Winter Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

CompTIA CAS-003 CompTIA Advanced Security Practitioner (CASP) Exam Exam Practice Test

Page: 1 / 68
Total 683 questions

CompTIA Advanced Security Practitioner (CASP) Exam Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$42  $119.99

PDF Study Guide

  • Product Type: PDF Study Guide
$36.75  $104.99
Question 1

An information security manager conducted a gap analysis, which revealed a 75% implementation of security controls for high-risk vulnerabilities, 90% for medium vulnerabilities, and 10% for low-risk vulnerabilities. To create a road map to close the identified gaps, the assurance team reviewed the likelihood of exploitation of each vulnerability and the business impact of each associated control. To determine which controls to implement, which of the following is the MOST important to consider?

Options:

A.

KPI

B.

KRI

C.

GRC

D.

BIA

Question 2

While conducting a BIA for a proposed acquisition, the IT integration team found that both companies outsource CRM services to competing and incompatible third-party cloud services. The decision has been made to bring the CRM service in-house, and the IT team has chosen a future solution. With which of the following should the Chief Information Security Officer (CISO) be MOST concerned? (Choose two.)

Options:

A.

Data remnants

B.

Sovereignty

C.

Compatible services

D.

Storage encryption

E.

Data migration

F.

Chain of custody

Question 3

As a result of an acquisition, a new development team is being integrated into the company. The development team has BYOD laptops with IDEs installed, build servers, and code repositories that utilize SaaS. To have the team up and running effectively, a separate Internet connection has been procured. A stand up has identified the following additional requirements:

1. Reuse of the existing network infrastructure

2. Acceptable use policies to be enforced

3. Protection of sensitive files

4. Access to the corporate applications

Which of the following solution components should be deployed to BEST meet the requirements? (Select three.)

Options:

A.

IPSec VPN

B.

HIDS

C.

Wireless controller

D.

Rights management

E.

SSL VPN

F.

NAC

G.

WAF

Question 4

A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares. Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two.)

Options:

A.

Conduct role-based training for privileged users that highlights common threats against them and covers best practices to thwart attacks

B.

Increase the frequency at which host operating systems are scanned for vulnerabilities, and decrease the amount of time permitted between vulnerability identification and the application of corresponding patches

C.

Enforce command shell restrictions via group policies for all workstations by default to limit which native operating system tools are available for use

D.

Modify the existing rules of behavior to include an explicit statement prohibiting users from enumerating user and file directories using available tools and/or accessing visible resources that do not directly pertain to their job functions

E.

For all workstations, implement full-disk encryption and configure UEFI instances to require complex passwords for authentication

F.

Implement application blacklisting enforced by the operating systems of all machines in the enterprise

Question 5

A security administrator was informed that a server unexpectedly rebooted. The administrator received an export of syslog entries for analysis:

Which of the following does the log sample indicate? (Choose two.)

Options:

A.

A root user performed an injection attack via kernel module

B.

Encrypted payroll data was successfully decrypted by the attacker

C.

Jsmith successfully used a privilege escalation attack

D.

Payroll data was exfiltrated to an attacker-controlled host

E.

Buffer overflow in memory paging caused a kernel panic

F.

Syslog entries were lost due to the host being rebooted

Question 6

After investigating virus outbreaks that have cost the company $1000 per incident, the company’s Chief Information Security Officer (CISO) has been researching new antivirus software solutions to use and be fully supported for the next two years. The CISO has narrowed down the potential solutions to four candidates that meet all the company’s performance and capability requirements:

Using the table above, which of the following would be the BEST business-driven choice among five possible solutions?

Options:

A.

Product A

B.

Product B

C.

Product C

D.

Product D

E.

Product E

Question 7

A recent overview of the network’s security and storage applications reveals a large amount of data that needs to be isolated for security reasons. Below are the critical applications and devices configured on the network:

  • Firewall
  • Core switches
  • RM server
  • Virtual environment
  • NAC solution

The security manager also wants data from all critical applications to be aggregated to correlate events from multiple sources. Which of the following must be configured in certain applications to help ensure data aggregation and data isolation are implemented on the critical applications and devices? (Select TWO).

Options:

A.

Routing tables

B.

Log forwarding

C.

Data remanants

D.

Port aggregation

E.

NIC teaming

F.

Zones

Question 8

A company’s existing forward proxies support software-based TLS decryption, but are currently at 60% load just dealing with AV scanning and content analysis for HTTP traffic. More than 70% outbound web traffic is currently encrypted. The switching and routing network infrastructure precludes adding capacity, preventing the installation of a dedicated TLS decryption system. The network firewall infrastructure is currently at 30% load and has software decryption modules that can be activated by purchasing additional license keys. An existing project is rolling out agent updates to end-user desktops as part of an endpoint security refresh.

Which of the following is the BEST way to address these issues and mitigate risks to the organization?

Options:

A.

Purchase the SSL, decryption license for the firewalls and route traffic back to the proxies for end-user categorization and malware analysis.

B.

Roll out application whitelisting to end-user desktops and decommission the existing proxies, freeing up network ports.

C.

Use an EDP solution to address the malware issue and accept the diminishing role of the proxy for URL categorization in the short team.

D.

Accept the current risk and seek possible funding approval in the next budget cycle to replace the existing proxies with ones with more capacity.

Question 9

A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate RTO and RPO for the organization’s ERP. Which of the following should the CISO interview as MOST qualified to provide RTO/RPO metrics?

Options:

A.

Data custodian

B.

Data owner

C.

Security analyst

D.

Business unit director

E.

Chief Executive Officer (CEO)

Question 10

With which of the following departments should an engineer for a consulting firm coordinate when determining the control and reporting requirements for storage of sensitive, proprietary customer information?

Options:

A.

Human resources

B.

Financial

C.

Sales

D.

Legal counsel

Question 11

An organization's mobile device inventory recently provided notification that a zero-day vulnerability was identified in the code used to control the baseband of the devices. The device manufacturer is expediting a patch, but the rollout will take several months

Additionally several mobile users recently returned from an overseas trip and report their phones now contain unknown applications, slowing device performance Users have been unable to uninstall these applications, which persist after wiping the devices Which of the following MOST likely occurred and provides mitigation until the patches are released?

Options:

A.

