March Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

CompTIA CAS-003 CompTIA Advanced Security Practitioner (CASP) Exam Exam Practice Test

Demo: 102 questions
Total 683 questions

CompTIA Advanced Security Practitioner (CASP) Exam Questions and Answers

Question 1

A systems security engineer is assisting an organization’s market survey team in reviewing requirements for an upcoming acquisition of mobile devices. The engineer expresses concerns to the survey team about a particular class of devices that uses a separate SoC for baseband radio I/O. For which of the following reasons is the engineer concerned?

Options:

A.

These devices can communicate over networks older than HSPA+ and LTE standards, exposing device communications to poor encryptions routines

B.

The organization will be unable to restrict the use of NFC, electromagnetic induction, and Bluetooth technologies

C.

The associated firmware is more likely to remain out of date and potentially vulnerable

D.

The manufacturers of the baseband radios are unable to enforce mandatory access controls within their driver set

Question 2

A security researcher is gathering information about a recent spoke in the number of targeted attacks against multinational banks. The spike is on top of already sustained attacks against the banks. Some of the previous attacks have resulted in the loss of sensitive data, but as of yet the attackers have not successfully stolen any funds.

Based on the information available to the researcher, which of the following is the MOST likely threat profile?

Options:

A.

Nation-state-sponsored attackers conducting espionage for strategic gain.

B.

Insiders seeking to gain access to funds for illicit purposes.

C.

Opportunists seeking notoriety and fame for personal gain.

D.

Hacktivists seeking to make a political statement because of socio-economic factors.

Question 3

A team is at the beginning stages of designing a new enterprise-wide application. The new application will have a large database and require a capital investment in hardware. The Chief Information Officer (СIO) has directed the team to save money and reduce the reliance on the datacenter, and the vendor must specialize in hosting large databases in the cloud. Which of the following cloud-hosting options would BEST meet these needs?

Options:

A.

Multi-tenancy SaaS

B.

Hybrid IaaS

C.

Single-tenancy PaaS

D.

Community IaaS

Question 4

As a security administrator, you are asked to harden a server running Red Hat Enterprise Server 5.5 64-bit.

This server is being used as a DNS and time server. It is not used as a database, web server, or print server. There are no wireless connections to the server, and it does not need to print.

The command window will be provided along with root access. You are connected via a secure shell with root access.

You may query help for a list of commands.

Instructions:

You need to disable and turn off unrelated services and processes.

It is possible to simulate a crash of your server session. The simulation can be reset, but the server cannot be rebooted. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Question 5

Click on the exhibit buttons to view the four messages.

A security architect is working with a project team to deliver an important service that stores and processes customer banking details. The project, internally known as ProjectX, is due to launch its first set of features publicly within a week, but the team has not been able to implement encryption-at-rest of the customer records. The security architect is drafting an escalation email to senior leadership.

Which of the following BEST conveys the business impact for senior leadership?

Options:

A.

Message 1

B.

Message 2

C.

Message 3

D.

Message 4

Question 6

During a security assessment, activities were divided into two phases; internal and external exploitation. The security assessment team set a hard time limit on external activities before moving to a compromised box within the enterprise perimeter.

Which of the following methods is the assessment team most likely to employ NEXT?

Options:

A.

Pivoting from the compromised, moving laterally through the enterprise, and trying to exfiltrate data and compromise devices.

B.

Conducting a social engineering attack attempt with the goal of accessing the compromised box physically.

C.

Exfiltrating network scans from the compromised box as a precursor to social media reconnaissance

D.

Open-source intelligence gathering to identify the network perimeter and scope to enable further system compromises.

Question 7

A company wants to perform analysis of a tool that is suspected to contain a malicious payload. A forensic analyst is given the following snippet:

^32^[34fda19(fd^43gfd/home/user/lib/module.so.343jk^rfw(342fds43g

Which of the following did the analyst use to determine the location of the malicious payload?

Options:

A.

Code deduplicators

B.

Binary reverse-engineering

C.

Fuzz testing

D.

Security containers

Question 8

The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review.

Which of the following BEST meets the needs of the board?

Options:

A.

KRI:- Compliance with regulations- Backlog of unresolved security investigations- Severity of threats and vulnerabilities reported by sensors- Time to patch critical issues on a monthly basisKPI:- Time to resolve open security items- % of suppliers with approved security control frameworks- EDR coverage across the fleet- Threat landscape rating

B.

KRI:- EDR coverage across the fleet- Backlog of unresolved security investigations- Time to patch critical issues on a monthly basis- Threat landscape ratingKPI:- Time to resolve open security items- Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors

C.

KRI:- EDR coverage across the fleet- % of suppliers with approved security control framework- Backlog of unresolved security investigations- Threat landscape ratingKPI:- Time to resolve open security items- Compliance with regulations- Time to patch critical issues on a monthly basis- Severity of threats and vulnerabilities reported by sensors

D.

KPI:- Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors- Threat landscape ratingKRI:- Time to resolve open security items- Backlog of unresolved security investigations- EDR coverage across the fleet- Time to patch critical issues on a monthly basis

Question 9

An advanced threat emulation engineer is conducting testing against a client’s network. The engineer conducts the testing in as realistic a manner as possible. Consequently, the engineer has been gradually ramping up the volume of attacks over a long period of time. Which of the following combinations of techniques would the engineer MOST likely use in this testing? (Choose three.)

Options:

A.

Black box testing

B.

Gray box testing

C.

Code review

D.

Social engineering

E.

Vulnerability assessment

F.

Pivoting

G.

Self-assessment

Question 10

As part of an organization’s compliance program, administrators must complete a hardening checklist and note any potential improvements. The process of noting improvements in the checklist is MOST likely driven by:

Options:

A.

the collection of data as part of the continuous monitoring program.

B.

adherence to policies associated with incident response.

C.

the organization’s software development life cycle.

D.

changes in operating systems or industry trends.

Question 11

A systems administrator has installed a disk wiping utility on all computers across the organization and configured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. The company has also instituted a policy that requires users to erase files containing sensitive information when they are no longer needed.

