Best October Special Limited Time 50% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4s50disc

CAS-003 PDF

$47.5

$94.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

CAS-003 PDF + Testing Engine

$70

$139.99

3 Months Free Update

  • Exam Name: CompTIA Advanced Security Practitioner (CASP) Exam
  • Last Update: Oct 19, 2021
  • Questions and Answers: 572
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

CAS-003 Engine

$55

$109.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

CAS-003 CompTIA Advanced Security Practitioner (CASP) Exam Questions and Answers

Question # 4

A security analyst is reviewing weekly email reports and finds an average of 1.000 emails received daily from the internal security alert email address. Which of the following should be implemented?

A.

Tuning the networking monitoring service

B.

Separation of duties for systems administrators

C.

Machine learning algorithms

D.

DoS attack prevention

Full Access
Question # 5

A company recently experienced a period of rapid growth, and it now needs to move to a more scalable cloud-based solution Historically. salespeople have maintained separate systems for information on competing customers to prevent the inadvertent disclosure of one customer's information to another customer Which of the following would be the BEST method to provide secure data separation?

A.

Use a CRM tool to separate data stores

B.

Migrate to a single-tenancy cloud infrastructure

C.

Employ network segmentation to provide isolation among salespeople

D.

Implement an open-source public cloud CRM

Full Access
Question # 6

A company is deploying a DIP solution and scanning workstations and network drives for documents that contain potential Pll and payment card data. The results of the first scan are as follows:

The security learn is unable to identify the data owners for the specific files in a timely manner and does not suspect malicious activity with any of the detected files. Which of the following would address the inherent risk until the data owners can be formally identified?

A.

Move the files from the marketing share to a secured drive.

B.

Search the metadata for each file to locate the file's creator and transfer the files to the personal drive of the listed creator.

C.

Configure the DLP tool to delete the files on the shared drives

D.

Remove the access for the internal audit group from the accounts payable and payroll shares

Full Access
Question # 7

A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.

A security engineer is concerned about the security of the solution and notes the following.

* The critical devise send cleartext logs to the aggregator.

* The log aggregator utilize full disk encryption.

* The log aggregator sends to the analysis server via port 80.

* MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.

* The data is compressed and encrypted prior to being achieved in the cloud.

Which of the following should be the engineer’s GREATEST concern?

A.

Hardware vulnerabilities introduced by the log aggregate server

B.

Network bridging from a remote access VPN

C.

Encryption of data in transit

D.

Multinancy and data remnants in the cloud

Full Access
Question # 8

A Chief Information Security Officer (CISO) is running a test to evaluate the security of the corporate network and attached devices. Which of the following components should be executed by an outside vendor?

A.

Penetration tests

B.

Vulnerability assessment

C.

Tabletop exercises

D.

Blue-team operations

Full Access
Question # 9

A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?

A.

DLP

B.

Mail gateway

C.

Data flow enforcement

D.

UTM

Full Access
Question # 10

A security analyst is reviewing an endpoint that was found to have a rookit installed. The rootkit survived multiple attempts to clean the endpoints, as well as an attempt to reinstall the QS. The security analyst needs to implement a method to prevent other endpoint from having similar issues. Which of the following would BEST accomplish this objective?

A.

Utilize measured boot attestation.

B.

Enforce the secure boot process.

C.

Reset the motherboard’s TPM chip.

D.

Reinstall the OS with known-good media.

E.

Configure custom anti-malware rules.

Full Access
Question # 11

A company provides guest WiFi access to the internet and physically separates the guest network from the company’s internal WIFI. Due to a recent incident in which an attacker gained access to the compay’s intend WIFI, the company plans to configure WPA2 Enterprise in an EAP- TLS configuration. Which of the following must be installed on authorized hosts for this new configuration to work properly?

A.

Active Directory OPOs

B.

PKI certificates

C.

Host-based firewall

D.

