Month End Sale 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ExamsBrite Dumps

CompTIA SecurityX Certification Exam Question and Answers

CompTIA SecurityX Certification Exam

Last Update Apr 28, 2025
Total Questions : 571

We are offering FREE CAS-004 CompTIA exam questions. All you do is to just go and sign up. Give your details, prepare CAS-004 free exam questions and then go for complete pool of CompTIA SecurityX Certification Exam test questions that will help you more.

CAS-004 pdf

CAS-004 PDF

$36.75  $104.99
CAS-004 Engine

CAS-004 Testing Engine

$43.75  $124.99
CAS-004 PDF + Engine

CAS-004 PDF + Testing Engine

$57.75  $164.99
Questions 1

A small business would like to provide guests who are using mobile devices encrypted WPA3 access without first distributing PSKs or other credentials. Which of the following features will enable the business to meet this objective?

Options:

A.  

Simultaneous Authentication of Equals

B.  

Enhanced open

C.  

Perfect forward secrecy

D.  

Extensible Authentication Protocol

Discussion 0
Questions 2

A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.

Which of the following should the security analyst perform?

Options:

A.  

Contact the security department at the business partner and alert them to the email event.

B.  

Block the IP address for the business partner at the perimeter firewall.

C.  

Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.

D.  

Configure the email gateway to automatically quarantine all messages originating from the business partner.

Discussion 0
Questions 3

A host on a company’s network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.

Which of the following steps would be best to perform FIRST?

Options:

A.  

Turn off the infected host immediately.

B.  

Run a full anti-malware scan on the infected host.

C.  

Modify the smb.conf file of the host to prevent outgoing SMB connections.

D.  

Isolate the infected host from the network by removing all network connections.

Discussion 0
Questions 4

An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

Options:

A.  

Password cracker

B.  

Port scanner

C.  

Account enumerator

D.  

Exploitation framework

Discussion 0
Questions 5

A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

Options:

A.  

Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

B.  

Required all laptops to connect to the VPN before accessing email.

C.  

Implement cloud-based content filtering with sandboxing capabilities.

D.  

Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Discussion 0
Questions 6

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

Leaked to the media via printing of the documents

Sent to a personal email address

Accessed and viewed by systems administrators

Uploaded to a file storage site

Which of the following would mitigate the department’s concerns?

Options:

A.  

Data loss detection, reverse proxy, EDR, and PGP

B.  

VDI, proxy, CASB, and DRM

C.  

Watermarking, forward proxy, DLP, and MFA

D.  

Proxy, secure VPN, endpoint encryption, and AV

Discussion 0
Questions 7

A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.

Which of the following encryption methods should the cloud security engineer select during the implementation phase?

Options:

A.  

Instance-based

B.  

Storage-based

C.  

Proxy-based

D.  

Array controller-based

Discussion 0
Questions 8

An organization is implementing a new identity and access management architecture with the following objectives:

Supporting MFA against on-premises infrastructure

Improving the user experience by integrating with SaaS applications

Applying risk-based policies based on location

Performing just-in-time provisioning

Which of the following authentication protocols should the organization implement to support these requirements?

Options:

A.  

Kerberos and TACACS

B.  

SAML and RADIUS

C.  

OAuth and OpenID

D.  

OTP and 802.1X

Discussion 0
Questions 9

A company publishes several APIs for customers and is required to use keys to segregate customer data sets.

Which of the following would be BEST to use to store customer keys?

Options:

A.  

A trusted platform module

B.  

A hardware security module

C.  

A localized key store

D.  

A public key infrastructure

Discussion 0
Questions 10

A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company’s Chief Financial Officer loses a phone multiple times a year.

Which of the following will MOST likely secure the data on the lost device?

Options:

A.  

Require a VPN to be active to access company data.

B.  

Set up different profiles based on the person’s risk.

C.  

Remotely wipe the device.

D.  

Require MFA to access company applications.

Discussion 0
Questions 11

A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.

Which of the following would be BEST for the developer to perform? (Choose two.)

Options:

A.  

Utilize code signing by a trusted third party.

B.  

Implement certificate-based authentication.

C.  

Verify MD5 hashes.

D.  

Compress the program with a password.

E.  

Encrypt with 3DES.

F.  

Make the DACL read-only.

Discussion 0
Questions 12

Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.

Based on RPO requirements, which of the following recommendations should the management team make?

Options:

A.  

Leave the current backup schedule intact and pay the ransom to decrypt the data.

B.  

Leave the current backup schedule intact and make the human resources fileshare read-only.

C.  

Increase the frequency of backups and create SIEM alerts for IOCs.

D.  

Decrease the frequency of backups and pay the ransom to decrypt the data.

Discussion 0
Questions 13

A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.

Based on the output above, from which of the following process IDs can the analyst begin an investigation?

Options:

A.  

65

B.  

77

C.  

83

D.  

87

Discussion 0
Questions 14

A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements:

https://i.postimg.cc/8P9sB3zx/image.png

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

Options:

A.  

TPM

B.  

Local secure password file

C.  

MFA

D.  

Key vault

Discussion 0
Questions 15

A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.

Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

Options:

A.  

Union filesystem overlay

B.  

Cgroups

C.  

Linux namespaces

D.  

Device mapper

Discussion 0
Questions 16

UESTION NO: 36

Which of the following is a benefit of using steganalysis techniques in forensic response?

Options:

A.  

Breaking a symmetric cipher used in secure voice communications

B.  

Determining the frequency of unique attacks against DRM-protected media

C.  

Maintaining chain of custody for acquired evidence

D.  

Identifying least significant bit encoding of data in a .wav file

Discussion 0
Questions 17

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Which of the following is MOST likely the root cause?

Options:

A.  

The client application is testing PFS.

B.  

The client application is configured to use ECDHE.

C.  

The client application is configured to use RC4.

D.  

The client application is configured to use AES-256 in GCM.

Discussion 0
Questions 18

A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.

Which of the following is the BEST solution to meet these objectives?

Options:

A.  

Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.

B.  

Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.

C.  

Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.

D.  

Implement EDR, keep users in the local administrators group, and enable user behavior analytics.

Discussion 0
Questions 19

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

Options:

A.  

The company will have access to the latest version to continue development.

B.  

The company will be able to force the third-party developer to continue support.

C.  

The company will be able to manage the third-party developer’s development process.

D.  

The company will be paid by the third-party developer to hire a new development team.

Discussion 0
Questions 20

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.

Which of the following would BEST secure the company’s CI/CD pipeline?

Options:

A.  

Utilizing a trusted secrets manager

B.  

Performing DAST on a weekly basis

C.  

Introducing the use of container orchestration

D.  

Deploying instance tagging

Discussion 0
Questions 21

An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue.

Which of the following is the MOST cost-effective solution?

Options:

A.  

Move the server to a cloud provider.

B.  

Change the operating system.

C.  

Buy a new server and create an active-active cluster.

D.  

Upgrade the server with a new one.

Discussion 0
Questions 22

A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.

Which of the following would provide the BEST boot loader protection?

Options:

A.  

TPM

B.  

HSM

C.  

PKI

D.  

UEFI/BIOS

Discussion 0
Questions 23

A company is preparing to deploy a global service.

Which of the following must the company do to ensure GDPR compliance? (Choose two.)

Options:

A.  

Inform users regarding what data is stored.

B.  

Provide opt-in/out for marketing messages.

C.  