Unauthentic firmware was installed, disable OTA updates and carrier roaming via MDM.

B.

Users opened a spear-phishing email: disable third-party application stores and validate all signed code prior to execution.

C.

An attacker downloaded monitoring applications; perform a full factory reset of the affected devices.

D.

Users received an improperly encoded emergency broadcast message, leading to an integrity loss condition; disable emergency broadcast messages

Question 12

A company is not familiar with the risks associated with IPv6. The systems administrator wants to isolate IPv4 from IPv6 traffic between two different network segments. Which of the following should the company implement? (Select TWO)

Options:

A.

Use an internal firewall to block UDP port 3544.

B.

Disable network discovery protocol on all company routers.

C.

Block IP protocol 41 using Layer 3 switches.

D.

Disable the DHCPv6 service from all routers.

E.

Drop traffic for ::/0 at the edge firewall.

F.

Implement a 6in4 proxy server.

Question 13

After multiple service interruptions caused by an older datacenter design, a company decided to migrate away from its datacenter. The company has successfully completed the migration of all datacenter servers and services to a cloud provider. The migration project includes the following phases:

  • Selection of a cloud provider
  • Architectural design
  • Microservice segmentation
  • Virtual private cloud
  • Geographic service redundancy
  • Service migration

The Chief Information Security Officer (CISO) is still concerned with the availability requirements of critical company applications.

Which of the following should the company implement NEXT?

Options:

A.

Multicloud solution

B.

Single-tenancy private cloud

C.

Hybrid cloud solution

D.

Cloud access security broker

Question 14

A company has deployed MFA Some employees, however, report they ate not gelling a notification on their mobile device Other employees report they downloaded a common authenticates application but when they tap the code in the application it just copies the code to memory instead of confirming the authentication attempt Which of the following are the MOST likely explanations for these scenarios? (Select TWO)

Options:

A.

The company is using a claims-based authentication system for MFA

B.

These are symptoms of known compatibility issues with OAuth 1 0

C.

OpenID Connect requires at least one factor to be a biometric

D.

The company does not allow an SMS authentication method

E.

The WAYF method requires a third factor before the authentication process can complete

F.

A vendor-specific authenticator application is needed for push notifications

Question 15

A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence. The firm’s systems are running modern operating systems and feature UEFI and TPMs. Which of the following technical options would provide the MOST preventive value?

Options:

A.

Update and deploy GPOs

B.

Configure and use measured boot

C.

Strengthen the password complexity requirements

D.

Update the antivirus software and definitions

Question 16

A company has gone through a round of phishing attacks. More than 200 users have had their workstation infected because they clicked on a link in an email. An incident analysis has determined an executable ran and compromised the administrator account on each workstation. Management is demanding the information security team prevent this from happening again. Which of the following would BEST prevent this from happening again?

Options:

A.

Antivirus

B.

Patch management

C.

Log monitoring

D.

Application whitelisting

E.

Awareness training

Question 17

A web developer has implemented HTML5 optimizations into a legacy web application. One of the modifications the web developer made was the following client side optimization:

localStorage.setItem(“session-cookie”, document.cookie);

Which of the following should the security engineer recommend?

Options:

A.

SessionStorage should be used so authorized cookies expire after the session ends

B.

Cookies should be marked as “secure” and “HttpOnly”

C.

Cookies should be scoped to a relevant domain/path

D.

Client-side cookies should be replaced by server-side mechanisms

Question 18

A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The Chief Information Security Officer (CISO) will then present this list to the board to request funding for controls in areas that have insufficient coverage.

Which of the following exercise types should the analyst perform?

Options:

A.

Summarize the most recently disclosed vulnerabilities.

B.

Research industry best practices and latest RFCs.

C.

Undertake an external vulnerability scan and penetration test.

D.

Conduct a threat modeling exercise.

Question 19

A security analyst sees some suspicious entries in a log file from a web server website, which has a form that allows customers to leave feedback on the company’s products. The analyst believes a malicious actor is scanning the web form. To know which security controls to put in place, the analyst first needs to determine the type of activity occurring to design a control. Given the log below:

Which of the following is the MOST likely type of activity occurring?

Options:

A.

SQL injection

B.

XSS scanning

C.

Fuzzing

D.

Brute forcing

Question 20

While conducting online research about a company to prepare for an upcoming penetration test, a security analyst discovers detailed financial information on an investor website the company did not make public. The analyst shares this information with the Chief Financial Officer (CFO), who confirms the information is accurate, as it was recently discussed at a board of directors meeting. Many of the details are verbatim discussion comments captured by the board secretary for purposes of transcription on a mobile device. Which of the following would MOST likely prevent a similar breach in the future?

Options:

A.

Remote wipe

B.

FDE

C.

Geolocation

D.

eFuse

E.

VPN

Question 21

A company monitors the performance of all web servers using WMI. A network administrator informs the security engineer that web servers hosting the company’s client-facing portal are running slowly today. After some investigation, the security engineer notices a large number of attempts at enumerating host information via SNMP from multiple IP addresses.

Which of the following would be the BEST technique for the security engineer to employ in an attempt to prevent reconnaissance activity?

Options:

A.

Install a HIPS on the web servers

B.

Disable inbound traffic from offending sources

C.

Disable SNMP on the web servers

D.

Install anti-DDoS protection in the DMZ

Question 22

Given the following information about a company’s internal network:

User IP space: 192.168.1.0/24

Server IP space: 192.168.192.0/25

A security engineer has been told that there are rogue websites hosted outside of the proper server space, and those websites need to be identified. Which of the following should the engineer do?

Options:

A.

Use a protocol analyzer on 192.168.1.0/24

B.

Use a port scanner on 192.168.1.0/24

C.

Use an HTTP interceptor on 192.168.1.0/24

D.

Use a port scanner on 192.168.192.0/25

E.

Use a protocol analyzer on 192.168.192.0/25

F.

Use an HTTP interceptor on 192.168.192.0/25

Question 23

An organization is considering the use of a thin client architecture as it moves to a cloud-hosted environment. A security analyst is asked to provide thoughts on the security advantages of using thin clients and virtual workstations. Which of the following are security advantages of the use of this combination of thin clients and virtual workstations?

Options:

A.

