Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

CompTIA CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam Exam Practice Test

Demo: 151 questions
Total 506 questions

CompTIA Advanced Security Practitioner (CASP+) Exam Questions and Answers

Question 1

A common industrial protocol has the following characteristics:

• Provides for no authentication/security

• Is often implemented in a client/server relationship

• Is implemented as either RTU or TCP/IP

Which of the following is being described?

Options:

A.

Profinet

B.

Modbus

C.

Zigbee

D.

Z-Wave

Question 2

A senior security analyst is helping the development team improve the security of an application that is being developed. The developers use third-party libraries and applications. The software in development used old, third-party packages that were not replaced before market distribution. Which of the following should be implemented into the SDLC to resolve the issue?

Options:

A.

Software composition analysis

B.

A SCAP scanner

C.

ASAST

D.

A DAST

Question 3

An ISP is receiving reports from a portion of its customers who state that typosquatting is occurring when they type in a portion of the URL for the ISP's website. The reports state that customers are being directed to an advertisement website that is asking for personal information. The security team has verified the DNS system is returning proper results and has no known lOCs. Which of the following should the security team implement to best mitigate this situation?

Options:

A.

DNSSEC

B.

DNS filtering

C.

Multifactor authentication

D.

Self-signed certificates

E.

Revocation of compromised certificates

Question 4

A company is in the process of refreshing its entire infrastructure The company has a business-critical process running on an old 2008 Windows server If this server fails, the company would lose millions of dollars in revenue. Which of the following actions should the company should take?

Options:

A.

Accept the risk as the cost of doing business

B.

Create an organizational risk register for project prioritization

C.

Calculate the ALE and conduct a cost-benefit analysis

D.

Purchase insurance to offset the cost if a failure occurred

Question 5

A security architect is implementing a SOAR solution in an organization's cloud production environment to support detection capabilities. Which of the following will be the most likely benefit?

Options:

A.

Improved security operations center performance

B.

Automated firewall log collection tasks

C.

Optimized cloud resource utilization

D.

Increased risk visibility

Question 6

An multinational organization was hacked, and the incident response team's timely action prevented a major disaster Following the event, the team created an after action report. Which of the following is the primary goal of an after action review?

Options:

A.

To gather evidence for subsequent legal action

B.

To determine the identity of the attacker

C.

To identify ways to improve the response process

D.

To create a plan of action and milestones

Question 7

A security architect is working with a new customer to find a vulnerability assessment solution that meets the following requirements:

• Fast scanning

• The least false positives possible

• Signature-based

• A low impact on servers when performing a scan

In addition, the customer has several screened subnets, VLANs, and branch offices. Which of the following will best meet the customer's needs?

Options:

A.

Authenticated scanning

B.

Passive scanning

C.

Unauthenticated scanning

D.

Agent-based scanning

Question 8

A company is migrating its data center to the cloud. Some hosts had been previously isolated, but a risk assessment convinced the engineering team to reintegrate the systems. Because the systems were isolated, the risk associated with vulnerabilities was low. Which of the following should the security team recommend be performed before migrating these servers to the cloud?

Options:

A.

Performing patching and hardening

B.

Deploying host and network IDS

C.

Implementing least functionality and time-based access

D.

Creating a honeypot and adding decoy files

Question 9

A company with customers in the United States and Europe wants to ensure its content is delivered to end users with low latency. Content includes both sensitive and public information. The company's data centers are located on the West Coast of the United States. Users on the East Coast of the United States and users in Europe are experiencing slow application response. Which of the following would allow the company to improve application response quickly?

Options:

A.

Installing reverse caching proxies in both data centers and implementing proxy auto scaling

B.

Using HTTPS to serve sensitive content and HTTP for public content

C.

Using colocation services in regions where the application response is slow

D.

Implementing a CDN and forcing all traffic through the CDN

Question 10

A control systems analyst is reviewing the defensive posture of engineering workstations on the shop floor. Upon evaluation, the analyst makes the following observations:

• Unsupported, end-of-life operating systems were still prevalent on the shop floor.

• There are no security controls for systems with supported operating systems.

• There is little uniformity of installed software among the workstations.

Which of the following would have the greatest impact on the attack surface?

Options:

A.

Deploy antivirus software to all of the workstations.

B.

Increase the level of monitoring on the workstations.

C.

Utilize network-based allow and block lists.

D.

Harden all of the engineering workstations using a common strategy.

Question 11

A Chief Information Security Officer is concerned about the condition of the code security being used for web applications. It is important to get the review right the first time, and the company is willing to use a tool that will allow developers to validate code as it is written. Which of the following methods should the company use?

Options:

A.

SAST

B.

DAST

C.

Fuzz testing

D.

Intercepting proxy

Question 12

A security team is concerned with attacks that are taking advantage of return-oriented programming against the company's public-facing applications. Which of the following should the company implement on the public-facing servers?

Options:

A.

IDS

B.

ASLR

C.

TPM

D.

HSM

Question 13

The information security manager at a 24-hour manufacturing facility is reviewing a contract for potential risks to the organization. The contract pertains to the support of printers and multifunction devices during non-standard business hours. Which of the following will the security manager most likely identify as a risk?

Options:

A.

Print configurations settings for locked print jobs

B.

The lack of an NDA with the company that supports its devices

C.

The lack of an MSA to govern other services provided by the service provider

D.

The lack of chain of custody for devices prior to deployment at the company

Question 14

A pharmaceutical company uses a cloud provider to host thousands of independent resources in object storage. The company needs a practical and effective means of discovering data, monitoring changes, and identifying suspicious activity. Which of the following would best meet these requirements?

Options:

A.

A machine-learning-based data security service

B.

A file integrity monitoring service

C.

A cloud configuration assessment and compliance service

D.

An automated data classification system

Question 15

A network security engineer is designing a three-tier web architecture that will allow a third-party vendor to perform the following audit functions within the organization's cloud environment

• Review communication between all infrastructure endpoints

• Identify unauthorized and malicious data patterns

• Perform automated, risk-mitigating configuration changes

Which of the following should the network security engineer include in the design to address these requirements?

