Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

CompTIA CAS-003 CompTIA Advanced Security Practitioner (CASP) Exam Exam Practice Test

Demo: 102 questions
Total 683 questions

CompTIA Advanced Security Practitioner (CASP) Exam Questions and Answers

Question 1

A consultant is planning an assessment of a customer-developed system. The system consists of a custom-engineered board with modified open-source drivers and a one-off management GUI The system relies on two- factor authentication for interactive sessions, employs strong certificate-based data-in-transit encryption, and randomly switches ports for each session. Which of the following would yield the MOST useful information'?

Options:

A.

Password cracker

B.

Wireless network analyzer

C.

Fuzzing tools

D.

Reverse engineering principles

Question 2

An administrator wants to ensure hard drives cannot be removed from hosts and men installed into and read by unauthorized hosts Which of the following techniques would BEST support this?

Options:

A.

Access control lists

B.

TACACS+ server for AAA

C.

File-level encryption

D.

TPM with sealed storage

Question 3

A company is in the process of re-architecting its sensitive system infrastructure to take advantage of on-demand computing through a public cloud provider The system to be migrated is sensitive with respect to latency availability, and integrity The infrastructure team agreed to the following

• Application and middleware servers will migrate to the cloud " Database servers will remain on-site

• Data backup wilt be stored in the cloud

Which of the following solutions would ensure system and security requirements are met?

Options:

A.

Implement a direct connection from the company to the cloud provider

B.

Use a cloud orchestration tool and implement appropriate change control processes

C.

Implement a standby database on the cloud using a CASB for data-at-rest security

D.

Use multizone geographic distribution with satellite relays

Question 4

An employee decides to log into an authorized system. The system does not prompt the employee for authentication prior to granting access to the console, and it cannot authenticate the network resources. Which of the following attack types can this lead to if it is not mitigated?

Options:

A.

Memory leak

B.

Race condition

C.

Smurf

D.

Resource exhaustion

Question 5

A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:

The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:

Which of the following is an appropriate security control the company should implement?

Options:

A.

Restrict directory permission to read-only access.

B.

Use server-side processing to avoid XSS vulnerabilities in path input.

C.

Separate the items in the system call to prevent command injection.

D.

Parameterize a query in the path variable to prevent SQL injection.

Question 6

Which of the following is MOST likely to be included in a security services SLA with a third-party vendor?

Options:

A.

The standard of quality for anti-malware engines

B.

Parameters for applying critical patches

C.

The validity of program productions

D.

Minimum bit strength for encryption-in-transit.

Question 7

A researcher is working to identify what appears to be a new variant of an existing piece of malware commonly used in ransomware attacks While it is not identical to the malware previously evaluated. it has a number of similarities including language, payload. and algorithms. Which of the following would help the researcher safely compare the code base of the two variants?

Options:

A.

Virtualized sandbox

B.

Vulnerability scanner

C.

Software-defined network

D.

HTTP interceptor

Question 8

A secure facility has a server room that currently is controlled by a simple lock and key. and several administrators have copies of the key. To maintain regulatory compliance, a second lock, which is controlled by an application on the administrators' smartphones, is purchased and installed. The application has various authentication methods that can be used. The criteria for choosing the most appropriate method are:

• It cannot be invasive to the end user

• It must be utilized as a second factor.

• Information sharing must be avoided

• It must have a low false acceptance rate

Which of the following BEST meets the criteria?

Options:

A.

Facial recognition

B.

Swipe pattern

C.

Fingerprint scanning

D.

Complex passcode

E.

Token card

Question 9

A company is deploying a DIP solution and scanning workstations and network drives for documents that contain potential Pll and payment card data. The results of the first scan are as follows:

The security learn is unable to identify the data owners for the specific files in a timely manner and does not suspect malicious activity with any of the detected files. Which of the following would address the inherent risk until the data owners can be formally identified?

Options:

A.

Move the files from the marketing share to a secured drive.

B.

Search the metadata for each file to locate the file's creator and transfer the files to the personal drive of the listed creator.

C.

Configure the DLP tool to delete the files on the shared drives

D.

Remove the access for the internal audit group from the accounts payable and payroll shares

Question 10

An organization is creating requirements for new laptops that will be issued to staff One of the company's key security objectives is to ensure the laptops nave hardware-enforced data-at-rest protection tied to permanent hardware identities. The laptops must also provide attestation for secure boot processes To meet these demands, which of the following BEST represent the features that should be included in the requirements set? (Select TWO.)

Options:

A.

TPM2.0e

B.

Opal support

C.

MicroSD token authenticator

D.

TLS1.3

E.

Shim and GRUB

F.

ARMv7 with TrustZone

Question 11

Which of the following attacks can be mitigated by proper data retention policies?

Options:

A.

Dumpster diving

B.

Man-in-the browser

C.

Spear phishing

D.

Watering hole

Question 12

A security analyst receives an email from a peer that includes a sample of code from a piece of malware found

in an application running in the organization’s staging environment. During the incident response process, it is

determined the code was introduced into the environment as a result of a compromised laptop being used to

harvest credentials and access the organization’s code repository. While the laptop itself was not used to

access the code repository, an attacker was able to leverage the harvested credentials from another system in

the development environment to bypass the ACLs limiting access to the repositories. Which of the following

controls MOST likely would have interrupted the kill chain in this attack?

Options:

A.

IP whitelisting on the perimeter firewall

B.

MFA for developer access

C.

Dynamic analysis scans in the production environment

D.

Blue team engagement in peer-review activities

E.

Time-based restrictions on developer access to code repositories

Question 13

Users have reported that an internally developed web application is acting erratically, and the response output is inconsistent. The issue began after a web application dependency patch was applied to improve security. Which of the following would be the MOST appropriate tool to help identify the issue?

Options:

A.

Fuzzer

B.

SCAP scanner

C.

Vulnerability scanner

D.

HTTP interceptor

Question 14

A system administrator recently conducted a vulnerability scan of the internet. Subsequently, the organization was successfully attacked by an adversary. Which of the following in the MOST likely explanation for why the organization network was compromised?

