Weekend Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ExamsBrite Dumps

CompTIA Advanced Security Practitioner (CASP+) Exam Question and Answers

CompTIA Advanced Security Practitioner (CASP+) Exam

Last Update Dec 14, 2024
Total Questions : 552

We are offering FREE CAS-004 CompTIA exam questions. All you do is to just go and sign up. Give your details, prepare CAS-004 free exam questions and then go for complete pool of CompTIA Advanced Security Practitioner (CASP+) Exam test questions that will help you more.

CAS-004 pdf

CAS-004 PDF

$36.75  $104.99
CAS-004 Engine

CAS-004 Testing Engine

$43.75  $124.99
CAS-004 PDF + Engine

CAS-004 PDF + Testing Engine

$57.75  $164.99
Questions 1

A senior security analyst is helping the development team improve the security of an application that is being developed. The developers use third-party libraries and applications. The software in development used old, third-party packages that were not replaced before market distribution. Which of the following should be implemented into the SDLC to resolve the issue?

Options:

A.  

Software composition analysis

B.  

A SCAP scanner

C.  

ASAST

D.  

A DAST

Discussion 0
Questions 2

A company is experiencing a large number of attempted network-based attacks against its online store. To determine the best course of action, a security analyst reviews the following logs.

Which of the following should the company do next to mitigate the risk of a compromise from these attacks?

Options:

A.  

Restrict HTTP methods.

B.  

Perform parameterized queries.

C.  

Implement input sanitization.

D.  

Validate content types.

Discussion 0
Questions 3

The IT team suggests the company would save money by using self-signed certificates, but the security team indicates the company must use digitally signed third-party certificates. Which of the following is a valid reason to pursue the security team's recommendation?

Options:

A.  

PKCS #10 is still preferred over PKCS #12.

B.  

Private-key CSR signage prevents on-path interception.

C.  

There is more control in using a local certificate over a third-party certificate.

D.  

There is minimal benefit in using a certificate revocation list.

Discussion 0
Questions 4

In support of disaster recovery objectives, a third party agreed to provide 99.999% uptime. Recently, a hardware failure impacted a firewall without service degradation. Which of the following resiliency concepts was most likely in place?

Options:

A.  

Clustering

B.  

High availability

C.  

Redundancy

D.  

Replication

Discussion 0
Questions 5

A company moved its on-premises services to the cloud. Although a recent audit verified that data throughout the cloud service is properly classified and documented, other systems are unable to act or filter based on this information. Which of the following should the company deploy to allow other cloud-based systems to consume this information?

Options:

A.  

Data mapping

B.  

Data labeling

C.  

Log scraping

D.  

Resource tagging

Discussion 0
Questions 6

A security researcher identified the following messages while testing a web application:

Which of the following should the researcher recommend to remediate the issue?

Options:

A.  

Software composition analysis

B.  

Packet inspection

C.  

Proper error handling

D.  

Elimination of the use of unsafe functions

Discussion 0
Questions 7

A security analyst identified a vulnerable and deprecated runtime engine that is supporting a public-facing banking application. The developers anticipate the transition to modern development environments will take at least a month. Which of the following controls would best mitigate the risk without interrupting the service during the transition?

Options:

A.  

Shutting down the systems until the code is ready

B.  

Uninstalling the impacted runtime engine

C.  

Selectively blocking traffic on the affected port

D.  

Configuring IPS and WAF with signatures

Discussion 0
Questions 8

A company's Chief Information Security Officer wants to prevent the company from being the target of ransomware. The company's IT assets need to be protected. Which of the following are the most secure options to address these concerns? (Select three).

Options:

A.  

Antivirus

B.  

EDR

C.  

Sand boxing

D.  

Application control

E.  

Host-based firewall

F.  

IDS

G.  

SIEM

Discussion 0
Questions 9

A systems engineer needs to develop a solution that uses digital certificates to allow authentication to laptops. Which of the following authenticator types would be most appropriate for the engineer to include in the design?

Options:

A.  

TOTP token

B.  

Device certificate

C.  

Smart card

D.  

Biometric

Discussion 0
Questions 10

A security engineer is assessing the security controls of loT systems that are no longer supported for updates and patching. Which of the following is the best mitigation for defending these loT systems?

Options:

A.  

Disable administrator accounts

B.  

Enable SELinux

C.  

Enforce network segmentation

D.  

Assign static IP addresses

Discussion 0
Questions 11

Which of the following technologies would benefit the most from the use of biometric readers proximity badge entry systems, and the use of hardware security tokens to access various environments and data entry systems?

Options:

A.  

Deep learning

B.  

Machine learning

C.  

Nanotechnology

D.  

Passwordless authentication

E.  

Biometric impersonation

Discussion 0
Questions 12

Which of the following is the best reason for obtaining file hashes from a confiscated laptop?

Options:

A.  

To prevent metadata tampering on each file

B.  

To later validate the integrity of each file

C.  

To generate unique identifiers for each file

D.  

To preserve the chain of custody of files

Discussion 0
Questions 13

A security engineer is reviewing Apache web server logs and has identified the following pattern in the log:

GET https://example.com/image5/../../etc/passwd HTTP/1.1 200 OK

The engineer has also reviewed IDS and firewall logs and established a correlation to an external IP address. Which of the following can be determined regarding the vulnerability and response?

Options:

A.  

A cross-site scripting attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to REST API.

B.  

A cross-site request forgery attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to HTTP POST commands.

C.  

A directory traversal attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to the filesystem.

D.  

A brute-force authentication attempt was successful, and the system should implement salting as part of the password hashing algorithm.

Discussion 0
Questions 14

A company uses a CSP to provide a front end for its new payment system offering. The new offering is currently certified as PCI compliant. In order for the integrated solution to be

compliant, the customer:

Options:

A.  

must also be PCI compliant, because the risk is transferred to the provider.

B.  

still needs to perform its own PCI assessment of the provider's managed serverless service.

C.  

needs to perform a penetration test of the cloud provider's environment.

D.  

must ensure in-scope systems for the new offering are also PCI compliant.

Discussion 0
Questions 15

After investigating a recent security incident, a SOC analyst is charged with creating a reference guide for the entire team to use. Which of the following should the analyst create to address future incidents?

Options:

A.  

Root cause analysis

B.  

Communication plan

C.  

Runbook

D.  

Lessons learned

Discussion 0
Questions 16

Which of the following security features do email signatures provide?

Options:

A.  

Non-repudiation

B.  

Body encryption

C.  

Code signing

D.  

Sender authentication

E.  

Chain of custody

Discussion 0
Questions 17

A forensic investigator started the process of gathering evidence on a laptop in response to an incident The investigator took a snapshof of the hard drive, copied relevant log files and then performed a memory dump Which of the following steps in the process should have occurred first?

Options:

A.  

Preserve secure storage

B.  

Clone the disk.

C.  

Collect the most volatile data

D.  

Copy the relevant log files

Discussion 0
Questions 18

A security engineer investigates an incident and determines that a rogue device is on the network. Further investigation finds that an employee's personal device has been set up to access company resources and does not comply with standard security controls. Which of the following should the security engineer recommend to reduce the risk of future reoccurrence?

Options:

A.  

Require device certificates to access company resources.

B.  

Enable MFA at the organization's SSO portal.

C.  

Encrypt all workstation hard drives.

D.  

Hide the company wireless SSI

D.  

Discussion 0
Questions 19

A forensics investigator is analyzing an executable file extracted from storage media that was submitted (or evidence The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file Which of the following should the investigator use while preserving evidence integrity?

