An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:

mbedTLS: ca certificate is undefined

Which of the following is the root cause of this issue?

A. iOS devices have an empty root certificate chain by default.

B. OpenSSL is not configured to support PKCS#12 certificate files.

C. The VPN client configuration is missing the CA private key.

D. The iOS keychain imported only the client public and private keys.

A corporation discovered its internet connection is saturated with traffic originating from multiple IP addresses across the internet. A security analyst needs to find a solution to address future occurrences of this type of attack.

Which of the following would be the BEST solution to meet this goal?

A. Implementing cloud-scrubbing services

B. Upgrading the internet link

C. Deploying a web application firewall

D. Provisioning a reverse proxy

An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?

A. Properly configure a secure file transfer system to ensure file integrity.

B. Have the external parties sign non-disclosure agreements before sending any images.

C. Only share images with external parties that have worked with the firm previously.

D. Utilize watermarks in the images that are specific to each external party.

A company recently deployed a SIEM and began importing logs from a firewall, a file server, a domain controller, a web server, and a laptop. A security analyst receives a series of SIEM alerts and prepares to respond. The following is the alert information: Which of the following should the security analyst do FIRST?

A. Disable Administrator on abc-usa-fs1; the local account is compromised.

B. Shut down the abc-usa-fs1 server; a plaintext credential is being used.

C. Disable the jdoe account; it is likely compromised.

D. Shut down abc-usa-fw01; the remote access VPN vulnerability is exploited.

Over the last 90 days, many private storage services have been exposed in the cloud services environments, and the security team does not have the ability to see who is creating these instances. Shadow IT is creating data services and instances faster than the email security team can keep up with them. The Chief Information Security Officer (CISO) has asked the security lead architect to recommend solutions to this problem.

Which of the following BEST addresses the problem with the least amount of administrative effort?

A. Compile a list of firewall requests and compare them against interesting cloud services

B. Implement a CASB solution and track cloud service use cases for greater visibility

C. Implement a user-behavior analytics system to associate user events with cloud service creation events

D. Capture all logs and feed them to a SIEM. and then analyze for cloud service events.