Provide data deletion capabilities.

D.  

Provide optional data encryption.

E.  

Grant data access to third parties.

F.  

Provide alternative authentication techniques.

Discussion 0
Questions 24

A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.

Which of the following actions would BEST address the potential risks by the activity in the logs?

Options:

A.  

Alerting the misconfigured service account password

B.  

Modifying the AllowUsers configuration directive

C.  

Restricting external port 22 access

D.  

Implementing host-key preferences

Discussion 0
Questions 25

Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.

Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?

Options:

A.  

Implement rate limiting on the API.

B.  

Implement geoblocking on the WAF.

C.  

Implement OAuth 2.0 on the API.

D.  

Implement input validation on the API.

Discussion 0
Questions 26

Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?

Options:

A.  

Importing the availability of messages

B.  

Ensuring non-repudiation of messages

C.  

Enforcing protocol conformance for messages

D.  

Assuring the integrity of messages

Discussion 0
Questions 27

A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.

After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?

Options:

A.  

Protecting

B.  

Permissive

C.  

Enforcing

D.  

Mandatory

Discussion 0
Questions 28

A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer’s laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.

Which of the following solutions should the security architect recommend?

Options:

A.  

Replace the current antivirus with an EDR solution.

B.  

Remove the web proxy and install a UTM appliance.

C.  

Implement a deny list feature on the endpoints.

D.  

Add a firewall module on the current antivirus solution.

Discussion 0
Questions 29

A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.

Which of the following sources could the architect consult to address this security concern?

Options:

A.  

SDLC

B.  

OVAL

C.  

IEEE

D.  

OWASP

Discussion 0
Questions 30

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.

Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

Options:

A.  

Execute never

B.  

No-execute

C.  

Total memory encryption

D.  

Virtual memory encryption

Discussion 0
Questions 31

A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed.

Which of the following will allow the inspection of the data without multiple certificate deployments?

Options:

A.  

Include all available cipher suites.

B.  

Create a wildcard certificate.

C.  

Use a third-party CA.

D.  

Implement certificate pinning.

Discussion 0
Questions 32

A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:

Unauthorized insertions into application development environments

Authorized insiders making unauthorized changes to environment configurations

Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

Options:

A.  

Perform static code analysis of committed code and generate summary reports.

B.  

Implement an XML gateway and monitor for policy violations.

C.  

Monitor dependency management tools and report on susceptible third-party libraries.

D.  

Install an IDS on the development subnet and passively monitor for vulnerable services.

E.  

Model user behavior and monitor for deviations from normal.

F.  

Continuously monitor code commits to repositories and generate summary logs.

Discussion 0
Questions 33

A company’s SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign.

Which of the following should the company use to make this determination?

Options:

A.  

Threat hunting

B.  

A system penetration test

C.  

Log analysis within the SIEM tool

D.  

The Cyber Kill Chain

Discussion 0
Questions 34

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.

Which of the following is the BEST solution?

Options:

A.  

Deploy an RA on each branch office.

B.  

Use Delta CRLs at the branches.

C.  

Configure clients to use OCSP.

D.  

Send the new CRLs by using GPO.

Discussion 0
Questions 35

A customer reports being unable to connect to a website at www.test.com to consume services. The customer notices the web application has the following published cipher suite:

Which of the following is the MOST likely cause of the customer’s inability to connect?

Options:

A.  

Weak ciphers are being used.

B.  

The public key should be using ECDSA.

C.  

The default should be on port 80.

D.  

The server name should be test.com.

Discussion 0
Questions 36

A threat hunting team receives a report about possible APT activity in the network.

Which of the following threat management frameworks should the team implement?

Options:

A.  

NIST SP 800-53

B.  

MITRE ATT&CK

C.  

The Cyber Kill Chain

D.  

The Diamond Model of Intrusion Analysis

Discussion 0
Questions 37

A security engineer is assessing the security controls of loT systems that are no longer supported for updates and patching. Which of the following is the best mitigation for defending these loT systems?

Options:

A.  

Disable administrator accounts

B.  

Enable SELinux

C.  

Enforce network segmentation

D.  

Assign static IP addresses

Discussion 0
Questions 38

Which of the following describes how a risk assessment is performed when an organization has a critical vendor that provides multiple products?

Options:

A.  

At the individual product level

B.  

Through the selection of a random product

C.  

Using a third-party audit report

D.  

By choosing a major product

Discussion 0
Questions 39

During a review of events, a security analyst notes that several log entries from the FIM system identify changes to firewall rule sets. While coordinating a response to the FIM entries, the analyst receives alerts from the DLP system that indicate an employee is sending sensitive data to an external email address. Which of the following would be the most relevant to review in order to gain a better understanding of whether these events are associated with an attack?

Options:

A.  

Configuration management tool

B.  

Intrusion prevention system

C.  

Mobile device management platform

D.  

Firewall access control list

E.  

NetFlow logs

Discussion 0
Questions 40

A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.

The technician will define this threat as:

Options:

A.  

a decrypting RSA using obsolete and weakened encryption attack.

B.  

a zero-day attack.

C.  

an advanced persistent threat.

D.  

an on-path attack.

Discussion 0
Questions 41

Options:

A.  

Triple DES

B.  

AES-GCM

C.  

RSA

D.  

TLS

E.  

RIPEMD

Discussion 0
Questions 42

The information security manager at a 24-hour manufacturing facility is reviewing a contract for potential risks to the organization. The contract pertains to the support of printers and multifunction devices during non-standard business hours. Which of the following will the security manager most likely identify as a risk?

Options:

A.  

Print configurations settings for locked print jobs

B.  

The lack of an NDA with the company that supports its devices

C.  

The lack of an MSA to govern other services provided by the service provider

D.  

The lack of chain of custody for devices prior to deployment at the company

Discussion 0
Questions 43

A security administrator has been provided with three separate certificates and is trying to organize them into a single chain of trust to deploy on a website. Given the following certificate properties:

Which of the following are true about the PKI hierarchy? (Select two).

Options:

A.  

www.budgetcert.com.is the top-level C

A.  

B.  

www.budgetcert.com. is an intermediate CA.

C.  

SuperTrust RSA 2018 is the top-level CA.

D.  

SuperTrust RSA 2018 is an intermediate CA.

E.  

BudgetCert is the top-level CA

F.  

BudgetCert is an intermediate CA.

Discussion 0
Questions 44

An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?

Options:

A.  

Use over-the-air updates to replace the private key

B.  

Manufacture a new loT device with a redesigned SoC

C.  

Replace the public portion of the loT key on its servers

D.  

Release a patch for the SoC software

Discussion 0
Questions 45

Options:

A.  

It provides origin assurance.

B.  

It verifies integrity.

C.  

It provides increased confidentiality.

D.  

It integrates with DRMs.

E.  

It verifies the recipient’s identity.

F.  

It ensures the code is free of malware.

Discussion 0
Questions 46

A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?

Options:

A.  

Create a rule lo authorize personnel only from certain IPs to access the files

B.  

Assign labels to the files and require formal access authorization

C.  

Assign attributes to each file and allow authorized users to share the files

D.  

Assign roles to users and authorize access to files based on the roles

Discussion 0
Questions 47

Options:

A.  

UEBA

B.  

HSM

C.  

HIPS

D.  

XDR

E.  