To ensure the process provides the intended results, an auditor reviews the following content from a randomly selected decommissioned hard disk:

Which of the following should be included in the auditor’s report based on the above findings?

Options:

A.

The hard disk contains bad sectors

B.

The disk has been degaussed.

C.

The data represents part of the disk BIOS.

D.

Sensitive data might still be present on the hard drives.

Question 12

A company has created a policy to allow employees to use their personally owned devices. The Chief Information Officer (CISO) is getting reports of company data appearing on unapproved forums and an increase in theft of personal electronic devices. Which of the following security controls would BEST reduce the risk of exposure?

Options:

A.

Disk encryption on the local drive

B.

Group policy to enforce failed login lockout

C.

Multifactor authentication

D.

Implementation of email digital signatures

Question 13

A forensic analyst suspects that a buffer overflow exists in a kernel module. The analyst executes the following command:

dd if=/dev/ram of=/tmp/mem/dmp

The analyst then reviews the associated output:

^34^#AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/bin/bash^21^03#45

However, the analyst is unable to find any evidence of the running shell. Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell?

Options:

A.

The NX bit is enabled

B.

The system uses ASLR

C.

The shell is obfuscated

D.

The code uses dynamic libraries

Question 14

A company wants to extend its help desk availability beyond business hours. The Chief Information Officer (CIO) decides to augment the help desk with a third-party service that will answer calls and provide Tier 1 problem resolution, such as password resets and remote assistance. The security administrator implements the following firewall change:

The administrator provides the appropriate path and credentials to the third-party company. Which of the following technologies is MOST likely being used to provide access to the third company?

Options:

A.

LDAP

B.

WAYF

C.

OpenID

D.

RADIUS

E.

SAML

Question 15

An engineer is assisting with the design of a new virtualized environment that will house critical company services and reduce the datacenter’s physical footprint. The company has expressed concern about the integrity of operating systems and wants to ensure a vulnerability exploited in one datacenter segment would not lead to the compromise of all others.

Which of the following design objectives should the engineer complete to BEST mitigate the company’s concerns? (Choose two.)

Options:

A.

Deploy virtual desktop infrastructure with an OOB management network

B.

Employ the use of vT PM with boot attestation

C.

Leverage separate physical hardware for sensitive services and data

D.

Use a community CSP with independently managed security services

E.

Deploy to a private cloud with hosted hypervisors on each physical machine

Question 16

Which of the following is an external pressure that causes companies to hire security assessors and penetration testers?

Options:

A.

Lack of adequate in-house testing skills.

B.

Requirements for geographically based assessments

C.

Cost reduction measures

D.

Regulatory insistence on independent reviews.

Question 17

An information security manager conducted a gap analysis, which revealed a 75% implementation of security controls for high-risk vulnerabilities, 90% for medium vulnerabilities, and 10% for low-risk vulnerabilities. To create a road map to close the identified gaps, the assurance team reviewed the likelihood of exploitation of each vulnerability and the business impact of each associated control. To determine which controls to implement, which of the following is the MOST important to consider?

Options:

A.

KPI

B.

KRI

C.

GRC

D.

BIA

Question 18

A security consultant is considering authentication options for a financial institution. The following authentication options are available. Drag and drop the security mechanism to the appropriate use case. Options may be used once.

Options:

Question 19

Following the successful response to a data-leakage incident, the incident team lead facilitates an exercise that focuses on continuous improvement of the organization’s incident response capabilities. Which of the following activities has the incident team lead executed?

Options:

A.

Lessons learned review

B.

Root cause analysis

C.

Incident audit

D.

Corrective action exercise

Question 20

After investigating virus outbreaks that have cost the company $1000 per incident, the company’s Chief Information Security Officer (CISO) has been researching new antivirus software solutions to use and be fully supported for the next two years. The CISO has narrowed down the potential solutions to four candidates that meet all the company’s performance and capability requirements:

Using the table above, which of the following would be the BEST business-driven choice among five possible solutions?

Options:

A.

Product A

B.

Product B

C.

Product C

D.

Product D

E.

Product E

Question 21

A server (10.0.0.2) on the corporate network is experiencing a DoS from a number of marketing desktops that have been compromised and are connected to a separate network segment. The security engineer implements the following configuration on the management router:

Which of the following is the engineer implementing?

Options:

A.

Remotely triggered black hole

B.

Route protection

C.

Port security

D.

Transport security

E.

Address space layout randomization

Question 22

A company enlists a trusted agent to implement a way to authenticate email senders positively Which of the following is the BEST method for the company to prove Vie authenticity of the message?

Options:

A.

issue PlN-enabled hardware tokens

B.

Create a CA win all users

C.

Configure the server to encrypt all messages in transit

D.

include a hash in the body of the message

Question 23

An internal penetration tester finds a legacy application that takes measurement input made in a text box and outputs a specific string of text related to industry requirements. There is no documentation about how this application works, and the source code has been lost. Which of the following would BEST allow the penetration tester to determine the input and output relationship?

Options:

A.

Running an automated fuzzer

B.

Constructing a known cipher text attack

C.

Attempting SQL injection commands

D.

Performing a full packet capture

E.

Using the application in a malware sandbox

Question 24

A company’s existing forward proxies support software-based TLS decryption, but are currently at 60% load just dealing with AV scanning and content analysis for HTTP traffic. More than 70% outbound web traffic is currently encrypted. The switching and routing network infrastructure precludes adding capacity, preventing the installation of a dedicated TLS decryption system. The network firewall infrastructure is currently at 30% load and has software decryption modules that can be activated by purchasing additional license keys. An existing project is rolling out agent updates to end-user desktops as part of an endpoint security refresh.

Which of the following is the BEST way to address these issues and mitigate risks to the organization?

Options:

A.

Purchase the SSL, decryption license for the firewalls and route traffic back to the proxies for end-user categorization and malware analysis.

B.

