Weekend Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: spcl70

CAS-004 PDF

$33

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

CAS-004 PDF + Testing Engine

$52.8

$175.99

3 Months Free Update

  • Exam Name: CompTIA SecurityX Certification Exam
  • Last Update: Jul 18, 2025
  • Questions and Answers: 619
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

CAS-004 Engine

$39.6

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

CAS-004 Practice Exam Questions with Answers CompTIA SecurityX Certification Exam Certification

Question # 6

An organization is designing a MAC scheme (or critical servers running GNU/Linux. The security engineer is investigating SELinux but is confused about how to read labeling contexts. The engineer executes the command stat ./secretfile and receives the following output:

CAS-004 question answer

Which of the following describes the correct order of labels shown in the output above?

A.

Role, type MLS level, and user identity

B.

Role, user identity, object, and MLS level

C.

Object MLS level, role, and type

D.

User identity, role, type, and MLS level

E.

Object, user identity, role, and MLS level

Full Access
Question # 7

A security architect was asked to modify an existing internal network design to accommodate the following requirements for RDP:

• Enforce MFA for RDP

• Ensure RDP connections are only allowed with secure ciphers.

The existing network is extremely complex and not well segmented. Because of these limitations, the company has requested that the connections not be restricted by network-level firewalls Of ACLs.

Which of the following should the security architect recommend to meet these requirements?

A.

Implement a reverse proxy for remote desktop with a secure cipher configuration enforced.

B.

Implement a bastion host with a secure cipher configuration enforced.

C.

Implement a remote desktop gateway server, enforce secure ciphers, and configure to use OTP

D.

Implement a GPO that enforces TLS cipher suites and limits remote desktop access to only VPN users.

Full Access
Question # 8

A customer requires secure communication of subscribed web services at all times, but the company currently signs its own certificate requests to an internal CA. Which of the following approaches will best meet the customer's requirements?

A.

Generate a CSR to the local CA for email encryption.

B.

Submit a CSR for a wildcard certificate to a public CA.

C.

Request a software signing certificate from a public CA.

D.

Process a CSR for a server authentication certificate.

Full Access
Question # 9

Which of the following are risks associated with vendor lock-in? (Choose two.)

A.

The client can seamlessly move data.

B.

The vendor can change product offerings.

C.

The client receives a sufficient level of service.

D.

The client experiences decreased quality of service.

E.

The client can leverage a multicloud approach.

F.

The client experiences increased interoperability.

Full Access
Question # 10

An organization handles sensitive information that must be displayed on call center technicians’ screens to verify the identities of remote callers. The technicians use three randomly selected fields of information to complete the identity verification. Some of the fields contain PII that are unique identifiers for the remote callers. Which of the following should be implemented to identify remote callers while also reducing the risk that technicians could improperly use the identification information?

A.

Data masking

B.

Encryption

C.

Tokenization

D.

Scrubbing

Full Access
Question # 11

Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.

Based on RPO requirements, which of the following recommendations should the management team make?

A.

Leave the current backup schedule intact and pay the ransom to decrypt the data.

B.

Leave the current backup schedule intact and make the human resources fileshare read-only.

C.

Increase the frequency of backups and create SIEM alerts for IOCs.

D.

Decrease the frequency of backups and pay the ransom to decrypt the data.

Full Access
Question # 12

A security engineer investigates an incident and determines that a rogue device is on the network. Further investigation finds that an employee's personal device has been set up to access company resources and does not comply with standard security controls. Which of the following should the security engineer recommend to reduce the risk of future reoccurrence?

A.

Require device certificates to access company resources.

B.

Enable MFA at the organization's SSO portal.

C.

Encrypt all workstation hard drives.

D.

Hide the company wireless SSID.

Full Access
Question # 13

Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?

A.

Importing the availability of messages

B.

Ensuring non-repudiation of messages

C.

Enforcing protocol conformance for messages

D.

Assuring the integrity of messages

Full Access
Question # 14

A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

A.

Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

B.

Required all laptops to connect to the VPN before accessing email.

C.

Implement cloud-based content filtering with sandboxing capabilities.

D.

Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Full Access
Question # 15

A company's software developers have indicated that the security team takes too long to perform application security tasks. A security analyst plans to improve the situation by implementing security into the SDLC. The developers have the following requirements:

1. The solution must be able to initiate SQL injection and reflected XSS attacks.

2. The solution must ensure the application is not susceptible to memory leaks.

Which of the following should be implemented to meet these requirements? (Select two).

A.

Side-channel analysis

B.

Protocol scanner

C.

HTTP interceptor

D.

DAST

E.

Fuzz testing

F.

SAST

G.

SCAP

Full Access
Question # 16

A recent audit discovered that multiple employees had been using their badges to walk through the secured data center to get to the employee break room. Most of the employees were given access during a previous project, but the access was not removed in a timely manner when the project was complete. Which of the following would reduce the likelihood of this scenario occurring again?

A.

Create an automated quarterly attestation process that requires management approval for data center access and removes unapproved access.

B.

Require all employees to sign an AUP that prohibits accessing the data center without an active service ticket number.

C.

Remove all access to the data center badge readers and only re-add employees with a valid business purpose for entering the floor.

D.

Implement time-of-day restrictions on the data center badge readers and create automated alerts for unapproved swipe attempts.

Full Access
Question # 17

Which of the following is required for an organization to meet the ISO 27018 standard?

A.

All Pll must be encrypted.

B.

All network traffic must be inspected.

C.

GDPR equivalent standards must be met

D.

COBIT equivalent standards must be met

Full Access
Question # 18

After a security incident, a network security engineer discovers that a portion of the company’s sensitive external traffic has been redirected through a secondary ISP that is not normally used.

Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

A.

Disable BGP and implement a single static route for each internal network.

B.

Implement a BGP route reflector.

C.

Implement an inbound BGP prefix list.

D.

Disable BGP and implement OSPF.

Full Access
Question # 19

Which of the following best explain why organizations prefer to utilize code that is digitally signed? (Select two).

A.

It provides origin assurance.

B.

It verifies integrity.

C.

It provides increased confidentiality.

D.

It integrates with DRMs.

E.

It verifies the recipient’s identity.

F.

It ensures the code is free of malware.

Full Access
Question # 20

An organization wants to perform a scan of all its systems against best practice security configurations.

Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machine-readable checklist format for fill automation? (Choose two.)

A.

ARF

B.

XCCDF

C.

CPE

D.

CVE

E.

CVSS

F.

OVAL

Full Access
Question # 21

During a network defense engagement, a red team is able to edit the following registry key:

CAS-004 question answer

Which of the following tools is the red team using to perform this action?

A.

PowerShell

B.

SCAP scanner

C.

Network vulnerability scanner

D.

Fuzzer

Full Access
Question # 22

A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?

A.

Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2.

B.

Take an MD5 hash of the server.

C.

Delete all PHI from the network until the legal department is consulted.

D.

Consult the legal department to determine the legal requirements.

Full Access
Question # 23

A security auditor needs to review the manner in which an entertainment device operates. The auditor is analyzing the output of a port scanning tool to determine the next steps in the security review. Given the following log output.

The best option for the auditor to use NEXT is:

CAS-004 question answer

A.

A SCAP assessment.

B.

Reverse engineering

C.

Fuzzing

D.

Network interception.

Full Access
Question # 24

A security analyst wants to keep track of alt outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT. which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?

A.

X-Forwarded-Proto

B.

X-Forwarded-For

C.

Cache-Control

D.

Strict-Transport-Security

E.

Content-Security-Policy

Full Access
Question # 25

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

Leaked to the media via printing of the documents

Sent to a personal email address

Accessed and viewed by systems administrators

Uploaded to a file storage site

Which of the following would mitigate the department’s concerns?

A.

Data loss detection, reverse proxy, EDR, and PGP

B.

VDI, proxy, CASB, and DRM

C.

Watermarking, forward proxy, DLP, and MFA

D.