Options:

A.

Network edge NIPS

B.

Centralized syslog

C.

Traffic mirroring

D.

Network flow

Question 16

A company wants to reduce its backup storage requirement and is undertaking a data cleanup project. Which of the following should a security administrator consider first when determining which data should be deleted?

Options:

A.

Retention schedules

B.

Classification levels

C.

Sanitization requirements

D.

Data labels

E.

File size

Question 17

An organization has an operational requirement with a specific equipment vendor The organization is located in the United States, but the vendor is located in another region Which of the following risks would be most concerning to the organization in the event of equipment failure?

Options:

A.

Support may not be available during all business hours

B.

The organization requires authorized vendor specialists.

C.

Each region has different regulatory frameworks to follow

D.

Shipping delays could cost the organization money

Question 18

An IDS was unable to detect malicious network traffic during a recent security incident, even though all traffic was being sent using HTTPS. As a result, a website used by employees was compromised. Which of the following detection mechanisms would allow the IDS to detect an attack like this one in the future?

Options:

A.

Deobfuscation

B.

Protocol decoding

C.

Inspection proxy

D.

Digital rights management

Question 19

A company would like to move its payment card data to a cloud provider. Which of the following solutions will best protect account numbers from unauthorized disclosure?

Options:

A.

Storing the data in an encoded file

B.

Implementing database encryption at rest

C.

Only storing tokenized card data

D.

Implementing data field masking

Question 20

Which of the following describes how a risk assessment is performed when an organization has a critical vendor that provides multiple products?

Options:

A.

At the individual product level

B.

Through the selection of a random product

C.

Using a third-party audit report

D.

By choosing a major product

Question 21

A company's Chief Information Security Officer wants to prevent the company from being the target of ransomware. The company's IT assets need to be protected. Which of the following are the most secure options to address these concerns? (Select three).

Options:

A.

Antivirus

B.

EDR

C.

Sand boxing

D.

Application control

E.

Host-based firewall

F.

IDS

G.

SIEM

Question 22

Which of the following best describes what happens if chain of custody is broken?

Options:

A.

Tracking record details are not properly labeled.

B.

Vital evidence could be deemed inadmissible.

C.

Evidence is not exhibited in the court of law.

D.

Evidence will need to be recollected.

Question 23

A bank hired a security architect to improve its security measures against the latest threats The solution must meet the following requirements

• Recognize and block fake websites

• Decrypt and scan encrypted traffic on standard and non-standard ports

• Use multiple engines for detection and prevention

• Have central reporting

Which of the following is the BEST solution the security architect can propose?

Options:

A.

CASB

B.

Web filtering

C.

NGFW

D.

EDR

Question 24

The Chief Executive Officer of an online retailer notices a sudden drop in sales A security analyst at the retailer detects a redirection of unsecure web traffic to a competitor's site Which of the following would best prevent this type of attack?

Options:

A.

Enabling HSTS

B.

Configuring certificate pinning

C.

Enforcing DNSSEC

D.

Deploying certificate stapling

Question 25

A junior security researcher has identified a buffer overflow vulnerability leading to remote code execution in a former employer's software. The security researcher asks for the manager's advice on the vulnerability submission process. Which of the following is the best advice the current manager can provide the security researcher?

Options:

A.

Collect proof that the exploit works in order to expedite the process.

B.

Publish proof-of-concept exploit code on a personal blog.

C.

Recommend legal consultation about the process.

D.

Visit a bug bounty website for the latest information.

Question 26

Which of the following should an organization implement to prevent unauthorized API key sharing?

Options:

A.

OTP

B.

Encryption

C.

API gateway

D.

HSM

Question 27

When implementing serverless computing an organization must still account for:

Options:

A.

the underlying computing network infrastructure

B.

hardware compatibility

C.

the security of its data

D.

patching the service

Question 28

Two companies that recently merged would like to unify application access between the companies, without initially merging internal authentication stores. Which of the following technical strategies would best meet this objective?

Options:

A.

Federation

B.

RADIUS

C.

TACACS+

D.

MFA

E.

ABAC

Question 29

After investigating a recent security incident, a SOC analyst is charged with creating a reference guide for the entire team to use. Which of the following should the analyst create to address future incidents?

Options:

A.

Root cause analysis

B.

Communication plan

C.

Runbook

D.

Lessons learned

Question 30

A security analyst has been provided the following partial Snort IDS rule to review and add into the company's Snort IDS to identify a CVE:

Which of the following should the analyst recommend to mitigate this type of vulnerability?

Options:

A.

IPSec rules

B.

OS patching

C.

Two-factor authentication

D.

TCP wrappers

Question 31

A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?

Options:

A.

Create a rule lo authorize personnel only from certain IPs to access the files

B.

Assign labels to the files and require formal access authorization

C.

Assign attributes to each file and allow authorized users to share the files

D.

Assign roles to users and authorize access to files based on the roles

Question 32

A software development company wants to ensure that users can confirm the software is legitimate when installing it. Which of the following is the best way for the company to achieve this security objective?

Options:

A.

Code signing

B.

Non-repudiation

C.

Key escrow

D.

Private keys

Question 33

An organization is designing a MAC scheme (or critical servers running GNU/Linux. The security engineer is investigating SELinux but is confused about how to read labeling contexts. The engineer executes the command stat ./secretfile and receives the following output:

Which of the following describes the correct order of labels shown in the output above?

Options:

A.

Role, type MLS level, and user identity

B.

Role, user identity, object, and MLS level

C.

Object MLS level, role, and type

D.

User identity, role, type, and MLS level

E.

Object, user identity, role, and MLS level

Question 34

A cyberanalyst has been tasked with recovering PDF files from a provided image file. Which of the following is the best file-carving tool for PDF recovery?

Options:

A.

objdump

B.

Strings

C.

dd

D.

Foremost

Question 35

Signed applications reduce risks by:

Options:

A.

encrypting the application's data on the device.

B.

requiring the developer to use code-level hardening techniques.

C.

providing assurance that the application is using unmodified source code.

D.

costing the developer money to publish, which reduces the likelihood of malicious intent.