Roll out application whitelisting to end-user desktops and decommission the existing proxies, freeing up network ports.

C.

Use an EDP solution to address the malware issue and accept the diminishing role of the proxy for URL categorization in the short team.

D.

Accept the current risk and seek possible funding approval in the next budget cycle to replace the existing proxies with ones with more capacity.

Question 25

An organization's mobile device inventory recently provided notification that a zero-day vulnerability was identified in the code used to control the baseband of the devices. The device manufacturer is expediting a patch, but the rollout will take several months

Additionally several mobile users recently returned from an overseas trip and report their phones now contain unknown applications, slowing device performance Users have been unable to uninstall these applications, which persist after wiping the devices Which of the following MOST likely occurred and provides mitigation until the patches are released?

Options:

A.

Unauthentic firmware was installed, disable OTA updates and carrier roaming via MDM.

B.

Users opened a spear-phishing email: disable third-party application stores and validate all signed code prior to execution.

C.

An attacker downloaded monitoring applications; perform a full factory reset of the affected devices.

D.

Users received an improperly encoded emergency broadcast message, leading to an integrity loss condition; disable emergency broadcast messages

Question 26

An engineer maintains a corporate-owned mobility infrastructure, and the organization requires that all web browsing using corporate-owned resources be monitored.

Which of the following would allow the organization to meet its requirement? (Choose two.)

Options:

A.

Exempt mobile devices from the requirement, as this will lead to privacy violations

B.

Configure the devices to use an always-on IPSec VPN

C.

Configure all management traffic to be tunneled into the enterprise via TLS

D.

Implement a VDI solution and deploy supporting client apps to devices

E.

Restrict application permissions to establish only HTTPS connections outside of the enterprise boundary

Question 27

An incident response analyst is investigating a compromise on a application server within an organization. The analyst identifies an anomalous process that is executing and maintaining a persistent TCP connection to an external IP Which of the following actions should the analyst take NEXT?

Options:

A.

Capture running memory

B.

Create a BitCopy of the hard disk

C.

Use no to conduct banner grabbing on the remote IP

D.

Review /var/log/* for anomalous entries

Question 28

A developer is concerned about input validation for a newly created shopping-cart application, which will be released soon on a popular website. Customers were previously able to manipulate the shopping can so they could receive multiple items while only paying for one item. This resulted in large losses. Which of the following would be the MOST efficient way to test the shopping cart and address the developer's concerns?

Options:

A.

Log analysis

B.

Dynamic analysis

C.

Vulnerability assessment

D.

Gray-box testing

E.

Manual code review

Question 29

An organization uses an internal, web-based chat service that is served by an Apache HTTP daemon. A vulnerability scanner has identified this service is susceptible to a POODLE attack. Which of the following strings within me server's virtual-host configuration block is at fault and needs to be changed?

Options:

A.

AccessFileName /vac/http/.acl

B.

SSLProtocol -all +SSLv3

C.

AllowEncodedSlashes on

D.

SSLCertificateFile /var/certs/home.pem

E.

AllowOverride Nonfatal-All AuthConfig

Question 30

Company policy dictates that events from at least the past three months must be stored centrally for review. When a security incident occurs the security analyst investigates the underlying cause and sees the following:

The error appears to have started five days ago at the centralized location. Which of the following would prevent this issue from reoccurring?

Options:

A.

Log reduction and analysis

B.

Host-based IDS

C.

SCAP scanner

D.

File integrity monitoring

Question 31

An ICS security engineer is performing a security assessment at a bank in Chicago. The engineer reviews the following output:

Which of the following tools is the engineer using the provide this output?

Options:

A.

SCAP scanner

B.

Shodan

C.

Fuzzer

D.

Vulnerability scanner

Question 32

A legacy SCADA system is m place in a manufacturing facility to ensure proper facility operations Recent industry reports made available to the security team state similar legacy systems are being used as part of an attack chain in the same industry market Due to the age of these devices security control options are limned Which of the following would BEST provide continuous monitoring for these threats'

Options:

A.

Full packet captures and log analysis

B.

Passive vulnerability scanners

C.

Red-team threat hunting

D.

Network-based intrusion detection systems

Question 33

A security tester is performing a Mack-box assessment of an RFID access control system. The tester has a handful of RFID tags and is able to access the reader However, the tester cannot disassemble the reader because it is in use by the company. Which of the following shows the steps the tester should take to assess the RFID access control system m the correct order?

Options:

A.

1. Attempt to eavesdrop and replay RFID communications

2. Determine the protocols being used between the tag and the reader

3. Retrieve the RFID tag identifier and manufacturer details

4. Take apart an RFID tag and analyze the chip

B.

1. Determine the protocols being used between the tag and the reader

2. Take apart an RFID tag and analyze the chip

3. Retrieve the RFID tag identifier and manufacturer details

4. Attempt to eavesdrop and replay RFID communications

C.

1. Retrieve the RFID tag identifier and manufacturer details

2. Determine the protocols being used between the tag and the reader

3. Attempt to eavesdrop and replay RFID communications

4. Take apart an RFID tag and analyze the chip

D.

1. Take apart an RFID lag and analyze the chip

2. Retrieve the RFO tag identifier and manufacturer details

3. Determine the protocols being used between the tag and the reader

4. Attempt to eavesdrop and replay RFID communications

Question 34

A company’s employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling . Which of the following is the MOST likely explanation? (Select TWO.)

Options:

A.

Outdated escalation attack

B.

Privilege escalation attack

C.

VPN on the mobile device

D.

Unrestricted email administrator accounts

E.

Chief use of UDP protocols

F.

Disabled GPS on mobile devices

Question 35

A security engineer is attempting to inventory all network devices Most unknown devices are not responsive to SNMP queries. Which of the following would be the MOST secure configuration?

Options:

A.

Switch to SNMPv1 device inventory credentials

B.

Enable SSH for all switches and routers

C.

Set SFTP to enabled on all network devices

D.

Configure SNMPv3 server settings to match client settings

Question 36

While standing a proof-of-concept solution with a vendor, the following direction was given of connections to the default environments.