Malicious insiders will not have the opportunity to tamper with data at rest and affect the integrity of the system.

B.

Thin client workstations require much less security because they lack storage and peripherals that can be easily compromised, and the virtual workstations are protected in the cloud where security is outsourced.

C.

All thin clients use TPM for core protection, and virtual workstations use vTPM for core protection with both equally ensuring a greater security advantage for a cloud-hosted environment.

D.

Malicious users will have reduced opportunities for data extractions from their physical thin client workstations, this reducing the effectiveness of local attacks.

Question 24

An engineer is evaluating the control profile to assign to a system containing PII, financial, and proprietary data.

Based on the data classification table above, which of the following BEST describes the overall classification?

Options:

A.

High confidentiality, high availability

B.

High confidentiality, medium availability

C.

Low availability, low confidentiality

D.

High integrity, low availability

Question 25

An administrator wants to install a patch to an application.

INSTRUCTIONS

Given the scenario, download, verify, and install the patch in the most secure manner.

The last install that is completed will be the final submission.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Question 26

A company has created a policy to allow employees to use their personally owned devices. The Chief Information Officer (CISO) is getting reports of company data appearing on unapproved forums and an increase in theft of personal electronic devices. Which of the following security controls would BEST reduce the risk of exposure?

Options:

A.

Disk encryption on the local drive

B.

Group policy to enforce failed login lockout

C.

Multifactor authentication

D.

Implementation of email digital signatures

Question 27

An employee decides to log into an authorized system. The system does not prompt the employee for authentication prior to granting access to the console, and it cannot authenticate the network resources. Which of the following attack types can this lead to if it is not mitigated?

Options:

A.

Memory leak

B.

Race condition

C.

Smurf

D.

Resource exhaustion

Question 28

When of the following is the BEST reason to implement a separation of duties policy?

Options:

A.

It minimizes the risk of Dos due to continuous monitoring.

B.

It eliminates the need to enforce least privilege by logging all actions.

C.

It increases the level of difficulty for a single employee to perpetrate fraud.

D.

it removes barriers to collusion and collaboration between business units.

Question 29

A company is trying to resolve the following issues related to its web servers and Internet presence:

• The company's security rating declined on multiple occasions when it failed to renew a TLS certificate on one or more infrequently used web servers

• The company is running out of public IPs assigned by its ISP

• The company is implementing a WAF. and the WAF vendor charges by back-end hosts to which the WAF routes

Which of the following solutions will help the company mitigate these issues'? (Select TWO).

Options:

A.

Use a DMZ architecture

B.

Implement reverse proxy servers

C.

Use an automated CA service API for certificate renewal

D.

Work with the company's ISP to configure BGP

E.

Deploy IPv6 for external-facing servers

F.

Implement self-signed certificates and disable trust verification.

Question 30

While traveling to another state, the Chief Financial (CFO) forgot to submit payroll for the company. The CFO quickly gained to the corporate through the high-speed wireless network provided by the hotel and completed the desk. Upon returning from the business trip, the CFO was told no one received their weekly pay due to a malware on attack on the system. Which of the following is the MOST likely of the security breach?

Options:

A.

The security manager did not enforce automate VPN connection.

B.

The company’s server did not have endpoint security enabled.

C.

The hotel and did require a wireless password to authenticate.

D.

The laptop did not have the host-based firewall properly configured.

Question 31

Joe an application security engineer is performing an audit of an environmental control application He has implemented a robust SDLC process and is reviewing API calls available to the application During the review. Joe finds the following in a log file.

Which of the following would BEST mitigate the issue Joe has found?

Options:

A.

Ensure the API uses SNMPv1.

B.

Perform authentication via a secure channel

C.

Verify the API uses HTTP GET instead of POST

D.

Deploy a WAF in front of the API and implement rate limiting

Question 32

A company wants to secure a newly developed application that is used to access sensitive information and data from corporate resources The application was developed by a third-party organization, and it is now being used heavily despite lacking the following controls:

• Certificate pinning

• Tokenization

• Biometric authentication

The company has already implemented the following controls:

• Full device encryption

• Screen lock

• Device password

• Remote wipe

The company wants to defend against interception of data attacks Which of the following compensating controls should the company implement NEXT?

Options:

A.

Enforce the use of a VPN when using the newly developed application.

B.

Implement a geofencing solution that disables the application according to company requirements.

C.

Implement an out-of-band second factor to authenticate authorized users

D.

Install the application in a secure container requiring additional authentication controls.

Question 33

Which of the following attacks can be used to exploit a vulnerability that was created by untrained users?

Options:

A.

A spear-phishing email with a file attachment

B.

A DoS using IoT devices

C.

An evil twin wireless access point

D.

A domain hijacking of a bank website

Question 34

A small firm's newly created website has several design flaws The developer created the website to be fully compatible with ActiveX scripts in order to use various digital certificates and trusting certificate authorities. However, vulnerability testing indicates sandboxes were enabled, which restricts the code's access to resources within the user's computer. Which of the following is the MOST likely cause of the error"?

Options:

A.

The developer inadvertently used Java applets.

B.

The developer established a corporate account with a non-reputable certification authority.

C.

The developer used fuzzy logic to determine how the web browser would respond once ports 80 and 443 were both open

D.

The developer did not consider that mobile code would be transmitted across the network.

Question 35

A vulnerability scan with the latest definitions was performed across Sites A and B.

Match each relevant finding to the affected host-After associating the finding with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Options:

Question 36

A Chief Information Security Officer (CISO) is running a test to evaluate the security of the corporate network and attached devices. Which of the following components should be executed by an outside vendor?

Options:

A.

Penetration tests

B.

Vulnerability assessment

C.

Tabletop exercises

D.

Blue-team operations

Question 37

A PaaS provider deployed a new product using a DevOps methodology Because DevOps is used to support both development and production assets inherent separation of duties is limited To ensure compliance with security frameworks that require a specific set of controls relating to separation of duties the organization must design and implement an appropriate compensating control Which of the following would be MOST suitable in this scenario?

Options:

A.

Configuration of increased levels of logging, monitoring and alerting on production access

B.

Configuration of MFA and context-based login restrictions for all DevOps personnel

C.

Development of standard code libraries and usage of the WS-security module on all web servers

D.

