ECS4863 EXAM EXAM with Questions and
Answers/Plus a Rationale Updated 2026
A+/Instant Download PDF
Table of Contents
1. Software Development Life Cycle and Security Integration
2. Cloud Infrastructure Vulnerability Assessment
3. Cryptographic Implementation and Key Management
4. Incident Response and Threat Mitigation
5. Regulatory Compliance and Security Governance
1. An organization is deploying a multi-tier application to a public cloud provider. During the
design phase, the security architect identifies that the application handles sensitive customer data.
Which of the following strategies best implements the "Defense in Depth" principle for this
architecture?
A. Implementing a Web Application Firewall (WAF) at the edge and relying on cloud-native
identity management for internal resource access.
B. Deploying a WAF at the edge, utilizing private subnets for application/database tiers,
and implementing strictly defined Security Groups/NACLs between all layers.
C. Relying on the cloud provider's shared responsibility model to secure the infrastructure, while
focusing internal efforts on application-level encryption.
D. Configuring public access for the application tier to facilitate load balancing, while
maintaining an isolated database tier.
Answer: B
, Rationale: Option B adheres to the defense-in-depth strategy by layering controls: a WAF filters
edge traffic, private subnets isolate non-public tiers, and granular firewall rules (Security
Groups/NACLs) restrict traffic to the minimum necessary. Option A is insufficient as it ignores
network-level segmentation between tiers. Option C is a dangerous assumption that ignores the
customer's responsibility for securing their own workload. Option D introduces unnecessary risk
by exposing the application tier to the public.
CORRECT ANSWER : B
2. A developer discovers that an application is vulnerable to SQL injection due to dynamic query
construction. To remediate this while maintaining performance, which approach should the team
prioritize?
A. Implementing server-side input validation using a strict allow-list of characters to sanitize all
incoming request parameters.
B. Utilizing stored procedures for all database interactions to automatically enforce type
checking and prevent direct query execution.
C. Refactoring the application code to utilize parameterized queries (prepared statements)
for all database access operations.
D. Deploying a runtime application self-protection (RASP) tool to detect and block SQL
injection attempts in real-time.
Answer: C
Rationale: Parameterized queries (Option C) are the industry-standard defense against SQL
injection because they treat user input as data rather than executable code. Option A is error-
prone and difficult to maintain. Option B provides some protection but can still be vulnerable if
stored procedures are poorly written. Option D is a secondary, detective control, whereas
parameterized queries provide a primary, preventive solution.
CORRECT ANSWER : C
3. During a cloud security audit, it is found that administrative access keys for a production
environment are stored in plaintext within a configuration file on a build server. What is the most
effective way to remediate this while supporting automated CI/CD pipelines?
A. Encrypting the configuration file using AES-256 and storing the key in the same build
server's local file system.
B. Utilizing a centralized Secrets Management Service (e.g., HashiCorp Vault or AWS
Secrets Manager) to dynamically inject credentials into the application at runtime.
C. Rotating the access keys every 24 hours to minimize the impact of a potential credential leak.
, D. Restricting access to the build server to only the Lead DevOps engineer, effectively creating a
"security through obscurity" model.
Answer: B
Rationale: Centralized Secrets Management (Option B) removes secrets from source code and
build artifacts, providing audit logs and automatic rotation. Option A is insecure because the key
is stored with the data it protects. Option C does not solve the root cause of credential exposure.
Option D is ineffective as it relies on administrative trust rather than structural security.
CORRECT ANSWER : B
4. An organization's incident response team is alerted to a potential exfiltration of data from an S3
bucket. Which initial step should the team prioritize to contain the incident without destroying
forensic evidence?
A. Deleting the compromised bucket to stop the data transfer immediately.
B. Modifying the bucket policy or Identity and Access Management (IAM) role to deny all
access to the bucket while keeping it active for log analysis.
C. Enabling bucket versioning to ensure that deleted files can be recovered if the attacker
attempts to wipe the data.
D. Disabling the AWS account to ensure no further actions can be taken by the unauthorized
party.
Answer: B
Rationale: Option B contains the threat while preserving the bucket for forensic analysis. Option
A destroys evidence of the intrusion. Option C is a useful feature but does not stop the ongoing
exfiltration. Option D is an excessive "nuclear" option that causes unnecessary downtime and
operational impact.
CORRECT ANSWER : B
5. Which of the following best describes the risk associated with an "Insecure Direct Object
Reference" (IDOR) vulnerability, and how is it primarily mitigated?
A. Risk: Exposure of internal memory addresses; Mitigation: Memory randomization.
B. Risk: Improper handling of XML entities; Mitigation: Disabling DTD processing.
C. Risk: Unauthorized access to resources by manipulating identifiers (e.g., user IDs);
Mitigation: Implementing robust server-side authorization checks for every object access.
, D. Risk: Cross-site scripting; Mitigation: Output encoding.
Answer: C
Rationale: IDOR occurs when an application provides direct access to objects based on user-
supplied input without verifying if the user has permission to access that specific object. Option
C correctly identifies both the risk and the necessary server-side authorization check. Options A,
B, and D describe entirely different vulnerabilities.
CORRECT ANSWER : C
6. A company is transitioning to a Zero Trust architecture. Which of the following is the most
critical requirement for verifying access to an internal service?
A. The user must be connected to the corporate VPN to access the internal network segment.
B. Continuous validation of the user's identity, device health, and situational context before
granting access to each individual resource.
C. Ensuring all internal users have multi-factor authentication (MFA) enabled at the time of
initial login to the network.
D. Using a traditional perimeter-based firewall to separate the corporate network from the
internet.
Answer: B
Rationale: Zero Trust assumes the network is compromised and requires verification for every
request (never trust, always verify). Option B describes this continuous verification. Option A
and D rely on outdated perimeter-based models. Option C is a good practice but insufficient for
Zero Trust, which requires more than just initial authentication.
CORRECT ANSWER : B
7. Which of the following scenarios represents the highest risk of "Man-in-the-Middle" (MITM)
attacks in a corporate environment?
A. Employees using encrypted company laptops on a WPA3-secured Wi-Fi network.
B. An application failing to validate the server's TLS certificate chain during an API
request to an external service.
C. A database using self-signed certificates for internal encrypted replication traffic.
D. A server requiring mutual TLS (mTLS) for all incoming client connections.
Answers/Plus a Rationale Updated 2026
A+/Instant Download PDF
Table of Contents
1. Software Development Life Cycle and Security Integration
2. Cloud Infrastructure Vulnerability Assessment
3. Cryptographic Implementation and Key Management
4. Incident Response and Threat Mitigation
5. Regulatory Compliance and Security Governance
1. An organization is deploying a multi-tier application to a public cloud provider. During the
design phase, the security architect identifies that the application handles sensitive customer data.
Which of the following strategies best implements the "Defense in Depth" principle for this
architecture?
A. Implementing a Web Application Firewall (WAF) at the edge and relying on cloud-native
identity management for internal resource access.
B. Deploying a WAF at the edge, utilizing private subnets for application/database tiers,
and implementing strictly defined Security Groups/NACLs between all layers.
C. Relying on the cloud provider's shared responsibility model to secure the infrastructure, while
focusing internal efforts on application-level encryption.
D. Configuring public access for the application tier to facilitate load balancing, while
maintaining an isolated database tier.
Answer: B
, Rationale: Option B adheres to the defense-in-depth strategy by layering controls: a WAF filters
edge traffic, private subnets isolate non-public tiers, and granular firewall rules (Security
Groups/NACLs) restrict traffic to the minimum necessary. Option A is insufficient as it ignores
network-level segmentation between tiers. Option C is a dangerous assumption that ignores the
customer's responsibility for securing their own workload. Option D introduces unnecessary risk
by exposing the application tier to the public.
CORRECT ANSWER : B
2. A developer discovers that an application is vulnerable to SQL injection due to dynamic query
construction. To remediate this while maintaining performance, which approach should the team
prioritize?
A. Implementing server-side input validation using a strict allow-list of characters to sanitize all
incoming request parameters.
B. Utilizing stored procedures for all database interactions to automatically enforce type
checking and prevent direct query execution.
C. Refactoring the application code to utilize parameterized queries (prepared statements)
for all database access operations.
D. Deploying a runtime application self-protection (RASP) tool to detect and block SQL
injection attempts in real-time.
Answer: C
Rationale: Parameterized queries (Option C) are the industry-standard defense against SQL
injection because they treat user input as data rather than executable code. Option A is error-
prone and difficult to maintain. Option B provides some protection but can still be vulnerable if
stored procedures are poorly written. Option D is a secondary, detective control, whereas
parameterized queries provide a primary, preventive solution.
CORRECT ANSWER : C
3. During a cloud security audit, it is found that administrative access keys for a production
environment are stored in plaintext within a configuration file on a build server. What is the most
effective way to remediate this while supporting automated CI/CD pipelines?
A. Encrypting the configuration file using AES-256 and storing the key in the same build
server's local file system.
B. Utilizing a centralized Secrets Management Service (e.g., HashiCorp Vault or AWS
Secrets Manager) to dynamically inject credentials into the application at runtime.
C. Rotating the access keys every 24 hours to minimize the impact of a potential credential leak.
, D. Restricting access to the build server to only the Lead DevOps engineer, effectively creating a
"security through obscurity" model.
Answer: B
Rationale: Centralized Secrets Management (Option B) removes secrets from source code and
build artifacts, providing audit logs and automatic rotation. Option A is insecure because the key
is stored with the data it protects. Option C does not solve the root cause of credential exposure.
Option D is ineffective as it relies on administrative trust rather than structural security.
CORRECT ANSWER : B
4. An organization's incident response team is alerted to a potential exfiltration of data from an S3
bucket. Which initial step should the team prioritize to contain the incident without destroying
forensic evidence?
A. Deleting the compromised bucket to stop the data transfer immediately.
B. Modifying the bucket policy or Identity and Access Management (IAM) role to deny all
access to the bucket while keeping it active for log analysis.
C. Enabling bucket versioning to ensure that deleted files can be recovered if the attacker
attempts to wipe the data.
D. Disabling the AWS account to ensure no further actions can be taken by the unauthorized
party.
Answer: B
Rationale: Option B contains the threat while preserving the bucket for forensic analysis. Option
A destroys evidence of the intrusion. Option C is a useful feature but does not stop the ongoing
exfiltration. Option D is an excessive "nuclear" option that causes unnecessary downtime and
operational impact.
CORRECT ANSWER : B
5. Which of the following best describes the risk associated with an "Insecure Direct Object
Reference" (IDOR) vulnerability, and how is it primarily mitigated?
A. Risk: Exposure of internal memory addresses; Mitigation: Memory randomization.
B. Risk: Improper handling of XML entities; Mitigation: Disabling DTD processing.
C. Risk: Unauthorized access to resources by manipulating identifiers (e.g., user IDs);
Mitigation: Implementing robust server-side authorization checks for every object access.
, D. Risk: Cross-site scripting; Mitigation: Output encoding.
Answer: C
Rationale: IDOR occurs when an application provides direct access to objects based on user-
supplied input without verifying if the user has permission to access that specific object. Option
C correctly identifies both the risk and the necessary server-side authorization check. Options A,
B, and D describe entirely different vulnerabilities.
CORRECT ANSWER : C
6. A company is transitioning to a Zero Trust architecture. Which of the following is the most
critical requirement for verifying access to an internal service?
A. The user must be connected to the corporate VPN to access the internal network segment.
B. Continuous validation of the user's identity, device health, and situational context before
granting access to each individual resource.
C. Ensuring all internal users have multi-factor authentication (MFA) enabled at the time of
initial login to the network.
D. Using a traditional perimeter-based firewall to separate the corporate network from the
internet.
Answer: B
Rationale: Zero Trust assumes the network is compromised and requires verification for every
request (never trust, always verify). Option B describes this continuous verification. Option A
and D rely on outdated perimeter-based models. Option C is a good practice but insufficient for
Zero Trust, which requires more than just initial authentication.
CORRECT ANSWER : B
7. Which of the following scenarios represents the highest risk of "Man-in-the-Middle" (MITM)
attacks in a corporate environment?
A. Employees using encrypted company laptops on a WPA3-secured Wi-Fi network.
B. An application failing to validate the server's TLS certificate chain during an API
request to an external service.
C. A database using self-signed certificates for internal encrypted replication traffic.
D. A server requiring mutual TLS (mTLS) for all incoming client connections.