NAC persistent agent

Full Access
Question # 12

A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?

A.

PCI DSS

B.

GDPR

C.

NIST

D.

ISO 31000

Full Access
Question # 13

A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch?

A.

Set up an air gap for the switch.

B.

Change the default password for the switch.

C.

Place the switch in a Faraday cage.

D.

Install a cable lock on the switch.

Full Access
Question # 14

An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

A.

Password cracker

B.

Port scanner

C.

Account enumerator

D.

Exploitation framework

Full Access
Question # 15

A security administrator is performing an audit of a local network used by company guests and executes a series of commands that generates the following output:

Which of the following actions should the security administrator take to BEST mitigate the issue that transpires from the above information?

A.

Implement switchport security

B.

Implement 802 1X

C.

Enforce static ARP mappings using GPO

D.

Enable unicast RPF

Full Access
Question # 16

A security administrator is reviewing the following output from an offline password audit:

Which of the following should the systems administrator implement to BEST address this audit finding? (Choose two.)

A.

Cryptoprocessor

B.

Bcrypt

C.

SHA-256

D.

PBKDF2

E.

Message authentication

Full Access
Question # 17

When of the following is the BEST reason to implement a separation of duties policy?

A.

It minimizes the risk of Dos due to continuous monitoring.

B.

It eliminates the need to enforce least privilege by logging all actions.

C.

It increases the level of difficulty for a single employee to perpetrate fraud.

D.

it removes barriers to collusion and collaboration between business units.

Full Access
Question # 18

A company has made it a spending priority to implement security architectures that will be resilient during an

attack. Recent incidents have involved attackers leveraging latent vulnerabilities in cryptographic

implementations and VPN concentrators to be able to compromise sensitive information. Patches have been

slowly released for these emergent vulnerabilities, leaving weeks to months of exposed and vulnerable attack

surface. Which of the following approaches would be BEST to increase enterprise resilience during similar

future attacks?

A.

Implement appliances and software from diverse manufacturers

B.

Segment remote VPN users logically from the production LAN

C.

Maximize open-source software to benefit from swifter patch releases

D.

Upgrade the cryptographic ciphers used on the VPN concentrators

Full Access
Question # 19

A vendor develops a mobile application for global customers. The mobile application supports advanced encryption of data between the source (the mobile device) and the destination (the organization’s ERP system).

As part of the vendor’s compliance program, which of the following would be important to take into account?

A.

Mobile tokenization

B.

Export controls

C.

Device containerization

D.

Privacy policies

Full Access
Question # 20

A security analyst has been assigned incident response duties and must instigate the response on a Windows device that appears to be compromised. Which of the following commands should be executed on the client FIRST?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 21

A penetration tester is given an assignment lo gain physical access to a secure facility with perimeter cameras. The secure facility does not accept visitors and entry is available only through a door protected by an RFID key and a guard stationed inside the door Which of the following would be BEST for the penetration tester to attempt?

A.

Gam entry into the building by posing as a contractor who is performing routine building maintenance.

B.

Tailgate into the facility with an employee who has a valid RFID badge to enter

C.

Duplicate an employees RFID badge and use an IR camera to see when the guard leaves the post.

D.

Look for an open window that can be used to gain unauthorized entry into the facility

Full Access
Question # 22

A cybersecurity analyst has received an alert that well-known "call home" messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the massages. After determining the alert was a true positive, which of the following represents OST likely cause?

A.

Attackers are running reconnaissance on company resources.

B.

An outside command and control system is attempting to reach an infected system.

C.

An insider trying to exfiltrate information to a remote network.

D.

Malware is running on a company system

Full Access
Question # 23

A security analyst is reviewing the following pseudo-output snippet after running the command less /tmp/file,tmp.

The information above was obtained from a public-facing website and used to identify military assets. Which of the following should be implemented to reduce the risk of a similar compromise?

A.

Deploy a solution to sanitize geotagging information

B.

