1. A security analyst would like to integrate two different SaaS-based security tools so that one tool can notify the other in the event a threat is detected. Which of the following should the analyst utilize to best accomplish this goal?
A. SMB share
B. API endpoint Correct
C. SMTP notification
D. SNMP trap
Explanation
APIs (Application Programming Interfaces) are the standard method for programmatic integration between different software applications, especially SaaS tools. An API endpoint allows one tool to send structured data (like threat alerts) directly to another in an automated, reliable, and secure manner.
2. Which of the following is the best technical method to protect sensitive data at an organizational level?
A. Deny all traffic on port 8080 with sensitive information on the VLAN.
B. Develop a Python script to review email traffic for PII.
C. Employ a restrictive policy for the use and distribution of sensitive information.
D. Implement a DLP for all egress and ingress of sensitive information on the network. Correct
Explanation
Data Loss Prevention (DLP) systems are comprehensive technical solutions designed to monitor, detect, and block the unauthorized transmission of sensitive data across network boundaries (egress/ingress). While policies and scripts are helpful, DLP provides active, enterprise-wide enforcement.
3. A cybersecurity analyst is reviewing static application security testing scan results and notices a finding for hard-coded credentials. Which of the following should the analyst recommend to the application team to resolve this concern?
A. Implement a privileged access management solution.
B. Enable single sign-on.
C. Obfuscate application programming interface keys.
D. Integrate secrets management. Correct
Explanation
Hard-coded credentials (passwords, API keys) in source code are a severe security risk. A secrets management solution (like HashiCorp Vault, AWS Secrets Manager) provides a secure way to store, access, and manage secrets dynamically at runtime, removing them from the codebase entirely.
4. A security analyst is implementing a vulnerability scanning tool with new methodologies and processes. After tuning and rescanning, a large number of vulnerabilities still exist. The team verifies that the findings do not contain any false positives. Which of the following will best help with prioritization?
A. Provide a list of the top ten vulnerabilities.
B. Implement a bug bounty program.
C. Determine which security gaps are exploitable. Correct
D. Perform a penetration test.
Explanation
The most effective prioritization is based on exploitability. A vulnerability that is actively exploitable in the specific environment represents immediate risk. Activities like determining exploitability (e.g., via exploitability scores, threat intelligence) help focus remediation efforts on the most dangerous flaws first.
5. A security analyst received an alert regarding multiple successful MFA log-ins for a particular user. When reviewing the authentication logs, the analyst sees the following table of logins. Which of the following are most likely occurring, based on the MFA logs? (Select two)
A. Dictionary attack
B. Push phishing Correct
C. Impossible geo-velocity Correct
D. Subscriber identity module swapping
E. Rogue access point
F. Password spray
Explanation
Push phishing (or MFA fatigue) involves an attacker spamming MFA approval requests to the user's device until the user accidentally approves one. Impossible geo-velocity occurs when logins originate from geographically distant locations in an impossibly short time, indicating compromised credentials. Both patterns are visible in login logs with timestamps and locations.