Month End Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

CompTIA CAS-005 CompTIA SecurityX Certification Exam Exam Practice Test

Page: 1 / 20
Total 199 questions

CompTIA SecurityX Certification Exam Questions and Answers

Question 1

A company’sSIEMis designed to associate the company’sasset inventorywith user events. Given the following report:

Question # 1

Which of the following should asecurity engineer investigate firstas part of alog audit?

Options:

A.

Anendpointthat is not submitting any logs

B.

Potential activity indicating an attackermoving laterally in the network

C.

Amisconfigured syslog servercreating false negatives

D.

Unauthorized usage attempts of the administrator account

Question 2

An organization that performs real-time financial processing is implementing a new backup solution. Given the following business requirements:

    The backup solution must reduce the risk of potential backup compromise.

    The backup solution must be resilient to a ransomware attack.

    The time to restore from backups is less important than backup data integrity.

    Multiple copies of production data must be maintained.

Which of the following backup strategies best meets these requirements?

Options:

A.

Creating a secondary, immutable database and adding live data on a continuous basis

B.

Utilizing two connected storage arrays and ensuring the arrays constantly sync

C.

Enabling remote journaling on the databases to ensure real-time transactions are mirrored

D.

Setting up anti-tampering on the databases to ensure data cannot be changed unintentionally

Question 3

A security administrator needs to automate alerting. The server generates structured log files that need to be parsed to determine whether an alarm has been triggered Given the following code function:

Question # 3

Which of the following is most likely the log input that the code will parse?

A)

Question # 3

B)

Question # 3

C)

Question # 3

D)

Question # 3

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 4

A company hosts a platform-as-a-service solution with a web-based front end, through which customer interact with data sets. A security administrator needs to deploy controls to prevent application-focused attacks. Which of the following most directly supports the administrator's objective'

Options:

A.

improving security dashboard visualization on SIEM

B.

Rotating API access and authorization keys every two months

C.

Implementing application toad balancing and cross-region availability

D.

Creating WAF policies for relevant programming languages

Question 5

Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole. Which of the following is the best way to achieve this goal? (Select two).

Implementing DLP controls preventing sensitive data from leaving Company B's network

Options:

A.

Documenting third-party connections used by Company B

B.

Reviewing the privacy policies currently adopted by Company B

C.

Requiring data sensitivity labeling tor all files shared with Company B

D.

Forcing a password reset requiring more stringent passwords for users on Company B's network

E.

Performing an architectural review of Company B's network

Question 6

A company's security policy states that any publicly available server must be patched within 12 hours after a patch is released A recent llS zero-day vulnerability was discovered that affects all versions of the Windows Server OS:

Question # 6

Which of the following hosts should a security analyst patch first once a patch is available?

Options:

A.

1

B.

2

C.

3

D.

4

E.

5

F.

6

Question 7

An organization is required to

* Respond to internal and external inquiries in a timely manner

* Provide transparency.

* Comply with regulatory requirements

The organization has not experienced any reportable breaches but wants to be prepared if a breach occurs in the future. Which of the following is the best way for the organization to prepare?

Options:

A.

Outsourcing the handling of necessary regulatory filing to an external consultant

B.

Integrating automated response mechanisms into the data subject access request process

C.

Developing communication templates that have been vetted by internal and external counsel

D.

Conducting lessons-learned activities and integrating observations into the crisis management plan

Question 8

An external threat actor attacks public infrastructure providers. In response to the attack and during follow-up activities, various providers share information obtained during response efforts. After the attack, energy sector companies share their status and response data:

Company

SIEM

UEBA

DLP

ISAC Member

TIP Integration

Time to Detect

Time to Respond

1

Yes

No

Yes

Yes

Yes

10 minutes

20 minutes

2

Yes

Yes

Yes

Yes

No

20 minutes

40 minutes

3

Yes

Yes

No

No

Yes

12 minutes

24 minutes

Which of the following is the most important issue to address to defend against future attacks?

Options:

A.

Failure to implement a UEBA system

B.

Failure to implement a DLP system

C.

Failure to join the industry ISAC

D.

Failure to integrate with the TIP

Question 9

A company isolated its OT systems from other areas of the corporate network These systems are required to report usage information over the internet to the vendor Which oi the following b*st reduces the risk of compromise or sabotage' (Select two).

Options:

A.

Implementing allow lists

B.

Monitoring network behavior

C.

Encrypting data at rest

D.

Performing boot Integrity checks

E.

