<< Prev Question Next Question >>

Question 46/173

While attending a meeting with the human resources department, an organization's information security officer sees an employee using a username and password written on a memo pad to log into a specific service.
When the information security officer inquires further as to why passwords are being written down, the response is that there are too many passwords to remember for all the different services the human resources department is required to use.
Additionally, each password has specific complexity requirements and different expiration time frames. Which of the following would be the BEST solution for the information security officer to recommend?

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (173q)
Question 1: The audit team was only provided the physical and logical ad...
Question 2: A network printer needs Internet access to function. Corpora...
Question 3: A security analyst has been assigned incident response dutie...
Question 4: Designing a system in which only information that is essenti...
Question 5: A project manager is working with a software development gro...
Question 6: A corporate forensic investigator has been asked to acquire ...
Question 7: In the past, the risk committee at Company A has shown an av...
Question 8: A company's security policy states any remote connections mu...
Question 9: Ann, a terminated employee, left personal photos on a compan...
Question 10: A company is not familiar with the risks associated with IPv...
Question 11: An organization is facing budget constraints The Chief Techn...
Question 12: A security engineer is making certain URLs from an internal ...
Question 13: The risk subcommittee of a corporate board typically maintai...
Question 14: While conducting a BIA for a proposed acquisition, the IT in...
Question 15: While the code is still in the development environment, a se...
Question 16: Following a merger, the number of remote sites for a company...
Question 17: A company recently implemented a new cloud storage solution ...
Question 18: An organization is currently working with a client to migrat...
Question 19: A security engineer is employed by a hospital that was recen...
Question 20: A penetration testing manager is contributing to an RFP for ...
Question 21: Joe an application security engineer is performing an audit ...
Question 22: A company makes consumer health devices and needs to maintai...
Question 23: A software company is releasing a new mobile application to ...
Question 24: A consultant is hired to perform a passive vulnerability ass...
Question 25: Following the merger of two large companies the newly combin...
Question 26: Following a recent data breach, a company has hired a new Ch...
Question 27: Given the following output from a local PC: (Exhibit) Which ...
Question 28: A security administrator is hardening a TrustedSolaris serve...
Question 29: A security analyst works for a defense contractor that produ...
Question 30: An organization is improving its web services to enable bett...
Question 31: Which of the following attacks can be used to exploit a vuln...
Question 32: A Chief Information Security Officer (CISO) is developing a ...
Question 33: A Chief Information Security Officer (CISO) of a large finan...
Question 34: A creative services firm has a limited security budget and s...
Question 35: A legacy web application, which is being used by a hospital,...
Question 36: An external red team is brought into an organization to perf...
Question 37: A large company with a very complex IT environment is consid...
Question 38: An incident responder wants to capture volatile memory compr...
Question 39: A security consultant is attempting to discover if the compa...
Question 40: An architect was recently hired by a power utility to increa...
Question 41: Security policies that are in place at an organization prohi...
Question 42: A company recently migrated to a SaaS-based email solution. ...
Question 43: The board of a financial services company has requested that...
Question 44: Users have been reporting unusual automated phone calls, inc...
Question 45: To prepare for an upcoming audit, the Chief Information Secu...
Question 46: While attending a meeting with the human resources departmen...
Question 47: A cybersecurity analyst has received an alert that well-know...
Question 48: A vendor develops a mobile application for global customers....
Question 49: A recent assessment identified that several users' mobile de...
Question 50: A security engineer is performing an assessment again for a ...
Question 51: A network engineer is attempting to design-in resiliency cha...
Question 52: A manufacturing company recently recovered from an attack on...
Question 53: An e-commerce company that provides payment gateways is conc...
Question 54: A Chief Information Security Officer (CISO) needs to create ...
Question 55: A company's human resources department recently had its own ...
Question 56: A Chief Information Security Officer (CISO) is reviewing the...
Question 57: A security analyst is reviewing the corporate MDM settings a...
Question 58: A security engineer wants to introduce key stretching techni...
Question 59: A systems administrator at a medical imaging company discove...
Question 60: When reviewing KRIs of the email security appliance with the...
Question 61: The Chief Information Officer (CIO) has been asked to develo...
Question 62: Ann, a member of the finance department at a large corporati...
Question 63: Company.org has requested a black-box security assessment be...
Question 64: A security engineer is working to secure an organization's V...
Question 65: A security analyst, who is working in a Windows environment,...
Question 66: A recent penetration test identified that a web server has a...
Question 67: A business is growing and starting to branch out into other ...
Question 68: After embracing a BYOD policy, a company is faced with new s...
Question 69: A security analyst sees some suspicious entries in a log fil...
Question 70: A company that has been breached multiple times is looking t...
Question 71: Following a complete outage of the electronic medical record...
Question 72: An infrastructure team within an energy organization is at t...
Question 73: A company is the victim of a phishing and spear-phishing cam...
Question 74: A security analyst has requested network engineers integrate...
Question 75: A security analyst for a bank received an anonymous tip on t...
Question 76: A Chief Security Officer (CSO) is reviewing the organization...
Question 77: Following the most recent patch deployment, a security engin...
Question 78: A newly hired systems administrator is trying to connect a n...
Question 79: A technician receives the following security alert from the ...
Question 80: An administrator is working with management to develop polic...
Question 81: An organization is integrating an ICS and wants to ensure th...
Question 82: An organization is reviewing endpoint security solutions. In...