OPSEC training

Discussion 0
Questions 48

A security engineer is concerned about the threat of side-channel attacks The company experienced a past attack that degraded parts of a SCADA system, causing a fluctuation to 20,000rpm from its normal operating range As a result, the part deteriorated more quickly than the mean time to failure A further investigation revealed the attacker was able to determine the acceptable rpm range, and the malware would then fluctuate the rpm until the pan failed Which of the following solutions would be best to prevent a side-channel attack in the future?

Options:

A.  

Installing online hardware sensors

B.  

Air gapping important ICS and machines

C.  

Implementing a HIDS

D.  

Installing a SIEM agent on the endpoint

Discussion 0
Questions 49

A security administrator at a global organization wants to update password complexity rules for a system containing personally identifiable information. Which of the following would be the best resource for this information?

Options:

A.  

NIST

B.  

GDPR

C.  

CMMI

D.  

COPPA

Discussion 0
Questions 50

A user in the finance department uses a laptop to store a spreadsheet that contains confidential financial information for the company. Which of the following would be the best way to protect the file while the user brings the laptop between locations? (Select two).

Options:

A.  

Encrypt the hard drive with full disk encryption.

B.  

Back up the file to an encrypted flash drive.

C.  

Place an ACL on the file to only allow access to specified users.

D.  

Store the file in the user profile.

E.  

Place an ACL on the file to deny access to everyone.

F.  

Enable access logging on the file.

Discussion 0
Questions 51

in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?

Options:

A.  

Risk transfer

B.  

Risk mitigation

C.  

Risk acceptance

D.  

Risk avoidance

Discussion 0
Questions 52

A Chief Security Officer (CSO) is concerned about the number of successful ransomware attacks that have hit the company. The data Indicates most of the attacks came through a fake email. The company has added training, and the CSO now wants to evaluate whether the training has been successful. Which of the following should the CSO implement?

Options:

A.  

Simulating a spam campaign

B.  

Conducting a sanctioned vishing attack

C.  

Performing a risk assessment

D.  

Executing a penetration test

Discussion 0
Questions 53

A software developer must choose encryption algorithms to secure two parts of a mobile application. Given the following part descriptions and requirements:

•The first part of the application is used to transfer large files and must support file parts with transfer start/stop/resume. This part requires strong file encryption.

•The second part of the application uses a bit stream to continuously authenticate both ends of the connection. This part must implement confidentiality for the stream.

Which of the following encryption algorithms should the developer implement in the code to support both parts of the application? (Select two).

Options:

A.  

P384

B.  

ECDSA

C.  

RC5

D.  

ChaCha20

E.  

bcrypt

F.  

RIPEMD

Discussion 0
Questions 54

A user forwarded a suspicious email to a security analyst for review. The analyst examined the email and found that neither the URL nor the attachment showed any indication of malicious activities. Which of the following intelligence collection methods should the analyst use to confirm the legitimacy of the email?

Options:

A.  

HUMINT

B.  

UEBA

C.  

OSINT

D.  

RACE

Discussion 0
Questions 55

A technology company developed an in-house chat application that is used only by developers. An open-source library within the application has been deprecated. The facts below are provided:

The cost of replacing this system is nominal.

The system provides no revenue to the business.

The system is not a critical part of the business.

Which of the following is the best risk mitigation strategy?

Options:

A.  

Transfer the risk, since developers prefer using this chat application over alternatives.

B.  

Accept the risk, since any system disruption will only impact developers.

C.  

Avoid the risk by shutting down this application and migrating to another chat platform.

D.  

Mitigate the risk by purchasing an EDR and configuring network ACLs.

Discussion 0
Questions 56

Options:

A.  

Implement static analysis with blocking capabilities in the CI/CD system.

B.  

Request resources to develop a secure library to address encoding issues.

C.  

Leverage an API management system to filter information.

D.  

Configure a DAST tool for all applications.

E.  

Require all developers to take secure coding training that focuses on OWASP principles.

Discussion 0
Questions 57

A company wants to prevent a partner company from denying agreement to a transaction. Which of the following is the best solution for the company?

Options:

A.  

Federation

B.  

Key escrow

C.  

Salting hashes

D.  

Digital signatures

Discussion 0
Questions 58

A systems engineer needs to develop a solution that uses digital certificates to allow authentication to laptops. Which of the following authenticator types would be most appropriate for the engineer to include in the design?

Options:

A.  

TOTP token

B.  

Device certificate

C.  

Smart card

D.  

Biometric

Discussion 0
Questions 59

A financial institution generates a list of newly created accounts and sensitive information on a daily basis. The financial institution then sends out a file containing thousands of lines of data. Which of the following would be the best way to reduce the risk of a malicious insider making changes to the file that could go undetected?

Options:

A.  

Write a SIEM rule that generates a critical alert when files are created on the application server.

B.  

Implement a FIM that automatically generates alerts when the file is accessed by IP addresses that are not associated with the application.

C.  

Create a script that compares the size of the file on an hourly basis and generates alerts when changes are identified.

D.  

Tune the rules on the host-based IDS for the application server to trigger automated alerts when the application server is accessed from the internet.

Discussion 0
Questions 60

A user logged in to a web application. Later, a SOC analyst noticed the user logged in to systems after normal business hours. The end user confirms the log-ins after hours were unauthorized. Following an investigation, the SOC analyst determined that the web server was running an outdated version of OpenSSL. No other suspicious user log-ins were found. Which of the following describes what happened and how to fix it?

Options:

A.  

A downgrade attack occurred. Any use of old, outdated software should be disallowed.

B.  

The attacker obtained the systems' private keys. New key pairs must be generated.

C.  

Malware is present on the client machine. A full OS needs to be reinstalled.

D.  

The user fell for a phishing attack. The end user must attend security training.

Discussion 0
Questions 61

A software development company needs to mitigate third-party risks to its software supply chain. Which of the following techniques should the company use in the development environment to best meet this objective?

Options:

A.  

Performing software composition analysis

B.  

Requiring multifactor authentication

C.  

Establishing coding standards and monitoring for compliance

D.  

Implementing a robust unit and regression-testing scheme

Discussion 0
Questions 62

The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the ICS network. A controller was restarted as part of the troubleshooting process, and the following issue was identified when the controller was restarted:

During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum. Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique?

Options:

A.  

Evasion

B.  

Persistence

C.  

Collection

D.  

Lateral movement

Discussion 0
Questions 63

A senior security analyst is helping the development team improve the security of an application that is being developed. The developers use third-party libraries and applications. The software in development used old, third-party packages that were not replaced before market distribution. Which of the following should be implemented into the SDLC to resolve the issue?

Options:

A.  

Software composition analysis

B.  

A SCAP scanner

C.  

ASAST

D.  

A DAST

Discussion 0
Questions 64

Application owners are reporting performance issues with traffic using port 1433 from the cloud environment. A security administrator has various pcap files to analyze the data between the related source and destination servers. Which of the following tools should be used to help troubleshoot the issue?

Options:

A.  

Fuzz testing

B.  

Wireless vulnerability scan

C.  

Exploit framework

D.  

Password cracker

E.  

Protocol analyzer

Discussion 0
Questions 65

A security administrator needs to recommend an encryption protocol after a legacy stream cipher was deprecated when a security flaw was discovered. The legacy cipher excelled at maintaining strong cryptographic security and provided great performance for a streaming video service. Which of the following AES modes should the security administrator recommend given these requirements?

Options:

A.  

CTR

B.  

ECB

C.  