Implementation of peer review, static code analysis and web application penetration testing against the staging environment

Question 38

A researcher is working to identify what appears to be a new variant of an existing piece of malware commonly used in ransomware attacks While it is not identical to the malware previously evaluated. it has a number of similarities including language, payload. and algorithms. Which of the following would help the researcher safely compare the code base of the two variants?

Options:

A.

Virtualized sandbox

B.

Vulnerability scanner

C.

Software-defined network

D.

HTTP interceptor

Question 39

A company's Internet connection is commonly saturated during business hours, affecting Internet availability. The company requires all Internet traffic to be business related After analyzing the traffic over a period of a few hours, the security administrator observes the following:

The majority of the IP addresses associated with the TCP/SSL traffic resolve to CDNs Which of the following should the administrator recommend for the CDN traffic to meet the corporate security requirements?

Options:

A.

Block outbound SSL traffic to prevent data exfiltration.

B.

Confirm the use of the CDN by monitoring NetFlow data

C.

Further investigate the traffic using a sanctioned MITM proxy.

D.

Implement an IPS to drop packets associated with the CDN.

Question 40

A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?

Options:

A.

Hybrid IaaS solution in a single-tenancy cloud

B.

Pass solution in a multinency cloud

C.

SaaS solution in a community cloud

D.

Private SaaS solution in a single tenancy cloud.

Question 41

Which of the following is MOST likely to be included in a security services SLA with a third-party vendor?

Options:

A.

The standard of quality for anti-malware engines

B.

Parameters for applying critical patches

C.

The validity of program productions

D.

Minimum bit strength for encryption-in-transit.

Question 42

An organization is concerned that its hosted web servers are not running the most updated version of

software. Which of the following would work BEST to help identify potential vulnerabilities?

Options:

A.

hping3 –S comptia.org –p 80

B.

nc –1 –v comptia.org –p 80

C.

nmap comptia.org –p 80 –sV

D.

nslookup –port=80 comptia.org

Question 43

An application development company implements object reuse to reduce life-cycle costs for the company and its clients Despite the overall cost savings, which of the following BEST describes a security risk to customers inherent within this model?

Options:

A.

Configurations of applications will affect multiple products.

B.

Reverse engineering of applications will lead to intellectual property loss

C.

Software patch deployment will occur less often

D.

Homogeneous vulnerabilities will occur across multiple products

Question 44

A security engineer is helping the web developers assess a new corporate web application The application will be Internet facing so the engineer makes the following recommendation:

In an htaccess file or the site config add:

or add to the location block:

Which of the following is the security engineer trying to accomplish via cookies? (Select TWO)

Options:

A.

Ensure session IDs are generated dynamically with each cookie request

B.

Prevent cookies from being transmitted to other domain names

C.

Create a temporary space on the user's drive root for ephemeral cookie storage

D.

Enforce the use of plain text HTTP transmission with secure local cookie storage

E.

Add a sequence ID to the cookie session ID while in transit to prevent CSRF.

F.

Allow cookie creation or updates only over TLS connections

Question 45

A corporation with a BYOD policy is very concerned about issues that may arise from data ownership. The corporation is investigating a new MDM solution and has gathered the following requirements as part of the requirements-gathering phase.

* Each device must be issued a secure token of trust from the corporate PKI.

* All corporate application and local data must be able to deleted from a central console.

* Cloud storage and backup applications must be restricted from the device.

* Devices must be on the latest OS version within three weeks of an OS release.

Which of the following should be feature in the new MDM solution to meet these requirement? (Select TWO.)

Options:

A.

Application-based containerization

B.

Enforced full-device encryption

C.

Mandatory acceptance of SCEP system

D.

Side-loaded application prevention

E.

Biometric requirement to unlock device

F.

Over-the-air restriction

Question 46

A security engineer reviews the table below:

The engineer realizes there is an active attack occurring on the network. Which of the following would BEST reduce the risk of this attack reoccurring m the future?

Options:

A.

Upgrading device firmware

B.

Enabling port security

C.

Increasing DHCP pool size

D.

Disabling dynamic trucking

E.

Reducing DHCP lease length

Question 47

A company makes consumer health devices and needs to maintain strict confidentiality of unreleased product designs Recently unauthorized photos of products still in development have been for sale on the dark web. The Chief Information Security Officer (CISO) suspects an insider threat, but the team that uses the secret outdoor testing area has been vetted many times and nothing suspicious has been found Which of the following is the MOST likely cause of the unauthorized photos?

Options:

A.

The location of the testing facility was discovered by analyzing fitness device information the test engineers posted on a website

B.

One of the test engineers is working for a competitor and covertly installed a RAT on the marketing department's servers

C.

The company failed to implement least privilege on network devices, and a hacktivist published stolen public relations photos

D.

Pre-release marketing materials for a single device were accidentally left in a public location

Question 48

Which of the following BEST sets expectation between the security team and business units within an organization?

Options:

A.

Risk assessment

B.

Memorandum of understanding

C.

Business impact analysis

D.

Business partnership agreement

E.

Services level agreement

Question 49

A security analyst receives an email from a peer that includes a sample of code from a piece of malware found

in an application running in the organization’s staging environment. During the incident response process, it is

determined the code was introduced into the environment as a result of a compromised laptop being used to

harvest credentials and access the organization’s code repository. While the laptop itself was not used to

access the code repository, an attacker was able to leverage the harvested credentials from another system in

the development environment to bypass the ACLs limiting access to the repositories. Which of the following

controls MOST likely would have interrupted the kill chain in this attack?

Options:

A.

IP whitelisting on the perimeter firewall

B.

MFA for developer access

C.

Dynamic analysis scans in the production environment

D.

Blue team engagement in peer-review activities

E.

Time-based restrictions on developer access to code repositories

Question 50

A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

Options:

A.

Increased network latency

B.

Unavailable of key escrow

C.

Inability to selected AES-256 encryption

D.

Removal of user authentication requirements

Question 51

An e-commerce company that provides payment gateways is concerned about the growing expense and time associated with PCI audits of its payment gateways and external audits by customers for their own compliance reasons The Chief Information Officer (CIO) asks the security team to provide a list of options that will:

1. Reduce the overall cost of these audits

2. Leverage existing infrastructure where possible

3. Keep infrastructure costs to a minimum

4. Provide some level of attestation of compliance

Which of the following will BEST address the CIO"s concerns? (Select TWO)

Options:

A.