Options:

A.

There was a false positive since the network was fully patched.

B.

The system administrator did not perform a full system sun.

C.

The systems administrator performed a credentialed scan.

D.

The vulnerability database was not updated.

Question 15

A developer needs to provide feedback on a peer’s work during the SDLC. While reviewing the code changes, the developers session ID tokens for a web application will be transmitted over an unsecure connection. Which of the following code snippets should the developer recommend implement to correct the vulnerability?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 16

The email administrator must reduce the number of phishing emails by utilizing more appropriate security controls The following configurations already are in place

• Keyword Mocking based on word lists

• URL rewriting and protection

• Stopping executable files from messages

Which of the following is the BEST configuration change for the administrator to make?

Options:

A.

Configure more robust word lists for blocking suspicious emails

B.

Configure appropriate regular expression rules per suspicious email received

C.

Configure Bayesian filtering to block suspicious inbound email

D.

Configure the mail gateway to strip any attachments

Question 17

A security analyst is comparing two virtual servers that were bum from the same image and patched at the same regular intervals Server A is used to host a public-facing website, and Server B runs accounting software inside the firewalled accounting network. The analyst runs the same command and obtains the following output from Server A and Server B. respectively:

Which of the following will the analyst most likely use NEXT?

Options:

A.

Exploitation tools

B.

Hash cracking tools

C.

Malware analysis tools

D.

Log analysis tools

Question 18

A security engineer reviews the table below:

The engineer realizes there is an active attack occurring on the network. Which of the following would BEST reduce the risk of this attack reoccurring m the future?

Options:

A.

Upgrading device firmware

B.

Enabling port security

C.

Increasing DHCP pool size

D.

Disabling dynamic trucking

E.

Reducing DHCP lease length

Question 19

A security engineer is looking at a DNS server following a known incident. The engineer sees the following command as the most recent entry in the server's shell history:

dd if=dev/sda of=/dev/sdb

Which of the following MOST likely occurred?

Options:

A.

A tape backup of the server was performed.

B.

The drive was cloned for forensic analysis.

C.

The hard drive was formatted after the incident.

D.

The DNS log files were rolled daily as expected

Question 20

A security manager is determining the best DLP solution for an enterprise. A list of requirements was created to use during the source selection. The security manager wants to confirm a solution exists for the requirements that have been defined. Which of the following should the security manager use?

Options:

A.

NDA

B.

RFP

C.

RFQ

D.

MSA

E.

RFI

Question 21

A company’s IT department currently performs traditional patching, and the servers have a significant longevity that may span over five years. A security architect is moving the company toward an immune server architecture in which servers are replaced rather than patched. Instead of having static servers for development, test, and production, the severs will move from environment to environment dynamically. Which of the following are required to move to this type of architecture? (Select Two.)

Options:

A.

Network segmentation

B.

Forward proxy

C.

Netflow

D.

Load balancers

E.

Automated deployments

Question 22

A security analyst is attempting to identify code that is vulnerable to butler and integer overflow attacks. Which of the following code snippets is safe from these types of attacks?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 23

A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?

Options:

A.

Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2.

B.

Take an MD5 hash of the server.

C.

Delete all PHI from the network until the legal department is consulted.

D.

Consult the legal department to determine the legal requirements.

Question 24

A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company’s website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?

Options:

A.

Community cloud service model

B.

Multinency SaaS

C.

Single-tenancy SaaS

D.

On-premises cloud service model

Question 25

A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:

Which of the following meets the budget needs of the business?

Options:

A.

Filter ABC

B.

Filter XYZ

C.

Filter GHI

D.

Filter TUV

Question 26

During the migration of a company’s human resources application to a PaaS provider, the Chief Privacy Officer (CPO) expresses concern the vendor’s staff may be able to access data within the migrating applications. The application stack includes a multitier architecture and uses commercially available, vendor-supported software packages. Which of the following BEST addresses the CPO’s concerns?

Options:

A.

Execute non-disclosure agreements and background checks on vendor staff.

B.

Ensure the platform vendor implement date-at-rest encryption on its storage.

C.

Enable MFA to the vendor’s tier of the architecture.

D.

Impalement a CASB that tokenizes company data in transit to the migrated applications.

Question 27

A security researcher at an organization is reviewing potential threats to the VolP phone system infrastructure which uses a gigabit Internet connection. The researcher finds a vulnerability and knows placing an IPS in front of the phone system will mitigate the risk. The researcher gathers the following information about various IPS systems:

The organization is concerned about cost, but call quality is critical to its operations Which of the foAotmng vendors would be BEST for the organization to choose?

Options:

A.

Vendor 1

B.

Vendor 2

C.

Vendor 3

D.

Vendor 4

E.

Vendor 5

Question 28

The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified. Which of the following should the incident response team perform to understand the crash and prevent it in the future?

Options:

A.

Root cause analysis

B.

Continuity of operations plan

C.

After-action report

D.

Lessons learned

Question 29

A security analyst is examining threats with the following code function:

Which of the following threats should the security analyst report1?

Options:

A.

POST should be used instead of GET when making requests

B.

Root privileges are needed for the service to bind to the privileged port 8443

C.

The website allows unauthorized access to sensitive resources

D.

The web server allows insecure cookie storage

E.

There is unsafe execution of third-party JavaScript code

Question 30

A recent incident revealed a log entry was modified alter its original creation. Which of the following technologies would BEST ensure end user systems are able to defend against future incidents?

Options:

A.

Use an offline archival server

B.

Deploy MFA for access to services.

C.

Implement a blockchain scheme.

D.

Employ a behavioral HIDS on end user devices.

Question 31

A corporation with a BYOO policy is very concerned about issues that may arise from data ownership. The corporation is investigating a new MOM solution and has gathered the following requirements as part of the requirements-gathering phase

• Each device must be issued a secure token of trust from the corporate PKl

• Al corporate applications and local data must be able to be deleted from a central console.