OF8

D.  

GCM

Discussion 0
Questions 66

A security administrator is trying to securely provide public access to specific data from a web application. Clients who want to access the application will be required to:

• Only allow the POST and GET options.

• Transmit all data secured with TLS 1.2 or greater.

• Use specific URLs to access each type of data that is requested.

• Authenticate with a bearer token.

Which of the following should the security administrator recommend to meet these requirements?

Options:

A.  

API gateway

B.  

Application load balancer

C.  

Web application firewall

D.  

Reverse proxy

Discussion 0
Questions 67

An organization developed a containerized application. The organization wants to run the application in the cloud and automatically scale it based on demand. The security operations team would like to use container orchestration but does not want to assume patching responsibilities. Which of the following service models best meets these requirements?

Options:

A.  

PaaS

B.  

SaaS

C.  

laaS

D.  

MaaS

Discussion 0
Questions 68

A company would like to move its payment card data to a cloud provider. Which of the following solutions will best protect account numbers from unauthorized disclosure?

Options:

A.  

Storing the data in an encoded file

B.  

Implementing database encryption at rest

C.  

Only storing tokenized card data

D.  

Implementing data field masking

Discussion 0
Questions 69

A security analyst has been provided the following partial Snort IDS rule to review and add into the company's Snort IDS to identify a CVE:

Which of the following should the analyst recommend to mitigate this type of vulnerability?

Options:

A.  

IPSec rules

B.  

OS patching

C.  

Two-factor authentication

D.  

TCP wrappers

Discussion 0
Questions 70

PKI can be used to support security requirements in the change management process. Which of the following capabilities does PKI provide for messages?

Options:

A.  

Non-repudiation

B.  

Confidentiality

C.  

Delivery receipts

D.  

Attestation

Discussion 0
Questions 71

A web service provider has just taken on a very large contract that comes with requirements that are currently not being implemented in order to meet contractual requirements, the company must achieve the following thresholds

• 99 99% uptime

• Load time in 3 seconds

• Response time = <1 0 seconds

Starting with the computing environment, which of the following should a security engineer recommend to BEST meet the requirements? (Select THREE)

Options:

A.  

Installing a firewall at corporate headquarters

B.  

Deploying a content delivery network

C.  

Implementing server clusters

D.  

Employing bare-metal loading of applications

E.  

Lowering storage input/output

F.  

Implementing RAID on the backup servers

G.  

Utilizing redundant power for all developer workstations

Discussion 0
Questions 72

Options:

A.  

Privacy concerns

B.  

Vendor viability

C.  

Regulatory compliance

D.  

Geographic location

Discussion 0
Questions 73

A security manager has written an incident response playbook for insider attacks and is ready to begin testing it. Which of the following should the manager conduct to test the playbook?

Options:

A.  

Automated vulnerability scanning

B.  

Centralized logging, data analytics, and visualization

C.  

Threat hunting

D.  

Threat emulation

Discussion 0
Questions 74

A hospitality company experienced a data breach that included customer Pll. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service. Which of the following is the BEST solution to help prevent this type of attack in the future?

Options:

A.  

NGFW for web traffic inspection and activity monitoring

B.  

CSPM for application configuration control

C.  

Targeted employee training and awareness exercises

D.  

CASB for OAuth application permission control

Discussion 0
Questions 75

Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?

Options:

A.  

E-discovery

B.  

Review analysis

C.  

Information governance

D.  

Chain of custody

Discussion 0
Questions 76

The Chief Information Security Officer is concerned about the possibility of employees downloading ‘malicious files from the internet and ‘opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk?

Options:

A.  

Integrate the web proxy with threat intelligence feeds.

B.  

Scan all downloads using an antivirus engine on the web proxy.

C.  

Block known malware sites on the web proxy.

D.  

Execute the files in the sandbox on the web proxy.

Discussion 0
Questions 77

A security analyst is reviewing a new IOC in which data is injected into an online process. The IOC shows the data injection could happen in the following ways:

• Five numerical digits followed by a dash, followed by four numerical digits; or

• Five numerical digits

When one of these IOCs is identified, the online process stops working. Which of the following regular expressions should be implemented in the NIPS?

Options:

A.  

^\d{4}(-\d{5})?$

B.  

^\d{5}(-\d{4})?$

C.  

^\d{5-4}$

D.  

^\d{9}$

Discussion 0
Questions 78

A security analyst has been tasked with assessing a new API The analyst needs to be able to test for a variety of different inputs, both malicious and benign, in order to close any vulnerabilities Which of the following should the analyst use to achieve this goal?

Options:

A.  

Static analysis

B.  

Input validation

C.  

Fuzz testing

D.  

Post-exploitation

Discussion 0
Questions 79

To bring digital evidence in a court of law the evidence must be:

Options:

A.  

material

B.  

tangible

C.  

consistent

D.  

conserved

Discussion 0
Questions 80

The Chief Information Security Officer (CISO) asked a security manager to set up a system that sends an alert whenever a mobile device enters a sensitive area of the company's data center. The CISO would also like to be able to alert the individual who is entering the area that the access was logged and monitored. Which of the following would meet these requirements?

Options:

A.  

Near-field communication

B.  

Short Message Service

C.  

Geofencing

D.  

Bluetooth

Discussion 0
Questions 81

A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability. Which of the following would BEST resolve and mitigate the issue? (Select TWO).

Options:

A.  

Deploying a WAF signature

B.  

Fixing the PHP code

C.  

Changing the web server from HTTPS to HTTP

D.  

UsingSSLv3

E.  

Changing the code from PHP to ColdFusion

F.  

Updating the OpenSSL library

Discussion 0
Questions 82

A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites. Which of the following would BEST support multiple domain names while minimizing the amount of certificates needed?

Options:

A.  

ocsp

B.  

CRL

C.  

SAN

D.  

CA

Discussion 0
Questions 83

A security consultant is designing an infrastructure security solution for a client company that has provided the following requirements:

• Access to critical web services at the edge must be redundant and highly available.

• Secure access services must be resilient to a proprietary zero-day vulnerability in a single component.

• Automated transition of secure access solutions must be able to be triggered by defined events or manually by security operations staff.

Which of the following solutions BEST meets these requirements?

Options:

A.  

Implementation of multiple IPSec VPN solutions with diverse endpoint configurations enabling user optionality in the selection of a remote access provider

B.  

Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks.

C.  

Two separate secure access solutions orchestrated by SOAR with components provided by the same vendor for compatibility.

D.  

Reverse TLS proxy configuration using OpenVPN/OpenSSL with scripted failover functionality that connects critical web services out to endpoint computers.

Discussion 0
Questions 84

A security engineer needs to ensure production containers are automatically scanned for vulnerabilities before they are accepted into the production environment. Which of the following should the engineer use to automatically incorporate vulnerability scanning on every commit?

Options:

A.  

Code repository

B.  

CI/CD pipeline

C.  

Integrated development environment

D.  

Container orchestrator

Discussion 0
Questions 85

An organization has deployed a cloud-based application that provides virtual event services globally to clients. During a typical event, thousands of users access various entry pages within a short period of time. The entry pages include sponsor-related content that is relatively static and is pulled from a database. When the first major event occurs, users report poor response time on the entry pages. Which of the following features is the most appropriate for the company to implement?

Options:

A.  

Horizontal scalability

B.  

Vertical scalability

C.  

Containerization

D.  

Static code analysis

E.  

