An enterprise is moving to a hybrid cloud model and wants to centralize user authentication across on-premises systems and multiple SaaS providers. The solution must support single sign-on (SSO), enforce multi-factor authentication (MFA), and minimize administrative overhead for provisioning and deprovisioning accounts. Which of the following approaches BEST meets these requirements? A. Deploying Kerberos across all environments, including the SaaS providers B. Implementing a Security Assertion Markup Language (SAML)–based federation with an identity provider C. Using RADIUS servers for all authentication requests to centralize credential management D. Requiring each SaaS provider to integrate directly with the corporate LDAP directory

You are designing a system for a law firm that represents multiple competing corporations. The system must: - Prevent lawyers from accessing case files of competing clients - Ensure paralegals can enter data but only senior attorneys can approve filings - Maintain confidentiality of client records Which combination of models is most relevant here? A. Bell–LaPadula and Biba B. Clark–Wilson and Brewer–Nash C. Bell–LaPadula and Clark–Wilson D. Brewer–Nash and Biba

A development team is adopting a secure software development lifecycle (SDLC). The security manager wants to ensure that vulnerabilities are identified before code is executed, but also wants to minimize cost and disruption to developers. Which of the following activities BEST meets this requirement? A. Static application security testing (SAST) B. Dynamic application security testing (DAST) C. Fuzz testing D. Penetration testing

A big thank you to May Brooks-Kempler for sharing her expertise in today’s Masterclass, and to everyone in our community who joined and made it a success. We’re glad we could bring you this opportunity to learn directly from one of the best. Stay tuned for more exciting collaborations with May! 🙏 Please join us in thanking May in the comments. Let us know your biggest takeaway from the session.

During a security investigation, the incident response team discovers that an attacker has gained persistent access to a critical application server. The attacker appears to be moving laterally inside the network, but the system also supports customer transactions in real time. What is the MOST important action for the incident response team to take FIRST? A. Contain the compromised server to prevent further lateral movement while maintaining business continuity. B. Notify senior management and legal counsel to prepare for potential disclosure obligations. C. Shut down the compromised server immediately to stop the attacker from exfiltrating additional data. D. Begin collecting forensic images of the server for evidence preservation.