Month End Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

CompTIA CAS-004 CompTIA SecurityX Certification Exam Exam Practice Test

Page: 1 / 57
Total 571 questions

CompTIA SecurityX Certification Exam Questions and Answers

Question 1

A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup. Which of the following solutions will BEST meet this requirement?

Options:

A.

Mirror the blobs at a local data center.

B.

Enable fast recovery on the storage account.

C.

Implement soft delete for blobs.

D.

Make the blob immutable.

Question 2

Technicians have determined that the current server hardware is outdated, so they have decided to throw it out.

Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered?

Options:

A.

Drive wiping

B.

Degaussing

C.

Purging

D.

Physical destruction

Question 3

A company has moved its sensitive workloads lo the cloud and needs to ensure high availability and resiliency of its web-based application. The cloud architecture team was given the following requirements

• The application must run at 70% capacity at all times

• The application must sustain DoS and DDoS attacks.

• Services must recover automatically.

Which of the following should the cloud architecture team implement? (Select THREE).

Options:

A.

Read-only replicas

B.

BCP

C.

Autoscaling

D.

WAF

E.

CDN

F.

Encryption

G.

Continuous snapshots

Question 4

A company is repeatedly being breached by hackers who valid credentials. The company’s Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?

Options:

A.

Implement strict three-factor authentication.

B.

Implement least privilege policies

C.

Switch to one-time or all user authorizations.

D.

Strengthen identify-proofing procedures

Question 5

Based on PCI DSS v3.4, One Particular database field can store data, but the data must be unreadable. which of the following data objects meets this requirement?

Options:

A.

PAN

B.

CVV2

C.

Cardholder name

D.

expiration date

Question 6

A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl');whois

Which of the following security controls would have alerted and prevented the next phase of the attack?

Options:

A.

Antivirus and UEBA

B.

Reverse proxy and sandbox

C.

EDR and application approved list

D.

Forward proxy and MFA

Question 7

A company is looking at sending historical backups containing customer PII to a cloud service provider to save on storage costs. Which of the following is the MOST important consideration before making this decision?

Options:

A.

Availability

B.

Data sovereignty

C.

Geography

D.

Vendor lock-in

Question 8

A software development company is building a new mobile application for its social media platform. The company wants to gain its Users' rust by reducing the risk of on-path attacks between the mobile client and its servers and

by implementing stronger digital trust. To support users’ trust, the company has released the following internal guidelines:

* Mobile clients should verify the identity of all social media servers locally.

* Social media servers should improve TLS performance of their certificate status.

* Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Options:

A.

Quick UDP internet connection

B.

OCSP stapling

C.

Private CA

D.

DNSSEC

E.

CRL

F.

HSTS

G.

Distributed object model

Question 9

A security analyst wants to keep track of alt outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT. which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?

Options:

A.

X-Forwarded-Proto

B.

X-Forwarded-For

C.

Cache-Control

D.

Strict-Transport-Security

E.

Content-Security-Policy

Question 10

Which of the following BEST sets expectation between the security team and business units within an organization?

Options:

A.

Risk assessment

B.

Memorandum of understanding

C.

Business impact analysis

D.

Business partnership agreement

E.

Services level agreement

Question 11

An organization is establishing a new software assurance program to vet applications before they are introduced into the production environment, Unfortunately. many Of the applications are provided only as compiled binaries. Which Of the following should the organization use to analyze these applications? (Select TWO).

Options:

A.

Regression testing

B.

SAST

C.

Third-party dependency management

D.

IDE SAST

E.

Fuzz testing

F.

IAST

Question 12

A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relationsemployee who has access to several of the compromised accounts. Subsequent antivirus scans of the device do not return an findings, but the CIRT finds undocumented services running on the device. Which of the following controls would reduce the discovery time for similar in the future.

Options:

A.

Implementing application blacklisting

B.

Configuring the mall to quarantine incoming attachment automatically

C.

Deploying host-based firewalls and shipping the logs to the SIEM

D.

Increasing the cadence for antivirus DAT updates to twice daily

Question 13

A cybersecurity analyst receives a ticket that indicates a potential incident is occurring. There has been a large in log files generated by a generated by a website containing a ‘’Contact US’’ form. The analyst must determine if the increase in website traffic is due to a recent marketing campaign of if this is a potential incident. Which of the following would BEST assist the analyst?

Options:

A.

Ensuring proper input validation is configured on the ‘’Contact US’’ form

B.

Deploy a WAF in front of the public website

C.

Checking for new rules from the inbound network IPS vendor

D.

Running the website log files through a log reduction and analysis tool

Question 14

An organization's finance system was recently attacked. A forensic analyst is reviewing the contents Of the compromised files for credit card data.

Which of the following commands should the analyst run to BEST determine whether financial data was lost?

Question # 14

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 15

A security engineer needs 10 implement a CASB to secure employee user web traffic. A Key requirement is mat relevant event data must be collected from existing on-premises infrastructure components and consumed by me CASB to expand traffic visibility. The solution must be nighty resilient to network outages. Which of the following architectural components would BEST meet these requirements?

Options:

A.

Log collection

B.

Reverse proxy

C.

AWAF

D.

API mode

Question 16

A bank is working with a security architect to find the BEST solution to detect database management system compromises. The solution should meet the following requirements:

♦ Work at the application layer

♦ Send alerts on attacks from both privileged and malicious users

♦ Have a very low false positive

Which of the following should the architect recommend?

Options:

A.

FIM

B.

WAF

C.

NIPS

D.

DAM

E.

UTM

Question 17

A review of the past year’s attack patterns shows that attackers stopped reconnaissance after finding a susceptible system to compromise. The company would like to find a way to use this information to protect the environment while still gaining valuable attack information.

Which of the following would be BEST for the company to implement?

Options:

A.

A WAF

B.

An IDS

C.

A SIEM

D.

A honeypot

Question 18

A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.

When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the ОТ network?

Options:

A.

Packets that are the wrong size or length

B.

Use of any non-DNP3 communication on a DNP3 port

C.

Multiple solicited responses over time

D.

Application of an unsupported encryption algorithm

Question 19

Users are reporting intermittent access issues with a new cloud application that was recently added to the network. Upon investigation, the security administrator notices the human resources department is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application. Which of the following MOST likely needs to be done to avoid this in the future?

Options:

A.

Modify the ACLS.

B.

Review the Active Directory.

C.

Update the marketing department's browser.

D.

Reconfigure the WAF.

Question 20

A company just released a new video card. Due to limited supply and nigh demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's Intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?

Options:

A.

InherentLow

B.

Mitigated

C.

Residual

D.

Transferred

Question 21

The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:

* Transaction being requested by unauthorized individuals.

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attackers using email to malware and ransomeware.

* Exfiltration of sensitive company information.

The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the boar’s concerns for this email migration?

Options:

A.

Data loss prevention

B.

Endpoint detection response

C.

SSL VPN

D.

Application whitelisting

Question 22

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.

Which of the following should the organization perform NEXT?

Options:

A.

Assess the residual risk.

B.

Update the organization’s threat model.

C.

Move to the next risk in the register.

D.

Recalculate the magnitude of impact.

Question 23

A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:

Question # 23

Which of the following meets the budget needs of the business?

Options:

A.

Filter ABC

B.

Filter XYZ

C.

Filter GHI

D.

Filter TUV

Question 24

Users are reporting intermittent access issues with & new cloud application that was recently added to the network. Upon investigation, he scary administrator notices the human resources department Is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application. Which of the following MOST likely needs to be done to avoid this in the future?

Options:

A.

Modify the ACLs.

B.

Review the Active Directory.

C.

Update the marketing department's browser.

D.

Reconfigure the WAF.

Question 25

A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:

Question # 25

As part of the image process, which of the following is the FIRST step the analyst should take?

Options:

A.

Block the email address carl b@comptia1 com, as it is sending spam to subject matter experts

B.

Validate the final "Received" header against the DNS entry of the domain.

C.

Compare the 'Return-Path" and "Received" fields.

D.

Ignore the emails, as SPF validation is successful, and it is a false positive

Question 26

You are a security analyst tasked with interpreting an Nmap scan output from company’s privileged network.

The company’s hardening guidelines indicate the following:

There should be one primary server or service per device.

Only default ports should be used.

Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:

The IP address of the device

The primary server or service of the device (Note that each IP should by associated with one service/port only)

The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question # 26

Question # 26

Options:

Question 27

A development team created a mobile application that contacts a company’s back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.

Which of the following would BEST safeguard the APIs? (Choose two.)

Options:

A.

Bot protection

B.

OAuth 2.0

C.

Input validation

D.

Autoscaling endpoints

E.

Rate limiting

F.

CSRF protection

Question 28

A security analyst at a global financial firm was reviewing the design of a cloud-based system to identify opportunities to improve the security of the architecture. The system was recently involved in a data breach after a vulnerability was exploited within a virtual machine's operating system. The analyst observed the VPC in which the system was located was not peered with the security VPC that contained the centralized vulnerability scanner due to the cloud provider's limitations. Which of the following is the BEST course of action to help prevent this situation m the near future?

Options:

A.

Establish cross-account trusts to connect all VPCs via API for secure configuration scanning.

B.

Migrate the system to another larger, top-tier cloud provider and leverage the additional VPC peering flexibility.

C.

Implement a centralized network gateway to bridge network traffic between all VPCs.

D.

Enable VPC traffic mirroring for all VPCs and aggregate the data for threat detection.

Question 29

Which of the following technologies allows CSPs to add encryption across multiple data storages?

Options:

A.

Symmetric encryption

B.

Homomorphic encryption

C.

Data dispersion

D.

Bit splitting

Question 30

A security analyst observes the following while looking through network traffic in a company's cloud log:

Question # 30

Which of the following steps should the security analyst take FIRST?

Options:

A.

Quarantine 10.0.5.52 and run a malware scan against the host.

B.

Access 10.0.5.52 via EDR and identify processes that have network connections.

C.

Isolate 10.0.50.6 via security groups.

D.

Investigate web logs on 10.0.50.6 to determine if this is normal traffic.

Question 31

A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP. Block is an except of output from the troubleshooting session:

Question # 31

Which of the following BEST explains why secure LDAP is not working? (Select TWO.)

Options:

A.

The clients may not trust idapt by default.

B.

The secure LDAP service is not started, so no connections can be made.

C.

Danvills.com is under a DDoS-inator attack and cannot respond to OCSP requests.

D.

Secure LDAP should be running on UDP rather than TCP.

E.

The company is using the wrong port. It should be using port 389 for secure LDAP.

F.

Secure LDAP does not support wildcard certificates.

G.

The clients may not trust Chicago by default.

Question 32

An organization is assessing the security posture of a new SaaS CRM system that handles sensitive Pll and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards. The assessment identifies the following:

1- There will be a $20,000 per day revenue loss for each day the system is delayed going into production.

2- The inherent risk is high.

3- The residual risk is low.

4- There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization's requirements?

Options:

A.

Apply for a security exemption, as the risk is too high to accept.

B.

Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.

C.

Accept the risk, as compensating controls have been implemented to manage the risk.

D.

Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.

Question 33

A municipal department receives telemetry data from a third-party provider The server collecting telemetry sits in the municipal departments screened network and accepts connections from the third party over HTTPS. The daemon has a code execution vulnerability from a lack of input sanitization of out-of-bound messages, and therefore, the cybersecurity engineers would like to Implement nsk mitigations. Which of the following actions, if combined, would BEST prevent exploitation of this vulnerability? (Select TWO).

Options:

A.

Implementing a TLS inspection proxy on-path to enable monitoring and policy enforcement

B.

Creating a Linux namespace on the telemetry server and adding to it the servicing HTTP daemon

C.

Installing and configuring filesystem integrity monitoring service on the telemetry server

D.

Implementing an EDR and alert on Identified privilege escalation attempts to the SIEM

E.

Subscribing to a UTM service that enforces privacy controls between the internal network and the screened subnet

F.

Using the published data schema to monitor and block off nominal telemetry messages

Question 34

A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by re reducing the risk of on-path attacks between the mobile client and its servers and

by implementing stronger digital trust. To support users’ trust, the company has released the following internal guidelines:

* Mobile clients should verify the identity of all social media servers locally.

* Social media servers should improve TLS performance of their certificate status.

+ Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Options:

A.

Quick UDP internet connection

B.

OCSP stapling

C.

Private CA

D.

DNSSEC

E.

CRL

F.

HSTS

G.

Distributed object model

Question 35

Company A is establishing a contractual with Company B. The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights. Which of the following documents will MOST likely contain these elements

Options:

A.

Company A-B SLA v2.docx

B.

Company A OLA v1b.docx

C.

Company A MSA v3.docx

D.

Company A MOU v1.docx

E.

Company A-B NDA v03.docx

Question 36

Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical according to CVSS to be fixed or mitigated. A security analyst notices that many vulnerabilities that were previously scored as medium are now breaching higher thresholds. Upon further investigation, the analyst notices certain ratings are not aligned with the approved system categorization. Which of the following can the analyst do to get a better picture of the risk while adhering to the organization's policy?

Options:

A.

Align the exploitability metrics to the predetermined system categorization.

B.

Align the remediation levels to the predetermined system categorization.

C.

Align the impact subscore requirements to the predetermined system categorization.

D.

Align the attack vectors to the predetermined system categorization.

Question 37

Which of the following controls primarily detects abuse of privilege but does not prevent it?

Options:

A.

Off-boarding

B.

Separation of duties

C.

Least privilege

D.

Job rotation

Question 38

An auditor needs to scan documents at rest for sensitive text. These documents contain both text and Images. Which of the following software functionalities must be enabled in the DLP solution for the auditor to be able to fully read these documents? (Select TWO).

Options:

A.

Document interpolation

B.

Regular expression pattern matching

C.

Optical character recognition functionality

D.

Baseline image matching

E.

Advanced rasterization

F.

Watermarking

Question 39

A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:

Question # 39

Which of the following MOST appropriate corrective action to document for this finding?

Options:

A.

The product owner should perform a business impact assessment regarding the ability to implement a WAF.

B.

The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.

C.

The system administrator should evaluate dependencies and perform upgrade as necessary.

D.

The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.

Question 40

A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company’s website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?

Options:

A.

Community cloud service model

B.

Multinency SaaS

C.

Single-tenancy SaaS

D.

On-premises cloud service model

Question 41

A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.

Which of the following offers an authoritative decision about whether the evidence was obtained legally?

Options:

A.

Lawyers

B.

Court

C.

Upper management team

D.

Police

Question 42

A developer implement the following code snippet.

Question # 42

Which of the following vulnerabilities does the code snippet resolve?

Options:

A.

SQL inject

B.

Buffer overflow

C.

Missing session limit

D.

Information leakage

Question 43

A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online. Which of the following be the FIRST step taken by the team?

Options:

A.

Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.

B.

Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

C.

Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.

D.

Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.

Question 44

The primary advantage of an organization creating and maintaining a vendor risk registry is to:

Options:

A.

define the risk assessment methodology.

B.

study a variety of risks and review the threat landscape.

C.

ensure that inventory of potential risk is maintained.

D.

ensure that all assets have low residual risk.

Question 45

A web application server is running a legacy operating system with an unpatched RCE (Remote Code Execution) vulnerability. The server cannot be upgraded until the corresponding application code is updated. Which of the following compensating controls would prevent successful exploitation?

Options:

A.

Segmentation

B.

CASB

C.

HIPS

D.

UEBA

Question 46

A security analyst is designing a touch screen device so users can gain entry into a locked room by touching buttons numbered zero through nine in a specific numerical sequence. The analyst designs thekeypad so that the numbers are randomly presented to the user each time the device is used. Which of the following best describes the design trade-offs? (Select two.)

Options:

A.

The risk of someone overseeing a pattern as a user enters the numbers is decreased.

B.

The routines to generate the random sequences are trivial to implement.

C.

This design makes entering numbers more difficult for users.

D.

The device needs to have additional power to compute the numbers.

E.

End users will have a more difficult time remembering the access numbers.

F.

Weak or easily guessed access numbers are more likely.

Question 47

A Chief Information Security Officer (CISO) reviewed data from a cyber exercise that examined all aspects of the company's response plan. Which of the following best describes what the CISO reviewed?

Options:

A.

An after-action report

B.

A tabletop exercise

C.

A system security plan

D.

A disaster recovery plan

Question 48

A company is developing a new service product offering that will involve the storage of personal health information. The Chief Information Security Officer (CISO) is researching the relevant compliance regulations. Which of the following best describes the CISO's action?

Options:

A.

Data retention

B.

Data classification

C.

Due diligence

D.

Reference framework

Question 49

A company reviews the regulatory requirements associated with a new product, and then company management elects to cancel production. Which of the following risk strategies is the company using in this scenario?

Options:

A.

Avoidance

B.

Mitigation

C.

Rejection

D.

Acceptance

Question 50

An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?

Options:

A.

Use over-the-air updates to replace the private key

B.

Manufacture a new loT device with a redesigned SoC

C.

Replace the public portion of the loT key on its servers

D.

Release a patch for the SoC software

Question 51

A major broadcasting company that requires continuous availability to streaming content needs to be resilient against DDoS attacks Which of the following is the MOST important infrastructure security design element to prevent an outage7

Options:

A.

Supporting heterogeneous architecture

B.

Leveraging content delivery network across multiple regions

C.

Ensuring cloud autoscaling is in place

D.

Scaling horizontally to handle increases in traffic

Question 52

A large organization is planning to migrate from on premises to the cloud. The Chief Information Security Officer (CISO) is concerned about security responsibilities. If the company decides to migrate to the cloud, which of the following describes who is responsible for the security of the new physical datacenter?

Options:

A.

Third-party assessor

B.

CSP

C.

Organization

D.

Shared responsibility

Question 53

The Chief Executive Officer of an online retailer notices a sudden drop in sales A security analyst at the retailer detects a redirection of unsecure web traffic to a competitor's site Which of the following would best prevent this type of attack?

Options:

A.

Enabling HSTS

B.

Configuring certificate pinning

C.

Enforcing DNSSEC

D.

Deploying certificate stapling

Question 54

A security team is concerned with attacks that are taking advantage of return-oriented programming against the company's public-facing applications. Which of the following should the company implement on the public-facing servers?

Options:

A.

IDS

B.

ASLR

C.

TPM

D.

HSM

Question 55

A security architect discovers the following page while testing a website for vulnerabilities:

404 - page not found: /gy67162

The page you have requested is no. avai.able on .his server.

Apache Tomcat 7.0.52

Which of the following best describes why this issue should be corrected?

Options:

A.

The website is generating a server error.

B.

The URL for this page can be used for directory traversal.

C.

The website fuzzing tool has overloaded the server's capacity.

D.

The information can be used for more targeted attacks.

Question 56

A company has been the target of LDAP injections, as well as brute-force, whaling, and spear-phishing attacks. The company is concerned about ensuring continued system access. The company has already implemented a SSO system with strong passwords. Which of the following additional controls should the company deploy?

Options:

A.

Two-factor authentication

B.

Identity proofing

C.

Challenge questions

D.

Live identity verification

Question 57

A forensics investigator is analyzing an executable file extracted from storage media that was submitted (or evidence The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file Which of the following should the investigator use while preserving evidence integrity?

Options:

A.

idd

B.

bcrypt

C.

SHA-3

D.

ssdeep

E.

dcfldd

Question 58

A company wants to reduce its backup storage requirement and is undertaking a data cleanup project. Which of the following should a security administrator consider first when determining which data should be deleted?

Options:

A.

Retention schedules

B.

Classification levels

C.

Sanitization requirements

D.

Data labels

E.

File size

Question 59

A software developer has been tasked with creating a unique threat detection mechanism that is based on machine learning. The information system for which the tool is being developed is on a rapid CI/CD pipeline, and the tool developer is considered a supplier to the process. Which of the following presents the most risk to the development life cycle and lo the ability to deliver the security tool on time?

Options:

A.

Deep learning language barriers

B.

Big Data processing required for maturity

C.

Secure, multiparty computation requirements

D.

Computing capabilities available to the developer

Question 60

A security administrator is setting up a virtualization solution that needs to run services from a single host. Each service should be the only one running in its environment. Each environment needs to have its own operating system as a base but share the kernel version and properties of the running host. Which of the following technologies would best meet these requirements?

Options:

A.

Containers

B.

Type 1 hypervisor

C.

Type 2 hypervisor

D.

Virtual desktop infrastructure

E.

Emulation

Question 61

A security engineer is assessing a legacy server and needs to determine if FTP is running and on which port The service cannot be turned off, as it would impact a critical application's ability to function. Which of the following commands would provide the information necessary to create a firewall rule to prevent that service from being exploited?

Options:

A.

service —status-ali I grep ftpd

B.

chkconfig --list

C.

neestat -tulpn

D.

systeactl list-unit-file —type service ftpd

E.

service ftpd. status

Question 62

A penetration tester inputs the following command:

Question # 62

This command will allow the penetration tester to establish a:

Options:

A.

port mirror

B.

network pivot

C.

reverse shell

D.

proxy chain

Question 63

A software developer created an application for a large, multinational company. The company is concerned the program code could be reverse engineered by a foreign entity and intellectual property would be lost. Which of the following techniques should be used to prevent this situation?

Options:

A.

Obfuscation

B.

Code signing

C.

Watermarking

D.

Digital certificates

Question 64

A security analyst and a DevOps engineer are working together to address configuration drifts in highly scalable systems that are leading to increased vulnerability findings. Which of the following recommendations would be best to eliminate this issue?

Options:

A.

Using a baseline configuration manager for deployment

B.

Deploying an immutable infrastructure through containers

C.

Eliminating false positives from the vulnerability scans

D.

Performing continuous audits of the patching status

Question 65

A company recently deployed new servers to create an additional cluster to support a new application. The corporate security policy states that all new servers must be resilient. The new cluster has a high-availability configuration for a smooth failover. The failover was successful following a recent power outage, but both clusters lost critical data, which impacted recovery time. Which of the following needs to be configured to help ensure minimal delays when power outages occur in the future?

Options:

A.

Replication

B.

Caching

C.

Containerization

D.

Redundancy

E.

High availability

Question 66

During a network defense engagement, a red team is able to edit the following registry key:

Question # 66

Which of the following tools is the red team using to perform this action?

Options:

A.

PowerShell

B.

SCAP scanner

C.

Network vulnerability scanner

D.

Fuzzer

Question 67

A security engineer is creating a single CSR for the following web server hostnames:

• wwwint internal

• www company com

• home.internal

• www internal

Which of the following would meet the requirement?

Options:

A.

SAN

B.

CN

C.

CA

D.

CRL

E.

Issuer

Question 68

A company purchased Burp Suite licenses this year for each application security engineer. The engineers have used Burp Suite to identify several issues with the company’s SaaS application. In the upcoming year, the Chief Information Security Officer would like to purchase additional tools to protect the SaaS product. Which of the following is the best option?

Options:

A.

DAST

B.

SAST

C.

IAST

D.

ZAP

Question 69

A user in the finance department uses a laptop to store a spreadsheet that contains confidential financial information for the company. Which of the following would be the best way to protect the file while the user brings the laptop between locations? (Select two).

Options:

A.

Encrypt the hard drive with full disk encryption.

B.

Back up the file to an encrypted flash drive.

C.

Place an ACL on the file to only allow access to specified users.

D.

Store the file in the user profile.

E.

Place an ACL on the file to deny access to everyone.

F.

Enable access logging on the file.

Question 70

A company that provides services to clients who work with highly sensitive data would like to provide assurance that the data’s confidentiality is maintained in a dynamic, low-risk environment. Which of the following would best achieve this goal? (Select two).

Options:

A.

Install a SOAR on all endpoints.

B.

Hash all files.

C.

Install SIEM within a SOC.

D.

Encrypt all data and files at rest, in transit, and in use.

E.

Configure SOAR to monitor and intercept files and data leaving the network.

F.

Implement file integrity monitoring.

Question 71

Application owners are reporting performance issues with traffic using port 1433 from the cloud environment. A security administrator has various pcap files to analyze the data between the related source and destination servers. Which of the following tools should be used to help troubleshoot the issue?

Options:

A.

Fuzz testing

B.

Wireless vulnerability scan

C.

Exploit framework

D.

Password cracker

E.

Protocol analyzer

Question 72

A company has retained the services of a consultant to perform a security assessment. As part of the assessment the consultant recommends engaging with others in the industry to collaborate in regards to emerging attacks Which of the following would best enable this activity?

Options:

A.

ISAC

B.

OSINT

C.

CVSS

D.

Threat modeling

Question 73

Which of the following is a security concern for DNP3?

Options:

A.

Free-form messages require support.

B.

Available function codes are not standardized.

C.

Authentication is not allocated.

D.

It is an open source protocol.

Question 74

After a server was compromised an incident responder looks at log files to determine the attack vector that was used The incident responder reviews the web server log files from the time before an unexpected SSH session began:

Question # 74

Which of the following is the most likely vulnerability that was exploited based on the log files?

Options:

A.

Directory traversal revealed the hashed SSH password, which was used to access the server.

B.

A SQL injection was used during the ordering process to compromise the database server

C.

The root password was easily guessed and used as a parameter lo open a reverse shell

D.

An outdated third-party PHP plug-in was vulnerable to a known remote code execution

Question 75

An ISP is receiving reports from a portion of its customers who state that typosquatting is occurring when they type in a portion of the URL for the ISP's website. The reports state that customers are being directed to an advertisement website that is asking for personal information.The security team has verified the DNS system is returning proper results and has no known lOCs. Which of the following should the security team implement to best mitigate this situation?

Options:

A.

DNSSEC

B.

DNS filtering

C.

Multifactor authentication

D.

Self-signed certificates

E.

Revocation of compromised certificates

Question 76

A security architect is reviewing the following organizational specifications for a new application:

• Be sessionless and API-based

• Accept uploaded documents with Pll, so all storage must be ephemeral

• Be able to scale on-demand across multiple nodes

• Restrict all network access except for the TLS port

Which of the following ways should the architect recommend the application be deployed in order to meet security and organizational infrastructure requirements?

Options:

A.

Utilizing the cloud container service

B.

On server instances with autoscaling groups

C.

Using scripted delivery

D.

With a content delivery network

Question 77

A user logged in to a web application. Later, a SOC analyst noticed the user logged in to systems after normal business hours. The end user confirms the log-ins after hours were unauthorized. Following an investigation, the SOC analyst determined that the web server was running an outdated version of OpenSSL. No other suspicious user log-ins were found. Which of the following describes what happened and how to fix it?

Options:

A.

A downgrade attack occurred. Any use of old, outdated software should be disallowed.

B.

The attacker obtained the systems' private keys. New key pairs must be generated.

C.

Malware is present on the client machine. A full OS needs to be reinstalled.

D.

The user fell for a phishing attack. The end user must attend security training.

Question 78

A regulated company is in the process of refreshing its entire infrastructure. The company has a business-critical process running on an old 2008 Windows server. If this server fails, the company would lose millions of dollars in revenue. Which of the following actions should the company take?

Options:

A.

Accept the risk as the cost of doing business.

B.

Create an organizational risk register for project prioritization.

C.

Implement network compensating controls.

D.

Purchase insurance to offset the cost if a failure occurred.

Question 79

A control systems analyst is reviewing the defensive posture of engineering workstations on the shop floor. Upon evaluation, the analyst makes the following observations:

• Unsupported, end-of-life operating systems were still prevalent on the shop floor.

• There are no security controls for systems with supported operating systems.

• There is little uniformity of installed software among the workstations.

Which of the following would have the greatest impact on the attack surface?

Options:

A.

Deploy antivirus software to all of the workstations.

B.

Increase the level of monitoring on the workstations.

C.

Utilize network-based allow and block lists.

D.

Harden all of the engineering workstations using a common strategy.

Question 80

An organization is rolling out a robust vulnerability management system to monitor SCADA devices on the network. Which of the following scan types should be used to monitor these system types?

Options:

A.

Web application

B.

Agent

C.

Passive

D.

Authenticated

Question 81

A security analyst is participating in a risk assessment and is helping to calculate the exposure factor associated with various systems and processes within the organization. Which of the following resources would be most useful to calculate the exposure factor in this scenario?

Options:

A.

Gap analysis

B.

Business impact analysis

C.

Risk register

D.

Information security policy

E.

Lessons learned

Question 82

An organization needs to classify its systems and data in accordance with external requirements. Which of the following roles is best qualified to perform this task?

Options:

A.

Systems administrator

B.

Data owner

C.

Data processor

D.

Data custodian

E.

Data steward

Question 83

Which of the following is the primary reason that a risk practitioner determines the security boundary prior to conducting a risk assessment?

Options:

A.

To determine the scope of the risk assessment

B.

To determine the business owner(s) of the system

C.

To decide between conducting a quantitative or qualitative analysis

D.

To determine which laws and regulations apply

Question 84

A software developer needs to add an authentication method to a web application. The following requirements must be met:

• The web application needs to use well-supported standards.

• The initial login to the web application should rely on an outside, trusted third party.

• The login needs to be maintained for up to six months.

Which of the following would best support these requirements? (Select two).

Options:

A.

SAML

B.

Kerberos

C.

JWT

D.

RADIUS

E.

EAP

F.

Remote attestation

Question 85

A security analyst received a report that a suspicious flash drive was picked up in the office's waiting area, located beyond the secured door. The analyst investigated the drive and found malware designed to harvest and transmit credentials. Security cameras in the area where the flash drive was discovered showed a vendor representative dropping the drive. Which of the following should the analyst recommend as an additional way to identify anyone who enters the building, in the event the camera system fails?

Options:

A.

Employee badge logs

B.

Phone call logs

C.

Vehicle registration logs

D.

Visitor logs

Question 86

A company is experiencing a large number of attempted network-based attacks against its online store. To determine the best course of action, a security analyst reviews the following logs.

Question # 86

Which of the following should the company do next to mitigate the risk of a compromise from these attacks?

Options:

A.

Restrict HTTP methods.

B.

Perform parameterized queries.

C.

Implement input sanitization.

D.

Validate content types.

Question 87

An organization is running its e-commerce site in the cloud. The capacity is sufficient to meet the organization's needs throughout most of the year, except during the holidays when the organization plans to introduce a new line of products and expects an increase in traffic. The organization is not sure how well its products will be received. To address this issue, the organization needs to ensure that:

* System capacity is optimized.

* Cost is reduced.

Which of the following should be implemented to address these requirements? (Select TWO).

Options:

A.

Containerization

B.

Load balancer

C.

Microsegmentation

D.

Autoscaling

E.

CDN

F.

WAF

Question 88

In order to authenticate employees who, call in remotely, a company's help desk staff must be able to view partial Information about employees because the full information may be considered sensitive. Which of the following solutions should be implemented to authenticate employees?

Options:

A.

Data scrubbing

B.

Field masking

C.

Encryption in transit

D.

Metadata

Question 89

A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in

the service being unavailable. V•Vh1ch of the following would BEST prevent this scenario from happening again?

Options:

A.

Performing routine tabletop exercises

B.

Implementing scheduled, full interruption tests

C.

Backing up system log reviews

D.

Performing department disaster recovery walk-throughs

Question 90

A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce. The security architect's key objectives are to:

• Maintain customer trust

• Minimize data leakage

• Ensure non-repudiation

Which of the following would be the BEST set of recommendations from the security architect?

Options:

A.

Enable the user authentication requirement, enable end-to-end encryption, and enable waiting rooms.

B.

Disable file exchange, enable watermarking, and enable the user authentication requirement.

C.

Enable end-to-end encryption, disable video recording, and disable file exchange.

D.

Enable watermarking, enable the user authentication requirement, and disable video recording.

Question 91

An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:

mbedTLS: ca certificate undefined

Which of the following is the root cause of this issue?

Options:

A.

iOS devices have an empty root certificate chain by default.

B.

OpenSSL is not configured to support PKCS#12 certificate files.

C.

The VPN client configuration is missing the CA private key.

D.

The iOS keychain imported only the client public and private keys.

Question 92

A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?

Options:

A.

The SD-WAN provider would not be able to handle the organization's bandwidth requirements.

B.

The operating costs of the MPLS network are too high for the organization.

C.

The SD-WAN provider uses a third party for support.

D.

Internal IT staff will not be able to properly support remote offices after the migration.

Question 93

A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following:

• The highest form Of web identity validation

• Encryption of all web transactions

• The strongest encryption in-transit

• Logical separation based on data sensitivity

Other things that should be considered include:

• The company operates multiple other websites that use encryption.

• The company wants to minimize total expenditure.

• The company wants to minimize complexity

Which of the following should the company implement on its new website? (Select TWO).

Options:

A.

Wildcard certificate

B.

EV certificate

C.

Mutual authentication

D.

Certificate pinning

E.

SSO

F.

HSTS

Question 94

A security consultant has been asked to recommend a secure network design that would:

• Permit an existing OPC server to communicate with a new Modbus server that is controlling electrical relays.

• Limit operational disruptions.

Due to the limitations within the Modbus protocol, which of the following configurations should the security engineer recommend as part of the solution?

Options:

A.

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 135.

B.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 102.

C.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 5000.

D.

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.

Question 95

A company wants to refactor a monolithic application to take advantage of cloud native services and service microsegmentation to secure sensitive application components. Which of the following should the company implement to ensure the architecture is portable?

Options:

A.

Virtualized emulators

B.

Type 2 hypervisors

C.

Orchestration

D.

Containerization

Question 96

Which of the following objectives BEST supports leveraging tabletop exercises in business continuity planning?

Options:

A.

Determine the optimal placement of hot/warm sites within the enterprise architecture.

B.

Create new processes for identified gaps in continuity planning.

C.

Establish new staff roles and responsibilities for continuity of operations.

D.

Assess the effectiveness of documented processes against a realistic scenario.

Question 97

Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?

Options:

A.

E-discovery

B.

Review analysis

C.

Information governance

D.

Chain of custody

Question 98

A new, online file hosting service is being offered. The service has the following security requirements:

• Threats to customer data integrity and availability should be remediated first.

• The environment should be dynamic to match increasing customer demands.

• The solution should not interfere with customers" ability to access their data at anytime.

• Security analysts should focus on high-risk items.

Which of the following would BEST satisfy the requirements?

Options:

A.

Expanding the use of IPS and NGFW devices throughout the environment

B.

Increasing the number of analysts to Identify risks that need remediation

C.

Implementing a SOAR solution to address known threats

D.

Integrating enterprise threat feeds in the existing SIEM

Question 99

Which of the following describes the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely?

Options:

A.

Key escrow

B.

TPM

C.

Trust models

D.

Code signing

Question 100

A local university that has a global footprint is undertaking a complete overhaul of its website and associated systems. Some of the requirements are:

• Handle an increase in customer demand of resources

• Provide quick and easy access to information

• Provide high-quality streaming media

• Create a user-friendly interface

Which of the following actions should be taken FIRST?

Options:

A.

Deploy high-availability web servers.

B.

Enhance network access controls.

C.

Implement a content delivery network.

D.

Migrate to a virtualized environment.

Question 101

To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within Its proprietary software. Which of the following should the company consider to maximize risk reduction from vulnerabilities introduced by OpenSSL?

Options:

A.

Include stable, long-term releases of third-party libraries instead of using newer versions.

B.

Ensure the third-party library implements the TLS and disable weak ciphers.

C.

Compile third-party libraries into the main code statically instead of using dynamic loading.

D.

Implement an ongoing, third-party software and library review and regression testing.

Question 102

The Chief Information Security Officer (CISO) is working with a new company and needs a legal “document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign?

Options:

A.

SLA

B.

ISA

C.

Permissions and access

D.

Rules of engagement

Question 103

An organization is looking to establish more robust security measures by implementing PKI. Which of the following should the security analyst implement when considering mutual authentication?

Options:

A.

Perfect forward secrecy on both endpoints

B.

Shared secret for both endpoints

C.

Public keys on both endpoints

D.

A common public key on each endpoint

E.

A common private key on each endpoint

Question 104

An organization established an agreement with a partner company for specialized help desk services. A senior security officer within the organization Is tasked with providing documentation required to set up a dedicated VPN between the two entities. Which of the following should be required?

Options:

A.

SLA

B.

ISA

C.

NDA

D.

MOU

Question 105

A cloud security architect has been tasked with finding a solution for hardening VMS. The solution must meet the following requirements:

• Data needs to be stored outside of the VMS.

• No unauthorized modifications to the VMS are allowed

• If a change needs to be done, a new VM needs to be deployed.

Which of the following is the BEST solution?

Options:

A.

Immutable system

B.

Data loss prevention

C.

Storage area network

D.

Baseline template

Question 106

A security engineer has been informed by the firewall team that a specific Windows workstation is part of a command-and-control network. The only information the security engineer is receiving is that

the traffic is occurring on a non-standard port (TCP 40322). Which of the following commands should the security engineer use FIRST to find the malicious process?

Options:

A.

tcpdump

B.

netstar

C.

tasklist

D.

traceroute

E.

ipconfig

Question 107

A client is adding scope to a project. Which of the following processes should be used when requesting updates or corrections to the client's systems?

Options:

A.

The implementation engineer requests direct approval from the systems engineer and the Chief Information Security Officer.

B.

The change control board must review and approve a submission.

C.

The information system security officer provides the systems engineer with the system updates.

D.

The security engineer asks the project manager to review the updates for the client's system.

Question 108

A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs

in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?

Options:

A.

Reviewing video from IP cameras within the facility

B.

Reconfiguring the SIEM connectors to collect data from the perimeter network hosts

C.

Implementing integrity checks on endpoint computing devices

D.

Looking for privileged credential reuse on the network

Question 109

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badgeto access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field.

Which of the following should the security team recommend FIRST?

Options:

A.

Investigating a potential threat identified in logs related to the identity management system

B.

Updating the identity management system to use discretionary access control

C.

Beginning research on two-factor authentication to later introduce into the identity management system

D.

Working with procurement and creating a requirements document to select a new IAM system/vendor

Question 110

An organization is moving its intellectual property data from on premises to a CSP and wants to secure the data from theft. Which of the following can be used to mitigate this risk?

Options:

A.

An additional layer of encryption

B.

A third-party data integrity monitoring solution

C.

A complete backup that is created before moving the data

D.

Additional application firewall rules specific to the migration

Question 111

Which of the following BEST describes a common use case for homomorphic encryption ?

Options:

A.

Processing data on a server after decrypting in order to prevent unauthorized access in transit

B.

Maintaining the confidentiality of data both at rest and in transit to and from a CSP for processing

C.

Transmitting confidential data to a CSP for processing on a large number of resources without revealing information

D.

Storing proprietary data across multiple nodes in a private cloud to prevent access by unauthenticated users

Question 112

A hospitality company experienced a data breach that included customer Pll. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service. Which of the following is the BEST solution to help prevent this type of attack in the future?

Options:

A.

NGFW for web traffic inspection and activity monitoring

B.

CSPM for application configuration control

C.

Targeted employee training and awareness exercises

D.

CASB for OAuth application permission control

Question 113

In a shared responsibility model for PaaS, which of the following is a customer's responsibility?

Options:

A.

Network security

B.

Physical security

C.

OS security

D.

Host infrastructure

Question 114

A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are:

* www.mycompany.org

* www.mycompany.com

* campus.mycompany.com

* wiki. mycompany.org

The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the BEST solution?

Options:

A.

Purchase one SAN certificate.

B.

Implement self-signed certificates.

C.

Purchase one certificate for each website.

D.

Purchase one wildcard certificate.

Question 115

In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:

Options:

A.

cloud-native applications.

B.

containerization.

C.

serverless configurations.

D.

software-defined netWorking.

E.

secure access service edge.

Question 116

An administrator at a software development company would like to protect the integrity of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the

signature failing?

Options:

A.

The NTP server is set incorrectly for the developers

B.

The CA has included the certificate in its CRL.

C.

The certificate is set for the wrong key usage.

D.

Each application is missing a SAN or wildcard entry on the certificate

Question 117

A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability. Which of the following would BEST resolve and mitigate the issue? (Select TWO).

Options:

A.

Deploying a WAF signature

B.

Fixing the PHP code

C.

Changing the web server from HTTPS to HTTP

D.

UsingSSLv3

E.

Changing the code from PHP to ColdFusion

F.

Updating the OpenSSL library

Question 118

A security architect recommends replacing the company’s monolithic software application with a containerized solution. Historically, secrets have been stored in the application's configuration files. Which of the following changes should the security architect make in the new system?

Options:

A.

Use a secrets management tool.

B.

‘Save secrets in key escrow.

C.

Store the secrets inside the Dockerfiles.

D.

Run all Dockerfles in a randomized namespace.

Question 119

A security manager wants to transition the organization to a zero trust architecture. To meet this requirement, the security manager has instructed administrators to remove trusted zones, role-based access, and one-time authentication. Which of the following will need to be implemented to achieve this objective? (Select THREE).

Options:

A.

Least privilege

B.

VPN

C.

Policy automation

D.

PKI

E.

Firewall

F.

Continuous validation

G.

Continuous integration

Question 120

Company A acquired Company B. During an initial assessment, the companies discover they are using the same SSO system. To help users with the transition, Company A is requiring the following:

• Before the merger is complete, users from both companies should use a single set of usernames and passwords.

• Users in the same departments should have the same set of rights and privileges, but they should have different sets of rights and privileges if they have different IPs.

• Users from Company B should be able to access Company A's available resources.

Which of the following are the BEST solutions? (Select TWO).

Options:

A.

Installing new Group Policy Object policies

B.

Establishing one-way trust from Company B to Company A

C.

Enabling multifactor authentication

D.

Implementing attribute-based access control

E.

Installing Company A's Kerberos systems in Company B's network

F.

Updating login scripts

Question 121

A security consultant is designing an infrastructure security solution for a client company that has provided the following requirements:

• Access to critical web services at the edge must be redundant and highly available.

• Secure access services must be resilient to a proprietary zero-day vulnerability in a single component.

• Automated transition of secure access solutions must be able to be triggered by defined events or manually by security operations staff.

Which of the following solutions BEST meets these requirements?

Options:

A.

Implementation of multiple IPSec VPN solutions with diverse endpoint configurations enabling user optionality in the selection of a remote access provider

B.

Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks.

C.

Two separate secure access solutions orchestrated by SOAR with components provided by the same vendor for compatibility.

D.

Reverse TLS proxy configuration using OpenVPN/OpenSSL with scripted failover functionality that connects critical web services out to endpoint computers.

Question 122

The CI/CD pipeline requires code to have close to zero defects and zero vulnerabilities. The current process for any code releases into production uses two-week Agile sprints. Which of the following would BEST meet the requirement?

Options:

A.

An open-source automation server

B.

A static code analyzer

C.

Trusted open-source libraries

D.

A single code repository for all developers

Question 123

An organization is in frequent litigation and has a large number of legal holds. Which of the following types of functionality should the organization's new email system provide?

Options:

A.

DLP

B.

Encryption

C.

E-discovery

D.

Privacy-level agreements

Question 124

A mobile administrator is reviewing the following mobile device DHCP logs to ensure the proper mobile settings are applied to managed devices:

Question # 124

Which of the following mobile configuration settings is the mobile administrator verifying?

Options:

A.

Service set identifier authentication

B.

Wireless network auto joining

C.

802.1X with mutual authentication

D.

Association MAC address randomization

Question 125

A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires:

• All remote devices to have up-to-date antivirus

• An up-to-date and patched OS

Which of the following technologies should the company deploy to meet its security objectives? (Select TWO)_

Options:

A.

NAC

B.

WAF

C.

NIDS

D.

Reverse proxy

E.

NGFW

F.

Bastion host

Question 126

A CSP, which wants to compete in the market, has been approaching companies in an attempt to gain business. The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following would be the MOST significant business risk to a company that signs a contract with this CSP?

Options:

A.

Resource exhaustion

B.

Geographic location

C.

Control plane breach

D.

Vendor lock-in

Question 127

The Chief Information Security Officer is concerned about the possibility of employees downloading ‘malicious files from the internet and ‘opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk?

Options:

A.

Integrate the web proxy with threat intelligence feeds.

B.

Scan all downloads using an antivirus engine on the web proxy.

C.

Block known malware sites on the web proxy.

D.

Execute the files in the sandbox on the web proxy.

Question 128

A consultant needs access to a customer's cloud environment. The customer wants to enforce the following engagement requirements:

• All customer data must remain under the control of the customer at all times.

• Third-party access to the customer environment must be controlled by the customer.

• Authentication credentials and access control must be under the customer's control.

Which of the following should the consultant do to ensure all customer requirements are satisfied when accessing the cloud environment?

Options:

A.

use the customer's SSO with read-only credentials and share data using the customer's provisioned secure network storage

B.

use the customer-provided VDI solution to perform work on the customer's environment.

C.

Provide code snippets to the customer and have the customer run code and securely deliver its output

D.

Request API credentials from the customer and only use API calls to access the customer's environment.

Question 129

A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer

facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead

and be resistant to offline password attacks. Which of the following should the security consultant recommend?

Options:

A.

WPA2-Preshared Key

B.

WPA3-Enterprise

C.

WPA3-Personal

D.

WPA2-Enterprise

Question 130

A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.

Which of the following is the BEST solution to meet these objectives?

Options:

A.

Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.

B.

Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.

C.

Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.

D.

Implement EDR, keep users in the local administrators group, and enable user behavior analytics.

Question 131

A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.

Which of the following would be BEST for the developer to perform? (Choose two.)

Options:

A.

Utilize code signing by a trusted third party.

B.

Implement certificate-based authentication.

C.

Verify MD5 hashes.

D.

Compress the program with a password.

E.

Encrypt with 3DES.

F.

Make the DACL read-only.

Question 132

A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:

Unauthorized insertions into application development environments

Authorized insiders making unauthorized changes to environment configurations

Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

Options:

A.

Perform static code analysis of committed code and generate summary reports.

B.

Implement an XML gateway and monitor for policy violations.

C.

Monitor dependency management tools and report on susceptible third-party libraries.

D.

Install an IDS on the development subnet and passively monitor for vulnerable services.

E.

Model user behavior and monitor for deviations from normal.

F.

Continuously monitor code commits to repositories and generate summary logs.

Question 133

While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.

Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

Options:

A.

Pay the ransom within 48 hours.

B.

Isolate the servers to prevent the spread.

C.

Notify law enforcement.

D.

Request that the affected servers be restored immediately.

Question 134

An organization recently experienced a ransomware attack. The security team leader is concerned about the attack reoccurring. However, no further security measures have been implemented.

Which of the following processes can be used to identify potential prevention recommendations?

Options:

A.

Detection

B.

Remediation

C.

Preparation

D.

Recovery

Question 135

A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.

Which of the following actions would BEST address the potential risks by the activity in the logs?

Options:

A.

Alerting the misconfigured service account password

B.

Modifying the AllowUsers configuration directive

C.

Restricting external port 22 access

D.

Implementing host-key preferences

Question 136

An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:

Unstructured data being exfiltrated after an employee leaves the organization

Data being exfiltrated as a result of compromised credentials

Sensitive information in emails being exfiltrated

Which of the following solutions should the security team implement to mitigate the risk of data loss?

Options:

A.

Mobile device management, remote wipe, and data loss detection

B.

Conditional access, DoH, and full disk encryption

C.

Mobile application management, MFA, and DRM

D.

Certificates, DLP, and geofencing

Question 137

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.

Which of the following would BEST secure the company’s CI/CD pipeline?

Options:

A.

Utilizing a trusted secrets manager

B.

Performing DAST on a weekly basis

C.

Introducing the use of container orchestration

D.

Deploying instance tagging

Question 138

An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.

Which of the following historian server locations will allow the business to get the required reports in an ОТ and IT environment?

Options:

A.

In the ОТ environment, use a VPN from the IT environment into the ОТ environment.

B.

In the ОТ environment, allow IT traffic into the ОТ environment.

C.

In the IT environment, allow PLCs to send data from the ОТ environment to the IT environment.

D.

Use a screened subnet between the ОТ and IT environments.

Question 139

An organization’s hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.

Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?

Options:

A.

Deploy a SOAR tool.

B.

Modify user password history and length requirements.

C.

Apply new isolation and segmentation schemes.

D.

Implement decoy files on adjacent hosts.

Question 140

A company is preparing to deploy a global service.

Which of the following must the company do to ensure GDPR compliance? (Choose two.)

Options:

A.

Inform users regarding what data is stored.

B.

Provide opt-in/out for marketing messages.

C.

Provide data deletion capabilities.

D.

Provide optional data encryption.

E.

Grant data access to third parties.

F.

Provide alternative authentication techniques.

Question 141

Device event logs sources from MDM software as follows:

Question # 141

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

Options:

A.

Malicious installation of an application; change the MDM configuration to remove application ID 1220.

B.

Resource leak; recover the device for analysis and clean up the local storage.

C.

Impossible travel; disable the device’s account and access while investigating.

D.

Falsified status reporting; remotely wipe the device.

Question 142

A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.

Question # 142

Based on the output above, from which of the following process IDs can the analyst begin an investigation?

Options:

A.

65

B.

77

C.

83

D.

87

Question 143

An organization is implementing a new identity and access management architecture with the following objectives:

Supporting MFA against on-premises infrastructure

Improving the user experience by integrating with SaaS applications

Applying risk-based policies based on location

Performing just-in-time provisioning

Which of the following authentication protocols should the organization implement to support these requirements?

