Question 2 Select an option Assume that Alice wants to securely commu: the internet and Geades to obt. cate with Bob over certificate from a trusted Certificate Authonty. In this scenano, which trust model Hierarchical trust model should Alice Choose for the highest secunty? Select the correct answer form the grven choices Web of trust model trust model Centralized trust modeloF we 1 Revisit Later —— "© _ Each plaintext block is XORed with the previous ciphertext block before F encryption. uestion 3 ssume that Alice. a secunty engineer, is working on encrypting So ensitive data using the Cipher Block Chaining (CBC) mode. She o = —___—__—_— ants to ensure that identical plaintext blocks result in different 7 iphertext blocks. To schieve this goal. which operation does CBC node perform? Select the correct answer from the given choices. © Each plaintext block is concatenated with the previous ciphertext block before encryption. Each plaintext block is shifted based on th previous ciphertext block before encryption. Each plaintext block is hashed with the ous ciphertext block beforeRelA Ic} +100 =e we (Select an option Question 4 1 Revisit Later Assume that to regulate access to HR data based on employee i —_ roles and departments. what is the most effective method? Select no © Personalized Access Management the correct answer form the given choices. Role-Centric Access Control Departmental Access Restriction ©) Role-Based Access ControlQuestion 5 Consider that a company seeks a sc connections and operations infrastructure and vanous - doud networtang enha and on-premises systems? Select the correct answer form the _ given chores. .Select an option °o END Cloud Networking Multi-Cloud Networking Hybrid Cloud Networking Cloud-Based Networkingay Question 6 11 Revisit Later _ “Select an option Consider that a software development team is implementing containerization to streamline application deployment by © Ughtweight VMs with a dedicated hypervisor. encapsulating applications and their dependencies.What : ——— characterizes containers in the context of software development ———_— and deployment? Select the correct answer form the given c A logically separate network within servers. choices. Part of the same OS instance as the hypervisor. Virtual computers running under a hypervisorAssume that a small business has recently migrated its email services to a cloud-based platform to improve reliability and _accessibility. However. concerns have arisen regarding the security ° of email communications and the risk of phishing attacks targeting employees’ email accounts. As a network security consultant, you are tasked with evaluating the email security measures to protect “sensitive business communications in the cloud. Which email security mechanism is most effective for detecting and preventing phishing attacks targeting employees’ email accounts in a cloud- based email service? Select the correct option from the given choices. DMARC (Domain-based Message Authentication. Reporting. and Conformance) DKIM (Domainkeys Identified Mail) TLS (Transport Layer Security)Assume that a software architect is tasked with enhancing an existing cloud access security broker (CASB) system to more effectively manage data ‘security across both sanctioned and unsanctioned doud services. The current implementation fails to accurately enforce the DLP policies due to high false positrve rates and poor scalability across dynamic cloud environments. The architect considers modifications to the system's code to fefine data filtering and policy enforcement mechanisms, aiming to increase precision and reduce administative overhead. Considenng the meee nature of coud environments, which code rely adcress these issues? Analyze the given choices and select the correct eption 02:03:58 oh \Select an option ® Uj def apply_dynamic_policies(user, service): context = get_context(user, service) if context[*category"] == “HighRisk*: return apply_strict_rules() elif context[ ‘service_type’] — *Sanctioned’: return apply_standard_rules() else: return apply_relaxed_rules() def entorce_static_policies(transaction): if setect_sensitive_data(transaction.dat 2): return block_transaction() return allou_teansaction()Assume that a company seeks to deploy a microservices-based application in the doud, aiming for optimal scalability and resilience, and desires a O Private Cloud solution that maximizes resource sharing and cost-effectiveness. Which l ee dloud deployment model best supports this architecture? Analyze the given > choices and select the correct answer. 