Executing daily health checks

F.

Implementing a site-to-site IPSec VPN

Question 10

A security engineer wants to reduce the attack surface of a public-facing containerized application Which of the following will best reduce the application's privilege escalation attack surface?

Options:

A.

Implementing the following commands in the Dockerfile:RUN echo user:x:1000:1000iuser:/home/user:/dew/null > /ete/passwd

B.

Installing an EDR on the container's host with reporting configured to log to a centralized SIFM and Implementing the followingalerting rules TF PBOCESS_USEB=rooC ALERT_TYPE=critical

C.

Designing a muiticontainer solution, with one set of containers that runs the mam application, and another set oi containers that perform automatic remediation by replacing compromised containers or disabling compromised accounts

D.

Running the container in an isolated network and placing a load balancer in a public-facing network. Adding the following ACL to the load balancer:PZRKZI HTTES from 0-0.0.0.0/0 pert 443

Question 11

A compliance officer is reviewing the data sovereignty laws in several countries where the organization has no presence Which of the following is the most likely reason for reviewing these laws?

Options:

A.

The organization is performing due diligence of potential tax issues.

B.

The organization has been subject to legal proceedings in countries where it has a presence.

C.

The organization is concerned with new regulatory enforcement in other countries

D.

The organization has suffered brand reputation damage from incorrect media coverage

Question 12

A company reduced its staff 60 days ago, and applications are now starting to fail. The security analyst is investigating to determine if there is malicious intent for the application failures. The security analyst reviews the following logs:

Mar 5 22:09:50 akj3 sshd[21502]: Success login for userOl from 192.168.2.5

Mar 5 22:10:00 akj3 sshd[21502]: Failed login for userID from 192.168.2.5

Which of the following is the most likely reason for the application failures?

Options:

A.

The user’s account was set as a service account.

B.

The user's home directory was deleted.

C.

The user does not have sudo access.

D.

The root password has been changed.

Question 13

An external SaaS solution user reports a bug associated with the role-based access control module. This bug allows users to bypass system logic associated with client segmentation in the multitenant deployment model. When assessing the bug report, the developer finds that the same bug was previously identified and addressed in an earlier release. The developer then determines the bug was reintroduced when an existing software component was integrated from a prior version of the platform. Which of the following is the best way to prevent this scenario?

Options:

A.

Regression testing

B.

Code signing

C.

Automated test and retest

D.

User acceptance testing

E.

Software composition analysis

Question 14

Which of the following best describes the reason a network architect would enable forward secrecy on all VPN tunnels?

Options:

A.

This process is a requirement to enable hardware-accelerated cryptography.

B.

This process reduces the success of attackers performing cryptanalysis.

C.

The business requirements state that confidentiality is a critical success factor.

D.

Modern cryptographic protocols list this process as a prerequisite for use.

Question 15

Users are experiencing a variety of issues when trying to access corporate resources examples include

• Connectivity issues between local computers and file servers within branch offices

• Inability to download corporate applications on mobile endpoints wtiilc working remotely

• Certificate errors when accessing internal web applications

Which of the following actions are the most relevant when troubleshooting the reported issues? (Select two).

Options:

A.

Review VPN throughput

B.

Check IPS rules

C.

Restore static content on lite CDN.

D.

Enable secure authentication using NAC

E.

Implement advanced WAF rules.

F.

Validate MDM asset compliance

Question 16

A security engineer wants to stay up-to-date on new detections that are released on a regular basis. The engineer's organization uses multiple tools rather than one specific vendor security stack. Which of the following rule-based languages is the most appropriate to use as a baseline for detection rules with the multiple security tool setup?

Options:

A.

Sigma

B.

YARA

C.

Snort

D.

Rita

Question 17

A hospital provides tablets to its medical staff to enable them to more quickly access and edit patients' charts. The hospital wants to ensure that if a tablet is identified as lost or stolen and a remote command is issued, the risk of data loss can be mitigated within seconds. The tablets are configured as follows:

• Full disk encryption is enabled.

• "Always On" corporate VPN is enabled.

• eFuse-backed keystore is enabled.

• Wi-Fi 6 is configured with SAE.

• Location services is disabled.

• Application allow list is unconfigured.

Assuming the hospital policy cannot be changed, which of the following is the best way to meet the hospital's objective?

Options:

A.

Revoke the user VPN and Wi-Fi certificates

B.

Cryptographically erase FDE volumes

C.

Issue new MFA credentials to all users

D.