Which of the following is using used to secure the three environments from overlap if all of them reside on separate serves in the same DM2?

Options:

A.

Separation of environments policy

B.

Logical access controls

C.

Segmentation of VlLNs

D.

Subnetting of cloud environments

Question 37

A company recently developed a new mobile application that will be used to access a sensitive system. The application and the system have the following requirements:

• The application contains sensitive encryption material and should not be accessible over the network

• The system should not be exposed to the Internet

• Communication must be encrypted and authenticated by both the server and the client

Which of the following can be used to install the application on the mobile device? (Select TWO).

Options:

A.

TPM

B.

Internal application store

C.

HTTPS

D.

USB OTG

E.

Sideloading

F.

OTA

Question 38

A penetration tester is trying to 9am access to a bulking after hours as part of a physical assessment of an office complex. The tester notes that each employee touches a badge near a small black box outside the side door and the door unlocks. The tester uses a software-defined radio tool to determine a 125kHz signal is used during this process Which of the following technical solutions would be BEST to help the penetration tester gain access to the building?

Options:

A.

Generate a 125kHz tone

B.

Compromise the ICS SCADA system

C.

Utilize an RFlD duplicator

D.

Obtain a lock pick set

Question 39

A security engineer has just been embedded in an agile development team to ensure security practices are maintained during frequent release cycles. A new web application includes an input form. Which of the following would work BEST to allow the security engineer to test how the application handles error conditions?

Options:

A.

Running a dynamic analysis at form submission

B.

Performing a static code analysis

C.

Fuzzing possible input of the form

D.

Conducing a runtime analysis of the code

Question 40

A security engineer is performing a routine audit of a company's decommissioned devices. The current process involves a third-party firm removing the hard drive from a company device, wiping it using a seven-pass software placing it back into the device and tagging the device for reuse or disposal. The audit reveals sensitive information is present m the hard drive duster tips. Which of the following should the third-party firm implement NEXT to ensure all data is permanently removed''

Options:

A.

Degauss the drives using a commercial tool,

B.

Scramble the file allocation table.

C.

Wipe the drives using a 21 -pass overwrite,.

D.

Disable the logic board using high-voltage input.

Question 41

A company needs to deploy a home assistant that has the following requirement:

1. Revalidate identity when sensitive personal information is accessed and when there is a change m device state. 2 Authenticate every three months and upon registration 3. Support seamless access on all channel

Which of the following actions would be BEST to support the above requirements securely? (Select TWO).

Options:

A.

Implement long-lived refresh tokens when the application is opened with OAuth support of beater tokens.

B.

Refresh a new access token when the application is opened and OAuth device flow registration is implemented.

C.

Implement a content-aware security risk engine with push notification tokens

D.

Request a new bearer token from the token service when the application is opened and OAuth browserless flows are implemented

E.

Implement a user and entity behavioral analytics detection engine with a one-time magic link.

F.

Implement a rules-based security engine with software OTP tokens.

Question 42

A major OS vendor implements an IDE-integrated tool that alerts developers on the use of insecure and deprecated C code functions Using which of the following functions would yield an alert to the developer?

Options:

A.

. char

B.

errno_t

C.

stream_s

D.

strcpy

Question 43

Which of the following vulnerabilities did the analyst uncover?

Options:

A.

A memory leak when executing exit (0);

B.

A race condition when switching variables in stropy(variable2) variable[1]);

C.

A buffer overflow when using the command stropy(variable2) variable1[1]);

D.

Error handling when executing principle ("stropy () failed. \n." >;

Question 44

A Chief Information Security Officer (CISO) wants to set up a SOC to respond to security threats and events more quickly. The SOC must have the following capacities:

• Real-time response

• Visualization

• Threat intelligence integration

• Cross-referencing from multiple sources

• Deduplication

Which of the following technologies would BEST meet these requirements?

Options:

A.

SIEM

B.

EDR

C.

OSINT

D.

UTM

Question 45

A product development team has submitted code snippets for review prior to release.

INSTRUCTIONS -

Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Question 46

Following a recent disaster a business activates its DRP. The business is operational again within 60 minutes. The business has multiple geographically dispersed locations that have similar equipment and operational capabilities. Which of the following strategies has the business implemented?

Options:

A.

Cold site

B.

Reciprocal agreement

C.

Recovery point objective

D.

Internal redundancy

Question 47

A new identity management program was recently initialed to reduce risk and improve the employee experience. The environment is complex it does not support rest APIs but has multiple identity stores Password resets are the help desk's top ticket item and it takes the organization weeks to manually create access for new employees. The applications in the scope of the program are the enterprise service bus SaaS web portals and internal web portal. The goals of the program include

• Reducing costs by centralizing authentication and authorization

• Streamlining business processes

• Enabling employees to have immediate access

• Reducing password reset tickets by 90%

To meet the above goals and the business case which of the following authentication and authorization capabilities does the security architect need to implement?

Options:

A.

OpenlD. SPML LOAP. and WAYF

B.

OAuth, SCIM AD and WS-Security

C.

Kerberos XACML AD and SPML

D.

SAML. XACML SCIM. and LDAP

Question 48

The credentials of a hospital's HVAC vendor were obtained using credential-harvesting malware through a phishing email. The HVAC vendor has administrative privileges m the SCADA network. Which of the following would prevent this from happening again in the future?

Options:

A.

Network segmentation

B.

Vulnerability scanning

C.

Password complexity rules

D.

Security patching

Question 49

A company’s potential new vendors are asking for detailed network and traffic information so they can properly size a firewall. Which of the following would work BEST to protect the company's sensitive information during the procurement process?

Options:

A.

Issuing an appropriate public RFP

B.

Requiring each vendor to sign an MSA

C.

Submitting an RFQ to each vendor

D.