Options:

A.

Kerberos and TACACS

B.

SAML and RADIUS

C.

OAuth and OpenID

D.

OTP and 802.1X

Question 144

Which of the following are risks associated with vendor lock-in? (Choose two.)

Options:

A.

The client can seamlessly move data.

B.

The vendor can change product offerings.

C.

The client receives a sufficient level of service.

D.

The client experiences decreased quality of service.

E.

The client can leverage a multicloud approach.

F.

The client experiences increased interoperability.

Question 145

A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization.

Which of the following actions would BEST resolve the issue? (Choose two.)

Options:

A.

Conduct input sanitization.

B.

Deploy a SIEM.

C.

Use containers.

D.

Patch the OS

E.

Deploy a WAF.

F.

Deploy a reverse proxy

G.

Deploy an IDS.

Question 146

Question # 146

An organization is planning for disaster recovery and continuity of operations.

INSTRUCTIONS

Review the following scenarios and instructions. Match each relevant finding to the affected host.

After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Each finding may be used more than once.

If at any time you would like to bring back the initial state of the simul-ation, please click the Reset All button.

Options:

Question 147

A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.

Which of the following would provide the BEST boot loader protection?

Options:

A.

TPM

B.

HSM

C.

PKI

D.

UEFI/BIOS

Question 148

A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered data. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements.

Which of the following would MOST likely help the company gain consensus to move the data to the cloud?

Options:

A.

Designing data protection schemes to mitigate the risk of loss due to multitenancy

B.

Implementing redundant stores and services across diverse CSPs for high availability

C.

Emulating OS and hardware architectures to blur operations from CSP view

D.

Purchasing managed FIM services to alert on detected modifications to covered data

Question 149

An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.

Which of the following describes the administrator’s discovery?

Options:

A.

A vulnerability

B.

A threat

C.

A breach

D.

A risk

Question 150

A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.

Which of the following sources could the architect consult to address this security concern?

Options:

A.

SDLC

B.

OVAL

C.

IEEE

D.

OWASP

Question 151

A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application.

Which of the following is the MOST likely cause?

Options:

A.

The user agent client is not compatible with the WAF.

B.

A certificate on the WAF is expired.

C.

HTTP traffic is not forwarding to HTTPS to decrypt.

D.

Old, vulnerable cipher suites are still being used.

Question 152

Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity?

Options:

A.

Key sharing

B.

Key distribution

C.

Key recovery

D.

Key escrow

Question 153

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.

Which of the following should the security team recommend FIRST?

Options:

A.

Investigating a potential threat identified in logs related to the identity management system

B.

Updating the identity management system to use discretionary access control

C.

Beginning research on two-factor authentication to later introduce into the identity management system

D.

Working with procurement and creating a requirements document to select a new IAM system/vendor

Question 154

A company publishes several APIs for customers and is required to use keys to segregate customer data sets.

Which of the following would be BEST to use to store customer keys?

Options:

A.

A trusted platform module

B.

A hardware security module

C.

A localized key store

D.

A public key infrastructure

Question 155

A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate traffic.

Which of the following would satisfy the requirement?

Options:

A.

NIDS

B.

NIPS

C.

WAF

D.

Reverse proxy

Question 156

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

Options:

A.

The company will have access to the latest version to continue development.

B.

The company will be able to force the third-party developer to continue support.

C.

The company will be able to manage the third-party developer’s development process.

D.

The company will be paid by the third-party developer to hire a new development team.

Question 157

An organization wants to perform a scan of all its systems against best practice security configurations.

Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machine-readable checklist format for fill automation? (Choose two.)

Options:

A.

ARF

B.

XCCDF

C.

CPE

D.

CVE

E.

CVSS

F.

OVAL

Question 158

A Chief Information Officer is considering migrating all company data to the cloud to save money on expensive SAN storage.

Which of the following is a security concern that will MOST likely need to be addressed during migration?

Options:

A.

Latency

B.

Data exposure

C.

Data loss

D.

Data dispersion

Question 159

An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue.

Which of the following is the MOST cost-effective solution?

Options:

A.

Move the server to a cloud provider.

B.

Change the operating system.

C.

Buy a new server and create an active-active cluster.

D.

Upgrade the server with a new one.

Question 160

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:

Only users with corporate-owned devices can directly access servers hosted by the cloud provider.

The company can control what SaaS applications each individual user can access.

User browser activity can be monitored.

Which of the following solutions would BEST meet these requirements?

Options:

A.

IAM gateway, MDM, and reverse proxy

B.

VPN, CASB, and secure web gateway

C.

SSL tunnel, DLP, and host-based firewall

D.

API gateway, UEM, and forward proxy

Question 161

A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.

Which of the following techniques would be BEST suited for this requirement?

Options:

A.

Deploy SOAR utilities and runbooks.

B.

Replace the associated hardware.

C.

Provide the contractors with direct access to satellite telemetry data.

D.

Reduce link latency on the affected ground and satellite segments.

Question 162

Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

Options:

A.

Lattice-based cryptography

B.

Quantum computing

C.

Asymmetric cryptography

D.

Homomorphic encryption

Question 163

An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items.

Which of the following phases establishes the identification and prioritization of critical systems and functions?

Options:

A.

Review a recent gap analysis.

B.

Perform a cost-benefit analysis.

C.

Conduct a business impact analysis.

D.

Develop an exposure factor matrix.

Question 164

A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services.

Which of the following should be modified to prevent the issue from reoccurring?

Options:

A.

Recovery point objective

B.

Recovery time objective

C.

Mission-essential functions

D.

Recovery service level

Question 165

A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.

Which of the following encryption methods should the cloud security engineer select during the implementation phase?

Options:

A.

Instance-based

B.

Storage-based

C.

Proxy-based

D.

Array controller-based

Question 166

A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.

Which of the following should the company use to prevent data theft?

Options:

A.

Watermarking

B.

DRM

C.

NDA

D.

Access logging

Question 167

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

Leaked to the media via printing of the documents

Sent to a personal email address

Accessed and viewed by systems administrators

Uploaded to a file storage site

Which of the following would mitigate the department’s concerns?

Options:

A.

Data loss detection, reverse proxy, EDR, and PGP

B.

VDI, proxy, CASB, and DRM

C.

Watermarking, forward proxy, DLP, and MFA

D.

Proxy, secure VPN, endpoint encryption, and AV

Question 168

Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?

Options:

A.

Importing the availability of messages

B.

Ensuring non-repudiation of messages

C.

Enforcing protocol conformance for messages

D.

Assuring the integrity of messages

Question 169

A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:

Question # 169

Which of the following ciphers should the security analyst remove to support the business requirements?

Options:

A.

TLS_AES_128_CCM_8_SHA256

B.

TLS_DHE_DSS_WITH_RC4_128_SHA

C.

TLS_CHACHA20_POLY1305_SHA256

D.

TLS_AES_128_GCM_SHA256

Question 170

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

Options:

A.

0.5

B.

8

C.

50

D.

36,500

Question 171

A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements:

https://i.postimg.cc/8P9sB3zx/image.png

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

Options:

A.

TPM

B.

Local secure password file

C.

MFA

D.

Key vault

Page: 1 / 57
Total 571 questions