Proxy, secure VPN, endpoint encryption, and AV

Full Access
Question # 26

After installing an unapproved application on a personal device, a Chief Executive Officer reported an incident to a security analyst. This device is not controlled by the MDM solution, as stated in the BYOD policy. However, the device contained critical confidential information. The cyber incident response team performed the analysis on the device and found the following log:

CAS-004 question answer

Which of the following is the most likely reason for the successful attack?

A.

Lack of MDM controls

B.

Auto-join hotspots enabled

C.

Sideloading

D.

Lack of application segmentation

Full Access
Question # 27

A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company’s website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?

A.

Community cloud service model

B.

Multinency SaaS

C.

Single-tenancy SaaS

D.

On-premises cloud service model

Full Access
Question # 28

An organization is establishing a new software assurance program to vet applications before they are introduced into the production environment, Unfortunately. many Of the applications are provided only as compiled binaries. Which Of the following should the organization use to analyze these applications? (Select TWO).

A.

Regression testing

B.

SAST

C.

Third-party dependency management

D.

IDE SAST

E.

Fuzz testing

F.

IAST

Full Access
Question # 29

A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.

Which of the following actions would BEST address the potential risks by the activity in the logs?

A.

Alerting the misconfigured service account password

B.

Modifying the AllowUsers configuration directive

C.

Restricting external port 22 access

D.

Implementing host-key preferences

Full Access
Question # 30

A user experiences an HTTPS connection error when trying to access an Internet banking website from a corporate laptop. The user then opens a browser on a mobile phone and is able to access the same Internet banking website without issue. Which of the following security configurations is MOST likely the cause of the error?

A.

HSTS

B.

TLS 1.2

C.

Certificate pinning

D.

Client authentication

Full Access
Question # 31

A security architect needs to implement a CASB solution for an organization with a highly distributed remote workforce. One Of the requirements for

the implementation includes the capability to discover SaaS applications and block access to those that are unapproved or identified as risky. Which

of the following would BEST achieve this objective?

A.

Deploy endpoint agents that monitor local web traffic to enforce DLP and encryption policies.

B.

Implement cloud infrastructure to proxy all user web traffic to enforce DI-P and encryption policies.

C.

Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy.

D.

Deploy endpoint agents that monitor local web traffic and control access according to centralized policy.

Full Access
Question # 32

Users are claiming that a web server is not accessible. A security engineer logs for the site. The engineer connects to the server and runs netstat -an and receives the following output:

CAS-004 question answer Which of the following is MOST likely happening to the server?

A.

Port scanning

B.

ARP spoofing

C.

Buffer overflow

D.

Denial of service

Full Access
Question # 33

A company wants to quantify and communicate the effectiveness of its security controls but must establish measures. Which of the following is MOST likely to be included in an effective assessment roadmap for these controls?

A.

Create a change management process.

B.

Establish key performance indicators.

C.

Create an integrated master schedule.

D.

Develop a communication plan.

E.

Perform a security control assessment.

Full Access
Question # 34

A security operations center analyst is investigating anomalous activity between a database server and an unknown external IP address and gathered the following data:

• dbadmin last logged in at 7:30 a.m. and logged out at 8:05 a.m.

• A persistent TCP/6667 connection to the external address was established at 7:55 a.m. The connection is still active.

• Other than bytes transferred to keep the connection alive, only a few kilobytes of data transfer every hour since the start of the connection.

• A sample outbound request payload from PCAP showed the ASCII content: "JOIN #community".

Which of the following is the MOST likely root cause?

A.

A SQL injection was used to exfiltrate data from the database server.

B.

The system has been hijacked for cryptocurrency mining.

C.

A botnet Trojan is installed on the database server.

D.

The dbadmin user is consulting the community for help via Internet Relay Chat.

Full Access
Question # 35

A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relationsemployee who has access to several of the compromised accounts. Subsequent antivirus scans of the device do not return an findings, but the CIRT finds undocumented services running on the device. Which of the following controls would reduce the discovery time for similar in the future.

A.

Implementing application blacklisting

B.

Configuring the mall to quarantine incoming attachment automatically

C.

Deploying host-based firewalls and shipping the logs to the SIEM

D.

Increasing the cadence for antivirus DAT updates to twice daily

Full Access
Question # 36

A business wants to migrate its workloads from an exclusively on-premises IT infrastructure to the cloud but cannot implement all the required controls. Which of the following BEST describes the risk associated with this implementation?

A.

Loss of governance

B.

Vendor lockout

C.

Compliance risk

D.

Vendor lock-in

Full Access
Question # 37

You are a security analyst tasked with interpreting an Nmap scan output from company’s privileged network.

The company’s hardening guidelines indicate the following:

There should be one primary server or service per device.

Only default ports should be used.

Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:

The IP address of the device

The primary server or service of the device (Note that each IP should by associated with one service/port only)

The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

CAS-004 question answer

CAS-004 question answer

Full Access
Question # 38

A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM an downloaded the image to a secured USB drive to share with the government. Which of the following should be taken into consideration during the process of releasing the drive to the government?

A.

Encryption in transit

B.

Legal issues

C.

Chain of custody

D.

Order of volatility

E.

Key exchange

Full Access
Question # 39

A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.

Which of the following techniques would BEST support this?

A.

Configuring systemd services to run automatically at startup

B.

Creating a backdoor

C.

Exploiting an arbitrary code execution exploit

D.

Moving laterally to a more authoritative server/service

Full Access
Question # 40

An administrator at a software development company would like to protect the integrity Of the company's applications with digital signatures. The developers report that the signing process keepsfailing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the signature failing?

A.

The NTP server is set incorrectly for the developers.

B.

The CA has included the certificate in its CRL_

C.

The certificate is set for the wrong key usage.

D.

Each application is missing a SAN or wildcard entry on the certificate.

Full Access
Question # 41

An organization is researching the automation capabilities for systems within an OT network. A security analyst wants to assist with creating secure coding practices and would like to learn about theprogramming languages used on the PLCs. Which of the following programming languages is the MOST relevant for PLCs?

A.

Ladder logic

B.

Rust

C.

C

D.

Python

E.

Java

Full Access
Question # 42

An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.

Which of the following historian server locations will allow the business to get the required reports in an ?? and IT environment?

A.

In the ?? environment, use a VPN from the IT environment into the ?? environment.

B.

In the ?? environment, allow IT traffic into the ?? environment.

C.

In the IT environment, allow PLCs to send data from the ?? environment to the IT environment.

D.

Use a screened subnet between the ?? and IT environments.

Full Access
Question # 43

An organization recently experienced a ransomware attack. The security team leader is concerned about the attack reoccurring. However, no further security measures have been implemented.

Which of the following processes can be used to identify potential prevention recommendations?

A.

Detection

B.

Remediation

C.

Preparation

D.

Recovery

Full Access
Question # 44

An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items.

Which of the following phases establishes the identification and prioritization of critical systems and functions?

A.

Review a recent gap analysis.

B.

Perform a cost-benefit analysis.

C.

Conduct a business impact analysis.

D.

Develop an exposure factor matrix.

Full Access
Question # 45

An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:

Unstructured data being exfiltrated after an employee leaves the organization

Data being exfiltrated as a result of compromised credentials

Sensitive information in emails being exfiltrated

Which of the following solutions should the security team implement to mitigate the risk of data loss?

A.

Mobile device management, remote wipe, and data loss detection

B.

Conditional access, DoH, and full disk encryption

C.

Mobile application management, MFA, and DRM

D.

Certificates, DLP, and geofencing

Full Access
Question # 46

A Chief Information Officer is considering migrating all company data to the cloud to save money on expensive SAN storage.

Which of the following is a security concern that will MOST likely need to be addressed during migration?

A.

Latency

B.

Data exposure

C.

Data loss

D.

Data dispersion

Full Access
Question # 47

A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements:

https://i.postimg.cc/8P9sB3zx/image.png

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

A.

TPM

B.

Local secure password file

C.

MFA

D.

