Designing Cisco Security Infrastructure v1.0

A company published software that had a security vulnerability, and an attacker used the vulnerability to steal critical information from the environment. The issue was reported by the security team, and the administrator was instructed to run shift-left security tests before publishing the software. Which component of the software development pipeline must be recommended to run the tests?

Refer to the exhibit. A software developer noticed that the application source code had been found on the internet. To avoid such an incident from happening again, the developer applied a DLP policy to prevent from uploading source code into generative AI tool like ChatGPT. When testing the policy, the developer noticed that it is still possible for the source code to be uploaded. Which action must the developer take to prevent this issue?

A developer is building new API functions for a cloud-based application. Before writing the code, the developer wants to ensure that destructive actions, including deleting and updating data, are properly protected by access control identifying sensitive fields such as those that contain passwords or personally identifiable information. Which approach must be used to score the risks proactively?

A retail company is facing a series of cyberattacks targeting the web servers, which results in disruptions to the online services. Upon investigation, the security team identified that these attacks involved invalid HTTP request headers, which were used to exploit vulnerabilities in the web application. To safeguard the company websites against similar threats in the future, the security team must deploy a security solution specifically designed to detect and block such malicious web traffic. Which security product must be used to protect the websites from similar attacks?

A developer company recently implemented a testing environment based on Linux operating system. The company needs a technology solution that produces tracing and filtering capabilities in the Linux kernel. Which technology meets these requirements without modifying the kernel source code?

In preparation for an upcoming security audit, a metal production company decided to enhance the security of container-based services running in a Kubernetes environment. The company wants to ensure that all communications between applications and services are encrypted. The administrator plans to implement mTLS service between application and services to secure the data exchanges. Given the need to manage encryption at scale and maintain efficient communication across the cluster, which network transport technology must be employed?

An IT company operates an application in a SaaS model. The administrative tasks, such as customer onboarding, within the application must be restricted to users who are on the corporate network where admins can access those functions via a web browser or a smartphone application. Which application technology must be used to provide granular control based on function?

A global energy company moved a monolithic application from the data center to public cloud. Over time, the company added many capabilities to the application, and it is now difficult for the application team to scale it. The application owner decided to modernize the application by moving to a Kubernetes cluster. However, he wants to ensure that the new application architecture provides a container network interface that is scalable, offers options for cloud-native security, and helps with visibility and observability. Which solution must be used to accomplish the task?

An employee of a pharmaceutical company accidentally checked in code that contains AWS secret keys to a public GitHub repository, which exposes production resources to attackers. Which mitigation strategy must a security engineer recommend to prevent future reoccurrence?

A company hosted multiple applications in the Kubernetes environment, using the naming app01, app02, and so on. An app01 user could access app02 data because no security measures are implemented. The administrator decided to place each application within a separate namespace and ensure that the namespaces are completely isolated and cannot communicate with each other. Which solution must be used to accomplish the task?

A software development company relies on GitHub for managing the source code and is committed to maintaining application security. The company must ensure that known software vulnerabilities are not introduced to the application. The company needs a capability within GitHub that can analyze semantic versioning and flag any software components that pose security risks. Which GitHub feature must be used?

A company recently discovered that a former employee, who left to join a competitor, continued to access and exfiltrate sensitive data over several weeks after leaving. The breach highlighted vulnerabilities in the organization’s data security and access management practices. To prevent such incidents in the future, the organization must adopt measures that detect and restrict unauthorized data access and transfer. Which mitigation strategy must be implemented to address the issue?

A global marketing firm, based in California with customers on every continent, suffered a data breach that exposed employee and customer PII. Which regulations is the company in danger of violating?

An engineering company’s Chief Financial Officer recently fall victim to a phishing scam by responding to an urgent email. The mail appeared to be from a trusted business partner, and it requested sensitive tax information. The incident led to significant financial and reputational damage. To prevent similar occurrences in the future, the security team must implement an effective mitigation strategy. Which mitigation strategy must the security team implement to prevent similar occurrences in the future?