3 | y©@ Public Cloud © dybrid Cloud > Community Cloud—_—— =a Question 10 Q Revisit Later s \\Select an option 7 | © Osabling the guest network to prevent unauthorized measures. The network administrator configures the following settings in access. the mreless router: oe Using WPA2 encryption with a strong password and scheduling regular password changes. SSID: CompanyNetwork Enarypbor: WPA2 © Password: SecurePass2024! MAC Address Fitenng: Enable Firewall: Enables Guest Networks Disabled peaules every 90 days "Sto prevent easy unauthorized and configuring 3 VPN for secure remote ang practicality (a5) Oh ww (aQuestion 2 D Revisit Later Select an opti tion 2 Assume that Alice wants to send a secret message to Bob over an insecut — — network. They deade to use RSA public key cryptogt aed key i © The message is encrypted using Bob's private key. e), where n is the product of two large prme numbers, and e ur os enayption exponentin this RSA encryption setup, who eee ~message? Select the correct answer from the given choices. The message 1s encrypted using Alice's private key. iN EE @® The message 1s encrypted using Bob's public key. the message 1s encrypted using Alice's public key.Assume that a company ts migrating sts on-premises database to a oud 1 senmironment. Which key consideration ts essential to ensure data integrity ~ O Cost dunng the migraton process? Select the correct answer from the grven chorces."= Question & SVR reT A Revisit’ Later ™ s EF “Select an option ‘aa ce Assume that a a company wants to migrate its on-premises infrastructur. eto cf =the doud and needs full control over the operating system, storage, and ew" OC saas 7S" deployed applications. Which cloud service model should they choose? Select the correct answer from the given choices. "© passee}Consider that an online retailer is looking to secure its customer transactions over Wi-Fi with a protocol that supports forward secrecy to protect past sessions against future compromises of secret keys. Which protocol should the retailer implement in this scenario? Select the correct option from the given choices. eee PE V3 aoecf © WPA2 with AES x see” 3 ae wal oe WL T) i?)> Assume that a software development team is integrating an authentication system where data integrity and non-repudiation are critical. Which cryptographic too! should _the team use to ensure that the data sent over their network is unchanged and ae 3 ose 9 hh Yow (aae a C7 ? | a)granting access? Select the correct answer form the given wee 02:35:52EYAssume that a company wants to deploy a cloud-based dat horizontally to accommodate growing data volumes and u: mode! will be most suitable in this case? Select the correct N choices. (yes r?)Consider the given pseudocode segment used fo evaluate | content: __ es 11 if (packet_protocol == HTTP) { 2) if (containsknownMaliciousSignature(packet_content)) { 3, classify(packet, MALICIOUS); 4 yelse ( s classify(packet, NON_MALICTOUS) ; \ &? 171% Which option represents the correct mo% categorizati ly harmful payloads accor ct the correct option. 'the given choices and ification to ensure effective identification and Ging to the DPI principles? Anaiyze © 023756 «= @ Ti 2) if (packet_protocol == HT || packet_size > MAX_ALLOWED_STZE) { 2 if (containsknowntial icioussignature(packet_conte nt) € 3 classify (packet, MALICIOUS); a peaset 5 Classify(packet, NOM MALICIOUS); es } 7? 7 1 iF (packet_protocal == HTTP) { t_content, fet, NON_HALICIOUS)5 lassify (pack et_content)) ¢> Consider that the company should implement data secutity audits to expose and remediate security issues, identity vulnerabilities, and assess the overall security _posture.Wnhich security technique should the company use to expose and address "security issues, identify vulnerabilities, and assess the overall Security posture? Select "the correct answer form the given choices.Question 3 D Revisit Later Select an option Assume that a company is evaluating the security of pared to single DES for enaypting 5 : — sensitive data. How does it enhance security for th sitive data compared to single (O)Itincreases the key length to effectively 56 bits. DES? Select the correct answer from the given chai © _ttapplies encryption, decryption. and encryption with different keys. >) Ituses 2 new encryption algorithm for each of the three stages. it only changes the intvaization vector with each stage.Select an option © Time Based One-Time Password (TOTP) Algonthm with Hardware Token Authentication would be the most ppropriste ang secure? Select the c Time-Based One-TimsQuestion 5 1 Revisit tater Assume that you are a doud security ‘organizaton's doud infrastructure. Or engineer responsible for ensuring compliance and secunty in your sensitive data stored in the doud. ne oF your primary tasks is to monitor and contral access to Which AWS Identity and Access Management (IAM) ‘access to a specific S3 bucket o an unsecured HTTP connection? A Policy statement is cerrectly configured to grant feQuest is made using HTTPS and deny acce: the given choices