Options:

A.  

idd

B.  

bcrypt

C.  

SHA-3

D.  

ssdeep

E.  

dcfldd

Discussion 0
Questions 20

A cyberanalyst for a government agency is concerned about how Pll is protected A supervisor indicates that a Privacy Impact Assessment must be done. Which of the following describes a function of a Privacy Impact Assessment?

Options:

A.  

To validate the project participants

B.  

To identify the network ports

C.  

To document residual risks

D.  

To evaluate threat acceptance

Discussion 0
Questions 21

A company has a website with a huge database. The company wants to ensure that a DR site could be brought online quickly in the event of a failover, and end users would miss no more than 30 minutes of data. Which of the following should the company do to meet these objectives?

Options:

A.  

Build a content caching system at the DR site.

B.  

Store the nightly full backups at the DR site.

C.  

Increase the network bandwidth to the DR site.

D.  

Implement real-time replication for the DR site.

Discussion 0
Questions 22

An organization needs to classify its systems and data in accordance with external requirements. Which of the following roles is best qualified to perform this task?

Options:

A.  

Systems administrator

B.  

Data owner

C.  

Data processor

D.  

Data custodian

E.  

Data steward

Discussion 0
Questions 23

The information security manager at a 24-hour manufacturing facility is reviewing a contract for potential risks to the organization. The contract pertains to the support of printers and multifunction devices during non-standard business hours. Which of the following will the security manager most likely identify as a risk?

Options:

A.  

Print configurations settings for locked print jobs

B.  

The lack of an NDA with the company that supports its devices

C.  

The lack of an MSA to govern other services provided by the service provider

D.  

The lack of chain of custody for devices prior to deployment at the company

Discussion 0
Questions 24

A security analyst has been tasked with assessing a new API The analyst needs to be able to test for a variety of different inputs, both malicious and benign, in order to close any vulnerabilities Which of the following should the analyst use to achieve this goal?

Options:

A.  

Static analysis

B.  

Input validation

C.  

Fuzz testing

D.  

Post-exploitation

Discussion 0
Questions 25

A software developer must choose encryption algorithms to secure two parts of a mobile application. Given the following part descriptions and requirements:

•The first part of the application is used to transfer large files and must support file parts with transfer start/stop/resume. This part requires strong file encryption.

•The second part of the application uses a bit stream to continuously authenticate both ends of the connection. This part must implement confidentiality for the stream.

Which of the following encryption algorithms should the developer implement in the code to support both parts of the application? (Select two).

Options:

A.  

P384

B.  

ECDSA

C.  

RC5

D.  

ChaCha20

E.  

bcrypt

F.  

RIPEMD

Discussion 0
Questions 26

A software development company wants to ensure that users can confirm the software is legitimate when installing it. Which of the following is the best way for the company to achieve this security objective?

Options:

A.  

Code signing

B.  

Non-repudiation

C.  

Key escrow

D.  

Private keys

Discussion 0
Questions 27

A security engineer is re-architecting a network environment that provides regional electric distribution services. During a pretransition baseline assessment, the engineer identified the following security-relevant characteristics of the environment:

• Enterprise IT servers and supervisory industrial systems share the same subnet.

• Supervisory controllers use the 750MHz band to direct a portion of fielded PLCs.

• Command and telemetry messages from industrial control systems are unencrypted and unauthenticated.

Which of the following re-architecture approaches would be best to reduce the company's risk?

Options:

A.  

Implement a one-way guard between enterprise IT services and mission-critical systems, obfuscate legitimate RF signals by broadcasting noise, and implement modern protocols to authenticate ICS messages.

B.  

Characterize safety-critical versus non-safety-critical systems, isolate safety-critical systems from other systems, and increase the directionality of RF links in the field.

C.  

Create a new network segment for enterprise IT servers, configure NGFW to enforce a well-defined segmentation policy, and implement a WIDS to monitor the spectrum.

D.  

Segment supervisory controllers from field PLCs, disconnect the entire network from the internet, and use only the 750MHz link for controlling energy distribution services.

Discussion 0
Questions 28

A security architect discovers the following while reviewing code for a company’s website:

selection = "SELECT Item FROM Catalog WHERE ItemID * " & Request("ItemID”)

Which of the following should the security architect recommend?

Options:

A.  

Client-side processing

B.  

Query parameterization

C.  

Data normalization

D.  

Escape character blocking

E.  

URL encoding

Discussion 0
Questions 29

A security analyst is reviewing the following output from a vulnerability scan from an organization's internet-facing web services:

Which of the following indicates a susceptibility whereby an attacker can take advantage of the trust relationship between the client and the server?

Options:

A.  

Line 06

B.  

Line 10

C.  

Line 13

D.  

Line 17

Discussion 0
Questions 30

A technician accidentally deleted the secret key that was corresponding to the public key pinned to a busy online magazine. To remedy the situation, the technician obtained a new certificate with a different key. However, paying subscribers were locked out of the website until the key-pinning policy expired. Which of the following alternatives should the technician adopt to prevent a similar issue in the future?

Options:

A.  

Registration authority

B.  

Certificate revocation list

C.  

Client authentication

D.  

Certificate authority authorization

Discussion 0
Questions 31

When managing and mitigating SaaS cloud vendor risk, which of the following responsibilities belongs to the client?

Options:

A.  

Data

B.  

Storage

C.  

Physical security

D.  

Network

Discussion 0
Questions 32

An organization has an operational requirement with a specific equipment vendor The organization is located in the United States, but the vendor is located in another region Which of the following risks would be most concerning to the organization in the event of equipment failure?

Options:

A.  

Support may not be available during all business hours

B.  

The organization requires authorized vendor specialists.

C.  

Each region has different regulatory frameworks to follow

D.  

Shipping delays could cost the organization money

Discussion 0
Questions 33

A company has identified a number of vulnerable, end-of-support systems with limited defensive capabilities. Which of the following would be the first step in reducing the attack surface in this environment?

Options:

A.  

Utilizing hardening recommendations

B.  

Deploying IPS/IDS throughout the environment

C.  

Installing and updating antivirus

D.  

Installing all available patches

Discussion 0
Questions 34

An multinational organization was hacked, and the incident response team's timely action prevented a major disaster Following the event, the team created an after action report. Which of the following is the primary goal of an after action review?

Options:

A.  

To gather evidence for subsequent legal action

B.  

To determine the identity of the attacker

C.  

To identify ways to improve the response process

D.  

To create a plan of action and milestones

Discussion 0
Questions 35

A PKI engineer is defining certificate templates for an organization's CA and would like to ensure at least two of the possible SAN certificate extension fields populate for documentation purposes. Which of the following are explicit options within this extension? (Select two).

Options:

A.  

Type

B.  

Email

C.  

OCSP responder

D.  

Registration authority

E.  

Common Name

F.  

DNS name

Discussion 0
Questions 36

Which of the following is the reason why security engineers often cannot upgrade the security of embedded facility automation systems?

Options:

A.  

They are constrained by available compute.

B.  

They lack X86-64 processors.

C.  

They lack EEPROM.

D.  

They are not logic-bearing devices.

Discussion 0
Questions 37

A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization.

Which of the following actions would BEST resolve the issue? (Choose two.)

Options:

A.  

Conduct input sanitization.

B.  

Deploy a SIEM.

C.  

Use containers.

D.  

Patch the OS

E.  

Deploy a WAF.

F.  

Deploy a reverse proxy

G.  

Deploy an IDS.

Discussion 0
Questions 38

A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.