Question 36

Which of the following provides the best solution for organizations that want to securely back up the MFA seeds for its employees in a central, offline location with minimal

management overhead?

Options:

A.

Key escrow service

B.

Secrets management

C.

Encrypted database

D.

Hardware security module

Question 37

A mobile application developer is creating a global, highly scalable, secure chat application. The developer would like to ensure the application is not susceptible to on-path attacks while the user is traveling in potentially hostile regions. Which of the following would BEST achieve that goal?

Options:

A.

Utilize the SAN certificate to enable a single certificate for all regions.

B.

Deploy client certificates to all devices in the network.

C.

Configure certificate pinning inside the application.

D.

Enable HSTS on the application's server side for all communication.

Question 38

The management team at a company with a large, aging server environment is conducting a server risk assessment in order to create a replacement strategy. The replacement strategy will be based upon the likelihood a server will fail, regardless of the criticality of the application running on a particular server. Which of the following should be used to prioritize the server replacements?

Options:

A.

SLE

B.

MTTR

C.

TCO

D.

MTBF

E.

MSA

Question 39

A software company is developing an application in which data must be encrypted with a cipher that requires the following:

* Initialization vector

* Low latency

* Suitable for streaming

Which of the following ciphers should the company use?

Options:

A.

Cipher feedback

B.

Cipher block chaining message authentication code

C.

Cipher block chaining

D.

Electronic codebook

Question 40

Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the

website and capturing tramc via Wire-shark. The security architect finds that the issue is the time required to validate the certificate. Which of the following solutions should the security architect

recommend?

Options:

A.

Adding more nodes to the web server clusters

B.

Changing the cipher algorithm used on the web server

C.

Implementing OCSP stapling on the server

D.

Upgrading to TLS 1.3

Question 41

A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer

facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead

and be resistant to offline password attacks. Which of the following should the security consultant recommend?

Options:

A.

WPA2-Preshared Key

B.

WPA3-Enterprise

C.

WPA3-Personal

D.

WPA2-Enterprise

Question 42

A security solution uses a sandbox environment to execute zero-day software and collect indicators of compromise. Which of the following should the organization do to BEST take advantage of this solution?

Options:

A.

Develop an Nmap plug-in to detect the indicator of compromise.

B.

Update the organization's group policy.

C.

Include the signature in the vulnerability scanning tool.

D.

Deliver an updated threat signature throughout the EDR system

Question 43

Which of the following BEST describes a common use case for homomorphic encryption ?

Options:

A.

Processing data on a server after decrypting in order to prevent unauthorized access in transit

B.

Maintaining the confidentiality of data both at rest and in transit to and from a CSP for processing

C.

Transmitting confidential data to a CSP for processing on a large number of resources without revealing information

D.

Storing proprietary data across multiple nodes in a private cloud to prevent access by unauthenticated users

Question 44

A network administrator receives a ticket regarding an error from a remote worker who is trying to reboot a laptop. The laptop has not yet loaded the operating system, and the user is unable to continue the boot process. The administrator is able to provide the user with a recovery PIN, and the user is able to reboot the system and access the device as needed. Which of the following is the MOST likely cause of the error?

Options:

A.

Lockout of privileged access account

B.

Duration of the BitLocker lockout period

C.

Failure of the Kerberos time drift sync

D.

Failure of TPM authentication

Question 45

A hospitality company experienced a data breach that included customer Pll. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service. Which of the following is the BEST solution to help prevent this type of attack in the future?

Options:

A.

NGFW for web traffic inspection and activity monitoring

B.

CSPM for application configuration control

C.

Targeted employee training and awareness exercises

D.

CASB for OAuth application permission control

Question 46

A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs

in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?

Options:

A.

Reviewing video from IP cameras within the facility

B.

Reconfiguring the SIEM connectors to collect data from the perimeter network hosts

C.

Implementing integrity checks on endpoint computing devices

D.

Looking for privileged credential reuse on the network

Question 47

A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability. Which of the following would BEST resolve and mitigate the issue? (Select TWO).

Options:

A.

Deploying a WAF signature

B.

Fixing the PHP code

C.

Changing the web server from HTTPS to HTTP

D.

UsingSSLv3

E.

Changing the code from PHP to ColdFusion

F.

Updating the OpenSSL library

Question 48

A security engineer is implementing a server-side TLS configuration that provides forward secrecy and authenticated encryption with associated data. Which of the following algorithms, when combined into a cipher suite, will meet these requirements? (Choose three.)

Options:

A.

EDE

B.

CBC

C.

GCM

D.

AES

E.

RSA

F.

RC4

G.

ECDSA

Question 49

A third-party organization has implemented a system that allows it to analyze customers' data and deliver analysis results without being able to see the raw data. Which of the following is the organization implementing?

Options:

A.

Asynchronous keys

B.

Homomorphic encryption

C.

Data lake

D.

Machine learning

Question 50

In order to authenticate employees who, call in remotely, a company's help desk staff must be able to view partial Information about employees because the full information may be considered sensitive. Which of the following solutions should be implemented to authenticate employees?

Options:

A.

Data scrubbing

B.

Field masking

C.

Encryption in transit

D.

Metadata

Question 51

An organization is running its e-commerce site in the cloud. The capacity is sufficient to meet the organization's needs throughout most of the year, except during the holidays when the organization plans to introduce a new line of products and expects an increase in traffic. The organization is not sure how well its products will be received. To address this issue, the organization needs to ensure that:

* System capacity is optimized.

* Cost is reduced.

Which of the following should be implemented to address these requirements? (Select TWO).

Options:

A.

Containerization

B.

Load balancer

C.

Microsegmentation

D.

Autoscaling

E.

CDN

F.

WAF

Question 52

A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites. Which of the following would BEST support multiple domain names while minimizing the amount of certificates needed?

Options:

A.

ocsp

B.

CRL

C.

SAN

D.

CA

Question 53

A pharmaceutical company was recently compromised by ransomware. Given the following EDR output from the process investigation:

On which of the following devices and processes did the ransomware originate?