and select the correct opt example-bucket”“PREP TREN TTT po rT ee Question 6 D Revisit Later Select an option Assume that a cloud service provider needs to manage varying workloads effici adapting resource distribution as dient demands change throughout the day. Which type of resource allocation would best 3 © Dedicated meet these requirements for enhanced efficiency and scalability? Select the appropriate answer fromthe —- —— given choices. - @® dynamic Fixed MinimalQuestion 7 Q Revisit Later Assume that a cloud-based gaming platform experiences frequent Distributed Denial-of-Service (0005) cattadks, resulting in service disruptions and downtime for users. The IT security team is exploring solutions to mitigate these attacks and ensure uninterrupted gaming experiences for users, As a network security expert, you are tasked with evaluating the seaurity measures to protect the cloud infrastructure from DDoS attacks. Which security mechanism is specifically designed to mitigate Distnbuted Denial-of- Service (DDoS) attacks on doud-based platforms? Select the correct option from the given choices. ‘Web Application Firewall (WAF) Virtual Private Network (VPN) Content Delivery Network (CDN)Select an option ‘Assume you are the network administrator for TechWave Inc, a company that has recently implemented an 1PSec-based remote access VPN. One of your colleagues, John, works from home and often experiences interruptions in the VPN connection. He/she uses a company-issued laptop, connects to the < ©. The IPSec configuration on the laptop is incorrect internet via the home Wi-Fi, and then establishes an IPSec VPN connection to the company’s network. ‘What is the most likely cause of John’s VPN connection interruptions? Select the correct option from the @ The home Wi-Fi network is experiencing signal interference and drops The VPN gateway at the company’s end is overloaded The laptop fre: is blocking VPN traficentiat | lt (C) Cloud seeunty strategy indudes cryptographic algorithms, machine leaning for is threat detection, identity management, coninucus montonng and smingert implemented? Anahze the oven choxces and select the correct answer. ccunty relies sclely on Srewalls and intrusion detechon systems, with no 19h tering. updated anturus software. endpoart protection or re for cata integrity mabware 1 lacks certrakced legging and recTen, anda pay-as-you'geWL. Select an option Se eg ein ee Oo oe a: jeer is. Secu! uring sensitive data transmitted over ~ o 4 a lois Counter Mode (GCM) for e c © Compression Cao eee ae je tionQuestion 4 s CY Revisit Later Consider that a secunty system grants access wirelessly to a computer through a token connection. Which type 6! security token establishes a logical connection with/a computer without, fequinng 3 pryscal connection? Select the corfect answer form the given chorces. «. Select an option One-urme passwords (OTPs) Connected tokens Contactless tokens smart cares’Question 7 In a complex AWS environment. consider that a senior cloud security engineer is tasked with enhancing data protection by enabling encrypton using a combination of AWS services. He/she is required to set up a system where sensitive data encryption - keys, managed by AWS KMS. are securely stored on dedicated ' > hardware security modules using AWS CloudHSM without ele migrating away from AWS’s managed services. x, » response = is cloudhsm_client.encrypt(. KeyId-"alias/CloudHsMkeyIa" © Plaintext='Data to_ = h Which code snippet correctly integrates AWS KMS with CloudHSM : to initiate the encrypticn process while ensuring that the keys are UdHSM boundaries? Analyze the given choices used within the Cici and select the correct option. nport boto3 kms_client = bote3.client(/kms") response =Question 2 11 Revisit Later hl oO Consider that an experienced software developer at a leading cybersecurity firm is tasked with optimizing the key generation [process for a high-security application. The developer must ensure V that the elliptic curve complies with the highest security standards ro) and effectively leverages the discrete logarithm problem. The _depicted pseudocode represents a segment of the GC implementation: 1 SELECT random number n within secure range 2 COMPUTE Q = n * P where P is a point on the elliptic curve 2 OUTPUT Q a5 public key and n as private key “Given the requirements for high security and effective use of the pseudocode will best ensu: met? Select the correct opto Replacing the random number selection with a deterministic algorithm to ensure repeatable results Increasing the computational steps in computing Q by adding unnecessary complexty Modifying the random number range to exceed the recommended secure parameters plementing additional validation to sure the randomness of ‘n’ is within the detined secure parameters