• Access to corporate data must be restricted on international travel

• Devices must be on the latest OS version within three weeks of an OS release

Which of the following should be features in the new MDM solution to meet these requirements? (Select TWO)

Options:

A.

Application-based containerization

B.

Enforced full-device encryption

C.

Geofencing

D.

Application allow listing

E.

Biometric requirement to unlock device

F.

Over-the-air update restriction

Question 32

A company has launched a phishing awareness campaign that includes serving customized phishing email to employees Employees are encouraged to report all phishing attempts and/or delete the email without clicking on them The first phishing email asks employees to dick on a link that takes them to a website where they are asked to enter their credentials The management team wants metrics to determine the emails effectiveness Following is the initial report:

The management team wants to know how these results compare to those of other companies. They also want to improve the consistency of how the information is displayed Which of the following changes should be made to this report?

Options:

A.

Stop reporting department-level data and instead report for the company as a whole so as not to drive competitiveness among departments

B.

Color-code the data represented m the columns, with green being the best results in the company and red being the worst results

C.

Change the credentials harvested column to a percentage and introduce industry benchmarks for comparison

D.

Add a column showing which passwords were harvested to pen out bad practices in password creation and then force those passwords to expire immediately.

Question 33

A software company tripled its workforce by hiring numerous early career developers out of college. The senior development team has a long-running history of secure coring mostly through experience and extensive peer review and recognizes it would be ^feasible to train the new staff without halting development operations Therefore the company needs a strategy that will integrate training on secure code writing while reducing the impact to operations Which of the following will BEST achieve this goal?

Options:

A.

Give employees a book on the company coring standards

B.

Enroll new employees in a certification course on software assurance

C.

Roll out an automated testing and retesting framework

D.

Deploy static analysis and quality plugins into IDEs

Question 34

Which of the following vulnerabilities did the analyst uncover?

Options:

A.

A memory leak when executing exit (0);

B.

A race condition when switching variables in stropy(variable2) variable[1]);

C.

A buffer overflow when using the command stropy(variable2) variable1[1]);

D.

Error handling when executing principle ("stropy () failed. \n." >;

Question 35

While standing a proof-of-concept solution with a vendor, the following direction was given of connections to the default environments.

Which of the following is using used to secure the three environments from overlap if all of them reside on separate serves in the same DM2?

Options:

A.

Separation of environments policy

B.

Logical access controls

C.

Segmentation of VlLNs

D.

Subnetting of cloud environments

Question 36

A network engineer recently configured a new wireless network that has issues with security stability and performance After auditing the configurations the engineer discovers some of them do not follow best practices Given the network information below

SSID = CompTIA Channel = 6 WPA-PSK

Which of the following would be the BEST approach to mitigate the issues?

Options:

A.

Avoid using 2 4GHz and prefer 5GHz to minimize interference Use WPA2-Enterpnse with EAPOL

B.

Do a site survey to determine the best channel to configure the wireless network Use WPA2-Enterprise with EAPOL.

C.

Hide the SSID Use WPA3 instead of WPA2.

D.

Change the radio channel to 11, as it has less interference Use CAPWAP to introduce a captive portal to force users to tog in to the wireless

Question 37

A security analyst is reviewing the logs from a NIDS. the analyst notices the following in quick succession between a client and a web server.

Which of the following describes what MOST likely occurred and offers a mitigation?

Options:

A.

A protocol downgrade attack which can be mitigated by disabling server and client support for older protocols

B.

A MITM SSL stripping attack which can be mitigated by enabling HSTS on the web server

C.

A broadcast RC4 attack which can be mitigated by disabling cipher suites permitting the use of RC4

D.

An attack on TLS compression revealing cipher text which can be mitigated by implementing a TLS proxy or removing compression characteristics

Question 38

A security analyst is responsible for the completion of a vulnerability assessment at a regional healthcare facility The analyst reviews the following Nmap output:

nmap -v -p scription=SMB-check-value ---scription-ags=unsafe =1 192.168.1.0/24

Which of the following is MOST likely what the security analyst is reviewing?

Options:

A.

An Nmap script to scan (or unsafe servers on UOP 445

B.

An Nmap script 10 run the SMB servers

C.

An Nmap script to stop the SMB servers

D.

An Nmap script to scan for vulnerable SMB servers

Question 39

A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form? (Select TWO.)

Options:

A.

Text editor

B.

OOXML editor

C.

Event Viewer

D.

XML style sheet

E.

SCAP tool

F.

Debugging utility

Question 40

A security program was allocated S2 million in funding far tie year. The cybersecurity team identified the following potential projects to deliver:

Which of the following solutions should the cybersecurity team prioritize to contain the BEST risk reduction within the allocated budget?

Options:

A.

1. Insider threat UEBA

2. APT threat hunting

3. Blockchain decentralized identity

B.

1 Bu.WSOC20

2 Insider threat UEBA

3. ML Ai security analytics data lake

C.

1 ML/AJ security analytics data lake

2 Blockchain decentralized identity

3 Build SOC 2 0

D.

1. Blockchain decentralized identity

2 Build SOC 20

3 Insider threat UEBA

Question 41

A small company is implementing a new technology that promises greater performance but does not abide by accepted RFCs. Which of the following should the company do to ensure the risks associated with Implementing the standard-violating technology is addressed?

Options:

A.

Document the technology's differences in a system security plan.

B.

Require the vendor to provide justification for the product's deviation.

C.

Increase the frequency of vulnerability scanning of all systems using the technology.

D.

Block the use of non-standard ports or protocols to and from the system.

Question 42

A product owner is working w*h a security engineer to improve the security surrounding certificate revocation which is important for the clients using a web application. The organization is currently using a CRL configuration to manage revocation, but it is looking for a solution that addresses the reporting delays associated with CRLs. The security engineer recommends OCSP but the product owner is concerned about the overhead associated with its use Which of the following would the security engineer MOST likely suggest to address the product owner's concerns?

Options:

A.

Key escrow can be used on the WAF

B.