Key vault

Full Access
Question # 48

The Chief information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices. Which of the following should the CIO implement to achieve this goal?

A.

BYOO

B.

CYOD

C.

COPE

D.

MDM

Full Access
Question # 49

An organization mat provides a SaaS solution recently experienced an incident involving customer data loss. The system has a level of sell-healing that includes monitoring performance and available resources. When me system detects an issue, the self-healing process is supposed to restart pans of me software.

During the incident, when me self-healing system attempted to restart the services, available disk space on the data drive to restart all the services was inadequate. The self-healing system did notdetect that some services did not fully restart and declared me system as fully operational. Which of the following BEST describes me reason why the silent failure occurred?

A.

The system logs rotated prematurely.

B.

The disk utilization alarms are higher than what me service restarts require.

C.

The number of nodes in me self-healing cluster was healthy,

D.

Conditional checks prior to the service restart succeeded.

Full Access
Question # 50

A Chief Information Security Officer (CISO) is concerned that a company's current data disposal procedures could result in data remanence. The company uses only SSDs. Which of the following would be the MOST secure way to dispose of the SSDs given the CISO's concern?

A.

Degaussing

B.

Overwiting

C.

Shredding

D.

Formatting

E.

Incinerating

Full Access
Question # 51

A company's Chief Information Officer wants to Implement IDS software onto the current system's architecture to provide an additional layer of security. The software must be able to monitor system activity, provide Information on attempted attacks, and provide analysis of malicious activities to determine the processes or users Involved. Which of the following would provide this information?

A.

HIPS

B.

UEBA

C.

HlDS

D.

NIDS

Full Access
Question # 52

A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:

CAS-004 question answer

Which of the following meets the budget needs of the business?

A.

Filter ABC

B.

Filter XYZ

C.

Filter GHI

D.

Filter TUV

Full Access
Question # 53

A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

A.

Increased network latency

B.

Unavailable of key escrow

C.

Inability to selected AES-256 encryption

D.

Removal of user authentication requirements

Full Access
Question # 54

A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.

Which of the following systems should the consultant review before making a recommendation?

A.

CAN

B.

ASIC

C.

FPGA

D.

SCADA

Full Access
Question # 55

A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form? (Select TWO.)

A.

Text editor

B.

OOXML editor

C.

Event Viewer

D.

XML style sheet

E.

SCAP tool

F.

Debugging utility

Full Access
Question # 56

A company Invested a total of $10 million lor a new storage solution Installed across live on-site datacenters. Fitly percent of the cost of this Investment was for solid-state storage. Due to thehigh rate of wear on this storage, the company Is estimating that 5% will need to be replaced per year. Which of the following is the ALE due to storage replacement?

A.

$50,000

B.

$125,000

C.

$250,000

D.

$500.000

E.

$51,000,000

Full Access
Question # 57

Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann hasdistilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?

A.

Traffic interceptor log analysis

B.

Log reduction and visualization tools

C.

Proof of work analysis

D.

Ledger analysis software

Full Access
Question # 58

A company’s Chief Information Security Officer is concerned that the company’s proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC.

Which of the following compensating controls would be BEST to implement in this situation?

A.

EDR

B.

SIEM

C.

HIDS

D.

UEBA

Full Access
Question # 59

An auditor Is reviewing the logs from a web application to determine the source of an Incident. The web application architecture Includes an Internet-accessible application load balancer, anumber of web servers In a private subnet, application servers, and one database server In a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets:

CAS-004 question answer

Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?

A.

Enable the x-Forwarded-For header al the load balancer.

B.

Install a software-based HIDS on the application servers.

C.

Install a certificate signed by a trusted CA.

D.

Use stored procedures on the database server.

E.

Store the value of the $_server ( ‘ REMOTE_ADDR ' ] received by the web servers.

Full Access
Question # 60

A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.

CAS-004 question answer

Which of the following should the security analyst perform?

A.

Contact the security department at the business partner and alert them to the email event.

B.

Block the IP address for the business partner at the perimeter firewall.

C.

Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.

D.

Configure the email gateway to automatically quarantine all messages originating from the business partner.

Full Access
Question # 61

A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?

A.

Hybrid IaaS solution in a single-tenancy cloud

B.

Pass solution in a multinency cloud

C.

SaaS solution in a community cloud

D.

Private SaaS solution in a single tenancy cloud.

Full Access
Question # 62

An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to-back firewalls separating the corporate and OT systems. Which of the following is the MOST likely security consequence of this attack?

A.

A turbine would overheat and cause physical harm.

B.

The engineers would need to go to the historian.

C.

The SCADA equipment could not be maintained.

D.

Data would be exfiltrated through the data diodes.

Full Access
Question # 63

A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company’s managed database, exposing customer information.

The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?

A.

The pharmaceutical company

B.

The cloud software provider

C.

The web portal software vendor

D.

The database software vendor

Full Access
Question # 64

An auditor needs to scan documents at rest for sensitive text. These documents contain both text and Images. Which of the following software functionalities must be enabled in the DLP solution for the auditor to be able to fully read these documents? (Select TWO).

A.

Document interpolation

B.

Regular expression pattern matching

C.

Optical character recognition functionality

D.

Baseline image matching

E.

Advanced rasterization

F.

Watermarking

Full Access
Question # 65

A company security engineer arrives at work to face the following scenario:

1) Website defacement

2) Calls from the company president indicating the website needs to be fixed Immediately because It Is damaging the brand

3) A Job offer from the company's competitor

4) A security analyst's investigative report, based on logs from the past six months, describing how lateral movement across the network from various IP addresses originating from a foreign adversary country resulted in exfiltrated data

Which of the following threat actors Is MOST likely involved?

A.

Organized crime

B.

Script kiddie

C.

APT/nation-state

D.

Competitor

Full Access
Question # 66

An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them. Which of the following is the BEST design option to optimize security?

A.

Limit access to the system using a jump box.

B.

Place the new system and legacy system on separate VLANs

C.

Deploy the legacy application on an air-gapped system.

D.

Implement MFA to access the legacy system.

Full Access
Question # 67

An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PI I and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards. The assessment identifies the following:

1) There will be a 520,000 per day revenue loss for each day the system is delayed going into production.

2) The inherent risk is high.

3) The residual risk is low.

4) There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization's requirements?

A.

Apply for a security exemption, as the risk is too high to accept.

B.

Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.

C.

Accept the risk, as compensating controls have been implemented to manage the risk.

D.

Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.

Full Access
Question # 68

A security analyst needs to recommend a remediation to the following threat:

CAS-004 question answer

Which of the following actions should the security analyst propose to prevent this successful exploitation?

A.

Patch the system.

B.

Update the antivirus.

C.

Install a host-based firewall.

D.

Enable TLS 1.2.

Full Access
Question # 69

A company is looking for a solution to hide data stored in databases. The solution must meet the following requirements:

Be efficient at protecting the production environment

Not require any change to the application

Act at the presentation layer

Which of the following techniques should be used?

A.

Masking

B.

Tokenization

C.

Algorithmic

D.

Random substitution

Full Access
Question # 70

The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.

Which of the following testing methods would be BEST for the engineer to utilize in this situation?

A.

Software composition analysis

B.

Code obfuscation

C.

Static analysis

D.

Dynamic analysis

Full Access
Question # 71

A company’s SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign.

Which of the following should the company use to make this determination?

A.

Threat hunting

B.

A system penetration test

C.

Log analysis within the SIEM tool

D.

The Cyber Kill Chain

Full Access
Question # 72

An organization is implementing a new identity and access management architecture with the following objectives:

Supporting MFA against on-premises infrastructure

Improving the user experience by integrating with SaaS applications

Applying risk-based policies based on location

Performing just-in-time provisioning

Which of the following authentication protocols should the organization implement to support these requirements?

A.

Kerberos and TACACS

B.

SAML and RADIUS

C.

OAuth and OpenID

D.

OTP and 802.1X

Full Access
Question # 73

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:

Only users with corporate-owned devices can directly access servers hosted by the cloud provider.