Install software to wipe data remnants on servers

C.

Enforce proper input validation on mission-critical software

D.

Implement a digital watermarking solution

Full Access
Question # 24

The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more

than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would BEST to improve the incident response process?

A.

Updating the playbook with better decision points

B.

Dividing the network into trusted and untrusted zones

C.

Providing additional end-user training on acceptable use

D.

Implementing manual quarantining of infected hosts

Full Access
Question # 25

The Chief Executive Officer (CEO) of a company has considered implementing a cost-saving measure that

might result in new risk to the company. When deciding whether to implement this measure, which of the

following would be the BEST course of action to manage the organization’s risk?

A.

Present the detailed risk resulting from the change to the company’s board of directors

B.

Pilot new mitigations that cost less than the total amount saved by the change

C.

Modify policies and standards to discourage future changes that increase risk

D.

Capture the risk in a prioritized register that is shared routinely with the CEO

Full Access
Question # 26

As part of the asset management life cycle, a company engages a certified equipment disposal vendor to appropriately recycle and destroy company assets that are no longer in use. As part of the company’s vendor due diligence, which of the following would be MOST important to obtain from the vendor?

A.

A copy of the vendor’s information security policies.

B.

A copy of the current audit reports and certifications held by the vendor.

C.

A signed NDA that covers all the data contained on the corporate systems.

D.

A copy of the procedures used to demonstrate compliance with certification requirements.

Full Access
Question # 27

A security engineer is working to secure an organization’s VMs. While reviewing the workflow for creating VMs on demand, the engineer raises a concern about the integrity of the secure boot process of the VM guest.

Which of the following would BEST address this concern?

A.

Configure file integrity monitoring of the guest OS.

B.

Enable the vTPM on a Type 2 hypervisor.

C.

Only deploy servers that are based on a hardened image.

D.

Protect the memory allocation of a Type 1 hypervisor.

Full Access
Question # 28

The Chief Executive Officer (CEO) instructed the new Chief Information Security Officer (CISO) to provide a list of enhancements to the company’s cybersecurity operation. As a result, the CISO has identified the need to align security operations with industry best practices. Which of the following industry references is appropriate to accomplish this?

A.

OSSM

B.

NIST

C.

PCI

D.

OWASP

Full Access
Question # 29

Ann, a retiring employee, cleaned out her desk. The next day, Ann’s manager notices company equipment that was supposed to remain at her desk is now missing.

Which of the following would reduce the risk of this occurring in the future?

A.

Regular auditing of the clean desk policy

B.

Employee awareness and training policies

C.

Proper employee separation procedures

D.

Implementation of an acceptable use policy

Full Access
Question # 30

A company relies on an ICS to perform equipment monitoring functions that are federally mandated for operation of the facility. Fines for non-compliance could be costly. The ICS has known vulnerabilities and can no longer be patched or updated. Cyber-liability insurance cannot be obtained because insurance companies will not insure this equipment.

Which of the following would be the BEST option to manage this risk to the company's production environment?

A.

Avoid the risk by removing the ICS from production

B.

Transfer the risk associated with the ICS vulnerabilities

C.

Mitigate the risk by restricting access to the ICS

D.

Accept the risk and upgrade the ICS when possible

Full Access
Question # 31

A request has been approved for a vendor to access a new internal server using only HTTPS and SSH to manage the back-end system for the portal. Internal users just need HTTP and HTTPS access to all internal web servers. All other external access to the new server and its subnet is not allowed. The security manager must ensure proper access is configured.

Below is a snippet from the firewall related to that server (access is provided in a top-down model):

Which of the following lines should be configured to allow the proper access? (Choose two.)

A.

Move line 3 below line 4 and change port 80 to 443 on line 4.

B.

Move line 3 below line 4 and add port 443 to line.

C.

Move line 4 below line 5 and add port 80 to 8080 on line 2.

D.