S/MIME can be used m lieu of OCSP

C.

Stapling should be used with OCSP

D.

The organization should use wildcard certificates

Question 43

Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.

Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?

Options:

A.

Compile a list of firewall requests and compare than against interesting cloud services.

B.

Implement a CASB solution and track cloud service use cases for greater visibility.

C.

Implement a user-behavior system to associate user events and cloud service creation events.

D.

Capture all log and feed then to a SIEM and then for cloud service events

Question 44

A security engineer needs (o implement controls that will prevent the theft of data by insiders who have valid credentials Recent modems were earned out with mobile and wearable devices that were used as transfer vectors In response USB data transfers are now tightly controlled and require executive authorization Which of the following controls will further reduce the likelihood of another data theft?

Options:

A.

Limit the ability to transfer data via Bluetooth connections

B.

Move the enterprise to a BYOO or COPE policy.

C.

Deploy strong transit encryption across the enterprise

D.

implement time-based restrictions on data transfers

Question 45

An administrative control that is put in place to ensure one person cannot carry out a critical task independently is:

Options:

A.

separation of duties

B.

job rotation

C.

mandatory vacation

D.

least privilege

Question 46

A consulting firm is performing RD on a machine teaming system to characterize a network environment for new clients rapidly. The goal is to be able to label service/consumer behaviors to establish a "normal baseline. Which of tie following represents the GREATEST limiting factor toward successful deployment of this new machine learning system?

Options:

A.

Supportability for non-traditional ports protocols, and services

B.

Non-availability or insufficiency of training data

C.

Lack of target environment design documentation

D.

Unanticipated presence of ICS and SCADA equipment within client networks

Question 47

A group of security consultants is conducting an assessment of a customer's network across multiple physical locations. To save time, the customer has allowed the consultants to install a single server inside the network perimeter. In addition to open-source intelligence gathering and social engineering, which of the following BEST describes the technique the consultants are employing?

Options:

A.

Using persuasion and deception to gain access to systems

B.

Conducting physical attacks by a red team

C.

Moving laterally through a network from compromised hosts

D.

Performing black-box penetration testing

Question 48

A company hosts a web-based application that is accessed by customers worldwide. A code review has discovered known vulnerabilities in the company's server application, which is made up of several supporting libraries and uses the following requirements:

Additionally, Python imports are requirements.txt file with the following content:

Given the critical nature of the application, which of the following actions should the company take to address the vulnerabilities?

Options:

A.

Adjust the requirements.txt file to set dependencies at >= the listed version number.

B.

Have the developer backport security fixes into the supporting libraries.

C.

Update Python and the supporting libraries to the latest versions.

D.

Remove the version numbers from the requirements.txt file so each new build has the latest versions.

Question 49

An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application is released to the public, report come In that a previously vulnerability has returned. Which of the following should the developer integrate into the process to BEST prevent this type of behavior?

Options:

A.

Peer review

B.

Regression testing

C.

User acceptance

D.

Dynamic analysis

Question 50

The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually. Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?

Options:

A.

Black-box testing

B.

Gray-box testing

C.

Red-team hunting

D.

White-box testing

E.

Blue-learn exercises

Question 51

A cloud architect is moving a distributed system to an external cloud environment. The company must be able to

•Administer the server software at OS and application levels

• Show the data being stored is physically separated from other tenants

• Provide remote connectivity for MSSPs

Which of the following configurations and architectures would BEST support these requirements?

Options:

A.

Private PaaS

B.

Single-tenancy laaS

C.

Hybrid SaaS

D.

Multitenancy DBaaS

Question 52

The latest security scan of a web application reported multiple high vulnerabilities in session management Which of the following is the BEST way to mitigate the issue?

Options:

A.

Prohibiting session hijacking of cookies

B.

Using secure cookie storage and transmission

C.

Performing state management on the server

D.

Using secure and HttpOnly settings on cookies

Question 53

An engineer wants to assess the OS security configurations on a company's servers. The engineer has downloaded some files to orchestrate configuration checks When the engineer opens a file in a text editor, the following excerpt appears:

Which of the following capabilities would a configuration compliance checker need to support to interpret this file?

Options:

A.

Nessus

B.

Swagger file

C.

SCAP

D.

Netcat

E.

WSDL

Question 54

After several industry comnpetitors suffered data loss as a result of cyebrattacks, the Chief Operating Officer (COO) of a company reached out to the information security manager to review the organization’s security stance. As a result of the discussion, the COO wants the organization to meet the following criteria:

  • Blocking of suspicious websites
  • Prevention of attacks based on threat intelligence
  • Reduction in spam
  • Identity-based reporting to meet regulatory compliance
  • Prevention of viruses based on signature
  • Protect applications from web-based threats

Which of the following would be the BEST recommendation the information security manager could make?

Options:

A.

Reconfigure existing IPS resources

B.

Implement a WAF

C.

Deploy a SIEM solution

D.

Deploy a UTM solution

E.

Implement an EDR platform

Question 55

An organization implemented a secure boot on its most critical application servers which produce content and capability for other consuming servers A recent incident, however led the organization to implement a centralized attestation service for these critical servers. Which of the following MOST likely explains the nature of the incident that caused the organization to implement this remediation?

Options:

A.

An attacker masqueraded as an internal DNS server

B.

An attacker leveraged a heap overflow vulnerability in the OS

C.

An attacker was able to overwrite an OS integrity measurement register

D.

An attacker circumvented IEEE 802.1X network-level authentication requirements.

Question 56

A security consultant is attempting to discover if the company is utilizing databases on client machines to store the customer data. The consultant reviews the following information:

Which of the following commands would have provided this output?

Options:

A.

arp -s

B.

netstat -a

C.

ifconfig -arp

D.

sqlmap -w

Question 57

A network engineer is upgrading the network perimeter and installing a new firewall, IDS, and external edge router. The IDS is reporting elevated UDP traffic, and the internal routers are reporting high utilization. Which of the following is the BEST solution?

Options:

A.