The company can control what SaaS applications each individual user can access.

User browser activity can be monitored.

Which of the following solutions would BEST meet these requirements?

A.

IAM gateway, MDM, and reverse proxy

B.

VPN, CASB, and secure web gateway

C.

SSL tunnel, DLP, and host-based firewall

D.

API gateway, UEM, and forward proxy

Full Access
Question # 74

A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer’s laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.

Which of the following solutions should the security architect recommend?

A.

Replace the current antivirus with an EDR solution.

B.

Remove the web proxy and install a UTM appliance.

C.

Implement a deny list feature on the endpoints.

D.

Add a firewall module on the current antivirus solution.

Full Access
Question # 75

A security analyst is reviewing the following output:

CAS-004 question answer

Which of the following would BEST mitigate this type of attack?

A.

Installing a network firewall

B.

Placing a WAF inline

C.

Implementing an IDS

D.

Deploying a honeypot

Full Access
Question # 76

An organization is designing a network architecture that must meet the following requirements:

Users will only be able to access predefined services.

Each user will have a unique allow list defined for access.

The system will construct one-to-one subject/object access paths dynamically.

Which of the following architectural designs should the organization use to meet these requirements?

A.

Peer-to-peer secure communications enabled by mobile applications

B.

Proxied application data connections enabled by API gateways

C.

Microsegmentation enabled by software-defined networking

D.

VLANs enabled by network infrastructure devices

Full Access
Question # 77

A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.

The technician will define this threat as:

A.

a decrypting RSA using obsolete and weakened encryption attack.

B.

a zero-day attack.

C.

an advanced persistent threat.

D.

an on-path attack.

Full Access
Question # 78

A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.

Which of the following techniques will MOST likely meet the business’s needs?

A.

Performing deep-packet inspection of all digital audio files

B.

Adding identifying filesystem metadata to the digital audio files

C.

Implementing steganography

D.

Purchasing and installing a DRM suite

Full Access
Question # 79

An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information.

Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?

A.

NIST

B.

GDPR

C.

PCI DSS

D.

ISO

Full Access
Question # 80

A financial institution has several that currently employ the following controls:

* The severs follow a monthly patching cycle.

* All changes must go through a change management process.

* Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.

* The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.

An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

A.

Require more than one approver for all change management requests.

B.

Implement file integrity monitoring with automated alerts on the servers.

C.

Disable automatic patch update capabilities on the servers

D.

Enhanced audit logging on the jump servers and ship the logs to the SIEM.

Full Access
Question # 81

Which of the following controls primarily detects abuse of privilege but does not prevent it?

A.

Off-boarding

B.

Separation of duties

C.

Least privilege

D.

Job rotation

Full Access
Question # 82

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.

Which of the following should the security team recommend FIRST?

A.

Investigating a potential threat identified in logs related to the identity management system

B.

Updating the identity management system to use discretionary access control

C.

Beginning research on two-factor authentication to later introduce into the identity management system

D.

Working with procurement and creating a requirements document to select a new IAM system/vendor

Full Access
Question # 83

An attack team performed a penetration test on a new smart card system. The team demonstrated that by subjecting the smart card to high temperatures, the secret key could be revealed.

Which of the following side-channel attacks did the team use?

A.

Differential power analysis

B.

Differential fault analysis

C.

Differential temperature analysis

D.

Differential timing analysis

Full Access
Question # 84

A new VM server (Web Server C) was spun up in the cloud and added to the load balancer to an existing web application (Application A) that does not require internet access. Sales users arereporting intermittent issues with this application when processing orders that require access to the warehouse department.

Given the following information:

Firewall rules: Existing rules do not account for Web Server C’s IP address (10.2.0.92).

Application A Security Group: Inbound rules and outbound rules are insufficient for the new server.

The security team wants to minimize the firewall rule set by avoiding specific host rules whenever possible. Which of the following actions must be taken to resolve the issue and meet the security team's requirements?

A.

Reconfigure Web Server C to 10.2.0.62

B.

Modify the firewall rules to include the new IP address of Web Server C

C.

Alter the security group outbound rules to be more restrictive

D.

Change the security group inbound rules to include the new IP address of Web Server C

Full Access
Question # 85

The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

A.

Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier’s post-contract renewal with a dedicated risk management team.

B.

Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.

C.

Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.

D.

Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier’s rating. Report finding units that rely on the suppliers and the various risk teams.

Full Access
Question # 86

An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue.

Which of the following is the MOST cost-effective solution?

A.

Move the server to a cloud provider.

B.

Change the operating system.

C.

Buy a new server and create an active-active cluster.

D.

Upgrade the server with a new one.

Full Access
Question # 87

A software house is developing a new application. The application has the following requirements:

Reduce the number of credential requests as much as possible

Integrate with social networks

Authenticate users

Which of the following is the BEST federation method to use for the application?

A.

WS-Federation

B.

OpenID

C.

OAuth

D.

SAML

Full Access
Question # 88

A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.

Which of the following techniques would be BEST suited for this requirement?

A.

Deploy SOAR utilities and runbooks.

B.

Replace the associated hardware.

C.

Provide the contractors with direct access to satellite telemetry data.

D.

Reduce link latency on the affected ground and satellite segments.

Full Access
Question # 89

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.

Which of the following is the BEST solution?

A.

Deploy an RA on each branch office.

B.

Use Delta CRLs at the branches.

C.

Configure clients to use OCSP.

D.

Send the new CRLs by using GPO.

Full Access
Question # 90

A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.

Which of the following does the business’s IT manager need to consider?

A.

The availability of personal data

B.

The right to personal data erasure

C.

The company’s annual revenue

D.

The language of the web application

Full Access
Question # 91

A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:

CAS-004 question answer

Which of the following ciphers should the security analyst remove to support the business requirements?

A.

TLS_AES_128_CCM_8_SHA256

B.

TLS_DHE_DSS_WITH_RC4_128_SHA

C.

TLS_CHACHA20_POLY1305_SHA256

D.

TLS_AES_128_GCM_SHA256

Full Access
Question # 92

Due to locality and budget constraints, an organization’s satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.

Which of the following would be the BEST option to implement?

A.

Distributed connection allocation

B.

Local caching

C.

Content delivery network

D.

SD-WAN vertical heterogeneity

Full Access
Question # 93

A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization.

Which of the following actions would BEST resolve the issue? (Choose two.)

A.

Conduct input sanitization.

B.

Deploy a SIEM.

C.

Use containers.

D.

Patch the OS

E.

Deploy a WAF.

F.

Deploy a reverse proxy

G.

Deploy an IDS.

Full Access
Question # 94

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.

Which of the following would BEST secure the company’s CI/CD pipeline?

A.

Utilizing a trusted secrets manager

B.

Performing DAST on a weekly basis

C.

Introducing the use of container orchestration

D.

Deploying instance tagging

Full Access
Question # 95

A security analyst discovered that the company’s WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:

CAS-004 question answer

Which of the following would BEST mitigate this vulnerability?

A.

CAPTCHA

B.

Input validation

C.

Data encoding

D.

Network intrusion prevention

Full Access
Question # 96

A security engineer needs to recommend a solution that will meet the following requirements:

Identify sensitive data in the provider’s network

Maintain compliance with company and regulatory guidelines

Detect and respond to insider threats, privileged user threats, and compromised accounts

Enforce datacentric security, such as encryption, tokenization, and access control

Which of the following solutions should the security engineer recommend to address these requirements?

A.

WAF

B.

CASB

C.

SWG

D.

DLP

Full Access
Question # 97

Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the

website and capturing tramc via Wire-shark. The security architect finds that the issue is the time required to validate the certificate. Which of the following solutions should the security architect

recommend?

A.

Adding more nodes to the web server clusters

B.

Changing the cipher algorithm used on the web server

C.

Implementing OCSP stapling on the server

D.

Upgrading to TLS 1.3

Full Access
Question # 98

An organization is looking to establish more robust security measures by implementing PKI. Which of the following should the security analyst implement when considering mutual authentication?