Options:

A.

cpt-ws018, powershell.exe

B.

cpt-ws026, DearCry.exe

C.

cpt-ws002, NO-AV.exe

D.

cpt-ws026, NO-AV.exe

E.

cpt-ws002, DearCry.exe

Question 54

A CSP, which wants to compete in the market, has been approaching companies in an attempt to gain business. The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following would be the MOST significant business risk to a company that signs a contract with this CSP?

Options:

A.

Resource exhaustion

B.

Geographic location

C.

Control plane breach

D.

Vendor lock-in

Question 55

A security engineer performed an assessment on a recently deployed web application. The engineer was able to exfiltration a company report by visiting the following URL:

www.intranet.abc.com/get-files.jsp?file=report.pdf

Which of the following mitigation techniques would be BEST for the security engineer to recommend?

Options:

A.

Input validation

B.

Firewall

C.

WAF

D.

DLP

Question 56

A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires:

• All remote devices to have up-to-date antivirus

• An up-to-date and patched OS

Which of the following technologies should the company deploy to meet its security objectives? (Select TWO)_

Options:

A.

NAC

B.

WAF

C.

NIDS

D.

Reverse proxy

E.

NGFW

F.

Bastion host

Question 57

A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor-effective way possible. Which of the following will the developer MOST likely implement?

Options:

A.

Certificate chain

B.

Root CA

C.

Certificate pinning

D.

CRL

E.

OCSP

Question 58

A security consultant is designing an infrastructure security solution for a client company that has provided the following requirements:

• Access to critical web services at the edge must be redundant and highly available.

• Secure access services must be resilient to a proprietary zero-day vulnerability in a single component.

• Automated transition of secure access solutions must be able to be triggered by defined events or manually by security operations staff.

Which of the following solutions BEST meets these requirements?

Options:

A.

Implementation of multiple IPSec VPN solutions with diverse endpoint configurations enabling user optionality in the selection of a remote access provider

B.

Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks.

C.

Two separate secure access solutions orchestrated by SOAR with components provided by the same vendor for compatibility.

D.

Reverse TLS proxy configuration using OpenVPN/OpenSSL with scripted failover functionality that connects critical web services out to endpoint computers.

Question 59

An investigator is attempting to determine if recent data breaches may be due to issues with a company's web server that offers news subscription services. The investigator has gathered the following

data:

• Clients successfully establish TLS connections to web services provided by the server.

• After establishing the connections, most client connections are renegotiated

• The renegotiated sessions use cipher suite SHR.

Which of the following is the MOST likely root cause?

Options:

A.

The clients disallow the use of modern cipher suites

B.

The web server is misconfigured to support HTTP/1.1.

C.

A ransomware payload dropper has been installed

D.

An entity is performing downgrade attacks on path

Question 60

An organization established an agreement with a partner company for specialized help desk services. A senior security officer within the organization Is tasked with providing documentation required to set up a dedicated VPN between the two entities. Which of the following should be required?

Options:

A.

SLA

B.

ISA

C.

NDA

D.

MOU

Question 61

The Chief Information Security Officer (CISO) is working with a new company and needs a legal “document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign?

Options:

A.

SLA

B.

ISA

C.

Permissions and access

D.

Rules of engagement

Question 62

An administrator at a software development company would like to protect the integrity of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the

signature failing?

Options:

A.

The NTP server is set incorrectly for the developers

B.

The CA has included the certificate in its CRL.

C.

The certificate is set for the wrong key usage.

D.

Each application is missing a SAN or wildcard entry on the certificate

Question 63

A security administrator wants to detect a potential forged sender claim in tt-e envelope of an email. Which of the following should the security administrator implement? (Select TWO).

Options:

A.

MX record

B.

DMARC

C.

SPF

D.

DNSSEC

E.

S/MIME

F.

TLS

Question 64

In a shared responsibility model for PaaS, which of the following is a customer's responsibility?

Options:

A.

Network security

B.

Physical security

C.

OS security

D.

Host infrastructure

Question 65

In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:

Options:

A.

cloud-native applications.

B.

containerization.

C.

serverless configurations.

D.

software-defined netWorking.

E.

secure access service edge.

Question 66

A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following:

• The highest form Of web identity validation

• Encryption of all web transactions

• The strongest encryption in-transit

• Logical separation based on data sensitivity

Other things that should be considered include:

• The company operates multiple other websites that use encryption.

• The company wants to minimize total expenditure.

• The company wants to minimize complexity

Which of the following should the company implement on its new website? (Select TWO).

Options:

A.

Wildcard certificate

B.

EV certificate

C.

Mutual authentication

D.

Certificate pinning

E.

SSO

F.

HSTS

Question 67

A systems administrator was given the following IOC to detect the presence of a malicious piece of software communicating with its command-and-control server:

post /malicious. php

User-Agent: Malicious Tool V 1.0

Host: www.rcalicious.com

The IOC documentation suggests the URL is the only part that could change. Which of the following regular expressions would allow the systems administrator to determine if any of the company hosts are compromised, while reducing false positives?

Options:

A.

User-Agent: Malicious Tool. *

B.

www\. malicious\. com\/malicious. php

C.

POST /malicious\. php

D.

Hose: [a-2] *\.malicious\.com

E.

malicious. *

Question 68

A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by reducing the risk of on-path attacks between the mobile

client and its servers and by implementing stronger digital trust. To support users' trust, the company has released the following internal guidelines:

• Mobile clients should verify the identity of all social media servers locally.

• Social media servers should improve TLS performance of their certificate status

• Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Options:

A.

Quick UDP internet connection

B.

OCSP stapling

C.

Private CA

D.

DNSSEC

E.

CRL

F.

HSTS

G.

Distributed object model

Question 69

A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in

the service being unavailable. V•Vh1ch of the following would BEST prevent this scenario from happening again?

Options:

A.

Performing routine tabletop exercises

B.

Implementing scheduled, full interruption tests

C.

Backing up system log reviews

D.

Performing department disaster recovery walk-throughs

Question 70

An organization is moving its intellectual property data from on premises to a CSP and wants to secure the data from theft. Which of the following can be used to mitigate this risk?

Options:

A.