Reconfigure the firewall to block external UDP traffic.

B.

Establish a security baseline on the IDS.

C.

Block echo reply traffic at the firewall.

D.

Modify the edge router to not forward broadcast traffic.

Question 58

A company recently migrated to a SaaS-based email solution. The solution is configured as follows.

• Passwords are synced to the cloud to allow for SSO

• Cloud-based antivirus is enabled

• Cloud-based anti-spam is enabled

• Subscription-based blacklist is enabled

Although the above controls are enabled, the company's security administrator is unable to detect an account compromise caused by phishing attacks in a timely fashion because email logs are not immediately available to review. Which of the following would allow the company to gam additional visibility and reduce additional costs? (Select TWO)

Options:

A.

Migrate the email antivirus and anti-spam on-premises

B.

Implement a third-party CASB solution.

C.

Disable the current SSO model and enable federation

D.

Feed the attacker IPs from the company IDS into the email blacklist

E.

Install a virtual SIEM within the email cloud provider

F.

Add email servers to NOC monitoring

Question 59

A network engineer is attempting to design-in resiliency characteristics for an enterprise network’s VPN services.

If the engineer wants to help ensure some resilience against zero-day vulnerabilities exploited against the VPN implementation, which of the following decisions would BEST support this objective?

Options:

A.

Implement a reverse proxy for VPN traffic that is defended and monitored by the organization’s SOC with near-real-time alerting to administrators.

B.

Subscribe to a managed service provider capable of supporting the mitigation of advanced DDoS attacks on the enterprise’s pool of VPN concentrators.

C.

Distribute the VPN concentrators across multiple systems at different physical sites to ensure some backup services are available in the event of primary site loss.

D.

Employ a second VPN layer concurrently where the other layer’s cryptographic implementation is sourced from a different vendor.

Question 60

Management is reviewing the results of a recent risk assessment of the organization’s policies and procedures. During the risk assessment it is determined that procedures associated with background checks have not been effectively implemented. In response to this risk, the organization elects to revise policies and procedures related to background checks and use a third-party to perform background checks on all new employees.

Which of the following risk management strategies has the organization employed?

Options:

A.

Transfer

B.

Mitigate

C.

Accept

D.

Avoid

E.

Reject

Question 61

An architect was recently hired by a power utility to increase the security posture of the company’s power generation and distribution sites. Upon review, the architect identifies legacy hardware with highly vulnerable and unsupported software driving critical operations. These systems must exchange data with each other, be highly synchronized, and pull from the Internet time sources. Which of the following architectural decisions would BEST reduce the likelihood of a successful attack without harming operational capability? (Choose two.)

Options:

A.

Isolate the systems on their own network

B.

Install a firewall and IDS between systems and the LAN

C.

Employ own stratum-0 and stratum-1 NTP servers

D.

Upgrade the software on critical systems

E.

Configure the systems to use government-hosted NTP servers

Question 62

The Chief Information Security Officer (CISO) of an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local authorities, and when they arrive on-site, the authorities ask a security engineer to create a point-in-time copy of the running database in their presence. This is an example of:

Options:

A.

creating a forensic image

B.

deploying fraud monitoring

C.

following a chain of custody

D.

analyzing the order of volatility

Question 63

As a security administrator, you are asked to harden a server running Red Hat Enterprise Server 5.5 64-bit.

This server is being used as a DNS and time server. It is not used as a database, web server, or print server. There are no wireless connections to the server, and it does not need to print.

The command window will be provided along with root access. You are connected via a secure shell with root access.

You may query help for a list of commands.

Instructions:

You need to disable and turn off unrelated services and processes.

It is possible to simulate a crash of your server session. The simulation can be reset, but the server cannot be rebooted. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Question 64

During the decommissioning phase of a hardware project, a security administrator is tasked with ensuring no sensitive data is released inadvertently. All paper records are scheduled to be shredded in a crosscut shredded, and the waste will be burned. The system drives and removable media have been removed prior to e-cycling the hardware.

Which of the following would ensure no data is recovered from the system droves once they are disposed of?

Options:

A.

Overwriting all HDD blocks with an alternating series of data.

B.

Physically disabling the HDDs by removing the dive head.

C.

Demagnetizing the hard drive using a degausser.

D.

Deleting the UEFI boot loaders from each HDD.

Question 65

An organization wants to arm its cybersecurity defensive suite automatically with intelligence on zero-day threats shortly after they emerge. Acquiring tools and services that support which of the following data standards would BEST enable the organization to meet this objective?

Options:

A.

XCCDF

B.

OVAL

C.

STIX

D.

CWE

E.

CVE

Question 66

Options:

Question 67

Ann, a terminated employee, left personal photos on a company-issued laptop and no longer has access to them. Ann emails her previous manager and asks to get her personal photos back. Which of the following BEST describes how the manager should respond?

Options:

A.

Determine if the data still exists by inspecting to ascertain if the laptop has already been wiped and if the storage team has recent backups.

B.

Inform Ann that the laptop was for company data only and she should not have stored personal photos on a company asset.

C.

Report the email because it may have been a spoofed request coming from an attacker who is trying to exfiltrate data from the company laptop.

D.

Consult with the legal and/or human resources department and check company policies around employment and termination procedures.

Question 68

A company is not familiar with the risks associated with IPv6. The systems administrator wants to isolate IPv4 from IPv6 traffic between two different network segments. Which of the following should the company implement? (Select TWO)

Options:

A.

Use an internal firewall to block UDP port 3544.

B.

Disable network discovery protocol on all company routers.

C.

Block IP protocol 41 using Layer 3 switches.

D.

Disable the DHCPv6 service from all routers.

E.

Drop traffic for ::/0 at the edge firewall.

F.

Implement a 6in4 proxy server.

Question 69

The Chief Executive Officers (CEOs) from two different companies are discussing the highly sensitive prospect of merging their respective companies together. Both have invited their Chief Information Officers (CIOs) to discern how they can securely and digitally communicate, and the following criteria are collectively determined:

  • Must be encrypted on the email servers and clients
  • Must be OK to transmit over unsecure Internet connections

Which of the following communication methods would be BEST to recommend?