Configure the application allow list

Question 18

A product development team has submitted code snippets for review prior to release.

INSTRUCTIONS

Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

Code Snippet 1

Question # 18

Code Snippet 2

Question # 18

Vulnerability 1:

SQL injection

Cross-site request forgery

Server-side request forgery

Indirect object reference

Cross-site scripting

Fix 1:

Perform input sanitization of the userid field.

Perform output encoding of queryResponse,

Ensure usex:ia belongs to logged-in user.

Inspect URLS and disallow arbitrary requests.

Implement anti-forgery tokens.

Vulnerability 2

1) Denial of service

2) Command injection

3) SQL injection

4) Authorization bypass

5) Credentials passed via GET

Fix 2

A) Implement prepared statements and bind

variables.

B) Remove the serve_forever instruction.

C) Prevent the "authenticated" value from being overridden by a GET parameter.

D) HTTP POST should be used for sensitive parameters.

E) Perform input sanitization of the userid field.

Options:

Question 19

A software company deployed a new application based on its internal code repository Several customers are reporting anti-malware alerts on workstations used to test the application Which of the following is the most likely cause of the alerts?

Options:

A.

Misconfigured code commit

B.

Unsecure bundled libraries

C.

Invalid code signing certificate

D.

Data leakage

Question 20

A security architect must make sure that the least number of services as possible is exposed in order to limit an adversary's ability to access the systems. Which of the following should the architect do first?

Options:

A.

Enforce Secure Boot.

B.

Perform attack surface reduction.

C.

Disable third-party integrations.

D.

Limit access to the systems.

Question 21

A security architect is mitigating a vulnerability that previously led to a web application data breach. An analysis into the root cause of the issue finds the following:

    An administrator’s account was hijacked and used on several Autonomous System Numbers within 30 minutes.

    All administrators use named accounts that require multifactor authentication.

    Single sign-on is used for all company applications.Which of the following should the security architect do to mitigate the issue?

Options:

A.

Configure token theft detection on the single sign-on system with automatic account lockouts.

B.

Enable context-based authentication when network locations change on administrator login attempts.

C.

Decentralize administrator accounts and force unique passwords for each application.

D.

Enforce biometric authentication requirements for the administrator’s named accounts.

Question 22

A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not normally send traffic to those sites. The technician will define this threat as:

Options:

A.

A decrypting RSA using an obsolete and weakened encryption attack.

B.

A zero-day attack.

C.

An advanced persistent threat.

D.

An on-path attack.

Question 23

During a recentsecurity event, access from thenon-production environment to the production environmentenabledunauthorized usersto:

    Installunapproved software

    Makeunplanned configuration changes

During theinvestigation, the following findings were identified:

    Several new users were added in bulkby theIAM team

    Additionalfirewalls and routerswere recently added

    Vulnerability assessmentshave been disabled formore than 30 days

    Theapplication allow listhas not been modified intwo weeks

    Logs were unavailablefor various types of traffic

    Endpoints have not been patchedinover ten days

Which of the following actions would most likely need to be taken toensure proper monitoring?(Select two)

Options:

A.

Disable bulk user creationsby the IAM team

B.

Extend log retention for all security and network devices to180 daysfor all traffic

C.

Review the application allow listdaily

D.

Routinely update allendpoints and network devicesas soon as new patches/hot fixes are available

E.

Ensure allnetwork and security devicesare sending relevant data to theSIEM

F.

Configure firewall rules toonly allow production-to-non-productiontraffic

Question 24

A company lined an email service provider called my-email.com to deliver company emails. The company stalled having several issues during the migration. A security engineer is troubleshooting and observes the following configuration snippet:

Question # 24

Which of the following should the security engineer modify to fix the issue? (Select two).

Options:

A.

The email CNAME record must be changed to a type A record pointing to 192.168.111

B.

The TXT record must be Changed to "v=dmarc ip4:192.168.1.10 include:my-email.com -all"

C.

The srvo1 A record must be changed to a type CNAME record pointing to the email server

D.

The email CNAME record must be changed to a type A record pointing to 192.168.1.10

E.

The TXT record must be changed to "v=dkim ip4:l92.168.1.11 include my-email.com -ell"

F.

The TXT record must be Changed to "v=dkim ip4:192.168.1.10 include:email-all"

G.

The srv01 A record must be changed to a type CNAME record pointing to the web01 server

Question 25

Operational technology often relies upon aging command, control, and telemetry subsystems that were created with the design assumption of:

Options:

A.

operating in an isolated/disconnected system.