Caching

Discussion 0
Questions 86

An organization is rolling out a robust vulnerability management system to monitor SCADA devices on the network. Which of the following scan types should be used to monitor these system types?

Options:

A.  

Web application

B.  

Agent

C.  

Passive

D.  

Authenticated

Discussion 0
Questions 87

A software developer has been tasked with creating a unique threat detection mechanism that is based on machine learning. The information system for which the tool is being developed is on a rapid CI/CD pipeline, and the tool developer is considered a supplier to the process. Which of the following presents the most risk to the development life cycle and lo the ability to deliver the security tool on time?

Options:

A.  

Deep learning language barriers

B.  

Big Data processing required for maturity

C.  

Secure, multiparty computation requirements

D.  

Computing capabilities available to the developer

Discussion 0
Questions 88

Which of the following is required for an organization to meet the ISO 27018 standard?

Options:

A.  

All Pll must be encrypted.

B.  

All network traffic must be inspected.

C.  

GDPR equivalent standards must be met

D.  

COBIT equivalent standards must be met

Discussion 0
Questions 89

A security administrator wants to enable a feature that would prevent a compromised encryption key from being used to decrypt all the VPN traffic. Which of the following should the security administrator use?

Options:

A.  

Salsa20 cipher

B.  

TLS-based VPN

C.  

PKI-based IKE IPSec negotiation

D.  

Perfect forward secrecy

Discussion 0
Questions 90

Two companies that recently merged would like to unify application access between the companies, without initially merging internal authentication stores. Which of the following technical strategies would best meet this objective?

Options:

A.  

Federation

B.  

RADIUS

C.  

TACACS+

D.  

MFA

E.  

ABAC

Discussion 0
Questions 91

Which of the following testing plans is used to discuss disaster recovery scenarios with representatives from multiple departments within an incident response team but without taking any invasive actions?

Options:

A.  

Disaster recovery checklist

B.  

Tabletop exercise

C.  

Full interruption test

D.  

Parallel test

Discussion 0
Questions 92

In order to authenticate employees who, call in remotely, a company's help desk staff must be able to view partial Information about employees because the full information may be considered sensitive. Which of the following solutions should be implemented to authenticate employees?

Options:

A.  

Data scrubbing

B.  

Field masking

C.  

Encryption in transit

D.  

Metadata

Discussion 0
Questions 93

A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor-effective way possible. Which of the following will the developer MOST likely implement?

Options:

A.  

Certificate chain

B.  

Root CA

C.  

Certificate pinning

D.  

CRL

E.  

OCSP

Discussion 0
Questions 94

An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:

mbedTLS: ca certificate undefined

Which of the following is the root cause of this issue?

Options:

A.  

iOS devices have an empty root certificate chain by default.

B.  

OpenSSL is not configured to support PKCS#12 certificate files.

C.  

The VPN client configuration is missing the CA private key.

D.  

The iOS keychain imported only the client public and private keys.

Discussion 0
Questions 95

A systems administrator was given the following IOC to detect the presence of a malicious piece of software communicating with its command-and-control server:

post /malicious. php

User-Agent: Malicious Tool V 1.0

Host: www.rcalicious.com

The IOC documentation suggests the URL is the only part that could change. Which of the following regular expressions would allow the systems administrator to determine if any of the company hosts are compromised, while reducing false positives?

Options:

A.  

User-Agent: Malicious Tool. *

B.  

www\. malicious\. com\/malicious. php

C.  

POST /malicious\. php

D.  

Hose: [a-2] *\.malicious\.com

E.  

malicious. *

Discussion 0
Questions 96

An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform?

Options:

A.  

Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.

B.  

Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.

C.  

Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.

D.  

Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.

Discussion 0
Questions 97

A security solution uses a sandbox environment to execute zero-day software and collect indicators of compromise. Which of the following should the organization do to BEST take advantage of this solution?

Options:

A.  

Develop an Nmap plug-in to detect the indicator of compromise.

B.  

Update the organization's group policy.

C.  

Include the signature in the vulnerability scanning tool.

D.  

Deliver an updated threat signature throughout the EDR system

Discussion 0
Questions 98

A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?

Options:

A.  

The SD-WAN provider would not be able to handle the organization's bandwidth requirements.

B.  

The operating costs of the MPLS network are too high for the organization.

C.  

The SD-WAN provider uses a third party for support.

D.  

Internal IT staff will not be able to properly support remote offices after the migration.

Discussion 0
Questions 99

A company wants to refactor a monolithic application to take advantage of cloud native services and service microsegmentation to secure sensitive application components. Which of the following should the company implement to ensure the architecture is portable?

Options:

A.  

Virtualized emulators

B.  

Type 2 hypervisors

C.  

Orchestration

D.  

Containerization

Discussion 0
Questions 100

Which of the following should be established when configuring a mobile device to protect user internet privacy, to ensure the connection is encrypted, and to keep user activity hidden? (Select TWO).

Options:

A.  

proxy

B.  

Tunneling

C.  

VDI

D.  

MDM

E.  

RDP

F.  

MAC address randomization

Discussion 0
Questions 101

Which of the following is a risk associated with SDN?

Options:

A.  

Expanded attack surface

B.  

Increased hardware management costs

C.  

Reduced visibility of scaling capabilities

D.  

New firmware vulnerabilities

Discussion 0
Questions 102

An organization established an agreement with a partner company for specialized help desk services. A senior security officer within the organization Is tasked with providing documentation required to set up a dedicated VPN between the two entities. Which of the following should be required?

Options:

A.  

SLA

B.  

ISA

C.  

NDA

D.  

MOU

Discussion 0
Questions 103

An investigator is attempting to determine if recent data breaches may be due to issues with a company's web server that offers news subscription services. The investigator has gathered the following

data:

• Clients successfully establish TLS connections to web services provided by the server.

• After establishing the connections, most client connections are renegotiated

• The renegotiated sessions use cipher suite SHR.

Which of the following is the MOST likely root cause?

Options:

A.  

The clients disallow the use of modern cipher suites

B.  

The web server is misconfigured to support HTTP/1.1.

C.  

A ransomware payload dropper has been installed

D.  

An entity is performing downgrade attacks on path

Discussion 0
Questions 104

A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?

Options:

A.  

MD5-based envelope method

B.  

HMAC SHA256

C.  

PBKDF2

D.  

PGP

Discussion 0
Questions 105

An organization is moving its intellectual property data from on premises to a CSP and wants to secure the data from theft. Which of the following can be used to mitigate this risk?

Options:

A.  

An additional layer of encryption

B.  

A third-party data integrity monitoring solution

C.  

A complete backup that is created before moving the data

D.  

Additional application firewall rules specific to the migration

Discussion 0
Questions 106

A security engineer has been informed by the firewall team that a specific Windows workstation is part of a command-and-control network. The only information the security engineer is receiving is that

the traffic is occurring on a non-standard port (TCP 40322). Which of the following commands should the security engineer use FIRST to find the malicious process?

Options:

A.  

tcpdump

B.  

netstar

C.  

tasklist

D.  

traceroute

E.  

ipconfig

Discussion 0
Questions 107

An organization is in frequent litigation and has a large number of legal holds. Which of the following types of functionality should the organization's new email system provide?

Options:

A.  

DLP

B.  

Encryption

C.  

E-discovery

D.  