An additional layer of encryption

B.

A third-party data integrity monitoring solution

C.

A complete backup that is created before moving the data

D.

Additional application firewall rules specific to the migration

Question 71

The CI/CD pipeline requires code to have close to zero defects and zero vulnerabilities. The current process for any code releases into production uses two-week Agile sprints. Which of the following would BEST meet the requirement?

Options:

A.

An open-source automation server

B.

A static code analyzer

C.

Trusted open-source libraries

D.

A single code repository for all developers

Question 72

In a cloud environment, the provider offers relief to an organization's teams by sharing in many of the operational duties. In a shared responsibility model, which of the following responsibilities belongs to the provider in a Paas implementation?

Options:

A.

Application-specific data assets

B.

Application user access management

C.

Application-specific logic and code

D.

Application/platform software

Question 73

A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?

Options:

A.

MD5-based envelope method

B.

HMAC SHA256

C.

PBKDF2

D.

PGP

Question 74

A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert.

Based on this information, the security analyst acknowledges this alert Which of the following event classifications is MOST likely the reason for this action?

Options:

A.

True negative

B.

False negative

C.

False positive

D.

Non-automated response

Question 75

Which of the following describes the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely?

Options:

A.

Key escrow

B.

TPM

C.

Trust models

D.

Code signing

Question 76

A company wants to refactor a monolithic application to take advantage of cloud native services and service microsegmentation to secure sensitive application components. Which of the following should the company implement to ensure the architecture is portable?

Options:

A.

Virtualized emulators

B.

Type 2 hypervisors

C.

Orchestration

D.

Containerization

Question 77

A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by re reducing the risk of on-path attacks between the mobile client and its servers and

by implementing stronger digital trust. To support users’ trust, the company has released the following internal guidelines:

* Mobile clients should verify the identity of all social media servers locally.

* Social media servers should improve TLS performance of their certificate status.

+ Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Options:

A.

Quick UDP internet connection

B.

OCSP stapling

C.

Private CA

D.

DNSSEC

E.

CRL

F.

HSTS

G.

Distributed object model

Question 78

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should the analyst use NEXT?

Options:

A.

Software Decomplier

B.

Network enurrerator

C.

Log reduction and analysis tool

D.

Static code analysis

Question 79

A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup. Which of the following solutions will BEST meet this requirement?

Options:

A.

Mirror the blobs at a local data center.

B.

Enable fast recovery on the storage account.

C.

Implement soft delete for blobs.

D.

Make the blob immutable.

Question 80

A host on a company’s network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.

Which of the following steps would be best to perform FIRST?

Options:

A.

Turn off the infected host immediately.

B.

Run a full anti-malware scan on the infected host.

C.

Modify the smb.conf file of the host to prevent outgoing SMB connections.

D.

Isolate the infected host from the network by removing all network connections.

Question 81

A company is looking at sending historical backups containing customer PII to a cloud service provider to save on storage costs. Which of the following is the MOST important consideration before making this decision?

Options:

A.

Availability

B.

Data sovereignty

C.

Geography

D.

Vendor lock-in

Question 82

A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM an downloaded the image to a secured USB drive to share with the government. Which of the following should be taken into consideration during the process of releasing the drive to the government?

Options:

A.

Encryption in transit

B.

Legal issues

C.

Chain of custody

D.

Order of volatility

E.

Key exchange

Question 83

A security analyst wants to keep track of alt outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT. which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?

Options:

A.

X-Forwarded-Proto

B.

X-Forwarded-For

C.

Cache-Control

D.

Strict-Transport-Security

E.

Content-Security-Policy

Question 84

A security architect is designing a solution for a new customer who requires significant security capabilities in its environment. The customer has provided the architect with the following set of requirements:

* Capable of early detection of advanced persistent threats.

* Must be transparent to users and cause no performance degradation.

+ Allow integration with production and development networks seamlessly.

+ Enable the security team to hunt and investigate live exploitation techniques.

Which of the following technologies BEST meets the customer's requirements for security capabilities?

Options:

A.

Threat Intelligence

B.

Deception software

C.

Centralized logging

D.

Sandbox detonation

Question 85

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.

Which of the following should the organization perform NEXT?

Options:

A.

Assess the residual risk.

B.

Update the organization’s threat model.

C.

Move to the next risk in the register.

D.

Recalculate the magnitude of impact.

Question 86

A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through the main office infrastructure. Doing this would prevent remote users from accessing the Internet through their local networks while connected to the VPN.

Which of the following solutions does this describe?

Options:

A.

Full tunneling

B.

Asymmetric routing

C.

SSH tunneling

D.

Split tunneling

Question 87

A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured:

Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?

A) Personal health information: Inform the human resources department of the breach and review the DLP logs.

В) Account history; Inform the relationship managers of the breach and create new accounts for the affected users.

C) Customer IDs: Inform the customer service department of the breach and work to change the account numbers.

D) PAN: Inform the legal department of the breach and look for this data in dark web monitoring.

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 88

A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access. Which of the following risk techniques did the department use in this situation?

А. Accept

В. Avoid

C. Transfer

D. Mitigate

Options:

Question 89

An organization's finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card data. Which of the following commands should

the analyst run to BEST determine whether financial data was lost?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 90

Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical according to CVSS to be fixed or mitigated. A security analyst notices that many vulnerabilities that were previously scored as medium are now breaching higher thresholds. Upon further investigation, the analyst notices certain ratings are not aligned with the approved system categorization. Which of the following can the analyst do to get a better picture of the risk while adhering to the organization's policy?

Options:

A.

Align the exploitability metrics to the predetermined system categorization.

B.

Align the remediation levels to the predetermined system categorization.

C.

Align the impact subscore requirements to the predetermined system categorization.

D.

Align the attack vectors to the predetermined system categorization.

Question 91

A business wants to migrate its workloads from an exclusively on-premises IT infrastructure to the cloud but cannot implement all the required controls. Which of the following BEST describes the risk associated with this implementation?

Options:

A.

Loss of governance

B.

Vendor lockout

C.

Compliance risk

D.