Add port 22 to line 2.

E.

Add port 22 to line 5.

F.

Add port 443 to line 2.

G.

Add port 443 to line 5.

Full Access
Question # 32

An organization’s network security administrator has been using an SSH connection to manage switches and routers for several years. After attempting to connect to a router, an alert appears on the terminal emulation software, warning that the SSH key has changed.

After confirming the administrator is using the typical workstation and the router has not been replaced, which of the following are the MOST likely explanations for the warning message? (Choose two.).

A.

The SSH keys were given to another department.

B.

A MITM attack is being performed by an APT.

C.

The terminal emulator does not support SHA-256.

D.

An incorrect username or password was entered.

E.

A key rotation has occurred as a result of an incident.

F.

The workstation is not syncing with the correct NTP server.

Full Access
Question # 33

A company is purchasing an application that will be used to manage all IT assets as well as provide an incident and problem management solution for IT activity The company narrows the search to two products. Application A and Application B; which meet all of its requirements. Application A is the most cost-effective product, but it is also the riskiest so the company purchases Application B. Which of the following types of strategies did the company use when determining risk appetite?

A.

Mitigation

B.

Acceptance

C.

Avoidance

D.

Transfer

Full Access
Question # 34

The Chief information Officer (CIO) wants to establish a non-banding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a format partnership. Which of the follow would MOST likely be used?

A.

MOU

B.

OLA

C.

NDA

D.

SLA

Full Access
Question # 35

A security administrator is concerned about the increasing number of users who click on malicious links contained within phishing emails. Although the company has implemented a process to block these links at the network perimeter, many accounts are still becoming compromised. Which of the following should be implemented for further reduce the number of account compromises caused by remote users who click these links?

A.

Anti-spam gateways

B.

Security awareness training

C.

URL rewriting

D.

Internal phishing campaign

Full Access
Question # 36

A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a specific platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After the new vulnerability, it was determined that web services provided are being impacted by this new threat. Which of the following data types MOST likely at risk of exposure based on this new threat? (Select Two)

A.

Cardholder data

B.

Intellectual property

C.

Personal health information

D.

Employee records

E.

Corporate financial data

Full Access
Question # 37

A security engineer wants to introduce key stretching techniques to the account database to make password guessing attacks more difficult Which of the following should be considered to achieve this? (Select TWO)

A.

Digital signature

B.

bcrypt

C.

Perfect forward secrecy

D.

SHA-256

E.

P-384

F.

PBKDF2

G.

Record-level encryption

Full Access
Question # 38

When implementing a penetration testing program, the Chief Information Security Officer (CISO) designates different organizational groups within the organization as having different responsibilities, attack vectors, and rules of engagement. First, the CISO designates a team to operate from within the corporate environment. This team is commonly referred to as:

A.

the blue team.

B.

the white team.

C.

the operations team.

D.

the read team.

E.

the development team.

Full Access
Question # 39

An external red team is brought into an organization to perform a penetration test of a new network-based application. The organization deploying the network application wants the red team to act like remote, external attackers, and instructs the team to use a black-box approach. Which of the following is the BEST methodology for the red team to follow?

A.

Run a protocol analyzer to determine what traffic is flowing in and out of the server, and look for ways to alter the data stream that will result in information leakage or a system failure.

B.

Send out spear-phishing emails against users who are known to have access to the network-based application, so the red team can go on-site with valid credentials and use the software.

C.

Examine the application using a port scanner, then run a vulnerability scanner against open ports looking for known, exploitable weaknesses the application and related services may have.

D.

Ask for more details regarding the engagement using social engineering tactics in an attempt to get the organization to disclose more information about the network application to make attacks easier.