Privacy-level agreements

Discussion 0
Questions 108

A security engineer needs to review the configurations of several devices on the network to meet the following requirements:

• The PostgreSQL server must only allow connectivity in the 10.1.2.0/24

subnet.

• The SSH daemon on the database server must be configured to listen

to port 4022.

• The SSH daemon must only accept connections from a Single

workstation.

• All host-based firewalls must be disabled on all workstations.

• All devices must have the latest updates from within the past eight

days.

• All HDDs must be configured to secure data at rest.

• Cleartext services are not allowed.

• All devices must be hardened when possible.

Instructions:

Click on the various workstations and network devices to review the posture assessment results. Remediate any possible issues or indicate that no issue is found.

Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the pOSTGREsql DATABASE VIA ssh

WAP A

PC A

Laptop A

Switch A

Switch B:

Laptop B

PC B

PC C

Server A

Options:

Discussion 0
Questions 109

In a cloud environment, the provider offers relief to an organization's teams by sharing in many of the operational duties. In a shared responsibility model, which of the following responsibilities belongs to the provider in a Paas implementation?

Options:

A.  

Application-specific data assets

B.  

Application user access management

C.  

Application-specific logic and code

D.  

Application/platform software

Discussion 0
Questions 110

Which of the following objectives BEST supports leveraging tabletop exercises in business continuity planning?

Options:

A.  

Determine the optimal placement of hot/warm sites within the enterprise architecture.

B.  

Create new processes for identified gaps in continuity planning.

C.  

Establish new staff roles and responsibilities for continuity of operations.

D.  

Assess the effectiveness of documented processes against a realistic scenario.

Discussion 0
Questions 111

A local university that has a global footprint is undertaking a complete overhaul of its website and associated systems. Some of the requirements are:

• Handle an increase in customer demand of resources

• Provide quick and easy access to information

• Provide high-quality streaming media

• Create a user-friendly interface

Which of the following actions should be taken FIRST?

Options:

A.  

Deploy high-availability web servers.

B.  

Enhance network access controls.

C.  

Implement a content delivery network.

D.  

Migrate to a virtualized environment.

Discussion 0
Questions 112

The Chief Security Officer (CSO) requested the security team implement technical controls that meet the following requirements:

* Monitors traffic to and from both local NAS and cloud-based file repositories

* Prevents on-site staff who are accessing sensitive customer Pll documents on file repositories from accidentally or deliberately sharing sensitive documents on personal Saa$S solutions

* Uses document attributes to reduce false positives

* Is agentless and not installed on staff desktops or laptops

Which of the following when installed and configured would BEST meet the CSO's requirements? (Select TWO).

Options:

A.  

DLP

B.  

NGFW

C.  

UTM

D.  

UEBA

E.  

CASB

F.  

HIPS

Discussion 0
Questions 113

The CI/CD pipeline requires code to have close to zero defects and zero vulnerabilities. The current process for any code releases into production uses two-week Agile sprints. Which of the following would BEST meet the requirement?

Options:

A.  

An open-source automation server

B.  

A static code analyzer

C.  

Trusted open-source libraries

D.  

A single code repository for all developers

Discussion 0
Questions 114

Which of the following BEST describes a common use case for homomorphic encryption ?

Options:

A.  

Processing data on a server after decrypting in order to prevent unauthorized access in transit

B.  

Maintaining the confidentiality of data both at rest and in transit to and from a CSP for processing

C.  

Transmitting confidential data to a CSP for processing on a large number of resources without revealing information

D.  

Storing proprietary data across multiple nodes in a private cloud to prevent access by unauthenticated users

Discussion 0
Questions 115

A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert.

Based on this information, the security analyst acknowledges this alert Which of the following event classifications is MOST likely the reason for this action?

Options:

A.  

True negative

B.  

False negative

C.  

False positive

D.  

Non-automated response

Discussion 0
Questions 116

A security analyst runs a vulnerability scan on a network administrator's workstation The network administrator has direct administrative access to the company's SSO web portal The vulnerability scan uncovers cntical vulnerabilities with equally high CVSS scores for the user's browser, OS, email client and an offline password manager Which of the following should the security analyst patch FIRST?

Options:

A.  

Email client

B.  

Password manager

C.  

Browser

D.  

OS

Discussion 0
Questions 117

A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are:

* www.mycompany.org

* www.mycompany.com

* campus.mycompany.com

* wiki. mycompany.org

The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the BEST solution?

Options:

A.  

Purchase one SAN certificate.

B.  

Implement self-signed certificates.

C.  

Purchase one certificate for each website.

D.  

Purchase one wildcard certificate.

Discussion 0
Questions 118

A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce. The security architect's key objectives are to:

• Maintain customer trust

• Minimize data leakage

• Ensure non-repudiation

Which of the following would be the BEST set of recommendations from the security architect?

Options:

A.  

Enable the user authentication requirement, enable end-to-end encryption, and enable waiting rooms.

B.  

Disable file exchange, enable watermarking, and enable the user authentication requirement.

C.  

Enable end-to-end encryption, disable video recording, and disable file exchange.

D.  

Enable watermarking, enable the user authentication requirement, and disable video recording.

Discussion 0
Questions 119

A software company is developing an application in which data must be encrypted with a cipher that requires the following:

* Initialization vector

* Low latency

* Suitable for streaming

Which of the following ciphers should the company use?

Options:

A.  

Cipher feedback

B.  

Cipher block chaining message authentication code

C.  

Cipher block chaining

D.  

Electronic codebook

Discussion 0
Questions 120

An administrator at a software development company would like to protect the integrity of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the

signature failing?

Options:

A.  

The NTP server is set incorrectly for the developers

B.  

The CA has included the certificate in its CRL.

C.  

The certificate is set for the wrong key usage.

D.  

Each application is missing a SAN or wildcard entry on the certificate

Discussion 0
Questions 121

An IPSec solution is being deployed. The configuration files for both the VPN

concentrator and the AAA server are shown in the diagram.

Complete the configuration files to meet the following requirements:

• The EAP method must use mutual certificate-based authentication (With

issued client certificates).

• The IKEv2 Cipher suite must be configured to the MOST secure

authenticated mode of operation,

• The secret must contain at least one uppercase character, one lowercase

character, one numeric character, and one special character, and it must

meet a minimum length requirement of eight characters,

INSTRUCTIONS

Click on the AAA server and VPN concentrator to complete the configuration.

Fill in the appropriate fields and make selections from the drop-down menus.

VPN Concentrator:

AAA Server:

Options:

Discussion 0
Questions 122

A security architect recommends replacing the company’s monolithic software application with a containerized solution. Historically, secrets have been stored in the application's configuration files. Which of the following changes should the security architect make in the new system?

Options:

A.  

Use a secrets management tool.

B.  

‘Save secrets in key escrow.

C.  

Store the secrets inside the Dockerfiles.

D.  

Run all Dockerfles in a randomized namespace.

Discussion 0
Questions 123

A CSP, which wants to compete in the market, has been approaching companies in an attempt to gain business. The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following would be the MOST significant business risk to a company that signs a contract with this CSP?

Options:

A.  

Resource exhaustion

B.  

Geographic location

C.  

Control plane breach

D.  

Vendor lock-in

Discussion 0
Questions 124

A company provides guest WiFi access to the internet and physically separates the guest network from the company’s internal WIFI. Due to a recent incident in which an attacker gained access to the compay’s intend WIFI, the company plans to configure WPA2 Enterprise in an EAP- TLS configuration. Which of the following must be installed on authorized hosts for this new configuration to work properly?