Invest in new UBA to detect report, and remediate attacks faster

B.

Segment the network to reduce and limit the audit scope

C.

Undertake ISO certification for all core infrastructure including datacenters.

D.

Implement a GRC system to track and monitor controls

E.

Implement DLP controls on HTTP'HTTPS and email

F.

Install EDR agents on all corporate endpoints

Question 52

Users have reported that an internally developed web application is acting erratically, and the response output is inconsistent. The issue began after a web application dependency patch was applied to improve security. Which of the following would be the MOST appropriate tool to help identify the issue?

Options:

A.

Fuzzer

B.

SCAP scanner

C.

Vulnerability scanner

D.

HTTP interceptor

Question 53

A security analyst is responsible for the completion of a vulnerability assessment at a regional healthcare facility The analyst reviews the following Nmap output:

nmap -v -p scription=SMB-check-value ---scription-ags=unsafe =1 192.168.1.0/24

Which of the following is MOST likely what the security analyst is reviewing?

Options:

A.

An Nmap script to scan (or unsafe servers on UOP 445

B.

An Nmap script 10 run the SMB servers

C.

An Nmap script to stop the SMB servers

D.

An Nmap script to scan for vulnerable SMB servers

Question 54

A small company is implementing a new technology that promises greater performance but does not abide by accepted RFCs. Which of the following should the company do to ensure the risks associated with Implementing the standard-violating technology is addressed?

Options:

A.

Document the technology's differences in a system security plan.

B.

Require the vendor to provide justification for the product's deviation.

C.

Increase the frequency of vulnerability scanning of all systems using the technology.

D.

Block the use of non-standard ports or protocols to and from the system.

Question 55

Which of the following is a major goal of stakeholder engagement?

Options:

A.

Completing risk compliance outreach and understanding

B.

Determining which security requirements can be deferred safety

C.

Ensuring security requirements are supportive of business goals

D.

Understanding the best way to limit user privilege escalation

Question 56

A system integrator wants to assess the security of the application binaries delivered by its subcontracted vendors. The vendors do not deliver source code as a part of their contract Which of the Mowing techniques can the integrator use to accomplish the objective? (Select TWO)

Options:

A.

Regression test

B.

Logic flow analysis

C.

Code signature validation

D.

Fuzziest

E.

Disassemble/decompile

F.

Static code analysis tool

Question 57

A consulting firm is performing RD on a machine teaming system to characterize a network environment for new clients rapidly. The goal is to be able to label service/consumer behaviors to establish a "normal baseline. Which of tie following represents the GREATEST limiting factor toward successful deployment of this new machine learning system?

Options:

A.

Supportability for non-traditional ports protocols, and services

B.

Non-availability or insufficiency of training data

C.

Lack of target environment design documentation

D.

Unanticipated presence of ICS and SCADA equipment within client networks

Question 58

A large organization suffers a data breach after one staff member inadvertently shares a document on a corporate-approved, file-sharing, cloud-collaboration service. The security administrator must implement controls to reduce the likelihood of a similar event, via another channel, from occurring again. The controls also must assist with early detection and remediation should the event reoccur.

The organization has the following enterprise constraints:

1. On-premises proxies are used to control access to websites.

2 Some staff work remotely from home and connect directly to the Internet without a VPN.

3. Corporate firewalls send logs to a central log aggregator.

4. More than 40,000 staff members are distributed across two core buildings and 100 small branches.

Which of the following would BEST meet the requirements? (Select THREE).

Options:

A.

Implement dedicated SSL decryptors for outbound HTTPS connections.

B.

Migrate all staff to cloud-based proxy services.

C.

Block webmail and file-sharing categories on the proxies.

D.

Deploy a CASB solution to monitor and restrict file-sharing cloud services.

E.

Deploy a DLP solution that scans sfel TP and HTTPS/HTTP content.

F.

. Install an on-premises file-sharing service that can be accessed only when on the corporate network.

G.

Deploy VPN software and have all remote staff connect to the Internet via the corporate proxies.

Question 59

A human resources employee receives a call from an individual who is representing a background verification firm that is conducting a background check on a prospective candidate. The employee verifies the employment dates and title of the candidate. The caller then requests the employee's email address to complete the verification process. The employee receives an email containing a URL for completing the process. After clicking the link, the employee's workstation is infected with ransomware. Which of the following BEST describes the initial phone call made by the threat actor?

Options:

A.

Pretexting

B.

Phishing

C.

Pivoting

D.

Reconnaissance

Question 60

An organization uses an internal, web-based chat service that is served by an Apache HTTP daemon. A vulnerability scanner has identified this service is susceptible to a POODLE attack. Which of the following strings within me server's virtual-host configuration block is at fault and needs to be changed?

Options:

A.

AccessFileName /vac/http/.acl

B.

SSLProtocol -all +SSLv3

C.

AllowEncodedSlashes on

D.

SSLCertificateFile /var/certs/home.pem

E.

AllowOverride Nonfatal-All AuthConfig

Question 61

An organization wishes to implement cloud computing, but it is not sure which service to choose. The organization wants to be able to share Tiles, collaborate, and use applications that are fully managed on a private network. Which of the following types of cloud computing services should the organization implement based on its needs?

Options:

A.

laaS

B.

SaaS

C.

PaaS

D.

CaaS

Question 62

A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:

Which of the following MOST appropriate corrective action to document for this finding?

Options:

A.

The product owner should perform a business impact assessment regarding the ability to implement a WAF.

B.

The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.

C.

The system administrator should evaluate dependencies and perform upgrade as necessary.

D.

The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.

Question 63

A security analyst discovers what is believed to be evidence of a compromise due to a watering-note attack After an initial review of the incident the analyst notes there is ongoing web traffic to the same site. Which of the Mowing command-line tools would BEST allow the incident to be investigated?

Options:

A.

nc

B.

dd

C.

netatat

D.

tcpdump

Question 64

Which of the following is the BEST way for a company to begin understanding product-based solutions to mitigate a known risk?

Options:

A.

RFQ

B.

RFI

C.

OLA

D.