A.

Perfect forward secrecy on both endpoints

B.

Shared secret for both endpoints

C.

Public keys on both endpoints

D.

A common public key on each endpoint

E.

A common private key on each endpoint

Full Access
Question # 99

A financial institution generates a list of newly created accounts and sensitive information on a daily basis. The financial institution then sends out a file containing thousands of lines of data. Which of the following would be the best way to reduce the risk of a malicious insider making changes to the file that could go undetected?

A.

Write a SIEM rule that generates a critical alert when files are created on the application server.

B.

Implement a FIM that automatically generates alerts when the file is accessed by IP addresses that are not associated with the application.

C.

Create a script that compares the size of the file on an hourly basis and generates alerts when changes are identified.

D.

Tune the rules on the host-based IDS for the application server to trigger automated alerts when the application server is accessed from the internet.

Full Access
Question # 100

A security researcher detonated some malware in a lab environment and identified the following commands running from the EDR tool:

CAS-004 question answer

With which of the following MITRE ATT&CK TTPs is the command associated? (Select TWO).

A.

Indirect command execution

B.

OS credential dumping

C.

Inhibit system recovery

D.

External remote services

E.

System information discovery

F.

Network denial of service

Full Access
Question # 101

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Which of the following is MOST likely the root cause?

A.

The client application is testing PFS.

B.

The client application is configured to use ECDHE.

C.

The client application is configured to use RC4.

D.

The client application is configured to use AES-256 in GCM.

Full Access
Question # 102

Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

A.

Lattice-based cryptography

B.

Quantum computing

C.

Asymmetric cryptography

D.

Homomorphic encryption

Full Access
Question # 103

Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity?

A.

Key sharing

B.

Key distribution

C.

Key recovery

D.

Key escrow

Full Access
Question # 104

A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.

Which of the following would be BEST to proceed with the transformation?

A.

An on-premises solution as a backup

B.

A load balancer with a round-robin configuration

C.

A multicloud provider solution

D.

An active-active solution within the same tenant

Full Access
Question # 105

A security engineer was auditing an organization’s current software development practice and discovered that multiple open-source libraries were Integrated into the organization’s software. The organization currently performs SAST and DAST on the software it develops.

Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

A.

Perform additional SAST/DAST on the open-source libraries.

B.

Implement the SDLC security guidelines.

C.

Track the library versions and monitor the CVE website for related vulnerabilities.

D.

Perform unit testing of the open-source libraries.

Full Access
Question # 106

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

A.

The company will have access to the latest version to continue development.

B.

The company will be able to force the third-party developer to continue support.

C.

The company will be able to manage the third-party developer’s development process.

D.

The company will be paid by the third-party developer to hire a new development team.

Full Access
Question # 107

During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room.The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.

Which of the following processes would BEST satisfy this requirement?

A.

Monitor camera footage corresponding to a valid access request.

B.

Require both security and management to open the door.

C.

Require department managers to review denied-access requests.

D.

Issue new entry badges on a weekly basis.

Full Access
Question # 108

An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.

Which of the following describes the administrator’s discovery?

A.

A vulnerability

B.

A threat

C.

A breach

D.

A risk

Full Access
Question # 109

A company publishes several APIs for customers and is required to use keys to segregate customer data sets.

Which of the following would be BEST to use to store customer keys?

A.

A trusted platform module

B.

A hardware security module

C.

A localized key store

D.

A public key infrastructure

Full Access
Question # 110

A customer reports being unable to connect to a website at www.test.com to consume services. The customer notices the web application has the following published cipher suite:

CAS-004 question answer

Which of the following is the MOST likely cause of the customer’s inability to connect?

A.

Weak ciphers are being used.

B.

The public key should be using ECDSA.

C.

The default should be on port 80.

D.

The server name should be test.com.

Full Access
Question # 111

The Chief Information Security Officer is concerned about the possibility of employees downloading ‘malicious files from the internet and ‘opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk?

A.

Integrate the web proxy with threat intelligence feeds.

B.

Scan all downloads using an antivirus engine on the web proxy.

C.

Block known malware sites on the web proxy.

D.

Execute the files in the sandbox on the web proxy.

Full Access
Question # 112

A security manager wants to transition the organization to a zero trust architecture. To meet this requirement, the security manager has instructed administrators to remove trusted zones, role-based access, and one-time authentication. Which of the following will need to be implemented to achieve this objective? (Select THREE).

A.

Least privilege

B.

VPN

C.

Policy automation

D.

PKI

E.

Firewall

F.

Continuous validation

G.

Continuous integration

Full Access
Question # 113

The Chief Information Security Officer (CISO) asked a security manager to set up a system that sends an alert whenever a mobile device enters a sensitive area of the company's data center. The CISO would also like to be able to alert the individual who is entering the area that the access was logged and monitored. Which of the following would meet these requirements?

A.

Near-field communication

B.

Short Message Service

C.

Geofencing

D.

Bluetooth

Full Access
Question # 114

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badgeto access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field.

Which of the following should the security team recommend FIRST?

A.

Investigating a potential threat identified in logs related to the identity management system

B.

Updating the identity management system to use discretionary access control

C.

Beginning research on two-factor authentication to later introduce into the identity management system

D.

Working with procurement and creating a requirements document to select a new IAM system/vendor

Full Access
Question # 115

A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer

facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead

and be resistant to offline password attacks. Which of the following should the security consultant recommend?

A.

WPA2-Preshared Key

B.

WPA3-Enterprise

C.

WPA3-Personal

D.

WPA2-Enterprise

Full Access
Question # 116

Which of the following describes the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely?

A.

Key escrow

B.

TPM

C.

Trust models

D.

Code signing

Full Access
Question # 117

While performing mandatory monthly patch updates on a production application server, the security analyst reports an instance of buffer overflow for a new application that was migrated to the cloud and is also publicly exposed. Security policy requires that only internal users have access to the application. Which of the following should the analyst implement to mitigate the issues reported? (Select two).

A.

Configure firewall rules to block all external traffic.

B.

Enable input validation for all fields.

C.

Enable automatic updates to be installed on all servers.

D.

Configure the security group to enable external traffic.

E.

Set up a DLP policy to alert for exfiltration on all application servers.

F.

Enable nightly vulnerability scans

Full Access
Question # 118

A security analyst identified a vulnerable and deprecated runtime engine that is supporting a public-facing banking application. The developers anticipate the transition to modern development environments will take at least a month. Which of the following controls would best mitigate the risk without interrupting the service during the transition?

A.

Shutting down the systems until the code is ready

B.

Uninstalling the impacted runtime engine

C.

Selectively blocking traffic on the affected port

D.

Configuring IPS and WAF with signatures

Full Access
Question # 119

A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are:

* www.mycompany.org

* www.mycompany.com

* campus.mycompany.com

* wiki. mycompany.org

The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the BEST solution?

A.

Purchase one SAN certificate.

B.

Implement self-signed certificates.

C.

Purchase one certificate for each website.

D.

Purchase one wildcard certificate.

Full Access
Question # 120

In a shared responsibility model for PaaS, which of the following is a customer's responsibility?

A.

Network security

B.

Physical security

C.

OS security

D.

Host infrastructure

Full Access
Question # 121

A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor-effective way possible. Which of the following will the developer MOST likely implement?

A.

Certificate chain

B.

Root CA

C.

Certificate pinning

D.

CRL

E.

OCSP

Full Access
Question # 122

A systems administrator was given the following IOC to detect the presence of a malicious piece of software communicating with its command-and-control server:

post /malicious. php

User-Agent: Malicious Tool V 1.0

Host: www.rcalicious.com

The IOC documentation suggests the URL is the only part that could change. Which of the following regular expressions would allow the systems administrator to determine if any of the company hosts are compromised, while reducing false positives?

A.

User-Agent: Malicious Tool.*

B.

www\. malicious\. com\/malicious. php

C.

POST /malicious\. php

D.