Full Access
Question # 40

A network administrator is concerned about a particular server that is attacked occasionally from hosts on the Internet. The server is not critical; however, the attacks impact the rest of the network. While the company’s current ISP is cost effective, the ISP is slow to respond to reported issues. The administrator needs to be able to mitigate the effects of an attack immediately without opening a trouble ticket with the ISP. The ISP is willing to accept a very small network route advertised with a particular BGP community string. Which of the following is the BESRT way for the administrator to mitigate the effects of these attacks?

A.

Use the route protection offered by the ISP to accept only BGP routes from trusted hosts on the Internet, which will discard traffic from attacking hosts.

B.

Work with the ISP and subscribe to an IPS filter that can recognize the attack patterns of the attacking hosts, and block those hosts at the local IPS device.

C.

Advertise a /32 route to the ISP to initiate a remotely triggered black hole, which will discard traffic destined to the problem server at the upstream provider.

D.

Add a redundant connection to a second local ISP, so a redundant connection is available for use if the server is being attacked on one connection.

Full Access
Question # 41

Following a recent network intrusion, a company wants to determine the current security awareness of all of its employees. Which of the following is the BEST way to test awareness?

A.

Conduct a series of security training events with comprehensive tests at the end

B.

Hire an external company to provide an independent audit of the network security posture

C.

Review the social media of all employees to see how much proprietary information is shared

D.

Send an email from a corporate account, requesting users to log onto a website with their enterprise account

Full Access
Question # 42

As part of an organization's ongoing vulnerability assessment program, the Chief Information Security Officer (CISO) wants to evaluate the organization's systems, personnel, and facilities for various threats As part of the assessment the CISO plans to engage an independent cybersecurity assessment firm to perform social engineering and physical penetration testing against the organization's corporate offices and remote locations. Which of the following techniques would MOST likely be employed as part of this assessment? (Select THREE).

A.

Privilege escalation

B.

SQL injection

C.

TOC/TOU exploitation

D.

Rogue AP substitution

E.

Tailgating

F.

Vulnerability scanning

G.

Vishing

Full Access
Question # 43

A school contracts with a vendor to devise a solution that will enable the school library to lend out tablet computers to students while on site. The tablets must adhere to string security and privacy practices. The school’s key requirements are to:

  • Maintain privacy of students in case of loss
  • Have a theft detection control in place
  • Be compliant with defined disability requirements
  • Have a four-hour minimum battery life

Which of the following should be configured to BEST meet the requirements? (Choose two.)

A.

Remote wiping

B.

Geofencing

C.

Antivirus software

D.

TPM

E.

FDE

F.

Tokenization

Full Access
Question # 44

A hospital is using a functional magnetic resonance imaging (fMRI) scanner, which is controlled legacy desktop connected to the network. The manufacturer of the fMRI will not support patching of the legacy system. The legacy desktop needs to be network accessible on TCP port 445 A security administrator is concerned the legacy system will be vulnerable to exploits Which of the following would be the BEST strategy to reduce the risk of an outage while still providing for security?

A.

Install HIDS and disable unused services.

B.

Enable application whitelisting and disable SMB.

C.

Segment the network and configure a controlled interface

D.

Apply only critical security patches for known vulnerabilities.

Full Access
Question # 45

A security analyst is reviewing logs and discovers that a company-owned computer issued to an employee is generating many alerts and analyst continues to review the log events and discovers that a non-company-owned device from a different, unknown IP address is general same events. The analyst informs the manager of these finding, and the manager explains that these activities are already known and . . . ongoing simulation. Given this scenario, which of the following roles are the analyst, the employee, and the manager fillings?

Full Access
Question # 46

A vulnerability was recently announced that allows a malicious user to gain root privileges on other virtual machines running within the same hardware cluster. Customers of which of the following cloud-based solutions should be MOST concerned about this vulnerability?

A.

Single-tenant private cloud

B.

Multitenant SaaS cloud

C.

Single-tenant hybrid cloud

D.

Multitenant IaaS cloud

E.

Multitenant PaaS cloud

F.

Single-tenant public cloud

Full Access
Question # 47

A government contractor was the victim of a malicious attack that resulted in the theft of sensitive information. An analyst’s subsequent investigation of sensitive systems led to the following discoveries:

  • There was no indication of the data owner’s or user’s accounts being compromised.
  • No database activity outside of previous baselines was discovered.
  • All workstations and servers were fully patched for all known vulnerabilities at the time of the attack.
  • It was likely not an insider threat, as all employees passed polygraph tests.

Given this scenario, which of the following is the MOST likely attack that occurred?

A.

The attacker harvested the hashed credentials of an account within the database administrators group after dumping the memory of a compromised machine. With these credentials, the attacker was able to access the database containing sensitive information directly.

B.

An account, which belongs to an administrator of virtualization infrastructure, was compromised with a successful phishing attack. The attacker used these credentials to access the virtual machine manager and made a copy of the target virtual machine image. The attacker later accessed the image offline to obtain sensitive information.

C.

A shared workstation was physically accessible in a common area of the contractor’s office space and was compromised by an attacker using a USB exploit, which resulted in gaining a local administrator account. Using the local administrator credentials, the attacker was able to move laterally to the server hosting the database with sensitive information.

D.

After successfully using a watering hole attack to deliver an exploit to a machine, which belongs to an employee of the contractor, an attacker gained access to a corporate laptop. With this access, the attacker then established a remote session over a VPN connection with the server hosting the database of sensitive information.

Full Access
Question # 48

A company has completed the implementation of technical and management controls as required by its adopted security, ponies and standards. The implementation took two years and consumed s the budget approved to security projects. The board has denied any further requests for additional budget. Which of the following should the company do to address the residual risk?

A.

Transfer the risk

B.

Baseline the risk.

C.

Accept the risk

D.

Remove the risk

Full Access
Question # 49

Staff members are reporting an unusual number of device thefts associated with time out of the office. Thefts increased soon after the company deployed a new social networking app. Which of the following should the Chief Information Security Officer (CISO) recommend implementing?

A.

Automatic location check-ins

B.

Geolocated presence privacy

C.

Integrity controls

D.

NAC checks to quarantine devices

Full Access
Question # 50

A company is the victim of a phishing and spear-phishing campaign Users are Clicking on website links that look like common bank sites and entering their credentials accidentally A security engineer decides to use a layered defense to prevent the phishing or lessen its impact Which of the following should the security engineer implement? (Select TWO)

A.

Spam filter

B.

Host intrusion prevention

C.

Client certificates

D.

Content filter

E.

Log monitoring

F.

Data loss prevention

Full Access
Question # 51

Users have been reporting unusual automated phone calls, including names and phone numbers, that appear to come from devices internal to the company. Which of the following should the systems administrator do to BEST address this problem?

A.

Add an ACL to the firewall to block VoIP.

B.

Change the settings on the phone system to use SIP-TLS.

C.

Have the phones download new configurations over TFTP.

D.

Enable QoS configuration on the phone VLAN.

Full Access
Question # 52

Legal authorities notify a company that its network has been compromised for the second time in two years. The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks. Which of the following would have allowed the security team to use historical information to protect against the second attack?

A.

Key risk indicators

B.

Lessons learned

C.

Recovery point objectives

D.

Tabletop exercise

Full Access
Question # 53

A company’s security policy states any remote connections must be validated using two forms of network-based authentication. It also states local administrative accounts should not be used for any remote access. PKI currently is not configured within the network. RSA tokens have been provided to all employees, as well as a mobile application that can be used for 2FA authentication. A new NGFW has been installed within the network to provide security for external connections, and the company has decided to use it for VPN connections as well. Which of the following should be configured? (Choose two.)

A.

Certificate-based authentication

B.

TACACS+

C.

802.1X

D.

RADIUS

E.

LDAP

F.

Local user database

Full Access
Question # 54

A consultant is hired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessment will be considered successful if the consultant can discover the name of one of the IT administrators. Which of the following is MOST likely to produce the needed information?