Which of the following actions would BEST address the potential risks by the activity in the logs?

Options:

A.  

Alerting the misconfigured service account password

B.  

Modifying the AllowUsers configuration directive

C.  

Restricting external port 22 access

D.  

Implementing host-key preferences

Discussion 0
Questions 39

Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.

Based on RPO requirements, which of the following recommendations should the management team make?

Options:

A.  

Leave the current backup schedule intact and pay the ransom to decrypt the data.

B.  

Leave the current backup schedule intact and make the human resources fileshare read-only.

C.  

Increase the frequency of backups and create SIEM alerts for IOCs.

D.  

Decrease the frequency of backups and pay the ransom to decrypt the data.

Discussion 0
Questions 40

An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:

Unstructured data being exfiltrated after an employee leaves the organization

Data being exfiltrated as a result of compromised credentials

Sensitive information in emails being exfiltrated

Which of the following solutions should the security team implement to mitigate the risk of data loss?

Options:

A.  

Mobile device management, remote wipe, and data loss detection

B.  

Conditional access, DoH, and full disk encryption

C.  

Mobile application management, MFA, and DRM

D.  

Certificates, DLP, and geofencing

Discussion 0
Questions 41

An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items.

Which of the following phases establishes the identification and prioritization of critical systems and functions?

Options:

A.  

Review a recent gap analysis.

B.  

Perform a cost-benefit analysis.

C.  

Conduct a business impact analysis.

D.  

Develop an exposure factor matrix.

Discussion 0
Questions 42

Which of the following are risks associated with vendor lock-in? (Choose two.)

Options:

A.  

The client can seamlessly move data.

B.  

The vendor can change product offerings.

C.  

The client receives a sufficient level of service.

D.  

The client experiences decreased quality of service.

E.  

The client can leverage a multicloud approach.

F.  

The client experiences increased interoperability.

Discussion 0
Questions 43

A security engineer was auditing an organization’s current software development practice and discovered that multiple open-source libraries were Integrated into the organization’s software. The organization currently performs SAST and DAST on the software it develops.

Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

Options:

A.  

Perform additional SAST/DAST on the open-source libraries.

B.  

Implement the SDLC security guidelines.

C.  

Track the library versions and monitor the CVE website for related vulnerabilities.

D.  

Perform unit testing of the open-source libraries.

Discussion 0
Questions 44

Due to locality and budget constraints, an organization’s satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.

Which of the following would be the BEST option to implement?

Options:

A.  

Distributed connection allocation

B.  

Local caching

C.  

Content delivery network

D.  

SD-WAN vertical heterogeneity

Discussion 0
Questions 45

A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.

Which of the following would be BEST for the developer to perform? (Choose two.)

Options:

A.  

Utilize code signing by a trusted third party.

B.  

Implement certificate-based authentication.

C.  

Verify MD5 hashes.

D.  

Compress the program with a password.

E.  

Encrypt with 3DES.

F.  

Make the DACL read-only.

Discussion 0
Questions 46

An organization’s hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.

Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?

Options:

A.  

Deploy a SOAR tool.

B.  

Modify user password history and length requirements.

C.  

Apply new isolation and segmentation schemes.

D.  

Implement decoy files on adjacent hosts.

Discussion 0
Questions 47

Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity?

Options:

A.  

Key sharing

B.  

Key distribution

C.  

Key recovery

D.  

Key escrow

Discussion 0
Questions 48

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

Options:

A.  

The company will have access to the latest version to continue development.

B.  

The company will be able to force the third-party developer to continue support.

C.  

The company will be able to manage the third-party developer’s development process.

D.  

The company will be paid by the third-party developer to hire a new development team.

Discussion 0
Questions 49

A security engineer needs to recommend a solution that will meet the following requirements:

Identify sensitive data in the provider’s network

Maintain compliance with company and regulatory guidelines

Detect and respond to insider threats, privileged user threats, and compromised accounts

Enforce datacentric security, such as encryption, tokenization, and access control

Which of the following solutions should the security engineer recommend to address these requirements?

Options:

A.  

WAF

B.  

CASB

C.  

SWG

D.  

DLP

Discussion 0
Questions 50

An organization is implementing a new identity and access management architecture with the following objectives:

Supporting MFA against on-premises infrastructure

Improving the user experience by integrating with SaaS applications

Applying risk-based policies based on location

Performing just-in-time provisioning

Which of the following authentication protocols should the organization implement to support these requirements?

Options:

A.  

Kerberos and TACACS

B.  

SAML and RADIUS

C.  

OAuth and OpenID

D.  

OTP and 802.1X

Discussion 0
Questions 51

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.

Which of the following should be the analyst’s FIRST action?

Options:

A.  

Create a full inventory of information and data assets.

B.  

Ascertain the impact of an attack on the availability of crucial resources.

C.  

Determine which security compliance standards should be followed.

D.  

Perform a full system penetration test to determine the vulnerabilities.

Discussion 0
Questions 52

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

Leaked to the media via printing of the documents

Sent to a personal email address

Accessed and viewed by systems administrators

Uploaded to a file storage site

Which of the following would mitigate the department’s concerns?

Options:

A.  

Data loss detection, reverse proxy, EDR, and PGP

B.  

VDI, proxy, CASB, and DRM

C.  

Watermarking, forward proxy, DLP, and MFA

D.  

Proxy, secure VPN, endpoint encryption, and AV

Discussion 0
Questions 53

A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.

Which of the following techniques will MOST likely meet the business’s needs?

Options:

A.  

Performing deep-packet inspection of all digital audio files

B.  

Adding identifying filesystem metadata to the digital audio files

C.  

Implementing steganography

D.  

Purchasing and installing a DRM suite

Discussion 0
Questions 54

A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.

Which of the following sources could the architect consult to address this security concern?

Options:

A.  

SDLC

B.  

OVAL

C.  

IEEE

D.  

OWASP

Discussion 0
Questions 55

A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services.

Which of the following should be modified to prevent the issue from reoccurring?

Options:

A.  

Recovery point objective

B.  

Recovery time objective

C.  

Mission-essential functions

D.  

Recovery service level

Discussion 0
Questions 56

A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.

Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

Options:

A.  

Union filesystem overlay

B.  

Cgroups

C.  

Linux namespaces

D.  

Device mapper

Discussion 0
Questions 57

A security analyst notices a number of SIEM events that show the following activity:

Which of the following response actions should the analyst take FIRST?

Options:

A.  

Disable powershell.exe on all Microsoft Windows endpoints.

B.  

Restart Microsoft Windows Defender.

C.  

Configure the forward proxy to block 40.90.23.154.

D.  

Disable local administrator privileges on the endpoints.

Discussion 0
Questions 58

UESTION NO: 36

Which of the following is a benefit of using steganalysis techniques in forensic response?

Options:

A.  

Breaking a symmetric cipher used in secure voice communications

B.  

Determining the frequency of unique attacks against DRM-protected media

C.  

Maintaining chain of custody for acquired evidence

D.  

Identifying least significant bit encoding of data in a .wav file

Discussion 0
Questions 59

A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.

Which of the following would be BEST to proceed with the transformation?

Options:

A.  

An on-premises solution as a backup

B.  

A load balancer with a round-robin configuration

C.  

A multicloud provider solution

D.  

An active-active solution within the same tenant

Discussion 0
Questions 60

A vulnerability analyst identified a zero-day vulnerability in a company’s internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one.

Which of the following would be BEST suited to meet these requirements?

Options:

A.  

ARF

B.  