Vendor lock-in

Question 92

A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP. Block is an except of output from the troubleshooting session:

Which of the following BEST explains why secure LDAP is not working? (Select TWO.)

Options:

A.

The clients may not trust idapt by default.

B.

The secure LDAP service is not started, so no connections can be made.

C.

Danvills.com is under a DDoS-inator attack and cannot respond to OCSP requests.

D.

Secure LDAP should be running on UDP rather than TCP.

E.

The company is using the wrong port. It should be using port 389 for secure LDAP.

F.

Secure LDAP does not support wildcard certificates.

G.

The clients may not trust Chicago by default.

Question 93

An auditor Is reviewing the logs from a web application to determine the source of an Incident. The web application architecture Includes an Internet-accessible application load balancer, a number of web servers In a private subnet, application servers, and one database server In a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets:

Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?

Options:

A.

Enable the x-Forwarded-For header al the load balancer.

B.

Install a software-based HIDS on the application servers.

C.

Install a certificate signed by a trusted CA.

D.

Use stored procedures on the database server.

E.

Store the value of the $_server ( ‘ REMOTE_ADDR ' ] received by the web servers.

Question 94

A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?

Options:

A.

DLP

B.

Mail gateway

C.

Data flow enforcement

D.

UTM

Question 95

The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified. Which of the following should the incident response team perform to understand the crash and prevent it in the future?

Options:

A.

Root cause analysis

B.

Continuity of operations plan

C.

After-action report

D.

Lessons learned

Question 96

An organization’s existing infrastructure includes site-to-site VPNs between datacenters. In the past year, a sophisticated attacker exploited a zero-day vulnerability on the VPN concentrator. Consequently,

the Chief Information Security Officer (CISO) is making infrastructure changes to mitigate the risk of service loss should another zero-day exploit be used against the VPN solution.

Which of the following designs would be BEST for the CISO to use?

Options:

A.

Adding a second redundant layer of alternate vendor VPN concentrators

B.

Using Base64 encoding within the existing site-to-site VPN connections

C.

Distributing security resources across VPN sites

D.

Implementing IDS services with each VPN concentrator

E.

Transitioning to a container-based architecture for site-based services

Question 97

An auditor needs to scan documents at rest for sensitive text. These documents contain both text and Images. Which of the following software functionalities must be enabled in the DLP solution for the auditor to be able to fully read these documents? (Select TWO).

Options:

A.

Document interpolation

B.

Regular expression pattern matching

C.

Optical character recognition functionality

D.

Baseline image matching

E.

Advanced rasterization

F.

Watermarking

Question 98

An analyst received a list of IOCs from a government agency. The attack has the following characteristics:

1. The attack starts with bulk phishing.

2. If a user clicks on the link, a dropper is downloaded to the computer.

3. Each of the malware samples has unique hashes tied to the user.

The analyst needs to identify whether existing endpoint controls are effective. Which of the following risk mitigation techniques should the analyst use?

Options:

A.

Update the incident response plan.

B.

Blocklist the executable.

C.

Deploy a honeypot onto the laptops.

D.

Detonate in a sandbox.

Question 99

A software company wants to build a platform by integrating with another company's established product. Which of the following provisions would be MOST important to include when drafting an agreement between the two companies?

Options:

A.

Data sovereignty

B.

Shared responsibility

C.

Source code escrow

D.

Safe harbor considerations

Question 100

Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?

Options:

A.

E-discovery

B.

Review analysis

C.

Information governance

D.

Chain of custody

Question 101

A review of the past year’s attack patterns shows that attackers stopped reconnaissance after finding a susceptible system to compromise. The company would like to find a way to use this information to protect the environment while still gaining valuable attack information.

Which of the following would be BEST for the company to implement?

Options:

A.

A WAF

B.

An IDS

C.

A SIEM

D.

A honeypot

Question 102

A company wants to quantify and communicate the effectiveness of its security controls but must establish measures. Which of the following is MOST likely to be included in an effective assessment roadmap for these controls?

Options:

A.

Create a change management process.

B.

Establish key performance indicators.

C.

Create an integrated master schedule.

D.

Develop a communication plan.

E.

Perform a security control assessment.

Question 103

Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?

Options:

A.

Traffic interceptor log analysis

B.

Log reduction and visualization tools

C.

Proof of work analysis

D.

Ledger analysis software

Question 104

The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank’s risk committee is to ensure:

Options:

A.

Budgeting for cybersecurity increases year over year.

B.

The committee knows how much work is being done.

C.

Business units are responsible for their own mitigation.

D.

The bank is aware of the status of cybersecurity risks

Question 105

A small business would like to provide guests who are using mobile devices encrypted WPA3 access without first distributing PSKs or other credentials. Which of the following features will enable the business to meet this objective?

Options:

A.

Simultaneous Authentication of Equals

B.

Enhanced open

C.

Perfect forward secrecy

D.

Extensible Authentication Protocol

Question 106

A company wants to improve Its active protection capabilities against unknown and zero-day malware. Which of the following Is the MOST secure solution?

Options:

A.

NIDS

B.

Application allow list

C.

Sandbox detonation

D.

Endpoint log collection

E.

HIDS

Question 107

A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment.

Which of the following should the security administrator do to mitigate the risk?

Options:

A.

Explain to the networking team the reason Flash is no longer available and insist the team move up the timetable for replacement.

B.

Air gap the legacy system from the network and dedicate a laptop with an end-of-life OS on it to connect to the system via crossover cable for management.

C.

Suggest that the networking team contact the original embedded system’s vendor to get an update to the system that does not require Flash.

D.

Isolate the management interface to a private VLAN where a legacy browser in a VM can be used as needed to manage the system.

Question 108

A security architect is tasked with scoping a penetration test that will start next month. The architect wants to define what security controls will be impacted. Which of the following would be the BEST document to consult?

Options:

A.

Rules of engagement

B.

Master service agreement

C.

Statement of work

D.

Target audience

Question 109

A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?

Options:

A.

Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2.

B.

Take an MD5 hash of the server.

C.

Delete all PHI from the network until the legal department is consulted.

D.

Consult the legal department to determine the legal requirements.

