Due to a security breach initiated from South America, the Chief Security Officer (CSO) instructed a team to design and implement an appropriate security control to prevent such an attack from reoccurring. The company has sales and consulting teams across the United States that need access to company resources. The security manager implemented a location-based authentication to prevent non-US-based access to the company networks. Three months later, the same incident reoccurred with an attack originating from a country in Asia. Which of the following security design defects could be the cause?

The Chief Information Security Officer (CISO) has asked the security staff to identify a framework on which
to base the security program. The CISO would like to achieve a certification showing the security program
meets all required best practices. Which of the following would be the BEST choice?

After scanning the main company's website with the OWASP ZAP tool, a cybersecurity analyst is reviewing
the following warning:

The analyst reviews a snippet of the offending code:

Which of the following is the BEST course of action based on the above warning and code snippet?

A security analyst is conducting traffic analysis and observes an HTTP POST to the company's main web server. The POST header is approximately 1000 bytes in length. During transmission, one byte is delivered every ten seconds. Which of the following attacks is the traffic indicative of?

As part of an internal banking project, a developer configured a new SSO solution between the company's native application, API gateway, and identity provider. All the traffic has been configured to be encrypted at rest and in transit. During a security review of the solution the developer highlights the requirements around long-lived sessions to support the digital experience. A security analyst is reviewing the solution. Which of the following controls should the analyst recommend to the developer ? (Select TWO.)