Asking each vendor to sign an NDA

Question 50

An application developer has been informed of a web application that is susceptible to a clickjacking vulnerability Which of the following code snippets would be MOST applicable to resolve this vulnerability?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 51

An organization recently experienced losses caused by users who installed applications from unauthorized sources on their smartphones. The organization wants to reduce the risk of reoccurrence but increase the monitoring and reporting of mobile device security at the enterprise level. Which of the following approaches would BEST meet these objectives?

Options:

A.

Configure and deploy an AD Group Policy that enforces an application whitelist on all x86-64 mobile devices, and feed logs to an enterprise audit management solution.

B.

Modify the organization's MAM configuration to capture events associated with application installations and removals, and set alerts to feed to the enterprise SIEM solution.

C.

Set GPOs to enable the enterprise SIEM tool to collect all application and server logs, and configure the SIEM and its dashboard to protect against unauthorized application installations on mobile devices.

D.

Enforce device configurations with agents that leverage the devices' APIs, and feed logs and events to the enterprise SIEM solution.

Question 52

A forensic analyst must image the hard drive of a computer and store the image on a remote server. The analyst boots the computer with a live Linux distribution. Which of the following will allow the analyst to copy and transfer the file securely to the remote server?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 53

An organization is deploying IoT locks, sensors, and cameras, which operate over 802.11, to replace legacy building access control systems. These devices are capable of triggering physical access changes, including locking and unlocking doors and gates. Unfortunately, the devices have known vulnerabilities for which the vendor has yet to provide firmware updates.

Which of the following would BEST mitigate this risk?

Options:

A.

Direct wire the IoT devices into physical switches and place them on an exclusive VLAN.

B.

Require sensors to sign all transmitted unlock control messages digitally.

C.

Associate the devices with an isolated wireless network configured for WPA2 and EAP-TLS.

D.

Implement an out-of-band monitoring solution to detect message injections and attempts.

Question 54

An analyst has noticed unusual activities in the SIEM to a .cn domain name. Which of the following should the analyst use to identify the content of the traffic?

Options:

A.

Log review

B.

Service discovery

C.

Packet capture

D.

DNS harvesting

Question 55

A technician uses an old SSL server due to budget constraints and discovers performance degrades dramatically after enabling PFS The technician cannot determine why performance degraded so dramatically A newer version of the SSL server does not suffer the same performance degradation. Performance rather than security is the main priority for the technician

The system specifications and configuration of each system are listed below:

Which of the following is MOST likely the cause of the degradation in performance and should be changed?

Options:

A.

Using ECC

B.

Using RSA

C.

Disk size

D.

Memory size

E.

Decryption chips

F.

Connection requests

Question 56

A security administrator is advocating for enforcement of a new policy that would require employers with privileged access accounts to undergo periodic inspections and review of certain job performance data. To which of the following policies is the security administrator MOST likely referring?

Options:

A.

Background investigation

B.

Mandatory vacation

C.

Least privilege

D.

Separation of duties

Question 57

A hospital is using a functional magnetic resonance imaging (fMRI) scanner, which is controlled legacy desktop connected to the network. The manufacturer of the fMRI will not support patching of the legacy system. The legacy desktop needs to be network accessible on TCP port 445 A security administrator is concerned the legacy system will be vulnerable to exploits Which of the following would be the BEST strategy to reduce the risk of an outage while still providing for security?

Options:

A.

Install HIDS and disable unused services.

B.

Enable application whitelisting and disable SMB.

C.

Segment the network and configure a controlled interface

D.

Apply only critical security patches for known vulnerabilities.

Question 58

An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes. The machine is running a very recent release of the Linux OS.

Which of the following technical approaches would be the MOST feasible way to accomplish this capture?

Options:

A.

Run the memdump utility with the -k flag.

B.

Use a loadable kernel module capture utility, such as LiME.

C.

Run dd on/dev/mem.

D.

Employ a stand-alone utility, such as FTK Imager.

Question 59

A Chief Information Security Officer (CISO) of a large financial institution undergoing an IT transformation program wants to embed security across the business rapidly and across as many layers of the business as possible to achieve quick wins and reduce risk to the organization. Which of the following business areas should the CISO target FIRST to best meet the objective?

Options:

A.

Programmers and developers should be targeted to ensure secure coding practices, including automated code reviews with remediation processes, are implemented immediately.

B.

Human resources should be targeted to ensure all new employees undertake security awareness and compliance training to reduce the impact of phishing and ransomware attacks.

C.

The project management office should be targeted to ensure security is managed and included at all levels of the project management cycle for new and in-flight projects.

D.

Risk assurance teams should be targeted to help identify key business unit security risks that can be aggregated across the organization to produce a risk posture dashboard for executive management.

Question 60

A security engineer is investigating a compromise that occurred between two internal computers. The engineer has determined during the investigation that one computer infected another. While reviewing the IDS logs, the engineer can view the outbound callback traffic, but sees no traffic between the two computers. Which of the following would BEST address the IDS visibility gap?

Options:

A.

Install network taps at the edge of the network.

B.

Send syslog from the IDS into the SIEM.

C.

Install HIDS on each computer.

D.

SPAN traffic form the network core into the IDS.

Question 61

A penetration testing manager is contributing to an RFP for the purchase of a new platform. The manager has provided the following requirements:

  • Must be able to MITM web-based protocols
  • Must be able to find common misconfigurations and security holes

Which of the following types of testing should be included in the testing platform? (Choose two.)

Options:

A.

Reverse engineering tool

B.

HTTP intercepting proxy

C.

Vulnerability scanner

D.

File integrity monitor

E.

Password cracker

F.

Fuzzer

Question 62

An organization is reviewing endpoint security solutions. In evaluating products, the organization has the following requirements:

  • Support server, laptop, and desktop infrastructure
  • Due to limited security resources, implement active protection capabilities
  • Provide users with the ability to self-service classify information and apply policies
  • Protect data-at-rest and data-in-use

Which of the following endpoint capabilities would BEST meet the above requirements? (Select two.)

Options:

A.

Data loss prevention

B.

Application whitelisting

C.

Endpoint detect and respond

D.

Rights management

E.

Log monitoring

F.

