After some employees were caught uploading data to online personal storage accounts, a company becomes concerned about data leaks related to sensitive, internal documentation. Which of the following would the company most likely do to decrease this type of risk?

1. A. Improve firewall rules to avoid access to those platforms.
2. B. Implement a cloud-access security broker
3. C. Create SIEM rules to raise alerts for access to those platforms
4. D. Deploy an internet proxy that filters certain domains

Correct Answer: B
A Cloud Access Security Broker (CASB) is a security policy enforcement point placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed. Implementing a CASB provides several benefits:
✑ A. Improve firewall rules to avoid access to those platforms: This can help but is not as effective or comprehensive as a CASB.
✑ B. Implement a cloud-access security broker: A CASB can provide visibility into cloud application usage, enforce data security policies, and protect against data
leaks by monitoring and controlling access to cloud services. It also provides advanced features like data encryption, data loss prevention (DLP), and compliance monitoring.
✑ C. Create SIEM rules to raise alerts for access to those platforms: This helps in
monitoring but does not prevent data leaks.
✑ D. Deploy an internet proxy that filters certain domains: This can block access to specific sites but lacks the granular control and visibility provided by a CASB.
Implementing a CASB is the most comprehensive solution to decrease the risk of data leaks by providing visibility, control, and enforcement of security policies for cloud services. References:
✑ CompTIA Security+ Study Guide
✑ Gartner, "Magic Quadrant for Cloud Access Security Brokers"
✑ NIST SP 800-144, "Guidelines on Security and Privacy in Public Cloud Computing"

A security analyst is reviewing the following authentication logs:

Which of the following should the analyst do first?

1. A. Disable User2's account
2. B. Disable User12's account
3. C. Disable User8's account
4. D. Disable User1's account

Correct Answer: D
Based on the provided authentication logs, we observe that User1's account experienced multiple failed login attempts within a very short time span (at 8:01:23 AM on 12/15). This pattern indicates a potential brute-force attack or an attempt to gain unauthorized access. Here??s a breakdown of why disabling User1's account is the appropriate first step:
✑ Failed Login Attempts: The logs show that User1 had four consecutive failed login attempts:
✑ Security Protocols and Best Practices: According to CompTIA Security+ guidelines, multiple failed login attempts within a short timeframe should trigger an immediate response to prevent further potential unauthorized access attempts. This typically involves temporarily disabling the account to stop ongoing brute- force attacks.
✑ Account Lockout Policy: Implementing an account lockout policy is a standard practice to thwart brute-force attacks. Disabling User1's account will align with these best practices and prevent further failed attempts, which might lead to successful unauthorized access if not addressed.
✑ References:
By addressing User1's account first, we effectively mitigate the immediate threat of a brute- force attack, ensuring that further investigation can be conducted without the risk of unauthorized access continuing during the investigation period.

A network engineer must ensure that always-on VPN access is enabled Curt restricted to company assets Which of the following best describes what the engineer needs to do''

1. A. Generate device certificates using the specific template settings needed
2. B. Modify signing certificates in order to support IKE version 2
3. C. Create a wildcard certificate for connections from public networks
4. D. Add the VPN hostname as a SAN entry on the root certificate

Correct Answer: A
To ensure always-on VPN access is enabled and restricted to company assets, the network engineer needs to generate device certificates using the specific template settings required for the company's VPN solution. These certificates ensure that only authorized devices can establish a VPN connection.
Why Device Certificates are Necessary:
✑ Authentication: Device certificates authenticate company assets, ensuring that only authorized devices can access the VPN.
✑ Security: Certificates provide a higher level of security compared to username and password combinations, reducing the risk of unauthorized access.
✑ Compliance: Certificates help in meeting security policies and compliance requirements by ensuring that only managed devices can connect to the corporate network.
Other options do not provide the same level of control and security for always-on VPN access:
✑ B. Modify signing certificates for IKE version 2: While important for VPN protocols,
it does not address device-specific authentication.
✑ C. Create a wildcard certificate: This is not suitable for device-specific authentication and could introduce security risks.
✑ D. Add the VPN hostname as a SAN entry: This is more related to certificate management and does not ensure device-specific authentication.
References:
✑ CompTIA SecurityX Study Guide
✑ "Device Certificates for VPN Access," Cisco Documentation
✑ NIST Special Publication 800-77, "Guide to IPsec VPNs"

A software development team requires valid data for internal tests. Company regulations, however do not allow the use of this data in cleartext. Which of the following solutions best meet these requirements?

1. A. Configuring data hashing
2. B. Deploying tokenization
3. C. Replacing data with null record
4. D. Implementing data obfuscation

Correct Answer: B
Tokenization replaces sensitive data elements with non-sensitive equivalents, called tokens, that can be used within the internal tests. The original data is stored securely and can be retrieved if necessary. This approach allows the software development team to work with data that appears realistic and valid without exposing the actual sensitive information.
Configuring data hashing (Option A) is not suitable for test data as it transforms the data into a fixed-length value that is not usable in the same way as the original data. Replacing
data with null records (Option C) is not useful as it does not provide valid data for testing. Data obfuscation (Option D) could be an alternative but might not meet the regulatory requirements as effectively as tokenization.
References:
✑ CompTIA Security+ Study Guide
✑ NIST SP 800-57 Part 1 Rev. 5, "Recommendation for Key Management"
✑ PCI DSS Tokenization Guidelines

A security architect wants to develop a baseline of security configurations These configurations automatically will be utilized machine is created Which of the following technologies should the security architect deploy to accomplish this goal?

1. A. Short
2. B. GASB
3. C. Ansible
4. D. CMDB

Correct Answer: C
To develop a baseline of security configurations that will be automatically utilized when a machine is created, the security architect should deploy Ansible. Here??s why:
✑ Automation: Ansible is an automation tool that allows for the configuration, management, and deployment of applications and systems. It ensures that security configurations are consistently applied across all new machines.
✑ Scalability: Ansible can scale to manage thousands of machines, making it suitable for large enterprises that need to maintain consistent security configurations across their infrastructure.
✑ Compliance: By using Ansible, organizations can enforce compliance with security policies and standards, ensuring that all systems are configured according to best practices.
✑ References: