D488 Cybersecurity Architecture and Engineering
A security team has been tasked with mitigating the risk of stolen credentials after a recent
breach. The solution must isolate the use of privileged accounts. In the future, administrators
must request access to mission-critical services before they can perform their tasks. What is the
best solution?
Identity and access management (IAM)
Password policies
Privileged access management (PAM)
Password complexity - correct answer Privileged access management (PAM)
A global manufacturing company is moving its applications to the cloud. The security team has
been tasked with hardening the access controls for a corporate web application that was
recently migrated. End users should be granted access to different features based on their
locations and departments. Which access control solution should be implemented?
Kerberos
Attribute-based access control (ABAC)
Mandatory access control (MAC)
Privileged access management (PAM) - correct answer Attribute-based access control (ABAC)
A team of developers is building a new corporate web application. The security team has stated
that the application must authenticate users through two separate channels of communication.
Which type of authentication method should the developers include when building the
application?
In-band authentication
Kerberos
Challenge-Handshake Authentication Protocol (CHAP)
Out-of-band authentication - correct answer Out-of-band authentication
,An IT organization is implementing a hybrid cloud deployment. Users should be able to sign in
to all corporate resources using their email addresses as their usernames, regardless of
whether they are accessing an application on-premises or in the cloud. Which solution meets
this requirement?
Single sign-on (SSO)
JSON Web Token (JWT)
Trusted Platform Module (TPM)
Internet Protocol Security (IPsec) - correct answer Single sign-on (SSO)
The security team has been tasked with implementing a secure authorization protocol for its
web applications. Which of the following protocols provides the best method for securely
authenticating users and granting access?
Simple network management protocol (SNMP)
Open Authentication (OAuth)
Extensible Authentication Protocol (EAP)
Secure Sockets Layer (SSL) - correct answer Open Authentication (OAuth)
The security team recently enabled public access to a web application hosted on a server inside
the corporate network. The developers of the application report that the server has received
several structured query language (SQL) injection attacks in the past several days. The team
needs to deploy a solution that will block the SQL injection attacks. Which solution fulfills these
requirements?
Virtual private network (VPN)
Security information and event management (SIEM)
Web application firewall (WAF)
Secure Socket Shell (SSH) - correct answer Web application firewall (WAF)
An IT security team has been notified that external contractors are using their personal laptops
to gain access to the corporate network. The team needs to recommend a solution that will
prevent unapproved devices from accessing the network. Which solution fulfills these
requirements?
, Implementing port security
Implementing a demilitarized zone (DMZ)
Installing a hardware security module
Deploying a software firewall - correct answer Implementing port security
The chief technology officer for a small publishing company has been tasked with improving the
company's security posture. As part of a network upgrade, the company has decided to
implement intrusion detection, spam filtering, content filtering, and antivirus controls. The
project needs to be completed using the least amount of infrastructure while meeting all
requirements. Which solution fulfills these requirements?
Deploying an anti-spam gateway
Deploying a proxy server
Deploying a web application firewall (WAF)
Deploying a unified threat management (UTM) appliance - correct answer Deploying a unified
threat management (UTM) appliance
The security team plans to deploy an intrusion detection system (IDS) solution to alert
engineers about inbound threats. The team already has a database of signatures that they want
the IDS solution to validate. Which detection technique meets the requirements?
Intrusion detection
Signature-based detection
Deep packet inspection
Intrusion prevention - correct answer Signature-based detection
An IT organization recently suffered a data leak incident. Management has asked the security
team to implement a print blocking mechanism for all documents stored on a corporate file
share. Which solution fulfills these requirements?
Virtual desktop infrastructure (VDI)
Remote Desktop Protocol (RDP)
A security team has been tasked with mitigating the risk of stolen credentials after a recent
breach. The solution must isolate the use of privileged accounts. In the future, administrators
must request access to mission-critical services before they can perform their tasks. What is the
best solution?
Identity and access management (IAM)
Password policies
Privileged access management (PAM)
Password complexity - correct answer Privileged access management (PAM)
A global manufacturing company is moving its applications to the cloud. The security team has
been tasked with hardening the access controls for a corporate web application that was
recently migrated. End users should be granted access to different features based on their
locations and departments. Which access control solution should be implemented?
Kerberos
Attribute-based access control (ABAC)
Mandatory access control (MAC)
Privileged access management (PAM) - correct answer Attribute-based access control (ABAC)
A team of developers is building a new corporate web application. The security team has stated
that the application must authenticate users through two separate channels of communication.
Which type of authentication method should the developers include when building the
application?
In-band authentication
Kerberos
Challenge-Handshake Authentication Protocol (CHAP)
Out-of-band authentication - correct answer Out-of-band authentication
,An IT organization is implementing a hybrid cloud deployment. Users should be able to sign in
to all corporate resources using their email addresses as their usernames, regardless of
whether they are accessing an application on-premises or in the cloud. Which solution meets
this requirement?
Single sign-on (SSO)
JSON Web Token (JWT)
Trusted Platform Module (TPM)
Internet Protocol Security (IPsec) - correct answer Single sign-on (SSO)
The security team has been tasked with implementing a secure authorization protocol for its
web applications. Which of the following protocols provides the best method for securely
authenticating users and granting access?
Simple network management protocol (SNMP)
Open Authentication (OAuth)
Extensible Authentication Protocol (EAP)
Secure Sockets Layer (SSL) - correct answer Open Authentication (OAuth)
The security team recently enabled public access to a web application hosted on a server inside
the corporate network. The developers of the application report that the server has received
several structured query language (SQL) injection attacks in the past several days. The team
needs to deploy a solution that will block the SQL injection attacks. Which solution fulfills these
requirements?
Virtual private network (VPN)
Security information and event management (SIEM)
Web application firewall (WAF)
Secure Socket Shell (SSH) - correct answer Web application firewall (WAF)
An IT security team has been notified that external contractors are using their personal laptops
to gain access to the corporate network. The team needs to recommend a solution that will
prevent unapproved devices from accessing the network. Which solution fulfills these
requirements?
, Implementing port security
Implementing a demilitarized zone (DMZ)
Installing a hardware security module
Deploying a software firewall - correct answer Implementing port security
The chief technology officer for a small publishing company has been tasked with improving the
company's security posture. As part of a network upgrade, the company has decided to
implement intrusion detection, spam filtering, content filtering, and antivirus controls. The
project needs to be completed using the least amount of infrastructure while meeting all
requirements. Which solution fulfills these requirements?
Deploying an anti-spam gateway
Deploying a proxy server
Deploying a web application firewall (WAF)
Deploying a unified threat management (UTM) appliance - correct answer Deploying a unified
threat management (UTM) appliance
The security team plans to deploy an intrusion detection system (IDS) solution to alert
engineers about inbound threats. The team already has a database of signatures that they want
the IDS solution to validate. Which detection technique meets the requirements?
Intrusion detection
Signature-based detection
Deep packet inspection
Intrusion prevention - correct answer Signature-based detection
An IT organization recently suffered a data leak incident. Management has asked the security
team to implement a print blocking mechanism for all documents stored on a corporate file
share. Which solution fulfills these requirements?
Virtual desktop infrastructure (VDI)
Remote Desktop Protocol (RDP)