Options:

A.

Force TLS between domains.

B.

Enable STARTTLS on both domains.

C.

Use PGP-encrypted emails.

D.

Switch both domains to utilize DNSSEC.

Question 70

A system owner has requested support from data owners to evaluate options for the disposal of equipment containing sensitive data. Regulatory requirements state the data must be rendered unrecoverable via logical means or physically destroyed. Which of the following factors is the regulation intended to address?

Options:

A.

Sovereignty

B.

E-waste

C.

Remanence

D.

Deduplication

Question 71

Given the following output from a local PC:

Which of the following ACLs on a stateful host-based firewall would allow the PC to serve an intranet website?

Options:

A.

Allow 172.30.0.28:80 -> ANY

B.

Allow 172.30.0.28:80 -> 172.30.0.0/16

C.

Allow 172.30.0.28:80 -> 172.30.0.28:443

D.

Allow 172.30.0.28:80 -> 172.30.0.28:53

Question 72

A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable.

Which of the following solutions BEST meets all of the architect’s objectives?

Options:

A.

An internal key infrastructure that allows users to digitally sign transaction logs

B.

An agreement with an entropy-as-a-service provider to increase the amount of randomness in generated keys.

C.

A publicly verified hashing algorithm that allows revalidation of message integrity at a future date.

D.

An open distributed transaction ledger that requires proof of work to append entries.

Question 73

A security analyst, who is working in a Windows environment, has noticed a significant amount of IPv6 traffic originating from a client, even though IPv6 is not currently in use. The client is a stand-alone device, not connected to the AD that manages a series of SCADA devices used for manufacturing. Which of the following is the appropriate command to disable the client’s IPv6 stack?

Options:

A.

B.

C.

D.

Question 74

A company has adopted and established a continuous-monitoring capability, which has proven to be effective in vulnerability management, diagnostics, and mitigation. The company wants to increase the likelihood that it is able to discover and therefore respond to emerging threats earlier in the life cycle.

Which of the following methodologies would BEST help the company to meet this objective? (Choose two.)

Options:

A.

Install and configure an IPS.

B.

Enforce routine GPO reviews.

C.

Form and deploy a hunt team.

D.

Institute heuristic anomaly detection.

E.

Use a protocol analyzer with appropriate connectors.

Question 75

An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the final negotiations, there are a number of outstanding issues, including:

1. Indemnity clauses have identified the maximum liability

2. The data will be hosted and managed outside of the company’s geographical location

The number of users accessing the system will be small, and no sensitive data will be hosted in the solution. As the security consultant on the project, which of the following should the project’s security consultant recommend as the NEXT step?

Options:

A.

Develop a security exemption, as it does not meet the security policies

B.

Mitigate the risk by asking the vendor to accept the in-country privacy principles

C.

Require the solution owner to accept the identified risks and consequences

D.

Review the entire procurement process to determine the lessons learned

Question 76

An organization is considering the use of a thin client architecture as it moves to a cloud-hosted environment. A security analyst is asked to provide thoughts on the security advantages of using thin clients and virtual workstations. Which of the following are security advantages of the use of this combination of thin clients and virtual workstations?

Options:

A.

Malicious insiders will not have the opportunity to tamper with data at rest and affect the integrity of the system.

B.

Thin client workstations require much less security because they lack storage and peripherals that can be easily compromised, and the virtual workstations are protected in the cloud where security is outsourced.

C.

All thin clients use TPM for core protection, and virtual workstations use vTPM for core protection with both equally ensuring a greater security advantage for a cloud-hosted environment.

D.

Malicious users will have reduced opportunities for data extractions from their physical thin client workstations, this reducing the effectiveness of local attacks.

Question 77

The government is concerned with remote military missions being negatively being impacted by the use of technology that may fail to protect operational security. To remediate this concern, a number of solutions have been implemented, including the following:

  • End-to-end encryption of all inbound and outbound communication, including personal email and chat sessions that allow soldiers to securely communicate with families.
  • Layer 7 inspection and TCP/UDP port restriction, including firewall rules to only allow TCP port 80 and 443 and approved applications
  • A host-based whitelist of approved websites and applications that only allow mission-related tools and sites
  • The use of satellite communication to include multiple proxy servers to scramble the source IP address

Which of the following is of MOST concern in this scenario?

Options:

A.

Malicious actors intercepting inbound and outbound communication to determine the scope of the mission

B.

Family members posting geotagged images on social media that were received via email from soldiers

C.

The effect of communication latency that may negatively impact real-time communication with mission control

D.

The use of centrally managed military network and computers by soldiers when communicating with external parties

Question 78

A business is growing and starting to branch out into other locations. In anticipation of opening an office in a different country, the Chief Information Security Officer (CISO) and legal team agree they need to meet the following criteria regarding data to open the new office:

  • Store taxation-related documents for five years
  • Store customer addresses in an encrypted format
  • Destroy customer information after one year
  • Keep data only in the customer’s home country

Which of the following should the CISO implement to BEST meet these requirements? (Choose three.)

Options:

A.

Capacity planning policy

B.

Data retention policy

C.

Data classification standard

D.

Legal compliance policy

E.

Data sovereignty policy

F.

Backup policy

G.

Acceptable use policy

Question 79

A security administrator is updating a company’s SCADA authentication system with a new application. To ensure interoperability between the legacy system and the new application, which of the following stakeholders should be involved in the configuration process before deployment? (Choose two.)

Options:

A.

Network engineer

B.

Service desk personnel

C.

Human resources administrator

D.

Incident response coordinator

E.

Facilities manager

F.

Compliance manager

Question 80

During a routine network scan, a security administrator discovered an unidentified service running on a new embedded and unmanaged HVAC controller, which is used to monitor the company's datacenter

Port state

161/UDP open

162/UDP open

163/TCP open

The enterprise monitoring service requires SNMP and SNMPTRAP connectivity to operate. Which of the following should the security administrator implement to harden the system?

