All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:
Leaked to the media via printing of the documents Sent to a personal email address
Accessed and viewed by systems administrators Uploaded to a file storage site
Which of the following would mitigate the department’s concerns?

1. A. Data loss detection, reverse proxy, EDR, and PGP
2. B. VDI, proxy, CASB, and DRM
3. C. Watermarking, forward proxy, DLP, and MFA
4. D. Proxy, secure VPN, endpoint encryption, and AV

Correct Answer: B
VDI (virtual desktop infrastructure), proxy, CASB (cloud access security broker), and DRM (digital rights management) are technologies that can mitigate the concerns of processing sensitive information using SaaS (software as a service) collaboration tools. VDI is a technology that provides virtualized desktop environments for users that are hosted and managed by a central server, allowing users to access applications or data from any device or location. VDI can prevent data leakage to the media via printing of documents, as it can restrict or monitor the printing capabilities or permissions of users or devices. Proxy is a technology that acts as an intermediary between clients and servers, filtering or modifying web traffic based on predefined rules or policies. Proxy can prevent data leakage to a personal email address, as it can block or redirect web requests to unauthorized or untrusted email domains or services. CASB is a technology that provides visibility and control over cloud services or applications, enforcing security policies or compliance requirements based on predefined rules or criteria. CASB can prevent data access and viewing by systems administrators, as it can encrypt or mask sensitive data before it reaches the cloud provider or application, making it unreadable or inaccessible by unauthorized parties. DRM is a technology that restricts the access, use, modification, or distribution of digital content or devices, enforcing the rights and permissions granted by the content owner or provider to authorized users or devices. DRM can prevent data upload to a file storage site, as it can limit or disable the copying, sharing, or transferring capabilities or permissions of users or devices. Verified References: https://www.comptia.org/blog/what-is-vdi https://partners.comptia.org/docs/default- source/resources/casp-content-guide

A municipal department receives telemetry data from a third-party provider The server collecting telemetry sits in the municipal departments screened network and accepts connections from the third party over HTTPS. The daemon has a code execution vulnerability from a lack of input sanitization of out-of-bound messages, and therefore, the cybersecurity engineers would like to Implement nsk mitigations. Which of the following actions, if combined, would BEST prevent exploitation of this vulnerability? (Select TWO).

1. A. Implementing a TLS inspection proxy on-path to enable monitoring and policy enforcement
2. B. Creating a Linux namespace on the telemetry server and adding to it the servicing HTTP daemon
3. C. Installing and configuring filesystem integrity monitoring service on the telemetry server
4. D. Implementing an EDR and alert on Identified privilege escalation attempts to the SIEM
5. E. Subscribing to a UTM service that enforces privacy controls between the internal network and the screened subnet
6. F. Using the published data schema to monitor and block off nominal telemetry messages

Correct Answer: AC
A TLS inspection proxy can be used to monitor and enforce policy on HTTPS connections, ensuring that only valid traffic is allowed through and malicious traffic is blocked. Additionally, a filesystem integrity monitoring service can be installed and
configured on the telemetry server to monitor for any changes to the filesystem, allowing any malicious changes to be detected and blocked.

A security manager wants to transition the organization to a zero trust architecture. To meet this requirement, the security manager has instructed administrators to remove trusted zones, role-based access, and one-time authentication. Which of the following will need to be implemented to achieve this objective? (Select THREE).

1. A. Least privilege
2. B. VPN
3. C. Policy automation
4. D. PKI
5. E. Firewall
6. F. Continuous validation
7. G. Continuous integration
8. H. laas

