Upon receiving new storage media drives for the department, an organization asks a software engineer
to dispose of the old drives. When considering the various methods, what processes does sanitization
involve? (Select the two best options.) - correct answer ✔✔It refers to the process of removing sensitive
information from storage media to prevent unauthorized access or data breaches.
Its process uses specialized techniques, such as data wiping, degaussing, or encryption.
An organization reviews recent audit results of monitoring solutions used to protect the company's
infrastructure and learns that detection tools are reporting a high volume of false positives. Which alert
tuning techniques can reduce the volume of false positives by either direct influence or through referral
processes? (Select the three best options.) - correct answer ✔✔Refining detection rules and muting alert
levels
Redirecting sudden alert "floods" to a dedicated group
Redirecting infrastructure-related alerts to a dedicated group
A proprietary software remains mission-critical ten years after its in-house creation. The software
requires an exception to the rules as it cannot use the latest in-use operating system (OS) version. How
can the IT department protect this mission-critical software and reduce its exposure factor? (Select the
two best options.) - correct answer ✔✔Network segmentation
Compensating controls
In a small software development company, the development team has created a critical application that
handles sensitive user data. The company's security policy mandates conducting a thorough application
, security assessment before deployment. To achieve this, the team employed a static code analysis tool,
taking advantage of its primary feature. How can the development team utilize static code analysis in the
critical application's software development process? - correct answer ✔✔To identify potential security
vulnerabilities in the application's source code
The IT team of a medium-sized business is planning to enhance network security. They want to enforce
minimum security controls and configurations across all network devices, including firewalls, routers,
and switches. What should they establish to achieve this objective? - correct answer ✔✔Network
security baselines
At a large company, the IT department manages user accounts and permissions for the organization's
various systems. The IT team employs a well-structured provisioning and de-provisioning process to
create, modify, and remove user accounts and assign permissions to minimize potential security risks.
Which statements related to user account provisioning and permission assignments are correct? (Select
the two best options.) - correct answer ✔✔Provisioning and de-provisioning of user accounts involve
creating, modifying, and removing user accounts to maintain appropriate access levels.
The principle of least privilege guides the assignment of permissions, ensuring users have only the
necessary access for their job roles.
A company initiates a merger with another company and is reviewing and combining both companies'
procedures for incident response. What plan should be formalized at the end of the business activity and
list the procedures, contracts, and resources available to responders? - correct answer ✔✔Incident
response plan
An IT auditor is responsible for ensuring compliance with best practice frameworks. The auditor
conducts a compliance scan, using the security content automation protocol (SCAP), to measure system
and configuration settings against a best practice framework. Which XML schema should the IT auditor
use to develop and audit best practice configuration checklists and rules? - correct answer ✔✔Extensible
configuration checklist description format
A hacker successfully bypasses several protections and exfiltrates sensitive data. The company
immediately begins recovery and takes steps to discover the initial problem that allowed the infiltration.
This type of investigation is commonly referred to as what? - correct answer ✔✔Root cause analysis
What type of log file is application-managed rather than through an operating system and may use Event
Viewer or syslog to write event data in a standard format? - correct answer ✔✔Application logs
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller BravelRadon. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.99. You're not tied to anything after your purchase.