Options:

A.  

Active Directory OPOs

B.  

PKI certificates

C.  

Host-based firewall

D.  

NAC persistent agent

Discussion 0
Questions 125

In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:

Options:

A.  

cloud-native applications.

B.  

containerization.

C.  

serverless configurations.

D.  

software-defined netWorking.

E.  

secure access service edge.

Discussion 0
Questions 126

As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.

Which of the following BEST describes this kind of risk response?

Options:

A.  

Risk rejection

B.  

Risk mitigation

C.  

Risk transference

D.  

Risk avoidance

Discussion 0
Questions 127

A security architect was asked to modify an existing internal network design to accommodate the following requirements for RDP:

• Enforce MFA for RDP

• Ensure RDP connections are only allowed with secure ciphers.

The existing network is extremely complex and not well segmented. Because of these limitations, the company has requested that the connections not be restricted by network-level firewalls Of ACLs.

Which of the following should the security architect recommend to meet these requirements?

Options:

A.  

Implement a reverse proxy for remote desktop with a secure cipher configuration enforced.

B.  

Implement a bastion host with a secure cipher configuration enforced.

C.  

Implement a remote desktop gateway server, enforce secure ciphers, and configure to use OTP

D.  

Implement a GPO that enforces TLS cipher suites and limits remote desktop access to only VPN users.

Discussion 0
Questions 128

A vulnerability assessment endpoint generated a report of the latest findings. A security analyst needs to review the report and create a priority list of items that must be addressed. Which of the following should the analyst use to create the list quickly?

Options:

A.  

Business impact rating

B.  

CVE dates

C.  

CVSS scores

D.  

OVAL

Discussion 0
Questions 129

A company’s employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling . Which of the following is the MOST likely explanation? (Select TWO.)

Options:

A.  

Outdated escalation attack

B.  

Privilege escalation attack

C.  

VPN on the mobile device

D.  

Unrestricted email administrator accounts

E.  

Chief use of UDP protocols

F.  

Disabled GPS on mobile devices

Discussion 0
Questions 130

A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM an downloaded the image to a secured USB drive to share with the government. Which of the following should be taken into consideration during the process of releasing the drive to the government?

Options:

A.  

Encryption in transit

B.  

Legal issues

C.  

Chain of custody

D.  

Order of volatility

E.  

Key exchange

Discussion 0
Questions 131

A company is looking for a solution to hide data stored in databases. The solution must meet the following requirements:

    Be efficient at protecting the production environment

    Not require any change to the application

    Act at the presentation layer

Which of the following techniques should be used?

Options:

A.  

Masking

B.  

Tokenization

C.  

Algorithmic

D.  

Random substitution

Discussion 0
Questions 132

An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them. Which of the following is the BEST design option to optimize security?

Options:

A.  

Limit access to the system using a jump box.

B.  

Place the new system and legacy system on separate VLANs

C.  

Deploy the legacy application on an air-gapped system.

D.  

Implement MFA to access the legacy system.

Discussion 0
Questions 133

An organization recently recovered from an attack that featured an adversary injecting Malicious logic into OS bootloaders on endpoint devices Therefore, the organization decided to require the use of TPM for measured boot and attestation, monitoring each component from the IJEFI through the full loading of OS components. of the following TPM structures enables this storage functionality?

Options:

A.  

Endorsement tickets

B.  

Clock/counter structures

C.  

Command tag structures with MAC schemes

D.  

Platform configuration registers

Discussion 0
Questions 134

A company just released a new video card. Due to limited supply and nigh demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's Intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?

Options:

A.  

InherentLow

B.  

Mitigated

C.  

Residual

D.  

Transferred

Discussion 0
Questions 135

The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.

Which of the following testing methods would be BEST for the engineer to utilize in this situation?

Options:

A.  

Software composition analysis

B.  

Code obfuscation

C.  

Static analysis

D.  

Dynamic analysis

Discussion 0
Questions 136

An administrator at a software development company would like to protect the integrity Of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the signature failing?

Options:

A.  

The NTP server is set incorrectly for the developers.

B.  

The CA has included the certificate in its CRL_

C.  

The certificate is set for the wrong key usage.

D.  

Each application is missing a SAN or wildcard entry on the certificate.

Discussion 0
Questions 137

A security architect is tasked with scoping a penetration test that will start next month. The architect wants to define what security controls will be impacted. Which of the following would be the BEST document to consult?

Options:

A.  

Rules of engagement

B.  

Master service agreement

C.  

Statement of work

D.  

Target audience

Discussion 0
Questions 138

Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?

Options:

A.  

Traffic interceptor log analysis

B.  

Log reduction and visualization tools

C.  

Proof of work analysis

D.  

Ledger analysis software

Discussion 0
Questions 139

A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?

Options:

A.  

Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2.

B.  

Take an MD5 hash of the server.

C.  

Delete all PHI from the network until the legal department is consulted.

D.  

Consult the legal department to determine the legal requirements.

Discussion 0
Questions 140

A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?

Options:

A.  

Inherent

B.  

Low

C.  

Mitigated

D.  

Residual.

E.  

Transferred

Discussion 0
Questions 141

A company’s product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company’s reputation in the market.

Which of the following should the company implement to address the risk of system unavailability?

Options:

A.  

User and entity behavior analytics

B.  

Redundant reporting systems

C.  

A self-healing system

D.  

Application controls

Discussion 0
Questions 142

A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?

Options:

A.  

DLP

B.  

Mail gateway

C.  

Data flow enforcement

D.  

UTM

Discussion 0
Questions 143

An organization requires a contractual document that includes

• An overview of what is covered

• Goals and objectives

• Performance metrics for each party

• A review of how the agreement is managed by all parties

Which of the following BEST describes this type of contractual document?

Options:

A.  

SLA

B.  

BAA

C.  

NDA

D.  

ISA

Discussion 0
Questions 144

Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical according to CVSS to be fixed or mitigated. A security analyst notices that many vulnerabilities that were previously scored as medium are now breaching higher thresholds. Upon further investigation, the analyst notices certain ratings are not aligned with the approved system categorization. Which of the following can the analyst do to get a better picture of the risk while adhering to the organization's policy?

Options:

A.  

Align the exploitability metrics to the predetermined system categorization.

B.  

Align the remediation levels to the predetermined system categorization.

C.  

Align the impact subscore requirements to the predetermined system categorization.

D.  

Align the attack vectors to the predetermined system categorization.

Discussion 0
Questions 145

A software company wants to build a platform by integrating with another company's established product. Which of the following provisions would be MOST important to include when drafting an agreement between the two companies?

Options:

A.  

Data sovereignty

B.  

Shared responsibility

C.  

Source code escrow

D.  

Safe harbor considerations

Discussion 0
Questions 146

A Chief Information Security Officer (CISO) is concerned that a company's current data disposal procedures could result in data remanence. The company uses only SSDs. Which of the following would be the MOST secure way to dispose of the SSDs given the CISO's concern?

Options:

A.  

Degaussing

B.  

Overwiting

C.  

Shredding

D.  

Formatting

E.  

Incinerating

Discussion 0
Questions 147

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.

Which of the following should the organization perform NEXT?

Options:

A.  

Assess the residual risk.

B.  

Update the organization’s threat model.

C.  

Move to the next risk in the register.

D.  