MSA

E.

RFP

Question 65

The Chief Information Security Officer (CISO) developed a robust plan to address both internal and external vulnerabilities due to an increase in ransomware attacks on the networks However the number of successful attacks continues to increase. Which of the following is the MOST likely failure?

Options:

A.

The company did not blacklist suspected websites properly

B.

The threat model was not vetted property

C.

The IDS/IPS were not updated with the latest malware signatures

D.

The organization did not conduct a business impact analysis

Question 66

A product development team has submitted code snippets for review prior to release.

INSTRUCTIONS -

Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Question 67

A manufacturing firm has multiple security appliances m production that were configured to log events but have not been maintained or tuned A security engineer discovers multiple email messages were automatically generated and sent to the inbox of an employee who has not worked for the firm in more than six months. The messages are as follows:

Which of the following integrations would be BEST to improve the alerting functionality of this particular security appliance?

Options:

A.

Configure the IPS to send alerts to a SIEM platform.

B.

Configure the WAF to send alerts to a tog collector

C.

Configure the Apache server to send syslog to a log collector

D.

Configure the WAP to send syslog to a SlEM platform

Question 68

A security engineer is attempting to inventory all network devices Most unknown devices are not responsive to SNMP queries. Which of the following would be the MOST secure configuration?

Options:

A.

Switch to SNMPv1 device inventory credentials

B.

Enable SSH for all switches and routers

C.

Set SFTP to enabled on all network devices

D.

Configure SNMPv3 server settings to match client settings

Question 69

A security analyst is reviewing the security of a company's public-facing servers After some research the analyst discovers the following on a public pastebin website.

Which of the following should the analyst do NEXT?

Options:

A.

Review the system logs

B.

Scan *.company com for vulnerabilities.

C.

Begin a root cause analysis.

D.

Change the password to the MySQL database

Question 70

While standing a proof-of-concept solution with a vendor, the following direction was given of connections to the default environments.

Which of the following is using used to secure the three environments from overlap if all of them reside on separate serves in the same DM2?

Options:

A.

Separation of environments policy

B.

Logical access controls

C.

Segmentation of VlLNs

D.

Subnetting of cloud environments

Question 71

A product owner is working w*h a security engineer to improve the security surrounding certificate revocation which is important for the clients using a web application. The organization is currently using a CRL configuration to manage revocation, but it is looking for a solution that addresses the reporting delays associated with CRLs. The security engineer recommends OCSP but the product owner is concerned about the overhead associated with its use Which of the following would the security engineer MOST likely suggest to address the product owner's concerns?

Options:

A.

Key escrow can be used on the WAF

B.

S/MIME can be used m lieu of OCSP

C.

Stapling should be used with OCSP

D.

The organization should use wildcard certificates

Question 72

Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.

Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?

Options:

A.

Compile a list of firewall requests and compare than against interesting cloud services.

B.

Implement a CASB solution and track cloud service use cases for greater visibility.

C.

Implement a user-behavior system to associate user events and cloud service creation events.

D.

Capture all log and feed then to a SIEM and then for cloud service events

Question 73

The Chief Information Security Officer (CISO) of a power generation facility s concerned about being able to detect missing security updates on the critical infrastructure in use at the facility Most of this critical infrastructure consists of ICS and SCADA systems that are maintained by vendors, and the vendors have warned the CISO that proxying network traffic is likely to cause a DoS condition. Which of the following would be BEST to address the CISO s concerns while keeping the critical systems functional?

Options:

A.

Configuring the existing SIEM to ingest al log files property

B.

Implementing a passive vulnerability scanning solution

C.

Deploying a data diode for internal websites

D.

Adding more frequent antivirus and anti-malware signature updates

E.

Adjusting Me access rules to use the concept of least privilege

Question 74

A line-of-business manager has deeded in conjunction with the IT and legal departments, that outsourcing a specific function to a third-party vendor would be the best course of action for the business to increase efficiency and profit Which of the following should the Chief Security Officer (CSO) perform before signing off on the third-party vendor?

Options:

A.

Supply chain audit

B.

Vulnerability assessment

C.

Penetration test

D.

Application code review

E.

Risk assessment

Question 75

The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually. Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?

Options:

A.

Black-box testing

B.

Gray-box testing

C.

Red-team hunting

D.

White-box testing

E.

Blue-learn exercises

Question 76

A security tester is performing a Mack-box assessment of an RFID access control system. The tester has a handful of RFID tags and is able to access the reader However, the tester cannot disassemble the reader because it is in use by the company. Which of the following shows the steps the tester should take to assess the RFID access control system m the correct order?

Options:

A.

1. Attempt to eavesdrop and replay RFID communications

2. Determine the protocols being used between the tag and the reader

3. Retrieve the RFID tag identifier and manufacturer details

4. Take apart an RFID tag and analyze the chip

B.

1. Determine the protocols being used between the tag and the reader

2. Take apart an RFID tag and analyze the chip

3. Retrieve the RFID tag identifier and manufacturer details

4. Attempt to eavesdrop and replay RFID communications

C.

1. Retrieve the RFID tag identifier and manufacturer details

2. Determine the protocols being used between the tag and the reader

3. Attempt to eavesdrop and replay RFID communications

4. Take apart an RFID tag and analyze the chip

D.

1. Take apart an RFID lag and analyze the chip

2. Retrieve the RFO tag identifier and manufacturer details

3. Determine the protocols being used between the tag and the reader

4. Attempt to eavesdrop and replay RFID communications

Question 77

A company has launched a phishing awareness campaign that includes serving customized phishing email to employees Employees are encouraged to report all phishing attempts and/or delete the email without clicking on them The first phishing email asks employees to dick on a link that takes them to a website where they are asked to enter their credentials The management team wants metrics to determine the emails effectiveness Following is the initial report:

The management team wants to know how these results compare to those of other companies. They also want to improve the consistency of how the information is displayed Which of the following changes should be made to this report?

Options:

A.

Stop reporting department-level data and instead report for the company as a whole so as not to drive competitiveness among departments

B.

Color-code the data represented m the columns, with green being the best results in the company and red being the worst results

C.

Change the credentials harvested column to a percentage and introduce industry benchmarks for comparison

D.

Add a column showing which passwords were harvested to pen out bad practices in password creation and then force those passwords to expire immediately.

Question 78

A security analyst is reviewing the logs from a NIDS. the analyst notices the following in quick succession between a client and a web server.

Which of the following describes what MOST likely occurred and offers a mitigation?

Options:

A.

A protocol downgrade attack which can be mitigated by disabling server and client support for older protocols

B.

A MITM SSL stripping attack which can be mitigated by enabling HSTS on the web server

C.

A broadcast RC4 attack which can be mitigated by disabling cipher suites permitting the use of RC4

D.

An attack on TLS compression revealing cipher text which can be mitigated by implementing a TLS proxy or removing compression characteristics

Question 79

A manufacturing company's security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently proposed some techniques to reduce the attack surface of the ICS to the Chief Information Security Officer (CISO). Which of the following would BEST track the reductions to show the CISO the engineer's plan is successful during each phase?

Options:

A.

Conducting tabletop exercises to evaluate system risk

B.

Contracting a third-party auditor after the project is finished

C.

Performing pre- and post-implementation penetration tests

D.

Running frequent vulnerability scans during the project

Question 80

A security administrator is reviewing the following output from an offline password audit:

Which of the following should the systems administrator implement to BEST address this audit finding? (Choose two.)

Options:

A.

Cryptoprocessor

B.

Bcrypt

C.

SHA-256

D.

PBKDF2

E.

Message authentication

Question 81

Ann, a security administrator, is conducting an assessment on a new firewall, which was placed at the perimeter of a network containing PII. Ann runs the following commands on a server (10.0.1.19) behind the firewall:

From her own workstation (192.168.2.45) outside the firewall, Ann then runs a port scan against the server and records the following packet capture of the port scan:

Connectivity to the server from outside the firewall worked as expected prior to executing these commands.

Which of the following can be said about the new firewall?

Options:

A.

It is correctly dropping all packets destined for the server.

B.

It is not blocking or filtering any traffic to the server.

C.

Iptables needs to be restarted.

D.

The IDS functionality of the firewall is currently disabled.

Question 82

During a recent incident, sensitive data was disclosed and subsequently destroyed through a properly secured, cloud-based storage platform. An incident response technician is working with management to develop an after action report that conveys critical metrics regarding the incident.

Which of the following would be MOST important to senior leadership to determine the impact of the breach?

Options:

A.

The likely per-record cost of the breach to the organization

B.

The legal or regulatory exposure that exists due to the breach

C.

The amount of downtime required to restore the data

D.

The number of records compromised

Question 83

An internal application has been developed to increase the efficiency of an operational process of a global manufacturer. New code was implemented to fix a security bug, but it has caused operations to halt. The executive team has decided fixing the security bug is less important than continuing operations.

Which of the following would BEST support immediate rollback of the failed fix? (Choose two.)

Options:

A.

Version control

B.

Agile development

C.

Waterfall development

D.

Change management

E.

Continuous integration

Question 84

A vendor develops a mobile application for global customers. The mobile application supports advanced encryption of data between the source (the mobile device) and the destination (the organization’s ERP system).

As part of the vendor’s compliance program, which of the following would be important to take into account?

Options:

A.

Mobile tokenization

B.

Export controls

C.

Device containerization

D.

Privacy policies

Question 85

An organization is integrating an ICS and wants to ensure the system is cyber resilient. Unfortunately, many of the specialized components are legacy systems that cannot be patched. The existing enterprise consists of mission-critical systems that require 99.9% uptime. To assist in the appropriate design of the system given the constraints, which of the following MUST be assumed?

Options:

A.

Vulnerable components

B.

Operational impact due to attack

C.

Time criticality of systems

D.

Presence of open-source software

Question 86

During a routine network scan, a security administrator discovered an unidentified service running on a new embedded and unmanaged HVAC controller, which is used to monitor the company's datacenter

Port state

161/UDP open

162/UDP open

163/TCP open

The enterprise monitoring service requires SNMP and SNMPTRAP connectivity to operate. Which of the following should the security administrator implement to harden the system?

Options:

A.

Patch and restart the unknown services.

B.

Segment and firewall the controller's network

C.

Disable the unidentified service on the controller.

D.

Implement SNMPv3 to secure communication.

E.

Disable TCP/UDP PORTS 161 THROUGH 163

Question 87

A technician uses an old SSL server due to budget constraints and discovers performance degrades dramatically after enabling PFS The technician cannot determine why performance degraded so dramatically A newer version of the SSL server does not suffer the same performance degradation. Performance rather than security is the main priority for the technician

The system specifications and configuration of each system are listed below:

Which of the following is MOST likely the cause of the degradation in performance and should be changed?

Options:

A.

Using ECC

B.

Using RSA

C.

Disk size

D.

Memory size

E.

Decryption chips

F.

Connection requests

Question 88

An external red team member conducts a penetration test, attempting to gain physical access to a large organization's server room in a branch office. During reconnaissance, the red team member sees a clearly marked door to the server room, located next to the lobby, with a tumbler lock.

Which of the following is BEST for the red team member to bring on site to open the locked door as quickly as possible without causing significant damage?

Options:

A.

Screwdriver set

B.

Bump key

C.

RFID duplicator

D.

Rake picking

Question 89

Joe, a penetration tester, is assessing the security of an application binary provided to him by his client. Which of the following methods would be the MOST effective in reaching this objective?

Options:

A.

Employ a fuzzing utility

B.

Use a static code analyzer

C.

Run the binary in an application sandbox

D.

Manually review the binary in a text editor

Question 90

A hospital is using a functional magnetic resonance imaging (fMRI) scanner, which is controlled legacy desktop connected to the network. The manufacturer of the fMRI will not support patching of the legacy system. The legacy desktop needs to be network accessible on TCP port 445 A security administrator is concerned the legacy system will be vulnerable to exploits Which of the following would be the BEST strategy to reduce the risk of an outage while still providing for security?

Options:

A.

Install HIDS and disable unused services.

B.

Enable application whitelisting and disable SMB.

C.

Segment the network and configure a controlled interface

D.

Apply only critical security patches for known vulnerabilities.

Question 91

A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a specific platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After the new vulnerability, it was determined that web services provided are being impacted by this new threat. Which of the following data types MOST likely at risk of exposure based on this new threat? (Select Two)

Options:

A.