A.

Whois

B.

DNS enumeration

C.

Vulnerability scanner

D.

Fingerprinting

Full Access
Question # 55

A company is acquiring incident response and forensic assistance from a managed security service provider in the event of a data breach. The company has selected a partner and must now provide required documents to be reviewed and evaluated.

Which of the following documents would BEST protect the company and ensure timely assistance? (Choose two.)

A.

RA

B.

BIA

C.

NDA

D.

RFI

E.

RFQ

F.

MSA

Full Access
Question # 56

An administrator is working with management to develop policies related to the use of the cloud-based resources that contain corporate data. Management plans to require some control over organizational data stored on personal devices, such as tablets. Which of the following controls would BEST support management’s policy?

A.

MDM

B.

Sandboxing

C.

Mobile tokenization

D.

FDE

E.

MFA

Full Access
Question # 57

Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue. The security team needs to find a technical control mechanism that will meet the following requirements and aid in preventing these outbreaks:

  • Stop malicious software that does not match a signature
  • Report on instances of suspicious behavior
  • Protect from previously unknown threats
  • Augment existing security capabilities

Which of the following tools would BEST meet these requirements?

A.

Host-based firewall

B.

EDR

C.

HIPS

D.

Patch management

Full Access
Question # 58

A security analyst has requested network engineers integrate sFlow into the SOC’s overall monitoring picture. For this to be a useful addition to the monitoring capabilities, which of the following must be considered by the engineering team?

A.

Effective deployment of network taps

B.

Overall bandwidth available at Internet PoP

C.

Optimal placement of log aggregators

D.

Availability of application layer visualizers

Full Access
Question # 59

A company’s existing forward proxies support software-based TLS decryption, but are currently at 60% load just dealing with AV scanning and content analysis for HTTP traffic. More than 70% outbound web traffic is currently encrypted. The switching and routing network infrastructure precludes adding capacity, preventing the installation of a dedicated TLS decryption system. The network firewall infrastructure is currently at 30% load and has software decryption modules that can be activated by purchasing additional license keys. An existing project is rolling out agent updates to end-user desktops as part of an endpoint security refresh.

Which of the following is the BEST way to address these issues and mitigate risks to the organization?

A.

Purchase the SSL, decryption license for the firewalls and route traffic back to the proxies for end-user categorization and malware analysis.

B.

Roll out application whitelisting to end-user desktops and decommission the existing proxies, freeing up network ports.

C.

Use an EDP solution to address the malware issue and accept the diminishing role of the proxy for URL categorization in the short team.

D.

Accept the current risk and seek possible funding approval in the next budget cycle to replace the existing proxies with ones with more capacity.

Full Access
Question # 60

Given the following output from a security tool in Kali:

A.

Log reduction

B.

Network enumerator

C.

Fuzzer

D.

SCAP scanner

Full Access
Question # 61

A hospital uses a legacy electronic medical record system that requires multicast for traffic between the application servers and databases on virtual hosts that support segments of the application. Following a switch upgrade, the electronic medical record is unavailable despite physical connectivity between the hypervisor and the storage being in place. The network team must enable multicast traffic to restore access to the electronic medical record. The ISM states that the network team must reduce the footprint of multicast traffic on the network.

Using the above information, on which VLANs should multicast be enabled?

A.

VLAN201, VLAN202, VLAN400

B.

VLAN201, VLAN202, VLAN700

C.

VLAN201, VLAN202, VLAN400, VLAN680, VLAN700

D.

VLAN400, VLAN680, VLAN700

Full Access
Question # 62

An engineer needs to provide access to company resources for several offshore contractors. The contractors require:

  • Access to a number of applications, including internal websites
  • Access to database data and the ability to manipulate it
  • The ability to log into Linux and Windows servers remotely

Which of the following remote access technologies are the BEST choices to provide all of this access securely? (Choose two.)