Options:

A.

Patch and restart the unknown services.

B.

Segment and firewall the controller's network

C.

Disable the unidentified service on the controller.

D.

Implement SNMPv3 to secure communication.

E.

Disable TCP/UDP PORTS 161 THROUGH 163

Question 81

A company wants to implement a cloud-based security solution that will sinkhole malicious DNS requests. The security administrator has implemented technical controls to direct DNS requests to the cloud servers but wants to extend the solution to all managed and unmanaged endpoints that may have user-defined DNS manual settings Which of the following should the security administrator implement to ensure the solution will protect all connected devices?

A) Implement firewall ACLs as follows

B) Implement NAT as follows:

C) Implement DHCP options as follows:

D) Implement policy routing as follows:

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 82

When implementing a penetration testing program, the Chief Information Security Officer (CISO) designates different organizational groups within the organization as having different responsibilities, attack vectors, and rules of engagement. First, the CISO designates a team to operate from within the corporate environment. This team is commonly referred to as:

Options:

A.

the blue team.

B.

the white team.

C.

the operations team.

D.

the read team.

E.

the development team.

Question 83

A network administrator is concerned about a particular server that is attacked occasionally from hosts on the Internet. The server is not critical; however, the attacks impact the rest of the network. While the company’s current ISP is cost effective, the ISP is slow to respond to reported issues. The administrator needs to be able to mitigate the effects of an attack immediately without opening a trouble ticket with the ISP. The ISP is willing to accept a very small network route advertised with a particular BGP community string. Which of the following is the BESRT way for the administrator to mitigate the effects of these attacks?

Options:

A.

Use the route protection offered by the ISP to accept only BGP routes from trusted hosts on the Internet, which will discard traffic from attacking hosts.

B.

Work with the ISP and subscribe to an IPS filter that can recognize the attack patterns of the attacking hosts, and block those hosts at the local IPS device.

C.

Advertise a /32 route to the ISP to initiate a remotely triggered black hole, which will discard traffic destined to the problem server at the upstream provider.

D.

Add a redundant connection to a second local ISP, so a redundant connection is available for use if the server is being attacked on one connection.

Question 84

An organization is integrating an ICS and wants to ensure the system is cyber resilient. Unfortunately, many of the specialized components are legacy systems that cannot be patched. The existing enterprise consists of mission-critical systems that require 99.9% uptime. To assist in the appropriate design of the system given the constraints, which of the following MUST be assumed?

Options:

A.

Vulnerable components

B.

Operational impact due to attack

C.

Time criticality of systems

D.

Presence of open-source software

Question 85

A company is moving all of its web applications to an SSO configuration using SAML. Some employees report that when signing in to an application, they get an error message on the login screen after entering their username and password, and are denied access. When they access another system that has been converted to the new SSO authentication model, they are able to authenticate successfully without being prompted for login.

Which of the following is MOST likely the issue?

Options:

A.

The employees are using an old link that does not use the new SAML authentication.

B.

The XACML for the problematic application is not in the proper format or may be using an older schema.

C.

The web services methods and properties are missing the required WSDL to complete the request after displaying the login page.

D.

A threat actor is implementing an MITM attack to harvest credentials.

Question 86

A regional business is expecting a severe winter storm next week. The IT staff has been reviewing corporate policies on how to handle various situations and found some are missing or incomplete. After reporting this gap in documentation to the information security manager, a document is immediately drafted to move various personnel to other locations to avoid downtime in operations. This is an example of:

Options:

A.

a disaster recovery plan

B.

an incident response plan

C.

a business continuity plan

D.

a risk avoidance plan

Question 87

A company has completed the implementation of technical and management controls as required by its adopted security, ponies and standards. The implementation took two years and consumed s the budget approved to security projects. The board has denied any further requests for additional budget. Which of the following should the company do to address the residual risk?

Options:

A.

Transfer the risk

B.

Baseline the risk.

C.

Accept the risk

D.

Remove the risk

Question 88

As part of incident response, a technician is taking an image of a compromised system and copying the image to a remote image server (192.168.45.82). The system drive is very large but does not contain the sensitive data. The technician has limited time to complete this task. Which of the following is the BEST command for the technician to run?

Options:

A.

tar cvf - / | ssh 192.168.45.82 “cat - > /images/image.tar”

B.

dd if=/dev/mem | scp - 192.168.45.82:/images/image.dd

C.

memdump /dev/sda1 | nc 192.168.45.82 3000

D.

dd if=/dev/sda | nc 192.168.45.82 3000

Question 89

A company’s user community is being adversely affected by various types of emails whose authenticity cannot be trusted. The Chief Information Security Officer (CISO) must address the problem.

Which of the following solutions would BEST support trustworthy communication solutions?

Options:

A.

Enabling spam filtering and DMARC.

B.

Using MFA when logging into email clients and the domain.

C.

Enforcing HTTPS everywhere so web traffic, including email, is secure.

D.

Enabling SPF and DKIM on company servers.

E.

Enforcing data classification labels before an email is sent to an outside party.

Question 90

A security appliance vendor is reviewing an RFP that is requesting solutions for the defense of a set of web-based applications. This RFP is from a financial institution with very strict performance requirements. The vendor would like to respond with its solutions.

Before responding, which of the following factors is MOST likely to have an adverse effect on the vendor’s qualifications?

Options:

A.

The solution employs threat information-sharing capabilities using a proprietary data model.

B.

The RFP is issued by a financial institution that is headquartered outside of the vendor’s own country.

C.

The overall solution proposed by the vendor comes in less that the TCO parameter in the RFP.

D.

The vendor’s proposed solution operates below the KPPs indicated in the RFP.

Question 91

A security administrator is advocating for enforcement of a new policy that would require employers with privileged access accounts to undergo periodic inspections and review of certain job performance data. To which of the following policies is the security administrator MOST likely referring?

Options:

A.

Background investigation

B.

Mandatory vacation

C.