ISACs

C.  

Node.js

D.  

OVAL

Discussion 0
Questions 61

A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.

Which of the following would provide the BEST boot loader protection?

Options:

A.  

TPM

B.  

HSM

C.  

PKI

D.  

UEFI/BIOS

Discussion 0
Questions 62

Device event logs sources from MDM software as follows:

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

Options:

A.  

Malicious installation of an application; change the MDM configuration to remove application ID 1220.

B.  

Resource leak; recover the device for analysis and clean up the local storage.

C.  

Impossible travel; disable the device’s account and access while investigating.

D.  

Falsified status reporting; remotely wipe the device.

Discussion 0
Questions 63

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Which of the following is MOST likely the root cause?

Options:

A.  

The client application is testing PFS.

B.  

The client application is configured to use ECDHE.

C.  

The client application is configured to use RC4.

D.  

The client application is configured to use AES-256 in GCM.

Discussion 0
Questions 64

A security analyst is investigating a possible buffer overflow attack. The following output was found on a user’s workstation:

graphic.linux_randomization.prg

Which of the following technologies would mitigate the manipulation of memory segments?

Options:

A.  

NX bit

B.  

ASLR

C.  

DEP

D.  

HSM

Discussion 0
Questions 65

A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.

Based on the output above, from which of the following process IDs can the analyst begin an investigation?

Options:

A.  

65

B.  

77

C.  

83

D.  

87

Discussion 0
Questions 66

An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.

Which of the following historian server locations will allow the business to get the required reports in an ОТ and IT environment?

Options:

A.  

In the ОТ environment, use a VPN from the IT environment into the ОТ environment.

B.  

In the ОТ environment, allow IT traffic into the ОТ environment.

C.  

In the IT environment, allow PLCs to send data from the ОТ environment to the IT environment.

D.  

Use a screened subnet between the ОТ and IT environments.

Discussion 0
Questions 67

An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.

Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

Options:

A.  

Implement a VPN for all APIs.

B.  

Sign the key with DSA.

C.  

Deploy MFA for the service accounts.

D.  

Utilize HMAC for the keys.

Discussion 0
Questions 68

An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.

Which of the following describes the administrator’s discovery?

Options:

A.  

A vulnerability

B.  

A threat

C.  

A breach

D.  

A risk

Discussion 0
Questions 69

A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

Options:

A.  

Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

B.  

Required all laptops to connect to the VPN before accessing email.

C.  

Implement cloud-based content filtering with sandboxing capabilities.

D.  

Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Discussion 0
Questions 70

A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks.

Which of the following would be the BEST solution against this type of attack?

Options:

A.  

Cookies

B.  

Wildcard certificates

C.  

HSTS

D.  

Certificate pinning

Discussion 0
Questions 71

A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements:

https://i.postimg.cc/8P9sB3zx/image.png

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

Options:

A.  

TPM

B.  

Local secure password file

C.  

MFA

D.  

Key vault

Discussion 0
Questions 72

Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.

Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?

Options:

A.  

Implement rate limiting on the API.

B.  

Implement geoblocking on the WAF.

C.  

Implement OAuth 2.0 on the API.

D.  

Implement input validation on the API.

Discussion 0
Questions 73

Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?

Options:

A.  

Importing the availability of messages

B.  

Ensuring non-repudiation of messages

C.  

Enforcing protocol conformance for messages

D.  

Assuring the integrity of messages

Discussion 0
Questions 74

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

Options:

A.  

0.5

B.  

8

C.  

50

D.  

36,500

Discussion 0
Questions 75

While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.

Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

Options:

A.  

Pay the ransom within 48 hours.

B.  

Isolate the servers to prevent the spread.

C.  

Notify law enforcement.

D.  

Request that the affected servers be restored immediately.

Discussion 0
Questions 76

During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.

Which of the following processes would BEST satisfy this requirement?

Options:

A.  

Monitor camera footage corresponding to a valid access request.

B.  

Require both security and management to open the door.

C.  

Require department managers to review denied-access requests.

D.  

Issue new entry badges on a weekly basis.

Discussion 0
Questions 77

A security consultant is designing an infrastructure security solution for a client company that has provided the following requirements:

• Access to critical web services at the edge must be redundant and highly available.

• Secure access services must be resilient to a proprietary zero-day vulnerability in a single component.

• Automated transition of secure access solutions must be able to be triggered by defined events or manually by security operations staff.

Which of the following solutions BEST meets these requirements?

Options:

A.  

Implementation of multiple IPSec VPN solutions with diverse endpoint configurations enabling user optionality in the selection of a remote access provider

B.  

Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks.

C.  

Two separate secure access solutions orchestrated by SOAR with components provided by the same vendor for compatibility.

D.  

Reverse TLS proxy configuration using OpenVPN/OpenSSL with scripted failover functionality that connects critical web services out to endpoint computers.

Discussion 0
Questions 78

Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

Options:

A.  

Lattice-based cryptography

B.  

Quantum computing

C.  

Asymmetric cryptography

D.  

Homomorphic encryption

Discussion 0
Questions 79

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process ‘memory location. Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

Options:

A.  

Execute never

B.  

Noexecute

C.  

Total memory encryption

D.  

Virtual memory protection

Discussion 0
Questions 80

A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by reducing the risk of on-path attacks between the mobile

client and its servers and by implementing stronger digital trust. To support users' trust, the company has released the following internal guidelines:

• Mobile clients should verify the identity of all social media servers locally.

• Social media servers should improve TLS performance of their certificate status

• Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Options:

A.  

Quick UDP internet connection

B.  

OCSP stapling

C.  

Private CA

D.  

DNSSEC

E.  

CRL

F.  

HSTS

G.  

Distributed object model

Discussion 0
Questions 81

A security analyst for a managed service provider wants to implement the most up-to-date and effective security methodologies to provide clients with the best offerings. Which of the following resources

would the analyst MOST likely adopt?

Options:

A.  

OSINT

B.  

ISO

C.  

MITRE ATT&CK

D.  

OWASP

Discussion 0
Questions 82

A cloud security architect has been tasked with selecting the appropriate solution given the following:

* The solution must allow the lowest RTO possible.

* The solution must have the least shared responsibility possible.

« Patching should be a responsibility of the CSP.

Which of the following solutions can BEST fulfill the requirements?

Options:

A.  

Paas

B.  

laas

C.  

Private

D.  

Saas

Discussion 0
Questions 83

In order to authenticate employees who, call in remotely, a company's help desk staff must be able to view partial Information about employees because the full information may be considered sensitive. Which of the following solutions should be implemented to authenticate employees?

Options:

A.  

Data scrubbing

B.  

Field masking

C.  

Encryption in transit

D.  

Metadata

Discussion 0
Questions 84

In a shared responsibility model for PaaS, which of the following is a customer's responsibility?

Options:

A.  

Network security

B.  

Physical security

C.  

OS security

D.  

Host infrastructure

Discussion 0
Questions 85

A security researcher detonated some malware in a lab environment and identified the following commands running from the EDR tool:

With which of the following MITRE ATT&CK TTPs is the command associated? (Select TWO).

Options:

A.  

Indirect command execution

B.  

OS credential dumping

C.  

Inhibit system recovery

D.  

External remote services

E.  

System information discovery

F.  

Network denial of service

Discussion 0
Questions 86

A managed security provider (MSP) is engaging with a customer who was working through a complete digital transformation Part of this transformation involves a move to cloud servers to ensure a scalable, high-performance, online user experience The current architecture includes:

• Directory servers

• Web servers

• Database servers

• Load balancers

• Cloud-native VPN concentrator

• Remote access server

The MSP must secure this environment similarly to the infrastructure on premises Which of the following should the MSP put in place to BEST meet this objective? (Select THREE)

Options:

A.  