Recalculate the magnitude of impact.

Discussion 0
Questions 148

A security analyst observes the following while looking through network traffic in a company's cloud log:

Which of the following steps should the security analyst take FIRST?

Options:

A.  

Quarantine 10.0.5.52 and run a malware scan against the host.

B.  

Access 10.0.5.52 via EDR and identify processes that have network connections.

C.  

Isolate 10.0.50.6 via security groups.

D.  

Investigate web logs on 10.0.50.6 to determine if this is normal traffic.

Discussion 0
Questions 149

A security analyst wants to keep track of alt outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT. which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?

Options:

A.  

X-Forwarded-Proto

B.  

X-Forwarded-For

C.  

Cache-Control

D.  

Strict-Transport-Security

E.  

Content-Security-Policy

Discussion 0
Questions 150

Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.

Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?

Options:

A.  

Compile a list of firewall requests and compare than against interesting cloud services.

B.  

Implement a CASB solution and track cloud service use cases for greater visibility.

C.  

Implement a user-behavior system to associate user events and cloud service creation events.

D.  

Capture all log and feed then to a SIEM and then for cloud service events

Discussion 0
Questions 151

As part of the customer registration process to access a new bank account, customers are required to upload a number of documents, including their passports and driver’s licenses. The process also requires customers to take a current photo of themselves to be compared against provided documentation.

Which of the following BEST describes this process?

Options:

A.  

Deepfake

B.  

Know your customer

C.  

Identity proofing

D.  

Passwordless

Discussion 0
Questions 152

A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form? (Select TWO.)

Options:

A.  

Text editor

B.  

OOXML editor

C.  

Event Viewer

D.  

XML style sheet

E.  

SCAP tool

F.  

Debugging utility

Discussion 0
Questions 153

A company has moved its sensitive workloads lo the cloud and needs to ensure high availability and resiliency of its web-based application. The cloud architecture team was given the following requirements

• The application must run at 70% capacity at all times

• The application must sustain DoS and DDoS attacks.

• Services must recover automatically.

Which of the following should the cloud architecture team implement? (Select THREE).

Options:

A.  

Read-only replicas

B.  

BCP

C.  

Autoscaling

D.  

WAF

E.  

CDN

F.  

Encryption

G.  

Continuous snapshots

Discussion 0
Questions 154

A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.

When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the ОТ network?

Options:

A.  

Packets that are the wrong size or length

B.  

Use of any non-DNP3 communication on a DNP3 port

C.  

Multiple solicited responses over time

D.  

Application of an unsupported encryption algorithm

Discussion 0
Questions 155

A user experiences an HTTPS connection error when trying to access an Internet banking website from a corporate laptop. The user then opens a browser on a mobile phone and is able to access the same Internet banking website without issue. Which of the following security configurations is MOST likely the cause of the error?

Options:

A.  

HSTS

B.  

TLS 1.2

C.  

Certificate pinning

D.  

Client authentication

Discussion 0
Questions 156

A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:

Which of the following meets the budget needs of the business?

Options:

A.  

Filter ABC

B.  

Filter XYZ

C.  

Filter GHI

D.  

Filter TUV

Discussion 0
Questions 157

A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company’s managed database, exposing customer information.

The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?

Options:

A.  

The pharmaceutical company

B.  

The cloud software provider

C.  

The web portal software vendor

D.  

The database software vendor

Discussion 0
Questions 158

A security architect is given the following requirements to secure a rapidly changing enterprise with an increasingly distributed and remote workforce

• Cloud-delivered services

• Full network security stack

• SaaS application security management

• Minimal latency for an optimal user experience

• Integration with the cloud 1AM platform

Which of the following is the BEST solution?

Options:

A.  

Routing and Remote Access Service (RRAS)

B.  

NGFW

C.  

Managed Security Service Provider (MSSP)

D.  

SASE

Discussion 0
Questions 159

A vulnerability scanner detected an obsolete version of an open-source file-sharing application on one of a company’s Linux servers. While the software version is no longer supported by the OSS community, the company’s Linux vendor backported fixes, applied them for all current vulnerabilities, and agrees to support the software in the future.

Based on this agreement, this finding is BEST categorized as a:

Options:

A.  

true positive.

B.  

true negative.

C.  

false positive.

D.  

false negative.

Discussion 0
Questions 160

A recent data breach stemmed from unauthorized access to an employee’s company account with a cloud-based productivity suite. The attacker exploited excessive permissions granted to a third-party OAuth application to collect sensitive information.

Which of the following BEST mitigates inappropriate access and permissions issues?

Options:

A.  

SIEM

B.  

CASB

C.  

WAF

D.  

SOAR

Discussion 0
Questions 161

A developer wants to develop a secure external-facing web application. The developer is looking for an online community that produces tools, methodologies, articles, and documentation in the field of

web-application security Which of the following is the BEST option?

Options:

A.  

ICANN

B.  

PCI DSS

C.  

OWASP

D.  

CSA

E.  

NIST

Discussion 0
Questions 162

A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured:

Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?

A) Personal health information: Inform the human resources department of the breach and review the DLP logs.

В) Account history; Inform the relationship managers of the breach and create new accounts for the affected users.

C) Customer IDs: Inform the customer service department of the breach and work to change the account numbers.

D) PAN: Inform the legal department of the breach and look for this data in dark web monitoring.

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 163

An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items.

Which of the following phases establishes the identification and prioritization of critical systems and functions?

Options:

A.  

Review a recent gap analysis.

B.  

Perform a cost-benefit analysis.

C.  

Conduct a business impact analysis.

D.  

Develop an exposure factor matrix.

Discussion 0
Questions 164

A security analyst is investigating a possible buffer overflow attack. The following output was found on a user’s workstation:

graphic.linux_randomization.prg

Which of the following technologies would mitigate the manipulation of memory segments?

Options:

A.  

NX bit

B.  

ASLR

C.  

DEP

D.  

HSM

Discussion 0
Questions 165

Due to locality and budget constraints, an organization’s satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.

Which of the following would be the BEST option to implement?

Options:

A.  

Distributed connection allocation

B.  

Local caching

C.  

Content delivery network

D.  

SD-WAN vertical heterogeneity

Discussion 0
Questions 166

A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization.

Which of the following actions would BEST resolve the issue? (Choose two.)

Options:

A.  

Conduct input sanitization.

B.  

Deploy a SIEM.

C.  

Use containers.

D.  

Patch the OS

E.  

Deploy a WAF.

F.  

Deploy a reverse proxy

G.  

Deploy an IDS.

Discussion 0
Questions 167

An organization is planning for disaster recovery and continuity of operations.

INSTRUCTIONS

Review the following scenarios and instructions. Match each relevant finding to the affected host.

After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Each finding may be used more than once.

If at any time you would like to bring back the initial state of the simul-ation, please click the Reset All button.

Options:

Discussion 0
Questions 168

An organization wants to perform a scan of all its systems against best practice security configurations.

Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machine-readable checklist format for fill automation? (Choose two.)

Options:

A.  

ARF

B.  

XCCDF

C.  

CPE

D.  

CVE

E.  

CVSS

F.  

OVAL

Discussion 0
Questions 169

A security analyst discovered that the company’s WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:

Which of the following would BEST mitigate this vulnerability?

Options:

A.  

CAPTCHA

B.  

Input validation

C.  

Data encoding

D.  

Network intrusion prevention

Discussion 0