Question 110

A company just released a new video card. Due to limited supply and nigh demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's Intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?

Options:

A.

Inherent

Low

B.

Mitigated

C.

Residual

D.

Transferred

Question 111

A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders. Which of the following techniques would the company use to evaluate data confidentiality controls?

Options:

A.

Eavesdropping

B.

On-path

C.

Cryptanalysis

D.

Code signing

E.

RF sidelobe sniffing

Question 112

An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk?

Options:

A.

SDLC attack

B.

Side-load attack

C.

Remote code signing

D.

Supply chain attack

Question 113

Which of the following technologies allows CSPs to add encryption across multiple data storages?

Options:

A.

Symmetric encryption

B.

Homomorphic encryption

C.

Data dispersion

D.

Bit splitting

Question 114

An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application is released to the public, report come In that a previously vulnerability has returned. Which of the following should the developer integrate into the process to BEST prevent this type of behavior?

Options:

A.

Peer review

B.

Regression testing

C.

User acceptance

D.

Dynamic analysis

Question 115

A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization.

Which of the following actions would BEST resolve the issue? (Choose two.)

Options:

A.

Conduct input sanitization.

B.

Deploy a SIEM.

C.

Use containers.

D.

Patch the OS

E.

Deploy a WAF.

F.

Deploy a reverse proxy

G.

Deploy an IDS.

Question 116

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.

Which of the following would BEST secure the company’s CI/CD pipeline?

Options:

A.

Utilizing a trusted secrets manager

B.

Performing DAST on a weekly basis

C.

Introducing the use of container orchestration

D.

Deploying instance tagging

Question 117

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

Options:

A.

0.5

B.

8

C.

50

D.

36,500

Question 118

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.

Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

Options:

A.

Execute never

B.

No-execute

C.

Total memory encryption

D.

Virtual memory encryption

Question 119

A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks.

Which of the following would be the BEST solution against this type of attack?

Options:

A.

Cookies

B.

Wildcard certificates

C.

HSTS

D.

Certificate pinning

Question 120

A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered data. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements.

Which of the following would MOST likely help the company gain consensus to move the data to the cloud?

Options:

A.

Designing data protection schemes to mitigate the risk of loss due to multitenancy

B.

Implementing redundant stores and services across diverse CSPs for high availability

C.

Emulating OS and hardware architectures to blur operations from CSP view

D.

Purchasing managed FIM services to alert on detected modifications to covered data

Question 121

During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.

Which of the following processes would BEST satisfy this requirement?

Options:

A.

Monitor camera footage corresponding to a valid access request.

B.

Require both security and management to open the door.

C.

Require department managers to review denied-access requests.

D.

Issue new entry badges on a weekly basis.

Question 122

A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services.

Which of the following should be modified to prevent the issue from reoccurring?

Options:

A.

Recovery point objective

B.

Recovery time objective

C.

Mission-essential functions

D.

Recovery service level

Question 123

Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.

Based on RPO requirements, which of the following recommendations should the management team make?

Options:

A.

Leave the current backup schedule intact and pay the ransom to decrypt the data.

B.

Leave the current backup schedule intact and make the human resources fileshare read-only.

C.

Increase the frequency of backups and create SIEM alerts for IOCs.

D.

Decrease the frequency of backups and pay the ransom to decrypt the data.

Question 124

During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.

Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

Options:

A.

Spawn a shell using sudo and an escape string such as sudo vim -c ‘!sh’.

B.

Perform ASIC password cracking on the host.

C.

Read the /etc/passwd file to extract the usernames.

D.

Initiate unquoted service path exploits.

E.

Use the UNION operator to extract the database schema.

Question 125

A small company recently developed prototype technology for a military program. The company’s security engineer is concerned about potential theft of the newly developed, proprietary information.

Which of the following should the security engineer do to BEST manage the threats proactively?

Options:

A.

Join an information-sharing community that is relevant to the company.

B.

Leverage the MITRE ATT&CK framework to map the TTR.

C.

Use OSINT techniques to evaluate and analyze the threats.

D.

Update security awareness training to address new threats, such as best practices for data security.

Question 126

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.

Which of the following is the BEST solution?

Options:

A.

Deploy an RA on each branch office.

B.

Use Delta CRLs at the branches.

C.

Configure clients to use OCSP.

D.

Send the new CRLs by using GPO.

Question 127

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.

Which of the following should be the analyst’s FIRST action?

Options:

A.

Create a full inventory of information and data assets.

B.

Ascertain the impact of an attack on the availability of crucial resources.

C.

Determine which security compliance standards should be followed.

D.

Perform a full system penetration test to determine the vulnerabilities.

Question 128

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

Leaked to the media via printing of the documents

Sent to a personal email address

Accessed and viewed by systems administrators

Uploaded to a file storage site

Which of the following would mitigate the department’s concerns?

Options:

A.

Data loss detection, reverse proxy, EDR, and PGP

B.

VDI, proxy, CASB, and DRM

C.

Watermarking, forward proxy, DLP, and MFA

D.

Proxy, secure VPN, endpoint encryption, and AV

Question 129

Due to locality and budget constraints, an organization’s satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.

Which of the following would be the BEST option to implement?

Options:

A.

Distributed connection allocation

B.

Local caching

C.

Content delivery network

D.

SD-WAN vertical heterogeneity

Question 130

A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate traffic.

Which of the following would satisfy the requirement?

Options:

A.

NIDS

B.

NIPS

C.

WAF

D.

Reverse proxy

Question 131

In preparation for the holiday season, a company redesigned the system that manages retail sales and moved it to a cloud service provider. The new infrastructure did not meet the company’s availability requirements. During a postmortem analysis, the following issues were highlighted:

1. International users reported latency when images on the web page were initially loading.

2. During times of report processing, users reported issues with inventory when attempting to place orders.

3. Despite the fact that ten new API servers were added, the load across servers was heavy at peak times.

Which of the following infrastructure design changes would be BEST for the organization to implement to avoid these issues in the future?

Options:

A.

Serve static content via distributed CDNs, create a read replica of the central database and pull reports from there, and auto-scale API servers based on performance.