Content delivery network

B.  

Virtual next-generation firewall

C.  

Web application firewall

D.  

Software-defined WAN

E.  

External vulnerability scans

F.  

Containers

G.  

Microsegmentation

Discussion 0
Questions 87

A major broadcasting company that requires continuous availability to streaming content needs to be resilient against DDoS attacks Which of the following is the MOST important infrastructure security design element to prevent an outage7

Options:

A.  

Supporting heterogeneous architecture

B.  

Leveraging content delivery network across multiple regions

C.  

Ensuring cloud autoscaling is in place

D.  

Scaling horizontally to handle increases in traffic

Discussion 0
Questions 88

In a cloud environment, the provider offers relief to an organization's teams by sharing in many of the operational duties. In a shared responsibility model, which of the following responsibilities belongs to the provider in a Paas implementation?

Options:

A.  

Application-specific data assets

B.  

Application user access management

C.  

Application-specific logic and code

D.  

Application/platform software

Discussion 0
Questions 89

A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites. Which of the following would BEST support multiple domain names while minimizing the amount of certificates needed?

Options:

A.  

ocsp

B.  

CRL

C.  

SAN

D.  

CA

Discussion 0
Questions 90

A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are:

* www.mycompany.org

* www.mycompany.com

* campus.mycompany.com

* wiki. mycompany.org

The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the BEST solution?

Options:

A.  

Purchase one SAN certificate.

B.  

Implement self-signed certificates.

C.  

Purchase one certificate for each website.

D.  

Purchase one wildcard certificate.

Discussion 0
Questions 91

During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. upon rebooting the machine, a malicious script that

was running as a background process was no longer present. As a result, potentially useful evidence was lost. Which of the following should the security analyst have followed?

Options:

A.  

Order of volatility

B.  

Chain of custody

C.  

Verification

D.  

Secure storage

Discussion 0
Questions 92

A systems administrator was given the following IOC to detect the presence of a malicious piece of software communicating with its command-and-control server:

post /malicious. php

User-Agent: Malicious Tool V 1.0

Host: www.rcalicious.com

The IOC documentation suggests the URL is the only part that could change. Which of the following regular expressions would allow the systems administrator to determine if any of the company hosts are compromised, while reducing false positives?

Options:

A.  

User-Agent: Malicious Tool. *

B.  

www\. malicious\. com\/malicious. php

C.  

POST /malicious\. php

D.  

Hose: [a-2] *\.malicious\.com

E.  

malicious. *

Discussion 0
Questions 93

A hospitality company experienced a data breach that included customer Pll. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service. Which of the following is the BEST solution to help prevent this type of attack in the future?

Options:

A.  

NGFW for web traffic inspection and activity monitoring

B.  

CSPM for application configuration control

C.  

Targeted employee training and awareness exercises

D.  

CASB for OAuth application permission control

Discussion 0
Questions 94

A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following:

• The highest form Of web identity validation

• Encryption of all web transactions

• The strongest encryption in-transit

• Logical separation based on data sensitivity

Other things that should be considered include:

• The company operates multiple other websites that use encryption.

• The company wants to minimize total expenditure.

• The company wants to minimize complexity

Which of the following should the company implement on its new website? (Select TWO).

Options:

A.  

Wildcard certificate

B.  

EV certificate

C.  

Mutual authentication

D.  

Certificate pinning

E.  

SSO

F.  

HSTS

Discussion 0
Questions 95

A security analyst has been tasked with providing key information in the risk register. Which of the following outputs or results would be used to BEST provide the information needed to determine the

security posture for a risk decision? (Select TWO).

Options:

A.  

Password cracker

B.  

SCAP scanner

C.  

Network traffic analyzer

D.  

Vulnerability scanner

E.  

Port scanner

F.  

Protocol analyzer

Discussion 0
Questions 96

Which of the following describes the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely?

Options:

A.  

Key escrow

B.  

TPM

C.  

Trust models

D.  

Code signing

Discussion 0
Questions 97

Which of the following is a risk associated with SDN?

Options:

A.  

Expanded attack surface

B.  

Increased hardware management costs

C.  

Reduced visibility of scaling capabilities

D.  

New firmware vulnerabilities

Discussion 0
Questions 98

A security manager wants to transition the organization to a zero trust architecture. To meet this requirement, the security manager has instructed administrators to remove trusted zones, role-based access, and one-time authentication. Which of the following will need to be implemented to achieve this objective? (Select THREE).

Options:

A.  

Least privilege

B.  

VPN

C.  

Policy automation

D.  

PKI

E.  

Firewall

F.  

Continuous validation

G.  

Continuous integration

Discussion 0
Questions 99

In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:

Options:

A.  

cloud-native applications.

B.  

containerization.

C.  

serverless configurations.

D.  

software-defined netWorking.

E.  

secure access service edge.

Discussion 0
Questions 100

Company A acquired Company B. During an initial assessment, the companies discover they are using the same SSO system. To help users with the transition, Company A is requiring the following:

• Before the merger is complete, users from both companies should use a single set of usernames and passwords.

• Users in the same departments should have the same set of rights and privileges, but they should have different sets of rights and privileges if they have different IPs.

• Users from Company B should be able to access Company A's available resources.

Which of the following are the BEST solutions? (Select TWO).

Options:

A.  

Installing new Group Policy Object policies

B.  

Establishing one-way trust from Company B to Company A

C.  

Enabling multifactor authentication

D.  

Implementing attribute-based access control

E.  

Installing Company A's Kerberos systems in Company B's network

F.  

Updating login scripts

Discussion 0
Questions 101

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field.

Which of the following should the security team recommend FIRST?

Options:

A.  

Investigating a potential threat identified in logs related to the identity management system

B.  

Updating the identity management system to use discretionary access control

C.  

Beginning research on two-factor authentication to later introduce into the identity management system

D.  

Working with procurement and creating a requirements document to select a new IAM system/vendor

Discussion 0
Questions 102

To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within Its proprietary software. Which of the following should the company consider to maximize risk reduction from vulnerabilities introduced by OpenSSL?

Options:

A.  

Include stable, long-term releases of third-party libraries instead of using newer versions.

B.  

Ensure the third-party library implements the TLS and disable weak ciphers.

C.  

Compile third-party libraries into the main code statically instead of using dynamic loading.

D.  

Implement an ongoing, third-party software and library review and regression testing.

Discussion 0
Questions 103

A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires:

• All remote devices to have up-to-date antivirus

• An up-to-date and patched OS

Which of the following technologies should the company deploy to meet its security objectives? (Select TWO)_

Options:

A.  

NAC

B.  

WAF

C.  

NIDS

D.  

Reverse proxy

E.  

NGFW

F.  

Bastion host

Discussion 0
Questions 104

An IPSec solution is being deployed. The configuration files for both the VPN

concentrator and the AAA server are shown in the diagram.

Complete the configuration files to meet the following requirements:

• The EAP method must use mutual certificate-based authentication (With

issued client certificates).

• The IKEv2 Cipher suite must be configured to the MOST secure

authenticated mode of operation,

• The secret must contain at least one uppercase character, one lowercase

character, one numeric character, and one special character, and it must

meet a minimum length requirement of eight characters,

INSTRUCTIONS

Click on the AAA server and VPN concentrator to complete the configuration.