Correct Answer: ACF
Least privilege, policy automation, and continuous validation are some of the key elements that need to be implemented to achieve the objective of transitioning to a zero trust architecture. Zero trust architecture is a security model that assumes no implicit trust for any entity or resource, regardless of their location or ownership. Zero trust architecture requires verifying every request and transaction before granting access or allowing data transfer. Zero trust architecture also requires minimizing the attack surface and reducing the risk of lateral movement by attackers.
* A. Least privilege is a principle that states that every entity or resource should only have the minimum level of access or permissions necessary to perform its function. Least privilege can help enforce granular and dynamic policies that limit the exposure and impact of potential breaches. Least privilege can also help prevent privilege escalation and abuse by malicious insiders or compromised accounts.
* C. Policy automation is a process that enables the creation, enforcement, and management of security policies using automated tools and workflows. Policy automation can help simplify and streamline the implementation of zero trust architecture by reducing human errors, inconsistencies, and delays. Policy automation can also help adapt to changing conditions and requirements by updating and applying policies in real time.
* F. Continuous validation is a process that involves verifying the identity, context, and risk level of every request and transaction throughout its lifecycle. Continuous validation can help ensure that only authorized and legitimate requests and transactions are allowed to access or transfer data. Continuous validation can also help detect and respond to anomalies or threats by revoking access or terminating sessions if the risk level changes.
* B. VPN is not an element that needs to be implemented to achieve the objective of transitioning to a zero trust architecture. VPN stands for Virtual Private Network, which is a technology that creates a secure tunnel between a device and a network over the internet. VPN can provide confidentiality, integrity, and authentication for network communications, but it does not provide zero trust security by itself. VPN still relies on network-based perimeters and does not verify every request or transaction at a granular level.
* D. PKI is not an element that needs to be implemented to achieve the objective of transitioning to a zero trust architecture. PKI stands for Public Key Infrastructure, which is a system that manages the creation, distribution, and verification of certificates. Certificates are digital documents that contain public keys and identity information of their owners. Certificates can be used to prove the identity and authenticity of the certificate holders, as well as to encrypt and sign data. PKI can provide encryption and authentication for data communications, but it does not provide zero trust security by itself. PKI still relies on trusted authorities and does not verify every request or transaction at a granular level.
* E. Firewall is not an element that needs to be implemented to achieve the objective of transitioning to a zero trust architecture. Firewall is a device or software that monitors and controls incoming and outgoing network traffic based on predefined rules. Firewall can provide protection against unauthorized or malicious network access, but it does not provide zero trust security by itself. Firewall still relies on network-based perimeters and does not verify every request or transaction at a granular level.
* G. Continuous integration is not an element that needs to be implemented to achieve the objective of transitioning to a zero trust architecture. Continuous integration is a software development practice that involves merging code changes from multiple developers into a shared repository frequently and automatically. Continuous integration can help improve the quality, reliability, and performance of software products, but it does not provide zero trust security by itself. Continuous integration still relies on code-based quality assurance and does not verify every request or transaction at a granular level.
* H. IaaS is not an element that needs to be implemented to achieve the objective of transitioning to a zero trust architecture. IaaS stands for Infrastructure as a Service, which is a cloud computing model that provides virtualized computing resources over the internet. IaaS can provide scalability, flexibility, and cost-efficiency for IT infrastructure, but it does not provide zero trust security by itself. IaaS still relies on cloud-based security controls and does not verify every request or transaction at a granular level.

In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:

1. A. cloud-native applications.
2. B. containerization.
3. C. serverless configurations.
4. D. software-defined netWorkin
5. E. secure access service edge.

Correct Answer: D
Defining ACLs in a CSP relies on software-defined networking. Software-defined networking (SDN) is a network architecture that decouples the control plane from the data plane, allowing for centralized and programmable network management. SDN can enable dynamic and flexible network configuration and optimization, as well as improved security and performance. In a CSP, SDN can be used to define ACLs that can apply to virtual networks, subnets, or interfaces, regardless of the physical infrastructure. SDN can also allow for granular and consistent ACL enforcement across different cloud services and regions. Verified References:
https://www.techtarget.com/searchsdn/definition/software-defined-networking-SDN
https://learn.microsoft.com/en-us/azure/architecture/guide/networking/network-security
https://www.techtarget.com/searchcloudcomputing/definition/cloud-networking

A security engineer performed an assessment on a recently deployed web application. The engineer was able to exfiltration a company report by visiting the following URL:
www.intranet.abc.com/get-files.jsp?file=report.pdf
Which of the following mitigation techniques would be BEST for the security engineer to recommend?

1. A. Input validation
2. B. Firewall
3. C. WAF
4. D. DLP

Correct Answer: A
Input validation is a technique that checks the user input for any errors, malicious data, or unexpected values before processing it by the application. Input validation can prevent many common web application attacks, such as:
✑ SQL injection, which exploits a vulnerability in the application’s database query to execute malicious SQL commands.
✑ Cross-site scripting (XSS), which injects malicious JavaScript code into the application’s web page to execute on the client-side browser.
✑ Directory traversal, which accesses files or directories outside of the intended scope by manipulating the file path.
In this case, the security engineer should recommend input validation as the best mitigation technique, because it would:
✑ Prevent the exfiltration of a company report by validating the file parameter in the
URL and ensuring that it matches a predefined list of allowed files or formats.
✑ Enhance the security of the web application by filtering out any malicious or invalid input from users or attackers.
✑ Be more effective and efficient than other techniques, such as firewall, WAF (Web Application Firewall), or DLP (Data Loss Prevention), which may not be able to detect or block all types of web application attacks.