Antivirus

Question 63

An internal application has been developed to increase the efficiency of an operational process of a global manufacturer. New code was implemented to fix a security bug, but it has caused operations to halt. The executive team has decided fixing the security bug is less important than continuing operations.

Which of the following would BEST support immediate rollback of the failed fix? (Choose two.)

Options:

A.

Version control

B.

Agile development

C.

Waterfall development

D.

Change management

E.

Continuous integration

Question 64

A regional transportation and logistics company recently hired its first Chief Information Security Officer (CISO). The CISO’s first project after onboarding involved performing a vulnerability assessment against the company’s public facing network. The completed scan found a legacy collaboration platform application with a critically rated vulnerability. While discussing this issue with the line of business, the CISO learns the vulnerable application cannot be updated without the company incurring significant losses due to downtime or new software purchases.

Which of the following BEST addresses these concerns?

Options:

A.

The company should plan future maintenance windows such legacy application can be updated as needed.

B.

The CISO must accept the risk of the legacy application, as the cost of replacing the application greatly exceeds the risk to the company.

C.

The company should implement a WAF in front of the vulnerable application to filter out any traffic attempting to exploit the vulnerability.

D.

The company should build a parallel system and perform a cutover from the old application to the new application, with less downtime than an upgrade.

Question 65

During a sprint, developers are responsible for ensuring the expected outcome of a change is thoroughly evaluated for any security impacts. Any impacts must be reported to the team lead. Before changes are made to the source code, which of the following MUST be performed to provide the required information to the team lead?

Options:

A.

Risk assessment

B.

Regression testing

C.

User story development

D.

Data abstraction

E.

Business impact assessment

Question 66

A security analyst works for a defense contractor that produces classified research on drones. The contractor faces nearly constant attacks from sophisticated nation-state actors and other APIs.

Which of the following would help protect the confidentiality of the research data?

Options:

A.

Use diverse components in layers throughout the architecture

B.

Implement non-heterogeneous components at the network perimeter

C.

Purge all data remnants from client devices' volatile memory at regularly scheduled intervals

D.

Use only in-house developed applications that adhere to strict SDLC security requirements

Question 67

The Chief Executive Officer (CEO) instructed the new Chief Information Security Officer (CISO) to provide a list of enhancements to the company’s cybersecurity operation. As a result, the CISO has identified the need to align security operations with industry best practices. Which of the following industry references is appropriate to accomplish this?

Options:

A.

OSSM

B.

NIST

C.

PCI

D.

OWASP

Question 68

A company relies on an ICS to perform equipment monitoring functions that are federally mandated for operation of the facility. Fines for non-compliance could be costly. The ICS has known vulnerabilities and can no longer be patched or updated. Cyber-liability insurance cannot be obtained because insurance companies will not insure this equipment.

Which of the following would be the BEST option to manage this risk to the company's production environment?

Options:

A.

Avoid the risk by removing the ICS from production

B.

Transfer the risk associated with the ICS vulnerabilities

C.

Mitigate the risk by restricting access to the ICS

D.

Accept the risk and upgrade the ICS when possible

Question 69

A Chief Information Security Officer (CISO) needs to establish a KRI for a particular system. The system holds archives of contracts that are no longer in use. The contracts contain intellectual property and have a data classification of non-public. Which of the following be the BEST risk indicator for this system?

Options:

A.

Average minutes of downtime per quarter

B.

Percent of patches applied in the past 30 days

C.

Count of login failures per week

D.

Number of accounts accessing the system per day

Question 70

An organization is integrating an ICS and wants to ensure the system is cyber resilient. Unfortunately, many of the specialized components are legacy systems that cannot be patched. The existing enterprise consists of mission-critical systems that require 99.9% uptime. To assist in the appropriate design of the system given the constraints, which of the following MUST be assumed?

Options:

A.

Vulnerable components

B.

Operational impact due to attack

C.

Time criticality of systems

D.

Presence of open-source software

Question 71

A manufacturing company's security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently proposed some techniques to reduce the attack surface of the ICS to the Chief Information Security Officer (CISO). Which of the following would BEST track the reductions to show the CISO the engineer's plan is successful during each phase?

Options:

A.

Conducting tabletop exercises to evaluate system risk

B.

Contracting a third-party auditor after the project is finished

C.

Performing pre- and post-implementation penetration tests

D.

Running frequent vulnerability scans during the project

Question 72

An enterprise is configuring an SSL client-based VPN for certificate authentication. The trusted root certificate from the CA is imported into the firewall, and the VPN configuration in the firewall is configured for certificate authentication. Signed certificates from the trusted CA are distributed to user devices. The CA certificate is set as trusted on the end-user devices, and the VPN client is configured on the end-user devices When the end users attempt to connect however, the firewall rejects the connection after a brief period Which of the following is the MOST likely reason the firewall rejects the connection?

Options:

A.

In the firewall, compatible cipher suites must be enabled

B.

In the VPN client, the CA CRL address needs to be specified manually

C.

In the router, IPSec traffic needs to be allowed in bridged mode

D.

In the CA. the SAN field must be set for the root CA certificate and then reissued

Question 73

Following a recent network intrusion, a company wants to determine the current security awareness of all of its employees. Which of the following is the BEST way to test awareness?

Options:

A.

Conduct a series of security training events with comprehensive tests at the end

B.

Hire an external company to provide an independent audit of the network security posture

C.

Review the social media of all employees to see how much proprietary information is shared

D.

Send an email from a corporate account, requesting users to log onto a website with their enterprise account

Question 74

Following a recent and very large corporate merger, the number of log files an SOC needs to review has approximately tripled. The Chief Information Security Officer (CISO) has not been allowed to hire any more staff for the SOC, but is looking for other ways to automate the log review process so the SOC receives less noise. Which of the following would BEST reduce log noise for the SOC?

Options:

A.

SIEM filtering

B.

Machine learning

C.

Outsourcing

D.