Fill in the appropriate fields and make selections from the drop-down menus.

VPN Concentrator:

AAA Server:

Options:

Discussion 0
Questions 105

A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce. The security architect's key objectives are to:

• Maintain customer trust

• Minimize data leakage

• Ensure non-repudiation

Which of the following would be the BEST set of recommendations from the security architect?

Options:

A.  

Enable the user authentication requirement, enable end-to-end encryption, and enable waiting rooms.

B.  

Disable file exchange, enable watermarking, and enable the user authentication requirement.

C.  

Enable end-to-end encryption, disable video recording, and disable file exchange.

D.  

Enable watermarking, enable the user authentication requirement, and disable video recording.

Discussion 0
Questions 106

A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Select THREE).

Options:

A.  

Temporal

B.  

Availability

C.  

Integrity

D.  

Confidentiality

E.  

Base

F.  

Environmental

G.  

Impact

Discussion 0
Questions 107

A consultant needs access to a customer's cloud environment. The customer wants to enforce the following engagement requirements:

• All customer data must remain under the control of the customer at all times.

• Third-party access to the customer environment must be controlled by the customer.

• Authentication credentials and access control must be under the customer's control.

Which of the following should the consultant do to ensure all customer requirements are satisfied when accessing the cloud environment?

Options:

A.  

use the customer's SSO with read-only credentials and share data using the customer's provisioned secure network storage

B.  

use the customer-provided VDI solution to perform work on the customer's environment.

C.  

Provide code snippets to the customer and have the customer run code and securely deliver its output

D.  

Request API credentials from the customer and only use API calls to access the customer's environment.

Discussion 0
Questions 108

A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer

facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead

and be resistant to offline password attacks. Which of the following should the security consultant recommend?

Options:

A.  

WPA2-Preshared Key

B.  

WPA3-Enterprise

C.  

WPA3-Personal

D.  

WPA2-Enterprise

Discussion 0
Questions 109

A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability. Which of the following would BEST resolve and mitigate the issue? (Select TWO).

Options:

A.  

Deploying a WAF signature

B.  

Fixing the PHP code

C.  

Changing the web server from HTTPS to HTTP

D.  

UsingSSLv3

E.  

Changing the code from PHP to ColdFusion

F.  

Updating the OpenSSL library

Discussion 0
Questions 110

A security administrator wants to detect a potential forged sender claim in tt-e envelope of an email. Which of the following should the security administrator implement? (Select TWO).

Options:

A.  

MX record

B.  

DMARC

C.  

SPF

D.  

DNSSEC

E.  

S/MIME

F.  

TLS

Discussion 0
Questions 111

The Chief Information Security Officer is concerned about the possibility of employees downloading ‘malicious files from the internet and ‘opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk?

Options:

A.  

Integrate the web proxy with threat intelligence feeds.

B.  

Scan all downloads using an antivirus engine on the web proxy.

C.  

Block known malware sites on the web proxy.

D.  

Execute the files in the sandbox on the web proxy.

Discussion 0
Questions 112

A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor-effective way possible. Which of the following will the developer MOST likely implement?

Options:

A.  

Certificate chain

B.  

Root CA

C.  

Certificate pinning

D.  

CRL

E.  

OCSP

Discussion 0
Questions 113

Which of the following BEST describes a common use case for homomorphic encryption ?

Options:

A.  

Processing data on a server after decrypting in order to prevent unauthorized access in transit

B.  

Maintaining the confidentiality of data both at rest and in transit to and from a CSP for processing

C.  

Transmitting confidential data to a CSP for processing on a large number of resources without revealing information

D.  

Storing proprietary data across multiple nodes in a private cloud to prevent access by unauthenticated users

Discussion 0
Questions 114

The Chief Information Security Officer (CISO) is working with a new company and needs a legal “document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign?

Options:

A.  

SLA

B.  

ISA

C.  

Permissions and access

D.  

Rules of engagement

Discussion 0
Questions 115

A mobile administrator is reviewing the following mobile device DHCP logs to ensure the proper mobile settings are applied to managed devices:

Which of the following mobile configuration settings is the mobile administrator verifying?

Options:

A.  

Service set identifier authentication

B.  

Wireless network auto joining

C.  

802.1X with mutual authentication

D.  

Association MAC address randomization

Discussion 0
Questions 116

A security analyst is reviewing a new IOC in which data is injected into an online process. The IOC shows the data injection could happen in the following ways:

• Five numerical digits followed by a dash, followed by four numerical digits; or

• Five numerical digits

When one of these IOCs is identified, the online process stops working. Which of the following regular expressions should be implemented in the NIPS?

Options:

A.  

^\d{4}(-\d{5})?$

B.  

^\d{5}(-\d{4})?$

C.  

^\d{5-4}$

D.  

^\d{9}$

Discussion 0
Questions 117

A security engineer needs to review the configurations of several devices on the network to meet the following requirements:

• The PostgreSQL server must only allow connectivity in the 10.1.2.0/24

subnet.

• The SSH daemon on the database server must be configured to listen

to port 4022.

• The SSH daemon must only accept connections from a Single

workstation.

• All host-based firewalls must be disabled on all workstations.

• All devices must have the latest updates from within the past eight

days.

• All HDDs must be configured to secure data at rest.

• Cleartext services are not allowed.

• All devices must be hardened when possible.

Instructions:

Click on the various workstations and network devices to review the posture assessment results. Remediate any possible issues or indicate that no issue is found.

Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the pOSTGREsql DATABASE VIA ssh

WAP A

PC A

Laptop A

Switch A

Switch B:

Laptop B

PC B

PC C

Server A

Options:

Discussion 0
Questions 118

A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in

the service being unavailable. V•Vh1ch of the following would BEST prevent this scenario from happening again?

Options:

A.  

Performing routine tabletop exercises

B.  

Implementing scheduled, full interruption tests

C.  

Backing up system log reviews

D.  

Performing department disaster recovery walk-throughs

Discussion 0
Questions 119

A security solution uses a sandbox environment to execute zero-day software and collect indicators of compromise. Which of the following should the organization do to BEST take advantage of this solution?

Options:

A.  

Develop an Nmap plug-in to detect the indicator of compromise.

B.  

Update the organization's group policy.

C.  

Include the signature in the vulnerability scanning tool.

D.  

Deliver an updated threat signature throughout the EDR system

Discussion 0
Questions 120

A CSP, which wants to compete in the market, has been approaching companies in an attempt to gain business. The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following would be the MOST significant business risk to a company that signs a contract with this CSP?

Options:

A.  

Resource exhaustion

B.  

Geographic location

C.  

Control plane breach

D.  

Vendor lock-in

Discussion 0
Questions 121

Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?

Options:

A.  

E-discovery

B.  

Review analysis

C.  

Information governance

D.  

Chain of custody

Discussion 0
Questions 122

A security architect Is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business. Which of the following techniques should have been Implemented to prevent these types of risks?

Options:

A.  

Code reviews

B.  

Supply chain visibility

C.  

Software audits

D.  

Source code escrows

Discussion 0
Questions 123

A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.

Which of the following offers an authoritative decision about whether the evidence was obtained legally?

Options:

A.  

Lawyers

B.  

Court

C.  

Upper management team

D.  

Police

Discussion 0
Questions 124

A host on a company’s network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.

Which of the following steps would be best to perform FIRST?

Options:

A.  

Turn off the infected host immediately.

B.  

Run a full anti-malware scan on the infected host.

C.  

Modify the smb.conf file of the host to prevent outgoing SMB connections.

