1. Peter is a cybersecurity analyst who was just tasked by his management to figure out how to consolidate authentication and other security services for the many different cloud offerings to which his company subscribes. The company uses multiple cloud service providers and various services, including Software as a Service (SaaS) and Infrastructure as a Service (IaaS). Which of the following is the best solution for Peter to explore?

2. You are attempting to lock down a computer system as much as possible to prevent its compromise. You would like to ensure that it can only boot to trusted media, so a potentially malicious person with physical access to the machine will not be able to start the machine with compromised media. Which of the following options should you make sure is set in the machine's firmware?

3. You are attempting to secure legacy systems that cannot be replaced at the present time. External governance requires that you must implement a hardware-based system to generate and store cryptographic keys, but these older machines have no such built-in capability. Which of the following would satisfy these requirements?

4. On which of the following platforms are you more likely to see software implemented as firmware on a component that includes a processor, system RAM, and other critical components miniaturized into a single integrated circuit?

5. Juanita needs to test several functions of a specially developed operating system, so she turns off the secure boot option in her test machine's UEFI configuration. She wants to ensure, however, that when the system boots to the alternate OS, it boots using a known-good boot image. Which of the following processes validates that the hashes collected during boot time match the hashes she has already collected and stored from the known-good alternate boot image?

6. The development team at your company is ready to test a new application. It has been user-tested and subjected to stringent code review, static analysis, and dynamic analysis. It passes all tests and has been approved to be implemented. However, when the software is implemented, other applications cannot communicate securely with it, and sometimes it fails to negotiate a secure encryption method, instead falling back to an older insecure method. Which of the following types of tests would have discovered this issue?

7. Charles is a cybersecurity analyst in a small company that was recently acquired by a much larger corporation. In their efforts to consolidate services and incorporate the smaller organization's network into the larger corporate network, the larger company has directed that users in Charles' company use a new authentication method. This authentication method uses a third party to authenticate all corporate users to not only internal resources and sites, but also to those of its business partners and subsidiaries. This type of identity and authentication management technology can best be described as which of the following?

8. Taylor is learning about software assurance in her cybersecurity college course. She is trying to explain service-oriented architecture to a fellow student. Which of the following best describes service-oriented architecture?

9. Charisse is an experienced cybersecurity analyst whose company must now suddenly provision large numbers of remote access accounts for teleworkers due to the COVID-19 pandemic. Her company is largely unprepared for the numbers of talkers who will require remote access. She has set up three VPN concentrators that use L2TP and IPSec as their protocols, but they will not support the large numbers of users who require VPN access. Which of the following is a temporary solution Charisse can use to enable VPN access for her users, with minimal resources or client configuration?

10. During security testing for a new application, cybersecurity analysts have been able to create SQL injection attacks against the web-based application and its underlying database. You need to recommend secure coding practices for the developers to implement to prevent this type of attack. Which of the following two secure coding practices should you recommend?

11. Juan is an experienced cybersecurity analyst who is trying to explain how secure processing works to another analyst. Which of the following statements regarding secure processing is true?

12. Evan is studying cybersecurity at his local community college. His professor asks him to write a short paper describing network segmentation. How should Evan explain virtual segmentation?

13. Tia is developing an encryption policy for her organization. Company management wants to use encryption for sensitive data when in storage and when transmitted outside of the organization. Tia's managers also want to implement the use of secure e-mail as well as digital signatures to sign sensitive documents. In addition to the appropriate policies and procedures, Tia must also set up a PKI in the organization. Which of the following should Tia include in the policy to enforce the use of only organizationally approved encryption methods and keys?