Centralized IPS

Question 75

An organization’s network security administrator has been using an SSH connection to manage switches and routers for several years. After attempting to connect to a router, an alert appears on the terminal emulation software, warning that the SSH key has changed.

After confirming the administrator is using the typical workstation and the router has not been replaced, which of the following are the MOST likely explanations for the warning message? (Choose two.).

Options:

A.

The SSH keys were given to another department.

B.

A MITM attack is being performed by an APT.

C.

The terminal emulator does not support SHA-256.

D.

An incorrect username or password was entered.

E.

A key rotation has occurred as a result of an incident.

F.

The workstation is not syncing with the correct NTP server.

Question 76

Ann, a retiring employee, cleaned out her desk. The next day, Ann’s manager notices company equipment that was supposed to remain at her desk is now missing.

Which of the following would reduce the risk of this occurring in the future?

Options:

A.

Regular auditing of the clean desk policy

B.

Employee awareness and training policies

C.

Proper employee separation procedures

D.

Implementation of an acceptable use policy

Question 77

A laptop is recovered a few days after it was stolen.

Which of the following should be verified during incident response activities to determine the possible impact of the incident?

Options:

A.

Full disk encryption status

B.

TPM PCR values

C.

File system integrity

D.

Presence of UEFI vulnerabilities

Question 78

A security engineer wants to introduce key stretching techniques to the account database to make password guessing attacks more difficult Which of the following should be considered to achieve this? (Select TWO)

Options:

A.

Digital signature

B.

bcrypt

C.

Perfect forward secrecy

D.

SHA-256

E.

P-384

F.

PBKDF2

G.

Record-level encryption

Question 79

A company recently experienced a period of rapid growth, and it now needs to move to a more scalable cloud-based solution Historically. salespeople have maintained separate systems for information on competing customers to prevent the inadvertent disclosure of one customer's information to another customer Which of the following would be the BEST method to provide secure data separation?

Options:

A.

Use a CRM tool to separate data stores

B.

Migrate to a single-tenancy cloud infrastructure

C.

Employ network segmentation to provide isolation among salespeople

D.

Implement an open-source public cloud CRM

Question 80

The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

Options:

A.

Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier’s post-contract renewal with a dedicated risk management team.

B.

Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.

C.

Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.

D.

Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier’s rating. Report finding units that rely on the suppliers and the various risk teams.

Question 81

A security administrator receives reports that several workstations are unable to access resources within one network segment. A packet capture shows the segment is flooded with ICMPv6 traffic from the source fe80::21ae;4571:42ab:1fdd and for the destination ff02::1. Which of the following should the security administrator integrate into the network to help prevent this from occurring?

Options:

A.

Raise the dead peer detection interval to prevent the additional network chatter

B.

Deploy honeypots on the network segment to identify the sending machine.

C.

Ensure routers will use route advertisement guards.

D.

Deploy ARP spoofing prevention on routers and switches.

Question 82

Within change management, winch of the following ensures functions are earned out by multiple employees?

Options:

A.

Least privilege

B.

Mandatory vacation

C.

Separator of duties

D.

Job rotation

Question 83

An employee decides to log into an authorized system. The system does not prompt the employee for authentication prior to granting access to the console, and it cannot authenticate the network resources. Which of the following attack types can this lead to if it is not mitigated?

Options:

A.

Memory leak

B.

Race condition

C.

Smurf

D.

Resource exhaustion

Question 84

A company's Internet connection is commonly saturated during business hours, affecting Internet availability. The company requires all Internet traffic to be business related After analyzing the traffic over a period of a few hours, the security administrator observes the following:

The majority of the IP addresses associated with the TCP/SSL traffic resolve to CDNs Which of the following should the administrator recommend for the CDN traffic to meet the corporate security requirements?

Options:

A.

Block outbound SSL traffic to prevent data exfiltration.

B.

Confirm the use of the CDN by monitoring NetFlow data

C.

Further investigate the traffic using a sanctioned MITM proxy.

D.

Implement an IPS to drop packets associated with the CDN.

Question 85

A company is in the process of re-architecting its sensitive system infrastructure to take advantage of on-demand computing through a public cloud provider The system to be migrated is sensitive with respect to latency availability, and integrity The infrastructure team agreed to the following

• Application and middleware servers will migrate to the cloud " Database servers will remain on-site

• Data backup wilt be stored in the cloud

Which of the following solutions would ensure system and security requirements are met?

Options:

A.

Implement a direct connection from the company to the cloud provider

B.

Use a cloud orchestration tool and implement appropriate change control processes

C.

Implement a standby database on the cloud using a CASB for data-at-rest security

D.

Use multizone geographic distribution with satellite relays

Question 86

A legal services company wants to ensure emails to clients maintain integrity in transit Which of the following would BEST meet this requirement? (Select TWO)

Options:

A.

Signing emails to clients with the organization's public key

B.

Using the organization's private key to encrypt all communication

C.

Implementing a public key infrastructure

D.

Signing emails to clients with the organization's private key

E.

Using shared secret keys

F.

Hashing all outgoing emails

Question 87

During the migration of a company’s human resources application to a PaaS provider, the Chief Privacy Officer (CPO) expresses concern the vendor’s staff may be able to access data within the migrating applications. The application stack includes a multitier architecture and uses commercially available, vendor-supported software packages. Which of the following BEST addresses the CPO’s concerns?

Options:

A.

Execute non-disclosure agreements and background checks on vendor staff.

B.

Ensure the platform vendor implement date-at-rest encryption on its storage.

C.

Enable MFA to the vendor’s tier of the architecture.

D.

Impalement a CASB that tokenizes company data in transit to the migrated applications.

Question 88

An organization is concerned that its hosted web servers are not running the most updated version of

software. Which of the following would work BEST to help identify potential vulnerabilities?

Options:

A.

hping3 –S comptia.org –p 80

B.

nc –1 –v comptia.org –p 80

C.

nmap comptia.org –p 80 –sV

D.

nslookup –port=80 comptia.org

Question 89

A security analyst has received the following requirements for the implementation of enterprise credential management software.