Hose: [a-2] *\.malicious\.com

E.

malicious. *

Full Access
Question # 123

A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert.

Based on this information, the security analyst acknowledges this alert Which of the following event classifications is MOST likely the reason for this action?

A.

True negative

B.

False negative

C.

False positive

D.

Non-automated response

Full Access
Question # 124

A security engineer is implementing a server-side TLS configuration that provides forward secrecy and authenticated encryption with associated data. Which of the following algorithms, when combined into a cipher suite, will meet these requirements? (Choose three.)

A.

EDE

B.

CBC

C.

GCM

D.

AES

E.

RSA

F.

RC4

G.

ECDSA

Full Access
Question # 125

A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires:

• All remote devices to have up-to-date antivirus

• An up-to-date and patched OS

Which of the following technologies should the company deploy to meet its security objectives? (Select TWO)_

A.

NAC

B.

WAF

C.

NIDS

D.

Reverse proxy

E.

NGFW

F.

Bastion host

Full Access
Question # 126

A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce. The security architect's key objectives are to:

• Maintain customer trust

• Minimize data leakage

• Ensure non-repudiation

Which of the following would be the BEST set of recommendations from the security architect?

A.

Enable the user authentication requirement, enable end-to-end encryption, and enable waiting rooms.

B.

Disable file exchange, enable watermarking, and enable the user authentication requirement.

C.

Enable end-to-end encryption, disable video recording, and disable file exchange.

D.

Enable watermarking, enable the user authentication requirement, and disable video recording.

Full Access
Question # 127

An organization is running its e-commerce site in the cloud. The capacity is sufficient to meet the organization's needs throughout most of the year, except during the holidays when the organization plans to introduce a new line of products and expects an increase in traffic. The organization is not sure how well its products will be received. To address this issue, the organization needs to ensure that:

* System capacity is optimized.

* Cost is reduced.

Which of the following should be implemented to address these requirements? (Select TWO).

A.

Containerization

B.

Load balancer

C.

Microsegmentation

D.

Autoscaling

E.

CDN

F.

WAF

Full Access
Question # 128

A security manager has written an incident response playbook for insider attacks and is ready to begin testing it. Which of the following should the manager conduct to test the playbook?

A.

Automated vulnerability scanning

B.

Centralized logging, data analytics, and visualization

C.

Threat hunting

D.

Threat emulation

Full Access
Question # 129

An administrator at a software development company would like to protect the integrity of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the

signature failing?

A.

The NTP server is set incorrectly for the developers

B.

The CA has included the certificate in its CRL.

C.

The certificate is set for the wrong key usage.

D.

Each application is missing a SAN or wildcard entry on the certificate

Full Access
Question # 130

A security analyst is reviewing a new IOC in which data is injected into an online process. The IOC shows the data injection could happen in the following ways:

• Five numerical digits followed by a dash, followed by four numerical digits; or

• Five numerical digits

When one of these IOCs is identified, the online process stops working. Which of the following regular expressions should be implemented in the NIPS?

A.

^\d{4}(-\d{5})?$

B.

^\d{5}(-\d{4})?$

C.

^\d{5-4}$

D.

^\d{9}$

Full Access
Question # 131

A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by reducing the risk of on-path attacks between the mobile

client and its servers and by implementing stronger digital trust. To support users' trust, the company has released the following internal guidelines:

• Mobile clients should verify the identity of all social media servers locally.

• Social media servers should improve TLS performance of their certificate status

• Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

A.

Quick UDP internet connection

B.

OCSP stapling

C.

Private CA

D.

DNSSEC

E.

CRL

F.

HSTS

G.

Distributed object model

Full Access
Question # 132

A local university that has a global footprint is undertaking a complete overhaul of its website and associated systems. Some of the requirements are:

• Handle an increase in customer demand of resources

• Provide quick and easy access to information

• Provide high-quality streaming media

• Create a user-friendly interface

Which of the following actions should be taken FIRST?

A.

Deploy high-availability web servers.

B.

Enhance network access controls.

C.

Implement a content delivery network.

D.

Migrate to a virtualized environment.

Full Access
Question # 133

A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability. Which of the following would BEST resolve and mitigate the issue? (Select TWO).

A.

Deploying a WAF signature

B.

Fixing the PHP code

C.

Changing the web server from HTTPS to HTTP

D.

UsingSSLv3

E.

Changing the code from PHP to ColdFusion

F.

Updating the OpenSSL library

Full Access
Question # 134

A security engineer has been informed by the firewall team that a specific Windows workstation is part of a command-and-control network. The only information the security engineer is receiving is that

the traffic is occurring on a non-standard port (TCP 40322). Which of the following commands should the security engineer use FIRST to find the malicious process?

A.

tcpdump

B.

netstar

C.

tasklist

D.

traceroute

E.

ipconfig

Full Access
Question # 135

Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts most of the responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?

A.

IaaS

B.

SaaS

C.

Faas

D.

PaaS

Full Access
Question # 136

A CSP, which wants to compete in the market, has been approaching companies in an attempt to gain business. The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following would be the MOST significant business risk to a company that signs a contract with this CSP?

A.

Resource exhaustion

B.

Geographic location

C.

Control plane breach

D.

Vendor lock-in

Full Access
Question # 137

A client is adding scope to a project. Which of the following processes should be used when requesting updates or corrections to the client's systems?

A.

The implementation engineer requests direct approval from the systems engineer and the Chief Information Security Officer.

B.

The change control board must review and approve a submission.

C.

The information system security officer provides the systems engineer with the system updates.

D.

The security engineer asks the project manager to review the updates for the client's system.

Full Access
Question # 138

The Chief Security Officer (CSO) requested the security team implement technical controls that meet the following requirements:

* Monitors traffic to and from both local NAS and cloud-based file repositories

* Prevents on-site staff who are accessing sensitive customer Pll documents on file repositories from accidentally or deliberately sharing sensitive documents on personal Saa$S solutions

* Uses document attributes to reduce false positives

* Is agentless and not installed on staff desktops or laptops

Which of the following when installed and configured would BEST meet the CSO's requirements? (Select TWO).

A.

DLP

B.

NGFW

C.

UTM

D.

UEBA

E.

CASB

F.

HIPS

Full Access
Question # 139

A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?

A.

MD5-based envelope method

B.

HMAC SHA256

C.

PBKDF2

D.

PGP

Full Access
Question # 140

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process ‘memory location. Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

A.

Execute never

B.

Noexecute

C.

Total memory encryption

D.

Virtual memory protection

Full Access
Question # 141

A security analyst has been tasked with providing key information in the risk register. Which of the following outputs or results would be used to BEST provide the information needed to determine the

security posture for a risk decision? (Select TWO).

A.

Password cracker

B.

SCAP scanner

C.

Network traffic analyzer

D.

Vulnerability scanner

E.

Port scanner

F.

Protocol analyzer

Full Access
Question # 142

A third-party organization has implemented a system that allows it to analyze customers' data and deliver analysis results without being able to see the raw data. Which of the following is the organization implementing?

A.

Asynchronous keys

B.

Homomorphic encryption

C.

Data lake

D.

Machine learning

Full Access
Question # 143

A hospitality company experienced a data breach that included customer Pll. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service. Which of the following is the BEST solution to help prevent this type of attack in the future?

A.

NGFW for web traffic inspection and activity monitoring

B.

CSPM for application configuration control

C.

Targeted employee training and awareness exercises

D.

CASB for OAuth application permission control

Full Access
Question # 144

A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following:

• The highest form Of web identity validation

• Encryption of all web transactions

• The strongest encryption in-transit

• Logical separation based on data sensitivity

Other things that should be considered include:

• The company operates multiple other websites that use encryption.

• The company wants to minimize total expenditure.

• The company wants to minimize complexity

Which of the following should the company implement on its new website? (Select TWO).

A.

Wildcard certificate

B.

EV certificate

C.

Mutual authentication

D.

Certificate pinning

E.

SSO

F.