Question 83: An organization's network security administrator has been us...
Question 84: An internal penetration tester was assessing a recruiting pa...
Question 85: As part of incident response, a technician is taking an imag...
Question 86: A breach was caused by an insider threat in which customer P...
Question 87: During a security assessment, activities were divided into t...
Question 88: During a sprint, developers are responsible for ensuring the...
Question 89: An organization wants to arm its cybersecurity defensive sui...
Question 90: The Chief Information Security Officer (CISO) of a company t...
Question 91: Which of the following is the GREATEST security concern with...
Question 92: An analyst is investigating behavior on a corporate-owned, c...
Question 93: An analyst has noticed unusual activities in the SIEM to a ....
Question 94: A recent CRM upgrade at a branch office was completed after ...
Question 95: A new security policy states all wireless and wired authenti...
Question 96: At a meeting, the systems administrator states the security ...
Question 97: A financial consulting firm recently recovered from some dam...
Question 98: Which of the following may indicate a configuration item has...
Question 99: A company wants to secure a newly developed application that...
Question 100: After several industry comnpetitors suffered data loss as a ...
Question 101: A company wants to configure its wireless network to require...
Question 102: A systems administrator has installed a disk wiping utility ...
Question 103: A financial institution's information security officer is wo...
Question 104: A security manager is determining the best DLP solution for ...
Question 105: Given the following code snippet: (Exhibit) Which of the fol...
Question 106: An internal application has been developed to increase the e...
Question 107: An employee decides to log into an authorized system. The sy...
Question 108: A company wants to extend its help desk availability beyond ...
Question 109: A penetration tester is conducting an assessment on Comptia....
Question 110: A Chief Information Security Officer (CISO) is running a tes...
Question 111: A newly hired Chief Information Security Officer (CISO) is r...
Question 112: An engineer is evaluating the control profile to assign to a...
Question 113: A database administrator is required to adhere to and implem...
Question 114: The Chief Financial Officer (CFO) of an organization wants t...
Question 115: Compliance with company policy requires a quarterly review o...
Question 116: A vulnerability scan with the latest definitions was perform...
Question 117: A Chief Information Security Officer (CISO) is working with ...
Question 118: Two competing companies experienced similar attacks on their...
Question 119: A company recently experienced a period of rapid growth, and...
Question 120: A forensic analyst suspects that a buffer overflow exists in...
Question 121: A PaaS provider deployed a new product using a DevOps method...
Question 122: A company uses an application in its warehouse that works wi...
Question 123: A cybersecurity analyst is conducting packet analysis on the...
Question 124: The finance department has started to use a new payment syst...
Question 125: After the departure of a developer under unpleasant circumst...
Question 126: The Chief Information Officer (CIO) wants to increase securi...
Question 127: An organization is evaluating options related to moving orga...
Question 128: The security configuration management policy states that all...
Question 129: The Chief Executive Officer (CEO) of a fast-growing company ...
Question 130: A security administrator wants to implement two-factor authe...
Question 131: A security analyst is reviewing the following pseudo-output ...
Question 132: A company monitors the performance of all web servers using ...
Question 133: Click on the exhibit buttons to view the four messages. (Exh...
Question 134: An organization is implementing a virtualized thin-client so...
Question 135: An SQL database is no longer accessible online due to a rece...
Question 136: A pharmacy gives its clients online access to their records ...
Question 137: During an audit, it was determined from a sample that four o...
Question 138: After the departure of a developer under unpleasant circumst...
Question 139: Engineers at a company believe a certain type of data should...
Question 140: A smart switch has the ability to monitor electrical levels ...
Question 141: A systems administrator receives an advisory email that a re...
Question 142: A large enterprise with thousands of users is experiencing a...
Question 143: Staff members are reporting an unusual number of device thef...
Question 144: Given the following output from a security tool in Kali: (Ex...
Question 145: An engineer needs to provide access to company resources for...
Question 146: A company is transitioning to a new VDI environment, and a s...
Question 147: A software development company lost customers recently becau...
Question 148: An organization is considering the use of a thin client arch...
Question 149: An information security manager is concerned that connectivi...
Question 150: A global company has decided to implement a cross-platform b...
Question 151: A researcher is working to identify what appears to be a new...
Question 152: A project manager is working with a software development gro...
Question 153: A red team is able to connect a laptop with penetration test...
Question 154: An investigation showed a worm was introduced from an engine...
Question 155: A company is migrating systems from an on-premises facility ...
Question 156: Management is reviewing the results of a recent risk assessm...
Question 157: A Chief Information Security Officer (CISO) recently changed...
Question 158: As a result of an acquisition, a new development team is bei...
Question 159: A company is purchasing an application that will be used to ...
Question 160: A security engineer is attempting to convey the importance o...
Question 161: An organization based in the United States is planning to ex...
Question 162: A core router was manipulated by a credentialed bypass to se...
Question 163: A security engineer is designing a system in which offshore,...
Question 164: An organization is moving internal core data-processing func...
Question 165: A SaaS-based email service provider often receives reports f...
1 commentQuestion 166: A security administrator is investigating an incident involv...
Question 167: A security administrator is updating a company's SCADA authe...
Question 168: A security engineer is working with a software development t...
Question 169: During a security assessment, an organization is advised of ...
Question 170: A Chief Information Securiy Officer (CISO) is reviewing tech...
Question 171: A systems administrator recently joined an organization and ...
Question 172: A government contracting company issues smartphones to emplo...
Question 173: A security engineer has been hired to design a device that w...