A security analyst is investigating incidents in which attackers are able to access sensitive data from a corporate application's database. The attacks occur periodically and usually
after the release of a new application's version. The following log confirms the compromise:
The following actions are made after every incident occurrence:
• Validation of firewall rules
• Scripted rebuild of the database and web instances
• Application deployment from a cloud code repository
Which of the following actions will MOST likely prevent future compromises?
A company wants to utilize its private cloud for a new application. The private cloud resources can meet 75% of the application's resource requirements. Which of the following
scaling techniques can the cloud administrator implement to accommodate 100% of the application's requirements?
A security team is conducting an audit of the security group configurations for the Linux servers that are hosted in a public laaS. The team identifies the following rule as a potential
A cloud administrator, who is working remotely, logs in to the cloud management console and modifies the rule to set the source to "My IR" Shortly after deploying the rule, an internal developer receives the following error message when attempting to log in to the server using SSH: Network error: connection timed out. However, the administrator is able to connect successfully to the same server using SSH. Which of the following is the BEST option for both the developer and the administrator to access the
server from their locations?
A systems administrator needs to modify the replication factors of an automated application container from 3 to 5. Which of the following file types should the systems administrator modify on the master controller?
During a security incident, an laaS compute instance is detected to send traffic to a host related to cryptocurrency mining. The security analyst handling the incident determines the scope of the incident is limited to that particular instance. Which of the following should the security analyst do NEXT?
A company is using an laaS environment. Which of the following licensing models would BEST suit the organization from a financial perspective to implement scaling?
An organization is hosting its dedicated email infrastructure with unlimited mailbox creation capability. The management team would like to migrate to a SaaS-based solution. Which of the following must be considered before the migration?
A financial industry services firm was the victim of an internal data breach, and the perpetrator was a member of the company's development team. During the investigation, one of the security administrators accidentally deleted the perpetrator's user data. Even though the data is recoverable, which of the following has been violated?