B.

Increase the bandwidth for the server that delivers images, use a CDN, change the database to a non-relational database, and split the ten API servers across two load balancers.

C.

Serve images from an object storage bucket with infrequent read times, replicate the database across different regions, and dynamically create API servers based on load.

D.

Serve static-content object storage across different regions, increase the instance size on the managed relational database, and distribute the ten API servers across multiple regions.

Question 132

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:

Only users with corporate-owned devices can directly access servers hosted by the cloud provider.

The company can control what SaaS applications each individual user can access.

User browser activity can be monitored.

Which of the following solutions would BEST meet these requirements?

Options:

A.

IAM gateway, MDM, and reverse proxy

B.

VPN, CASB, and secure web gateway

C.

SSL tunnel, DLP, and host-based firewall

D.

API gateway, UEM, and forward proxy

Question 133

An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information.

Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?

Options:

A.

NIST

B.

GDPR

C.

PCI DSS

D.

ISO

Question 134

A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.

Which of the following would be BEST for the developer to perform? (Choose two.)

Options:

A.

Utilize code signing by a trusted third party.

B.

Implement certificate-based authentication.

C.

Verify MD5 hashes.

D.

Compress the program with a password.

E.

Encrypt with 3DES.

F.

Make the DACL read-only.

Question 135

A security analyst is reviewing the following output:

Which of the following would BEST mitigate this type of attack?

Options:

A.

Installing a network firewall

B.

Placing a WAF inline

C.

Implementing an IDS

D.

Deploying a honeypot

Question 136

A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements:

https://i.postimg.cc/8P9sB3zx/image.png

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

Options:

A.

TPM

B.

Local secure password file

C.

MFA

D.

Key vault

Question 137

UESTION NO: 36

Which of the following is a benefit of using steganalysis techniques in forensic response?

Options:

A.

Breaking a symmetric cipher used in secure voice communications

B.

Determining the frequency of unique attacks against DRM-protected media

C.

Maintaining chain of custody for acquired evidence

D.

Identifying least significant bit encoding of data in a .wav file

Question 138

A vulnerability analyst identified a zero-day vulnerability in a company’s internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one.

Which of the following would be BEST suited to meet these requirements?

Options:

A.

ARF

B.

ISACs

C.

Node.js

D.

OVAL

Question 139

A security analyst is investigating a possible buffer overflow attack. The following output was found on a user’s workstation:

graphic.linux_randomization.prg

Which of the following technologies would mitigate the manipulation of memory segments?

Options:

A.

NX bit

B.

ASLR

C.

DEP

D.

HSM

Question 140

A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:

Unauthorized insertions into application development environments

Authorized insiders making unauthorized changes to environment configurations

Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

Options:

A.

Perform static code analysis of committed code and generate summary reports.

B.

Implement an XML gateway and monitor for policy violations.

C.

Monitor dependency management tools and report on susceptible third-party libraries.

D.

Install an IDS on the development subnet and passively monitor for vulnerable services.

E.

Model user behavior and monitor for deviations from normal.

F.

Continuously monitor code commits to repositories and generate summary logs.

Question 141

A Chief Information Officer is considering migrating all company data to the cloud to save money on expensive SAN storage.

Which of the following is a security concern that will MOST likely need to be addressed during migration?

Options:

A.

Latency

B.

Data exposure

C.

Data loss

D.

Data dispersion

Question 142

A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

Options:

A.

Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

B.

Required all laptops to connect to the VPN before accessing email.

C.

Implement cloud-based content filtering with sandboxing capabilities.

D.

Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Question 143

An organization wants to perform a scan of all its systems against best practice security configurations.

Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machine-readable checklist format for fill automation? (Choose two.)

Options:

A.

ARF

B.

XCCDF

C.

CPE

D.

CVE

E.

CVSS

F.

OVAL

Question 144

A threat hunting team receives a report about possible APT activity in the network.

Which of the following threat management frameworks should the team implement?

Options:

A.

NIST SP 800-53

B.

MITRE ATT&CK

C.

The Cyber Kill Chain

D.

The Diamond Model of Intrusion Analysis

Question 145

An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items.

Which of the following phases establishes the identification and prioritization of critical systems and functions?

Options:

A.

Review a recent gap analysis.

B.

Perform a cost-benefit analysis.

C.

Conduct a business impact analysis.

D.

Develop an exposure factor matrix.

Question 146

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Which of the following is MOST likely the root cause?

Options:

A.

The client application is testing PFS.

B.

The client application is configured to use ECDHE.

C.

The client application is configured to use RC4.

D.

The client application is configured to use AES-256 in GCM.

Question 147

An organization is planning for disaster recovery and continuity of operations.

INSTRUCTIONS

Review the following scenarios and instructions. Match each relevant finding to the affected host.

After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Each finding may be used more than once.

If at any time you would like to bring back the initial state of the simul-ation, please click the Reset All button.

Options:

Question 148

A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed.

Which of the following will allow the inspection of the data without multiple certificate deployments?

Options:

A.

Include all available cipher suites.

B.

Create a wildcard certificate.

C.

Use a third-party CA.

D.

Implement certificate pinning.

Question 149

A security analyst discovered that the company’s WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:

Which of the following would BEST mitigate this vulnerability?

Options:

A.

CAPTCHA

B.

Input validation

C.

Data encoding

D.

Network intrusion prevention

Question 150

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.

Which of the following should the security team recommend FIRST?

Options:

A.

Investigating a potential threat identified in logs related to the identity management system

B.

Updating the identity management system to use discretionary access control

C.

Beginning research on two-factor authentication to later introduce into the identity management system

D.

Working with procurement and creating a requirements document to select a new IAM system/vendor

Question 151

A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:

Which of the following ciphers should the security analyst remove to support the business requirements?

Options:

A.

TLS_AES_128_CCM_8_SHA256

B.

TLS_DHE_DSS_WITH_RC4_128_SHA

C.

TLS_CHACHA20_POLY1305_SHA256

D.

TLS_AES_128_GCM_SHA256

Demo: 151 questions
Total 506 questions