HSTS

Full Access
Question # 145

A cloud security architect has been tasked with selecting the appropriate solution given the following:

* The solution must allow the lowest RTO possible.

* The solution must have the least shared responsibility possible.

« Patching should be a responsibility of the CSP.

Which of the following solutions can BEST fulfill the requirements?

A.

Paas

B.

laas

C.

Private

D.

Saas

Full Access
Question # 146

A security analyst for a managed service provider wants to implement the most up-to-date and effective security methodologies to provide clients with the best offerings. Which of the following resources

would the analyst MOST likely adopt?

A.

OSINT

B.

ISO

C.

MITRE ATT&CK

D.

OWASP

Full Access
Question # 147

A company has decided that only administrators are permitted to use PowerShell on their Windows computers. Which of the following is the BEST way for an administrator to implement this decision?

A.

Monitor the Application and Services Logs group within Windows Event Log.

B.

Uninstall PowerSheII from all workstations.

C.

Configure user settings in Group Policy.

D.

Provide user education and training.

E.

Block PowerSheII via HIDS.

Full Access
Question # 148

In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:

A.

cloud-native applications.

B.

containerization.

C.

serverless configurations.

D.

software-defined netWorking.

E.

secure access service edge.

Full Access
Question # 149

Which of the following indicates when a company might not be viable after a disaster?

A.

Maximum tolerable downtime

B.

Recovery time objective

C.

Mean time to recovery

D.

Annual loss expectancy

Full Access
Question # 150

An organization is in frequent litigation and has a large number of legal holds. Which of the following types of functionality should the organization's new email system provide?

A.

DLP

B.

Encryption

C.

E-discovery

D.

Privacy-level agreements

Full Access
Question # 151

A security administrator wants to detect a potential forged sender claim in tt-e envelope of an email. Which of the following should the security administrator implement? (Select TWO).

A.

MX record

B.

DMARC

C.

SPF

D.

DNSSEC

E.

S/MIME

F.

TLS

Full Access
Question # 152

A company wants to refactor a monolithic application to take advantage of cloud native services and service microsegmentation to secure sensitive application components. Which of the following should the company implement to ensure the architecture is portable?

A.

Virtualized emulators

B.

Type 2 hypervisors

C.

Orchestration

D.

Containerization

Full Access
Question # 153

The Chief Information Security Officer (CISO) is working with a new company and needs a legal “document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign?

A.

SLA

B.

ISA

C.

Permissions and access

D.

Rules of engagement

Full Access
Question # 154

An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:

mbedTLS: ca certificate undefined

Which of the following is the root cause of this issue?

A.

iOS devices have an empty root certificate chain by default.

B.

OpenSSL is not configured to support PKCS#12 certificate files.

C.

The VPN client configuration is missing the CA private key.

D.

The iOS keychain imported only the client public and private keys.

Full Access
Question # 155

A company is on a deadline to roll out an entire CRM platform to all users at one time. However, the company is behind schedule due to reliance on third-party vendors. Which of the following development approaches will allow the company to begin releases but also continue testing and development for future releases?

A.

Implement iterative software releases.

B.

Revise the scope of the project to use a waterfall approach

C.

Change the scope of the project to use the spiral development methodology.

D.

Perform continuous integration.

Full Access
Question # 156

A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Select THREE).

A.

Temporal

B.

Availability

C.

Integrity

D.

Confidentiality

E.

Base

F.

Environmental

G.

Impact

Full Access
Question # 157

A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:

1. The network supports core applications that have 99.99% uptime.

2. Configuration updates to the SD-WAN routers can only be initiated from the management service.

3. Documents downloaded from websites must be scanned for malware.

Which of the following solutions should the network architect implement to meet the requirements?

A.

Reverse proxy, stateful firewalls, and VPNs at the local sites

B.

IDSs, WAFs, and forward proxy IDS

C.

DoS protection at the hub site, mutual certificate authentication, and cloud proxy

D.

IPSs at the hub, Layer 4 firewalls, and DLP

Full Access
Question # 158

A bank hired a security architect to improve its security measures against the latest threats The solution must meet the following requirements

• Recognize and block fake websites

• Decrypt and scan encrypted traffic on standard and non-standard ports

• Use multiple engines for detection and prevention

• Have central reporting

Which of the following is the BEST solution the security architect can propose?

A.

CASB

B.

Web filtering

C.

NGFW

D.

EDR

Full Access
Question # 159

A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing aCAPTCHAsystem on the web store to help reduce thenumber of video cards purchased through automated systems. Which of the following now describes the level of risk?

A.

Inherent

B.

Low

C.

Mitigated

D.

Residual

E.

Transferred

Full Access
Question # 160

Which of the following provides the best solution for organizations that want to securely back up the MFA seeds for its employees in a central, offline location with minimal

management overhead?

A.

Key escrow service

B.

Secrets management

C.

Encrypted database

D.

Hardware security module

Full Access
Question # 161

An employee's device was missing for 96 hours before being reported. The employee called the help desk to ask for another device Which of the following phases of the incident response cycle needs improvement?

A.

Containment

B.

Preparation

C.

Resolution

D.

Investigation

Full Access
Question # 162

A company has been the target of LDAP injections, as well as brute-force, whaling, and spear-phishing attacks. The company is concerned about ensuring continued system access. The company has already implemented a SSO system with strong passwords. Which of the following additional controls should the company deploy?

A.

Two-factor authentication

B.

Identity proofing

C.

Challenge questions

D.

Live identity verification

Full Access
Question # 163

A company moved its on-premises services to the cloud. Although a recent audit verified that data throughout the cloud service is properly classified and documented, other systems are unable to act or filter based on this information. Which of the following should the company deploy to allow other cloud-based systems to consume this information?

A.

Data mapping

B.

Data labeling

C.

Log scraping

D.

Resource tagging

Full Access
Question # 164

A company has retained the services of a consultant to perform a security assessment. As part of the assessment the consultant recommends engaging with others in the industry to collaborate in regards to emerging attacks Which of the following would best enable this activity?

A.

ISAC

B.

OSINT

C.

CVSS

D.

Threat modeling

Full Access
Question # 165

A security engineer receives reports through the organization's bug bounty program about remote code execution in a specific component in a custom application. Management wants to properly secure the component and proactively avoid similar issues. Which of the following is the best approach to uncover additional vulnerable paths in the application?

A.

Implement fuzz testing focused on the component and inputs uncovered by the bug bounty program.

B.

Leverage a software composition analysis tool to find all known vulnerabilities in dependencies.

C.

Use a vulnerability scanner to perform multiple types of network scans to look for vulnerabilities.

D.

Utilize a network traffic analyzer to find malicious packet combinations that lead to remote code execution.

E.

Run an exploit framework with all payloads against the application to see if it is able to gain access.

Full Access
Question # 166

A security analyst has been provided the following partial Snort IDS rule to review and add into the company's Snort IDS to identify a CVE:

CAS-004 question answer

Which of the following should the analyst recommend to mitigate this type of vulnerability?

A.

IPSec rules

B.

OS patching

C.

Two-factor authentication

D.

TCP wrappers

Full Access
Question # 167

A control systems analyst is reviewing the defensive posture of engineering workstations on the shop floor. Upon evaluation, the analyst makes the following observations:

• Unsupported, end-of-life operating systems were still prevalent on the shop floor.

• There are no security controls for systems with supported operating systems.

• There is little uniformity of installed software among the workstations.

Which of the following would have the greatest impact on the attack surface?

A.

Deploy antivirus software to all of the workstations.

B.

Increase the level of monitoring on the workstations.

C.

Utilize network-based allow and block lists.

D.

Harden all of the engineering workstations using a common strategy.

Full Access
Question # 168

A cyberanalyst has been tasked with recovering PDF files from a provided image file. Which of the following is the best file-carving tool for PDF recovery?

A.

objdump

B.

Strings

C.

dd

D.

Foremost

Full Access
Question # 169

A software developer has been tasked with creating a unique threat detection mechanism that is based on machine learning. The information system for which the tool is being developed is on a rapid CI/CD pipeline, and the tool developer is considered a supplier to the process. Which of the following presents the most risk to the development life cycle and lo the ability to deliver the security tool on time?

A.

Deep learning language barriers

B.

Big Data processing required for maturity

C.

Secure, multiparty computation requirements

D.

Computing capabilities available to the developer

Full Access
Question # 170

The information security manager at a 24-hour manufacturing facility is reviewing a contract for potential risks to the organization. The contract pertains to the support of printers and multifunction devices during non-standard business hours. Which of the following will the security manager most likely identify as a risk?

A.

Print configurations settings for locked print jobs

B.

The lack of an NDA with the company that supports its devices

C.

The lack of an MSA to govern other services provided by the service provider

D.

The lack of chain of custody for devices prior to deployment at the company

Full Access
Question # 171

A company uses a CSP to provide a front end for its new payment system offering. The new offering is currently certified as PCI compliant. In order for the integrated solution to be

compliant, the customer:

A.

must also be PCI compliant, because the risk is transferred to the provider.

B.

still needs to perform its own PCI assessment of the provider's managed serverless service.

C.

needs to perform a penetration test of the cloud provider's environment.

D.

must ensure in-scope systems for the new offering are also PCI compliant.

Full Access
Question # 172

The management team at a company with a large, aging server environment is conducting a server risk assessment in order to create a replacement strategy. The replacement strategy will be based upon the likelihood a server will fail, regardless of the criticality of the application running on a particular server. Which of the following should be used to prioritize the server replacements?

A.

SLE

B.

MTTR

C.

TCO

D.

MTBF

E.

MSA

Full Access
Question # 173

A security engineer evaluates the overall security of a custom mobile gaming application and notices that developers are bringing in a large number of open-source packages without appropriate patch management. Which of the following would the engineer most likely recommend for uncovering known vulnerabilities in the packages?

A.

Leverage an exploitation framework to uncover vulnerabilities.

B.

Use fuzz testing to uncover potential vulnerabilities in the application.

C.

Utilize a software composition analysis tool to report known vulnerabilities.

D.

Reverse engineer the application to look for vulnerable code paths.

E.

Analyze the use of an HTTP intercepting proxy to dynamically uncover issues.

Full Access
Question # 174

A penetration tester discovers a condition that causes unexpected behavior in a web application. This results in the dump of the interpreter's debugging information, which includes the interpreter's version, full path of binary files, and the user ID running the process. Which of the following actions would best mitigate this risk?

A.

Include routines in the application for message handling

B.

Adopt a compiled programming language instead.

C.

Perform SAST vulnerability scans on every build.

D.

Validate user-generated input.

Full Access
Question # 175

The findings from a recent penetration test report indicate a systematic issue related to cross-site scripting (XSS). A security engineer would like to prevent this type of issue for future reports. Which of the following mitigation strategies should the engineer use to best resolve the issue?

A.

Implement static analysis with blocking capabilities in the CI/CD system.

B.

Request resources to develop a secure library to address encoding issues.

C.

Leverage an API management system to filter information.

D.

Configure a DAST tool for all applications.

E.

Require all developers to take secure coding training that focuses on OWASP principles.

Full Access
Question # 176

A hospital has fallen behind with patching known vulnerabilities due to concerns that patches may cause disruptions in the availability of data and impact patient care. The hospital does not have a tracking solution in place to audit whether systems have been updated or to track the length of time between notification of the weakness and patch completion Since tracking is not in place the hospital lacks accountability with regard to who is responsible for these activities and the timeline of patching efforts. Which of the following should the hospital do first to mitigate this risk?

A.

Complete a vulnerability analysis

B.

Obtain guidance from the health ISAC

C.

Purchase a ticketing system for auditing efforts

D.

Ensure CVEs are current

E.

Train administrators on why patching is important

Full Access
Question # 177

An organization is deploying a container-based application that requires persistence of sensitive information on the filesystem. The filesystem will be deployed into a cloud environment. The information that will persist will include PHI (Protected Health Information). Which of the following solutions would be best to ensure confidentiality of information at rest?

A.

Triple DES

B.

AES-GCM

C.

RSA

D.

TLS

E.

RIPEMD

Full Access
Question # 178

A mobile application developer is creating a global, highly scalable, secure chat application. The developer would like to ensure the application is not susceptible to on-path attacks while the user is traveling in potentially hostile regions. Which of the following would BEST achieve that goal?

A.

Utilize the SAN certificate to enable a single certificate for all regions.

B.

Deploy client certificates to all devices in the network.

C.

Configure certificate pinning inside the application.

D.

Enable HSTS on the application's server side for all communication.

Full Access
Question # 179

A security engineer is re-architecting a network environment that provides regional electric distribution services. During a pretransition baseline assessment, the engineer identified the following security-relevant characteristics of the environment:

• Enterprise IT servers and supervisory industrial systems share the same subnet.

• Supervisory controllers use the 750MHz band to direct a portion of fielded PLCs.

• Command and telemetry messages from industrial control systems are unencrypted and unauthenticated.

Which of the following re-architecture approaches would be best to reduce the company's risk?

A.

Implement a one-way guard between enterprise IT services and mission-critical systems, obfuscate legitimate RF signals by broadcasting noise, and implement modern protocols to authenticate ICS messages.

B.

Characterize safety-critical versus non-safety-critical systems, isolate safety-critical systems from other systems, and increase the directionality of RF links in the field.

C.

Create a new network segment for enterprise IT servers, configure NGFW to enforce a well-defined segmentation policy, and implement a WIDS to monitor the spectrum.

D.

Segment supervisory controllers from field PLCs, disconnect the entire network from the internet, and use only the 750MHz link for controlling energy distribution services.

Full Access
Question # 180

An ASIC manufacturer wishing to best reduce downstream supply chain risk can provide validation instructions for consumers that:

A.

Leverage physically uncloneable functions.

B.

Analyze an emplaced holographic icon on the board.

C.

Include schematics traceable via X-ray interrogation.

D.

Incorporate MD5 hashes of the ASIC design file.

Full Access
Question # 181

A company is developing a new service product offering that will involve the storage of personal health information. The Chief Information Security Officer (CISO) is researching the relevant compliance regulations. Which of the following best describes the CISO's action?

A.

Data retention

B.

Data classification

C.

Due diligence

D.

Reference framework

Full Access
Question # 182

A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier in the development process in order to reduce the average time to identify serverless application vulnerabilities and the costs associated with remediation The startup began its early security testing efforts with DAST to cover public-facing application components and recently implemented a bug bounty program Which of the following will BEST accomplish the company's objectives?

A.

RASP

B.

SAST

C.

WAF

D.

CMS

Full Access
Question # 183

loCs were missed during a recent security incident due to the reliance on a signature-based detection platform. A security engineer must recommend a solution that can be implemented to address this shortcoming. Which of the following would be the most appropriate recommendation?

A.

FIM

B.

SASE

C.

UEBA

D.

CSPM

E.

EAP

Full Access
Question # 184

A junior security researcher has identified a buffer overflow vulnerability leading to remote code execution in a former employer's software. The security researcher asks for the manager's advice on the vulnerability submission process. Which of the following is the best advice the current manager can provide the security researcher?

A.

Collect proof that the exploit works in order to expedite the process.

B.

Publish proof-of-concept exploit code on a personal blog.

C.

Recommend legal consultation about the process.

D.

Visit a bug bounty website for the latest information.

Full Access
Question # 185

A recent security assessment generated a recommendation to transition Wi-Fi to WPA2/WPA3 Enterprise requiring EAP-TLS. Which of the following conditions must be met for the organization's mobile devices to be able to successfully join the corporate wireless network?

A.

Client computer X.509 certificates have been installed.

B.

Supplicants are configured to provide a 64-bit authenticator.

C.

A hardware TOTP token has been issued to mobile users.

D.

The device's IPSec configuration matches the VPN concentrator.

Full Access