A security engineer is attempting to increase the randomness of numbers used in key
generation in a system. The goal of the effort is to strengthen the keys against predictive
Which of the following is the BEST solution?
A. Use an entropy-as-a-service vendor to leverage larger entropy pools.
B. Loop multiple pseudo-random number generators in a series to produce larger numbers.
C. Increase key length by two orders of magnitude to detect brute forcing.
D. Shift key generation algorithms to ECC algorithms.
A security engineer is attempting to convey the importance of including job rotation in a
company's standard security policies. Which of the following would be the BEST justification?
A. Making employees rotate through jobs ensures succession plans can be implemented and
prevents single point of failure.
B. Forcing different people to perform the same job minimizes the amount of time malicious
actions go undetected by forcing malicious actors to attempt collusion between two or more
C. Administrators and engineers who perform multiple job functions throughout the day benefit
from being cross-trained in new job areas.
D. It eliminates the need to share administrative account passwords because employees gain
administrative rights as they rotate into a new job area.
A company is transitioning to a new VDI environment, and a system engineer is responsible for
developing a sustainable security strategy for the VDIs. Which of the following is the MOST
appropriate order of steps to be taken?
A. Firmware update, OS patching, HIDS, antivirus, baseline, monitoring agent
B. OS patching, baseline, HIDS, antivirus, monitoring agent, firmware update
C. Firmware update, OS patching, HIDS, antivirus, monitoring agent, baseline
D. Baseline, antivirus, OS patching, monitoring agent, HIDS, firmware update
The Chief Information Officer (CIO) has been asked to develop a security dashboard with the
relevant metrics. The board of directors wil use the dashboard to monitor and track the overall
security posture of the organization. The CIO produces a basic report containing both KPI and
KRI data in two separate sections for the board to review.
Which of the following BEST meets the needs of the board?