Cardholder data

B.

Intellectual property

C.

Personal health information

D.

Employee records

E.

Corporate financial data

Question 92

A security consultant was hired to audit a company’s password are account policy. The company implements the following controls:

Minimum password length: 16

Maximum password age: 0

Minimum password age: 0

Password complexity: disabled

Store passwords in plain text: disabled

Failed attempts lockout: 3

Lockout timeout: 1 hour

The password database uses salted hashes and PBKDF2. Which of the following is MOST likely to yield the greatest number of plain text passwords in the shortest amount of time?

Options:

A.

Offline hybrid dictionary attack

B.

Offline brute-force attack

C.

Online hybrid dictionary password spraying attack

D.

Rainbow table attack

E.

Online brute-force attack

F.

Pass-the-hash attack

Question 93

A laptop is recovered a few days after it was stolen.

Which of the following should be verified during incident response activities to determine the possible impact of the incident?

Options:

A.

Full disk encryption status

B.

TPM PCR values

C.

File system integrity

D.

Presence of UEFI vulnerabilities

Question 94

A security engineer is analyzing an application during a security assessment to ensure it is configured to protect against common threats. Given the output below:

Which of the following tools did the security engineer MOST likely use to generate this output?

Options:

A.

Application fingerprinter

B.

Fuzzer

C.

HTTP interceptor

D.

Vulnerability scanner

Question 95

An enterprise’s Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) are meeting to discuss ongoing capacity and resource planning issues. The enterprise has experienced rapid, massive growth over the last 12 months, and the technology department is stretched thin for resources. A new accounting service is required to support the enterprise’s growth, but the only available compute resources that meet the accounting service requirements are on the virtual platform, which is hosting the enterprise’s website.

Which of the following should the CISO be MOST concerned about?

Options:

A.

Poor capacity planning could cause an oversubscribed host, leading to poor performance on the company’s website.

B.

A security vulnerability that is exploited on the website could expose the accounting service.

C.

Transferring as many services as possible to a CSP could free up resources.

D.

The CTO does not have the budget available to purchase required resources and manage growth.

Question 96

A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After invest the new vulnerability, it was determined that the web services providing are being impacted by this new threat. Which of the following data types a MOST likely at risk of exposure based on this new threat? (Select TWO)

Options:

A.

Cardholder data

B.

intellectual property

C.

Personal health information

D.

Employee records

E.

Corporate financial data

Question 97

An analyst has noticed unusual activities in the SIEM to a .cn domain name. Which of the following should the analyst use to identify the content of the traffic?

Options:

A.

Log review

B.

Service discovery

C.

Packet capture

D.

DNS harvesting

Question 98

A technician receives the following security alert from the firewall's automated system:

Match_Time: 10/10/16 16:20:43

Serial: 002301028176

Device_name: COMPSEC1

Type: CORRELATION

Scrusex: domain\samjones

Scr: 10.50.50.150

Object_name: beacon detection

Object_id: 6005

Category: compromised-host

Severity: medium

Evidence: host repeatedly visited a dynamic DNS domain (17 time)

After reviewing the alert, which of the following is the BEST analysis?

Options:

A.

the alert is a false positive because DNS is a normal network function.

B.

this alert indicates a user was attempting to bypass security measures using dynamic DNS.

C.

this alert was generated by the SIEM because the user attempted too many invalid login attempts.

D.

this alert indicates an endpoint may be infected and is potentially contacting a suspect host.

Question 99

A company recently implemented a variety of security services to detect various types of traffic that pose a threat to the company. The following services were enabled within the network:

• Scan of specific subsets for vulnerabilities

• Categorizing and logging of website traffic

• Enabling specific ACLs based on application traffic

• Sending suspicious files to a third-party site for validation

A report was sent to the security team that identified multiple incidents of users sharing large amounts of data from an on-premise server to a public site. A small percentage of that data also contained malware and spyware

Which of the following services MOST likely identified the behavior and sent the report?

Options:

A.

Content filter

B.

User behavioral analytics

C.

Application sandbox

D.

Web application firewall

E.

Endpoint protection

F.

Cloud security broker

Question 100

A security analyst is classifying data based on input from data owners and other stakeholders. The analyst has identified three data types:

  • Financially sensitive data
  • Project data
  • Sensitive project data

The analyst proposes that the data be protected in two major groups, with further access control separating the financially sensitive data from the sensitive project data. The normal project data will be stored in a separate, less secure location. Some stakeholders are concerned about the recommended approach and insist that commingling data from different sensitive projects would leave them vulnerable to industrial espionage.

Which of the following is the BEST course of action for the analyst to recommend?

Options:

A.

Conduct a quantitative evaluation of the risks associated with commingling the data and reject or accept the concerns raised by the stakeholders.

B.

Meet with the affected stakeholders and determine which security controls would be sufficient to address the newly raised risks.

C.

Use qualitative methods to determine aggregate risk scores for each project and use the derived scores to more finely segregate the data.

D.

Increase the number of available data storage devices to provide enough capacity for physical separation of non-sensitive project data.

Question 101

A request has been approved for a vendor to access a new internal server using only HTTPS and SSH to manage the back-end system for the portal. Internal users just need HTTP and HTTPS access to all internal web servers. All other external access to the new server and its subnet is not allowed. The security manager must ensure proper access is configured.

Below is a snippet from the firewall related to that server (access is provided in a top-down model):

Which of the following lines should be configured to allow the proper access? (Choose two.)

Options:

A.

Move line 3 below line 4 and change port 80 to 443 on line 4.

B.

Move line 3 below line 4 and add port 443 to line.

C.

Move line 4 below line 5 and add port 80 to 8080 on line 2.

D.

Add port 22 to line 2.

E.

Add port 22 to line 5.

F.

Add port 443 to line 2.

G.

Add port 443 to line 5.

Question 102

The audit team was only provided the physical and logical addresses of the network without any type of access credentials.

Which of the following methods should the audit team use to gain initial access during the security assessment? (Choose two.)

Options:

A.

Tabletop exercise

B.

Social engineering

C.

Runtime debugging

D.

Reconnaissance

E.

Code review

F.

Remote access tool

Page: 1 / 68
Total 683 questions