D.  

Isolate the infected host from the network by removing all network connections.

Discussion 0
Questions 125

A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.

Which of the following is t he NEXT step of the incident response plan?

Options:

A.  

Remediation

B.  

Containment

C.  

Response

D.  

Recovery

Discussion 0
Questions 126

A software house is developing a new application. The application has the following requirements:

Reduce the number of credential requests as much as possible

Integrate with social networks

Authenticate users

Which of the following is the BEST federation method to use for the application?

Options:

A.  

WS-Federation

B.  

OpenID

C.  

OAuth

D.  

SAML

Discussion 0
Questions 127

A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?

Options:

A.  

Inherent

B.  

Low

C.  

Mitigated

D.  

Residual.

E.  

Transferred

Discussion 0
Questions 128

city government's IT director was notified by the City council that the following cybersecurity requirements must be met to be awarded a large federal grant:

+ Logs for all critical devices must be retained for 365 days to enable monitoring and threat hunting.

+ All privileged user access must be tightly controlled and tracked to mitigate compromised accounts.

+ Ransomware threats and zero-day vulnerabilities must be quickly identified.

Which of the following technologies would BEST satisfy these requirements? (Select THREE).

Options:

A.  

Endpoint protection

B.  

Log aggregator

C.  

Zero trust network access

D.  

PAM

E.  

Cloud sandbox

F.  

SIEM

G.  

NGFW

Discussion 0
Questions 129

A security architect is reviewing the following proposed corporate firewall architecture and configuration:

Both firewalls are stateful and provide Layer 7 filtering and routing. The company has the following requirements:

Web servers must receive all updates via HTTP/S from the corporate network.

Web servers should not initiate communication with the Internet.

Web servers should only connect to preapproved corporate database servers.

Employees’ computing devices should only connect to web services over ports 80 and 443.

Which of the following should the architect recommend to ensure all requirements are met in the MOST secure manner? (Choose two.)

Options:

A.  

Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP 80,443

B.  

Add the following to Firewall_A: 15 PERMIT FROM 192.168.1.0/24 TO 0.0.0.0 TCP 80,443

C.  

Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP/UDP 0-65535

D.  

Add the following to Firewall_B: 15 PERMIT FROM 0.0.0.0/0 TO 10.0.0.0/16 TCP/UDP 0-65535

E.  

Add the following to Firewall_B: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0 TCP/UDP 0-65535

F.  

Add the following to Firewall_B: 15 PERMIT FROM 192.168.1.0/24 TO 10.0.2.10/32 TCP 80,443

Discussion 0
Questions 130

A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM an downloaded the image to a secured USB drive to share with the government. Which of the following should be taken into consideration during the process of releasing the drive to the government?

Options:

A.  

Encryption in transit

B.  

Legal issues

C.  

Chain of custody

D.  

Order of volatility

E.  

Key exchange

Discussion 0
Questions 131

A company is looking at sending historical backups containing customer PII to a cloud service provider to save on storage costs. Which of the following is the MOST important consideration before making this decision?

Options:

A.  

Availability

B.  

Data sovereignty

C.  

Geography

D.  

Vendor lock-in

Discussion 0
Questions 132

Which of the following is the BEST disaster recovery solution when resources are running in a cloud environment?

Options:

A.  

Remote provider BCDR

B.  

Cloud provider BCDR

C.  

Alternative provider BCDR

D.  

Primary provider BCDR

Discussion 0
Questions 133

An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:

- Protection from DoS attacks against its infrastructure and web applications is in place.

- Highly available and distributed DNS is implemented.

- Static content is cached in the CDN.

- A WAF is deployed inline and is in block mode.

- Multiple public clouds are utilized in an active-passive architecture.

With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?

Options:

A.  

The public cloud provider is applying QoS to the inbound customer traffic.

B.  

The API gateway endpoints are being directly targeted.

C.  

The site is experiencing a brute-force credential attack.

D.  

A DDoS attack is targeted at the CDN.

Discussion 0
Questions 134

A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured:

Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?

A) Personal health information: Inform the human resources department of the breach and review the DLP logs.

В) Account history; Inform the relationship managers of the breach and create new accounts for the affected users.

C) Customer IDs: Inform the customer service department of the breach and work to change the account numbers.

D) PAN: Inform the legal department of the breach and look for this data in dark web monitoring.

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 135

A recent audit discovered that multiple employees had been using their badges to walk through the secured data center to get to the employee break room. Most of the employees were given access during a previous project, but the access was not removed in a timely manner when the project was complete. Which of the following would reduce the likelihood of this scenario occurring again?

Options:

A.  

Create an automated quarterly attestation process that requires management approval for data center access and removes unapproved access.

B.  

Require all employees to sign an AUP that prohibits accessing the data center without an active service ticket number.

C.  

Remove all access to the data center badge readers and only re-add employees with a valid business purpose for entering the floor.

D.  

Implement time-of-day restrictions on the data center badge readers and create automated alerts for unapproved swipe attempts.

Discussion 0
Questions 136

Which of the following controls primarily detects abuse of privilege but does not prevent it?

Options:

A.  

Off-boarding

B.  

Separation of duties

C.  

Least privilege

D.  

Job rotation

Discussion 0
Questions 137

Given the following log snippet from a web server:

Which of the following BEST describes this type of attack?

Options:

A.  

SQL injection

B.  

Cross-site scripting

C.  

Brute-force

D.  

Cross-site request forgery

Discussion 0
Questions 138

An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?

Options:

A.  

Properly configure a secure file transfer system to ensure file integrity.

B.  

Have the external parties sign non-disclosure agreements before sending any images.

C.  

Only share images with external parties that have worked with the firm previously.

D.  

Utilize watermarks in the images that are specific to each external party.

Discussion 0
Questions 139

A developer implement the following code snippet.

Which of the following vulnerabilities does the code snippet resolve?

Options:

A.  

SQL inject

B.  

Buffer overflow

C.  

Missing session limit

D.  

Information leakage

Discussion 0
Questions 140

A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:

As part of the image process, which of the following is the FIRST step the analyst should take?

Options:

A.  

Block the email address carl b@comptia1 com, as it is sending spam to subject matter experts

B.  

Validate the final "Received" header against the DNS entry of the domain.

C.  

Compare the 'Return-Path" and "Received" fields.

D.  

Ignore the emails, as SPF validation is successful, and it is a false positive

Discussion 0
Questions 141

A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form? (Select TWO.)

Options:

A.  

Text editor

B.  

OOXML editor

C.  

Event Viewer

D.  

XML style sheet

E.  

SCAP tool

F.  

Debugging utility

Discussion 0
Questions 142

A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following.

* Transactions being required by unauthorized individual

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attacker using email to distribute malware and ransom ware.

* Exfiltration of sensitivity company information.

The cloud-based email solution will provide an6-malware, reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the board’s concerns for this email migration?

Options:

A.  

Data loss prevention

B.  

Endpoint detection response

C.  

SSL VPN

D.  

Application whitelisting

Discussion 0
Questions 143

Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution?

Options:

A.  

Biometric authenticators are immutable.

B.  

The likelihood of account compromise is reduced.

C.  

Zero trust is achieved.

D.  

Privacy risks are minimized.

Discussion 0
Questions 144

An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them. Which of the following is the BEST design option to optimize security?

Options:

A.  

Limit access to the system using a jump box.

B.  

Place the new system and legacy system on separate VLANs

C.  

Deploy the legacy application on an air-gapped system.

D.  

Implement MFA to access the legacy system.