• The software must have traceability back to an individual

• Credentials must remain unknown to the vendor at all times

• There must be forced credential changes upon ID checkout

• Complexity requirements must be enforced.

• The software must be quickly and easily scalable with max mum availability

Which of the following vendor configurations would BEST meet these requirements?

Options:

A.

Credentials encrypted in transit and then stored, hashed and salted in a vendor's cloud, where the vendor handles key management

B.

Credentials stored, hashed, and salted on each local machine

C.

Credentials encrypted in transit and stored in a vendor's cloud, where the enterprise retains the keys

D.

Credentials encrypted in transit and stored on an internal network server with backups that are taken on a weekly basis

Question 90

The Chief Executive Officer (CEO) of a company has considered implementing a cost-saving measure that

might result in new risk to the company. When deciding whether to implement this measure, which of the

following would be the BEST course of action to manage the organization’s risk?

Options:

A.

Present the detailed risk resulting from the change to the company’s board of directors

B.

Pilot new mitigations that cost less than the total amount saved by the change

C.

Modify policies and standards to discourage future changes that increase risk

D.

Capture the risk in a prioritized register that is shared routinely with the CEO

Question 91

A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.

Which of the following should the security analyst perform?

Options:

A.

Contact the security department at the business partner and alert them to the email event.

B.

Block the IP address for the business partner at the perimeter firewall.

C.

Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.

D.

Configure the email gateway to automatically quarantine all messages originating from the business partner.

Question 92

The Chief Information Security Officer (CISO) is preparing a requirements matrix scorecard for a new security tool the company plans to purchase Feedback from which of the following documents will provide input for the requirements matrix scorecard during the vendor selection process?

Options:

A.

MSA

B.

RFQ

C.

RFI

D.

RFP

Question 93

A network service on a production system keeps crashing at random times. The systems administrator suspects a bug in the listener is causing the service to crash, resuming in the a DoS. Which the service crashes, a core dump is left in the /tmp directory. Which of the following tools can the systems administrator use to reproduction these symptoms?

Options:

A.

Fuzzer

B.

Vulnerability scanner

C.

Core dump analyzer

D.

Debugger

Question 94

Confidential information related to Application A. Application B and Project X appears to have been leaked to a competitor. After consulting with the legal team, the IR team is advised to take immediate action to preserve evidence for possible litigation and criminal charges.

While reviewing the rights and group ownership of the data involved in the breach, the IR team inspects the following distribution group access lists:

Which of the following actions should the IR team take FIRST?

Options:

A.

Remove all members from the distribution groups immediately

B.

Place the mailbox for jsmith on legal hold

C.

Implement a proxy server on the network to inspect all outbound SMTP traffic for the DevOps group

D.

Install DLP software on all developer laptops to prevent data from leaving the network.

Question 95

A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?

Options:

A.

Asymmetric

B.

Symmetric

C.

Homomorphic

D.

Ephemeral

Question 96

An organization is struggling to differentiate threats from normal traffic and access to systems. A security

engineer has been asked to recommend a system that will aggregate data and provide metrics that will assist in identifying malicious actors or other anomalous activity throughout the environment. Which of the following solutions should the engineer recommend?

Options:

A.

Web application firewall

B.

SIEM

C.

IPS

D.

UTM

E.

File integrity monitor

Question 97

A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:

The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:

Which of the following is an appropriate security control the company should implement?

Options:

A.

Restrict directory permission to read-only access.

B.

Use server-side processing to avoid XSS vulnerabilities in path input.

C.

Separate the items in the system call to prevent command injection.

D.

Parameterize a query in the path variable to prevent SQL injection.

Question 98

A security engineer is helping the web developers assess a new corporate web application The application will be Internet facing so the engineer makes the following recommendation:

In an htaccess file or the site config add:

or add to the location block:

Which of the following is the security engineer trying to accomplish via cookies? (Select TWO)

Options:

A.

Ensure session IDs are generated dynamically with each cookie request

B.

Prevent cookies from being transmitted to other domain names

C.

Create a temporary space on the user's drive root for ephemeral cookie storage

D.

Enforce the use of plain text HTTP transmission with secure local cookie storage

E.

Add a sequence ID to the cookie session ID while in transit to prevent CSRF.

F.

Allow cookie creation or updates only over TLS connections

Question 99

A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?

Options:

A.

DLP

B.

Mail gateway

C.

Data flow enforcement

D.

UTM

Question 100

A hospital is deploying new imaging softwares that requires a web server for access to image for both local and remote users. The web server allows user authentication via secure LDAP. The information security officer wants to ensure the server does not allow unencrypted access to the imaging server by using Nmap to gather additional information. Given the following.

* The imaging server IP is 192.168.101.24

* The domain controller IP is 192.168.100.1

* The client machine IP is 192.168.200.37

Which of the following should be used to confirm this is the only open post on the web server?

Options:

A.

nmap "p 80,443 192.168.101.24

B.

nmap "p 80,443,389,636 192.168.100.1

C.

nmap "p 80,389 192.168.200.37

D.

nmap "p" 192.168.101.24

Question 101

A company recently deployed an agent-based DLP solution to all laptop in the environment. The DLP solution is configured to restrict the following:

• USB ports

• FTP connections

• Access to cloud-based storage sites

• Outgoing email attachments

• Saving data on the local C: drive

Despite these restrictions, highly confidential data was from a secure fileshare in the research department. Which of the following should the security team implement FIRST?

Options:

A.

Application whitelisting for all company-owned devices

B.

A secure VDI environment for research department employees

C.

NIDS/NIPS on the network segment used by the research department

D.

Bluetooth restriction on all laptops

Question 102

A government entity is developing requirements for an RFP to acquire a biometric authentication system When developing these requirements, which of the following considerations is MOST critical to the verification and validation of the SRTM?

Options:

A.

Local and national laws and regulations

B.

Secure software development requirements

C.

Environmental constraint requirements

D.

Testability of requirements

Demo: 102 questions
Total 683 questions