Least privilege

D.

Separation of duties

Question 92

The Chief Financial Officer (CFO) of a major hospital system has received a ransom letter that demands a large sum of cryptocurrency be transferred to an anonymous account. If the transfer does not take place within ten hours, the letter states that patient information will be released on the dark web. A partial listing of recent patients is included in the letter. This is the first indication that a breach took place. Which of the following steps should be done FIRST?

Options:

A.

Review audit logs to determine the extent of the breach

B.

Pay the hacker under the condition that all information is destroyed

C.

Engage a counter-hacking team to retrieve the data

D.

Notify the appropriate legal authorities and legal counsel

Question 93

During a sprint, developers are responsible for ensuring the expected outcome of a change is thoroughly evaluated for any security impacts. Any impacts must be reported to the team lead. Before changes are made to the source code, which of the following MUST be performed to provide the required information to the team lead?

Options:

A.

Risk assessment

B.

Regression testing

C.

User story development

D.

Data abstraction

E.

Business impact assessment

Question 94

A security consultant was hired to audit a company’s password are account policy. The company implements the following controls:

Minimum password length: 16

Maximum password age: 0

Minimum password age: 0

Password complexity: disabled

Store passwords in plain text: disabled

Failed attempts lockout: 3

Lockout timeout: 1 hour

The password database uses salted hashes and PBKDF2. Which of the following is MOST likely to yield the greatest number of plain text passwords in the shortest amount of time?

Options:

A.

Offline hybrid dictionary attack

B.

Offline brute-force attack

C.

Online hybrid dictionary password spraying attack

D.

Rainbow table attack

E.

Online brute-force attack

F.

Pass-the-hash attack

Question 95

A request has been approved for a vendor to access a new internal server using only HTTPS and SSH to manage the back-end system for the portal. Internal users just need HTTP and HTTPS access to all internal web servers. All other external access to the new server and its subnet is not allowed. The security manager must ensure proper access is configured.

Below is a snippet from the firewall related to that server (access is provided in a top-down model):

Which of the following lines should be configured to allow the proper access? (Choose two.)

Options:

A.

Move line 3 below line 4 and change port 80 to 443 on line 4.

B.

Move line 3 below line 4 and add port 443 to line.

C.

Move line 4 below line 5 and add port 80 to 8080 on line 2.

D.

Add port 22 to line 2.

E.

Add port 22 to line 5.

F.

Add port 443 to line 2.

G.

Add port 443 to line 5.

Question 96

An external red team is brought into an organization to perform a penetration test of a new network-based application. The organization deploying the network application wants the red team to act like remote, external attackers, and instructs the team to use a black-box approach. Which of the following is the BEST methodology for the red team to follow?

Options:

A.

Run a protocol analyzer to determine what traffic is flowing in and out of the server, and look for ways to alter the data stream that will result in information leakage or a system failure.

B.

Send out spear-phishing emails against users who are known to have access to the network-based application, so the red team can go on-site with valid credentials and use the software.

C.

Examine the application using a port scanner, then run a vulnerability scanner against open ports looking for known, exploitable weaknesses the application and related services may have.

D.

Ask for more details regarding the engagement using social engineering tactics in an attempt to get the organization to disclose more information about the network application to make attacks easier.

Question 97

The audit team was only provided the physical and logical addresses of the network without any type of access credentials.

Which of the following methods should the audit team use to gain initial access during the security assessment? (Choose two.)

Options:

A.

Tabletop exercise

B.

Social engineering

C.

Runtime debugging

D.

Reconnaissance

E.

Code review

F.

Remote access tool

Question 98

The Chief Information Security Officer (CISO) of a company that has highly sensitive corporate locations wants its security engineers to find a solution to growing concerns regarding mobile devices The CISO mandates the following requirements:

• The devices must be owned by the company for legal purposes.

• The device must be as fully functional as possible when off site.

• Corporate email must be maintained separately from personal email

• Employees must be able to install their own applications.

Which of the following will BEST meet the CISO's mandate? (Select TWO).

Options:

A.

Disable the device's camera

B.

Allow only corporate resources in a container.

C.

Use an MDM to wipe the devices remotely

D.

Block all sideloading of applications on devices

E.

Use geofencmg on certain applications

F.

Deploy phones in a BYOD model

Question 99

A penetration testing manager is contributing to an RFP for the purchase of a new platform. The manager has provided the following requirements:

  • Must be able to MITM web-based protocols
  • Must be able to find common misconfigurations and security holes

Which of the following types of testing should be included in the testing platform? (Choose two.)

Options:

A.

Reverse engineering tool

B.

HTTP intercepting proxy

C.

Vulnerability scanner

D.

File integrity monitor

E.

Password cracker

F.

Fuzzer

Question 100

A malware infection spread to numerous workstations within the marketing department. The workstations were quarantined and replaced with machines. Which of the following represents a FINAL step in the prediction of the malware?

Options:

A.

The workstations should be isolated from the network.

B.

The workstations should be donated for refuse.

C.

The workstations should be reimaged

D.

The workstations should be patched and scanned.

Question 101

Which of the following is a feature of virtualization that can potentially create a single point of failure?

Options:

A.

Server consolidation

B.

Load balancing hypervisors

C.

Faster server provisioning

D.

Running multiple OS instances

Question 102

A company recently implemented a variety of security services to detect various types of traffic that pose a threat to the company. The following services were enabled within the network:

• Scan of specific subsets for vulnerabilities

• Categorizing and logging of website traffic

• Enabling specific ACLs based on application traffic

• Sending suspicious files to a third-party site for validation

A report was sent to the security team that identified multiple incidents of users sharing large amounts of data from an on-premise server to a public site. A small percentage of that data also contained malware and spyware

Which of the following services MOST likely identified the behavior and sent the report?

Options:

A.

Content filter

B.

User behavioral analytics

C.

Application sandbox

D.

Web application firewall

E.

Endpoint protection

F.

Cloud security broker

Demo: 102 questions
Total 683 questions