is-immutable-infrastructure

Which of the following objectives BEST supports leveraging tabletop exercises in business continuity planning?

1. A. Determine the optimal placement of hot/warm sites within the enterprise architecture.
2. B. Create new processes for identified gaps in continuity planning.
3. C. Establish new staff roles and responsibilities for continuity of operations.
4. D. Assess the effectiveness of documented processes against a realistic scenario.

Correct Answer: D