A group of developers has a shared backup account to access the source code repository. Which of the following is the best way to secure the backup account if there is an SSO failure?
Privileged Access Management (PAM) solutions enhance security by enforcing strong authentication, rotation of credentials, and access control for shared accounts. This is especially critical in scenarios like SSO failures. Reference: CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: 'Privileged Access and Identity Management'.
Which of the following best describes the practice of researching laws and regulations related to information security operations within a specific industry?
Due diligence refers to the process of researching and understanding the laws, regulations, and best practices that govern information security within a specific industry. Organizations are required to conduct due diligence to ensure compliance with legal and regulatory requirements, which helps mitigate risks and avoid penalties.
Compliance reporting involves generating reports to demonstrate adherence to legal or regulatory standards.
GDPR is a specific regulation governing data privacy in the EU, not a general practice of researching laws.
Attestation is a formal declaration that an organization is compliant with a set of standards but is not the act of researching the laws.
Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client's web browser?
Cross-site scripting (XSS) vulnerabilities allow attackers to inject malicious scripts into a website, which are then executed in the user's web browser, potentially leading to data theft or session hijacking.
An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?
In this scenario, employees are attempting to navigate to spoofed websites, which is being blocked by the web filter. To address this issue, the administrator should implement security awareness training. Training helps employees recognize phishing and other social engineering attacks, reducing the likelihood that they will attempt to access malicious websites in the future.
Deploying multifactor authentication (MFA) would strengthen authentication but does not directly address user behavior related to phishing websites.
Decreasing the level of the web filter would expose the organization to more threats.
Updating the acceptable use policy may clarify guidelines but is not as effective as hands-on training for improving user behavior.
Which of the following control types is AUP an example of?
An Acceptable Use Policy (AUP) is an example of a managerial control. Managerial controls are policies and procedures that govern an organization's operations, ensuring security through directives and rules. The AUP defines acceptable behavior and usage of company resources, setting guidelines for employees.
Physical controls refer to security measures like locks, fences, or security guards.
Technical controls involve security mechanisms such as firewalls or encryption.
Operational controls are procedures for maintaining security, such as backup and recovery plans.
Cherelle
3 days agoKaran
9 days agoCelestina
17 days agoAlton
21 days agoTamie
24 days agoCraig
1 months agoDorthy
1 months agoVenita
2 months agoKaran
2 months agoJesusita
2 months agoNathalie
2 months agoLelia
3 months agoBettina
3 months agoElfriede
3 months agoFernanda
3 months agoAshlyn
3 months agoMarget
4 months agoLaurel
5 months agoLera
6 months agoLorenza
6 months agoParis
6 months agoPura
6 months agoAriel
6 months agoJoye
7 months agoKeech
7 months agoMark james
7 months agoBrook
7 months agoHelina
7 months agoMark james
7 months agoChauncey
7 months agojohnes
8 months ago