B.

communicating over distributed environments

C.

untrustworthy users and systems being present.

D.

an available EtherneVIP network stack for flexibility.

E.

anticipated eavesdropping from malicious actors.

Question 26

An organization wants to implement a platform to better identify which specific assets are affected by a given vulnerability. Which of the following components provides the best foundation to achieve this goal?

Options:

A.

SASE

B.

CMDB

C.

SBoM

D.

SLM

Question 27

A company wants to invest in research capabilities with the goal to operationalize the research output. Which of the following is the best option for a security architect to recommend?

Options:

A.

Dark web monitoring

B.

Threat intelligence platform

C.

Honeypots

D.

Continuous adversary emulation

Question 28

A security engineer is given the following requirements:

• An endpoint must only execute Internally signed applications

• Administrator accounts cannot install unauthorized software.

• Attempts to run unauthorized software must be logged

Which of the following best meets these requirements?

Options:

A.

Maintaining appropriate account access through directory management and controls

B.

Implementing a CSPM platform to monitor updates being pushed to applications

C.

Deploying an EDR solution to monitor and respond to software installation attempts

D.

Configuring application control with blocked hashes and enterprise-trusted root certificates

Question 29

An organization is looking for gaps in its detection capabilities based on the APTs that may target the industry Which of the following should the security analyst use to perform threat modeling?

Options:

A.

ATT&CK

B.

OWASP

C.

CAPEC

D.

STRIDE

Question 30

A security operations engineer needs to prevent inadvertent data disclosure when encrypted SSDs are reused within an enterprise. Which of the following is the most secure way to achieve this goal?

Options:

A.

Executing a script that deletes and overwrites all data on the SSD three times

B.

Wiping the SSD through degaussing

C.

Securely deleting the encryption keys used by the SSD

D.

Writing non-zero, random data to all cells of the SSD

Question 31

After remote desktop capabilities were deployed in the environment, various vulnerabilities were noticed.

• Exfiltration of intellectual property

• Unencrypted files

• Weak user passwords

Which of the following is the best way to mitigate these vulnerabilities? (Select two).

Options:

A.

Implementing data loss prevention

B.

Deploying file integrity monitoring

C.

Restricting access to critical file services only

D.

Deploying directory-based group policies

E.

Enabling modem authentication that supports MFA

F.

Implementing a version control system

G.

Implementing a CMDB platform

Question 32

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of the impact. Which of the following should the organization perform next?

Options:

A.

Assess the residual risk.

B.

Update the organization's threat model.

C.

Move to the next risk in the register.

D.

Recalculate the magnitude of the impact.

Question 33

Recent repents indicate that a software tool is being exploited Attackers were able to bypass user access controls and load a database. A security analyst needs to find the vulnerability and recommend a mitigation. The analyst generates the following output:

Question # 33

Which of the following would the analyst most likely recommend?

Options:

A.

Installing appropriate EDR tools to block pass-the-hash attempts

B.

Adding additional time to software development to perform fuzz testing

C.

Removing hard coded credentials from the source code

D.

Not allowing users to change their local passwords

Question 34

Which of the following best describes the reason a network architect would enable forward secrecy on all VPN tunnels?

Options:

A.

This process is a requirement to enable hardware-accelerated cryptography.

B.

This process reduces the success of attackers performing cryptanalysis.

C.

The business requirements state that confidentiality is a critical success factor.

D.

Modern cryptographic protocols list this process as a prerequisite for use.

Question 35

Which of the following are risks associated with vendor lock-in? (Select two).

Options:

A.

The client can seamlessly move data.

B.

The vendor can change product offerings.

C.

The client receives a sufficient level of service.

D.

The client experiences decreased quality of service.

E.

The client can leverage a multicloud approach.

F.

The client experiences increased interoperability.

Question 36

A company is having issues with its vulnerability management program New devices/lPs are added and dropped regularly, making the vulnerability report inconsistent Which of the following actions should the company lake to most likely improve the vulnerability management process'

Options:

A.

Request a weekly report with all new assets deployed and decommissioned

B.

Extend the DHCP lease lime to allow the devices to remain with the same address for a longer period.

C.

Implement a shadow IT detection process to avoid rogue devices on the network

D.

Perform regular discovery scanning throughout the 11 landscape using the vulnerability management tool

Question 37

Which of the following best describes the challenges associated with widespread adoption of homomorphic encryption techniques?

Options:

A.

Incomplete mathematical primitives

B.

No use cases to drive adoption

C.

Quantum computers not yet capable

D.

insufficient coprocessor support

Question 38

During the course of normal SOC operations, three anomalous events occurred and were flagged as potential IoCs. Evidence for each of these potential IoCs is provided.

INSTRUCTIONS

Review each of the events and select the appropriate analysis and remediation options for each IoC.

Question # 38

Question # 38

Question # 38

Options:

Question 39

A security professional is investigating a trend in vulnerability findings for newly deployed cloud systems Given the following output:

Question # 39

Which of the following actions would address the root cause of this issue?

Options:

A.

Automating the patching system to update base Images

B.

Recompiling the affected programs with the most current patches

C.

Disabling unused/unneeded ports on all servers

D.

Deploying a WAF with virtual patching upstream of the affected systems

Question 40

A central bank implements strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin. Which of the following best describes the cyberthreat to the bank?

Options:

A.

Ability to obtain components during wartime

B.

Fragility and other availability attacks

C.

Physical Implants and tampering

D.

Non-conformance to accepted manufacturing standards

Question 41

A security engineer must ensure that sensitive corporate information is not exposed if a company laptop is stolen. Which of the following actions best addresses this requirement?

Options:

A.

Utilizing desktop as a service for all company data and multifactor authentication

B.

Using explicit allow lists of specific IP addresses and deploying single sign-on

C.

Deploying mobile device management and requiring stronger passwords

D.

Updating security mobile reporting policies and monitoring data breaches

Question 42

A security engineer performed a code scan that resulted in many false positives. The security engineer must find a solution that improves the quality of scanning results before application deployment. Which of the following is the best solution?

Options:

A.

Limiting the tool to a specific coding language and tuning the rule set

B.

Configuring branch protection rules and dependency checks

C.

Using an application vulnerability scanner to identify coding flaws in production

D.

Performing updates on code libraries before code development

Question 43

A developer makes a small change to a resource allocation module on a popular social media website and causes a memory leak. During a peak utilization period, several web servers crash, causing the website to go offline. Which of the following testing techniques is the most efficient way to prevent this from reoccurring?

Options:

A.

Load

B.

Smoke

C.

Regression

D.

Canary

Question 44

A security configure is building a solution to disable weak CBC configuration for remote access connections lo Linux systems. Which of the following should the security engineer modify?

Options:

A.

The /etc/openssl.conf file, updating the virtual site parameter

B.

The /etc/nsswith.conf file, updating the name server

C.

The /etc/hosts file, updating the IP parameter

D.

The /etc/etc/sshd, configure file updating the ciphers

Question 45

Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?

Options:

A.

Securing data transfer between hospitals

B.

Providing for non-repudiation data

C.

Reducing liability from identity theft

D.

Protecting privacy while supporting portability.

Question 46

A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware static of a domain controller The forensic team cryptographically validated that com the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LOAP Which of the following is me b»« way to reduce the risk oi reoccurrence?

Options:

A.

Enforcing allow lists for authorized network pons and protocols

B.

Measuring and attesting to the entire boot chum

C.

Rolling the cryptographic keys used for hardware security modules

D.

Using code signing to verify the source of OS updates

Question 47

A systems engineer is configuring a system baseline for servers that will provide email services. As part of the architecture design, the engineer needs to improve performance of the systems by using an access vector cache, facilitating mandatory access control and protecting against:

• Unauthorized reading and modification of data and programs

• Bypassing application security mechanisms

• Privilege escalation

• interference with other processes

Which of the following is the most appropriate for the engineer to deploy?

Options:

A.

SELinux

B.

Privileged access management

C.

Self-encrypting disks

D.

NIPS

Question 48

A security analyst is reviewing the following authentication logs:

Question # 48

Which of the following should the analyst do first?

Options:

A.

Disable User2's account

B.

Disable User12's account

C.

Disable User8's account

D.

Disable User1's account

Question 49

A pharmaceutical lab hired a consultant to identify potential risks associated with Building 2, a new facility that is under construction. The consultant received the IT project plan, which includes the following VLAN design:

Question # 49

Which of the following TTPs should the consultant recommend be addressed first?

Options:

A.

Zone traversal

B.

Unauthorized execution

C.

Privilege escalation

D.

Lateral movement

Question 50

A company wants to improve and automate the compliance of its cloud environments to meet industry standards. Which of the following resources should the company use to best achieve this goal?

Options:

A.

Jenkins

B.

Python

C.

Ansible

D.

PowerShell

Question 51

Users must accept the terms presented in a captive petal when connecting to a guest network. Recently, users have reported that they are unable to access the Internet after joining the network A network engineer observes the following:

• Users should be redirected to the captive portal.

• The Motive portal runs Tl. S 1 2

• Newer browser versions encounter security errors that cannot be bypassed

• Certain websites cause unexpected re directs

Which of the following mow likely explains this behavior?

Options:

A.

The TLS ciphers supported by the captive portal ate deprecated

B.

Employment of the HSTS setting is proliferating rapidly.

C.

Allowed traffic rules are causing the NIPS to drop legitimate traffic

D.

An attacker is redirecting supplicants to an evil twin WLAN.

Question 52

After an incident response exercise, a security administrator reviews the following table:

Question # 52

Which of the following should the administrator do to beat support rapid incident response in the future?

Options:

A.

Automate alerting to IT support for phone system outages.

B.

Enable dashboards for service status monitoring

C.

Send emails for failed log-In attempts on the public website

D.

Configure automated Isolation of human resources systems

Question 53

Embedded malware has been discovered in a popular PDF reader application and is currently being exploited in the wild. Because the supply chain was compromised, this malware is present in versions 10.0 through 10.3 of the software's official versions. The malware is not present in version 10.4.

Since the details around this malware are still emerging, the Chief Information Security Officer has asked the senior security analyst to collaborate with the IT asset inventory manager to find instances of the installed software in order to begin response activities. The asset inventory manager has asked an analyst to provide a regular expression that will identify the affected versions. The software installation entries are formatted as follows:

Reader 10.0

Reader 10.1

Reader 10.2

Reader 10.3

Reader 10.4

Which of the following regular expression entries will accurately identify all the affected versions?

Options:

A.

Reader(*)[1][0].[0-4:

B.

Reader[11[01X.f0-3'

C.

Reader( )[1][0].[0-3:

D.

Reader( )[1][0] X.[1-3:

Question 54

Which of the following key management practices ensures that an encryption key is maintained within the organization?

Options:

A.

Encrypting using a key stored in an on-premises hardware security module

B.

Encrypting using server-side encryption capabilities provided by the cloud provider

C.

Encrypting using encryption and key storage systems provided by the cloud provider

D.

Encrypting using a key escrow process for storage of the encryption key

Question 55

An analyst reviews a SIEM and generates the following report:

Question # 55

OnlyHOST002is authorized for internet traffic. Which of the following statements is accurate?

Options:

A.

The VM002 host is misconfigured and needs to be revised by the network team.

B.

The HOST002 host is under attack, and a security incident should be declared.

C.

The SIEM platform is reporting multiple false positives on the alerts.

D.

The network connection activity is unusual, and a network infection is highly possible.

Question 56

A company updates its cloud-based services by saving infrastructure code in a remote repository. The code is automatically deployed into the development environment every time the code is saved lo the repository The developers express concern that the deployment often fails, citing minor code issues and occasional security control check failures in the development environment Which of the following should a security engineer recommend to reduce the deployment failures? (Select two).

Options:

A.

Software composition analysis

B.

Pre-commit code linting

C.

Repository branch protection

D.

Automated regression testing

E.

Code submit authorization workflow

F.

Pipeline compliance scanning

Question 57

A senior security engineer flags me following log file snippet as hawing likely facilitated an attacker's lateral movement in a recent breach:

Question # 57

Which of the following solutions, if implemented, would mitigate the nsk of this issue reoccurnnp?

Options:

A.

Disabling DNS zone transfers

B.

Restricting DNS traffic to UDP'W

C.

Implementing DNS masking on internal servers

D.

Permitting only clients from internal networks to query DNS

Question 58

A user submits a help desk ticket stating then account does not authenticate sometimes. An analyst reviews the following logs for the user:

Which of the following best explains the reason the user's access is being denied?

Options:

A.

incorrectly typed password

B.

Time-based access restrictions

C.

Account compromise

D.

Invalid user-to-device bindings

Question 59

A user reports application access issues to the help desk. The help desk reviews the logs for the user

Question # 59

Which of the following is most likely The reason for the issue?

Options:

A.

The user inadvertently tripped the impossible travel security rule in the SSO system.

B.

A threat actor has compromised the user's account and attempted to lop, m

C.

The user is not allowed to access the human resources system outside of business hours

D.

The user did not attempt to connect from an approved subnet

Page: 1 / 20
Total 199 questions