Discussion 0
Questions 145

A security analyst at a global financial firm was reviewing the design of a cloud-based system to identify opportunities to improve the security of the architecture. The system was recently involved in a data breach after a vulnerability was exploited within a virtual machine's operating system. The analyst observed the VPC in which the system was located was not peered with the security VPC that contained the centralized vulnerability scanner due to the cloud provider's limitations. Which of the following is the BEST course of action to help prevent this situation m the near future?

Options:

A.  

Establish cross-account trusts to connect all VPCs via API for secure configuration scanning.

B.  

Migrate the system to another larger, top-tier cloud provider and leverage the additional VPC peering flexibility.

C.  

Implement a centralized network gateway to bridge network traffic between all VPCs.

D.  

Enable VPC traffic mirroring for all VPCs and aggregate the data for threat detection.

Discussion 0
Questions 146

A development team created a mobile application that contacts a company’s back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.

Which of the following would BEST safeguard the APIs? (Choose two.)

Options:

A.  

Bot protection

B.  

OAuth 2.0

C.  

Input validation

D.  

Autoscaling endpoints

E.  

Rate limiting

F.  

CSRF protection

Discussion 0
Questions 147

A security team received a regulatory notice asking for information regarding collusion and pricing from staff members who are no longer with the organization. The legal department provided the security team with a list of search terms to investigate.

This is an example of:

Options:

A.  

due intelligence

B.  

e-discovery.

C.  

due care.

D.  

legal hold.

Discussion 0
Questions 148

A vulnerability scanner detected an obsolete version of an open-source file-sharing application on one of a company’s Linux servers. While the software version is no longer supported by the OSS community, the company’s Linux vendor backported fixes, applied them for all current vulnerabilities, and agrees to support the software in the future.

Based on this agreement, this finding is BEST categorized as a:

Options:

A.  

true positive.

B.  

true negative.

C.  

false positive.

D.  

false negative.

Discussion 0
Questions 149

An organization’s assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the business via an API.

Given this information, which of the following is a noted risk?

Options:

A.  

Feature delay due to extended software development cycles

B.  

Financial liability from a vendor data breach

C.  

Technical impact to the API configuration

D.  

The possibility of the vendor’s business ceasing operations

Discussion 0
Questions 150

Based on PCI DSS v3.4, One Particular database field can store data, but the data must be unreadable. which of the following data objects meets this requirement?

Options:

A.  

PAN

B.  

CVV2

C.  

Cardholder name

D.  

expiration date

Discussion 0
Questions 151

A security analyst is reviewing the following vulnerability assessment report:

Which of the following should be patched FIRST to minimize attacks against Internet-facing hosts?

Options:

A.  

Server1

B.  

Server2

C.  

Server 3

D.  

Servers

Discussion 0
Questions 152

Which of the following technologies allows CSPs to add encryption across multiple data storages?

Options:

A.  

Symmetric encryption

B.  

Homomorphic encryption

C.  

Data dispersion

D.  

Bit splitting

Discussion 0
Questions 153

A company provides guest WiFi access to the internet and physically separates the guest network from the company’s internal WIFI. Due to a recent incident in which an attacker gained access to the compay’s intend WIFI, the company plans to configure WPA2 Enterprise in an EAP- TLS configuration. Which of the following must be installed on authorized hosts for this new configuration to work properly?

Options:

A.  

Active Directory OPOs

B.  

PKI certificates

C.  

Host-based firewall

D.  

NAC persistent agent

Discussion 0
Questions 154

A software development company is building a new mobile application for its social media platform. The company wants to gain its Users' rust by reducing the risk of on-path attacks between the mobile client and its servers and

by implementing stronger digital trust. To support users’ trust, the company has released the following internal guidelines:

* Mobile clients should verify the identity of all social media servers locally.

* Social media servers should improve TLS performance of their certificate status.

* Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Options:

A.  

Quick UDP internet connection

B.  

OCSP stapling

C.  

Private CA

D.  

DNSSEC

E.  

CRL

F.  

HSTS

G.  

Distributed object model

Discussion 0
Questions 155

A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?

Options:

A.  

DLP

B.  

Mail gateway

C.  

Data flow enforcement

D.  

UTM

Discussion 0
Questions 156

The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified. Which of the following should the incident response team perform to understand the crash and prevent it in the future?

Options:

A.  

Root cause analysis

B.  

Continuity of operations plan

C.  

After-action report

D.  

Lessons learned

Discussion 0
Questions 157

A bank is working with a security architect to find the BEST solution to detect database management system compromises. The solution should meet the following requirements:

♦ Work at the application layer

♦ Send alerts on attacks from both privileged and malicious users

♦ Have a very low false positive

Which of the following should the architect recommend?

Options:

A.  

FIM

B.  

WAF

C.  

NIPS

D.  

DAM

E.  

UTM

Discussion 0
Questions 158

A forensic investigator would use the foremost command for:

Options:

A.  

cloning disks.

B.  

analyzing network-captured packets.

C.  

recovering lost files.

D.  

extracting features such as email addresses

Discussion 0
Questions 159

As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.

Which of the following BEST describes this kind of risk response?

Options:

A.  

Risk rejection

B.  

Risk mitigation

C.  

Risk transference

D.  

Risk avoidance

Discussion 0
Questions 160

A healthcare system recently suffered from a ransomware incident As a result the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits and had open RDP access to servers with personal health information. As the consultant builds the remediation plan, which of the following solutions would BEST solve these challenges? (Select THREE).

Options:

A.  

SD-WAN

B.  

PAM

C.  

Remote access VPN

D.  

MFA

E.  

Network segmentation

F.  

BGP

G.  

NAC

Discussion 0
Questions 161

A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup. Which of the following solutions will BEST meet this requirement?

Options:

A.  

Mirror the blobs at a local data center.

B.  

Enable fast recovery on the storage account.

C.  

Implement soft delete for blobs.

D.  

Make the blob immutable.

Discussion 0
Questions 162

Users are reporting intermittent access issues with a new cloud application that was recently added to the network. Upon investigation, the security administrator notices the human resources department is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application. Which of the following MOST likely needs to be done to avoid this in the future?

Options:

A.  

Modify the ACLS.

B.  

Review the Active Directory.

C.  

Update the marketing department's browser.

D.  

Reconfigure the WAF.

Discussion 0
Questions 163

Which of the following BEST sets expectation between the security team and business units within an organization?

Options:

A.  

Risk assessment

B.  

Memorandum of understanding

C.  

Business impact analysis

D.  

Business partnership agreement

E.  

Services level agreement

Discussion 0
Questions 164

A product development team has submitted code snippets for review prior to release.

INSTRUCTIONS

Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

Code Snippet 1

Code Snippet 2

Vulnerability 1:

    SQL injection

    Cross-site request forgery

    Server-side request forgery

    Indirect object reference

    Cross-site scripting

Fix 1:

    Perform input sanitization of the userid field.

    Perform output encoding of queryResponse,

    Ensure usex:ia belongs to logged-in user.

    Inspect URLS and disallow arbitrary requests.

    Implement anti-forgery tokens.

Vulnerability 2

1) Denial of service

2) Command injection

3) SQL injection

4) Authorization bypass

5) Credentials passed via GET

Fix 2

A) Implement prepared statements and bind

variables.

B) Remove the serve_forever instruction.

C) Prevent the "authenticated" value from being overridden by a GET parameter.

D) HTTP POST should be used for sensitive parameters.

E) Perform input sanitization of the userid field.

Options:

Discussion 0