A.

VTC

B.

VRRP

C.

VLAN

D.

VDI

E.

VPN

F.

Telnet

Full Access
Question # 63

A security engineer is assisting a developer with input validation, and they are studying the following code block:

The security engineer wants to ensure strong input validation is in place for customer-provided account identifiers. These identifiers are ten-digit numbers. The developer wants to ensure input validation is fast because a large number of people use the system.

Which of the following would be the BEST advice for the security engineer to give to the developer?

A.

Replace code with Java-based type checks

B.

Parse input into an array

C.

Use regular expressions

D.

Canonicalize input into string objects before validation

Full Access
Question # 64

With which of the following departments should an engineer for a consulting firm coordinate when determining the control and reporting requirements for storage of sensitive, proprietary customer information?

A.

Human resources

B.

Financial

C.

Sales

D.

Legal counsel

Full Access
Question # 65

An agency has implemented a data retention policy that requires tagging data according to type before storing it in the data repository. The policy requires all business emails be automatically deleted after two years. During an open records investigation, information was found on an employee’s work computer concerning a conversation that occurred three years prior and proved damaging to the agency’s reputation. Which of the following MOST likely caused the data leak?

A.

The employee manually changed the email client retention settings to prevent deletion of emails

B.

The file that contained the damaging information was mistagged and retained on the server for longer than it should have been

C.

The email was encrypted and an exception was put in place via the data classification application

D.

The employee saved a file on the computer’s hard drive that contained archives of emails, which were more than two years old

Full Access
Question # 66

A software company is releasing a new mobile application to a broad set of external customers. Because the software company is rapidly releasing new features, it has built in an over-the-air software update process that can automatically update the application at launch time. Which of the following security controls should be recommended by the company’s security architect to protect the integrity of the update process? (Choose two.)

A.

Validate cryptographic signatures applied to software updates

B.

Perform certificate pinning of the associated code signing key

C.

Require HTTPS connections for downloads of software updates

D.

Ensure there are multiple download mirrors for availability

E.

Enforce a click-through process with user opt-in for new features

Full Access
Question # 67

A systems administrator at a medical imaging company discovers protected health information (PHI) on a general purpose file server. Which of the following steps should the administrator take NEXT?

A.

Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2

B.

Immediately encrypt all PHI with AES 256

C.

Delete all PHI from the network until the legal department is consulted

D.

Consult the legal department to determine legal requirements

Full Access
Question # 68

As part of an organization’s compliance program, administrators must complete a hardening checklist and note any potential improvements. The process of noting improvements in the checklist is MOST likely driven by:

A.

the collection of data as part of the continuous monitoring program.

B.

adherence to policies associated with incident response.

C.

the organization’s software development life cycle.

D.

changes in operating systems or industry trends.

Full Access
Question # 69

An organization is currently performing a market scan for managed security services and EDR capability. Which of the following business documents should be released to the prospective vendors in the first step of the process? (Select TWO).

A.

MSA

B.

RFP

C.

NDA

D.

RFI

E.

MOU

F.

RFQ

Full Access
Question # 70

A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The Chief Information Security Officer (CISO) will then present this list to the board to request funding for controls in areas that have insufficient coverage.

Which of the following exercise types should the analyst perform?

A.

Summarize the most recently disclosed vulnerabilities.

B.

Research industry best practices and latest RFCs.

C.

Undertake an external vulnerability scan and penetration test.

D.

Conduct a threat modeling exercise.

Full Access
Question # 71

A security assessor is working with an organization to review the policies and procedures associated with managing the organization’s virtual infrastructure. During a review of the virtual environment, the assessor determines the organization is using servers to provide more than one primary function, which violates a regulatory requirement. The assessor reviews hardening guides and determines policy allows for this configuration. It would be MOST appropriate for the assessor to advise the organization to:

A.

segment dual-purpose systems on a hardened network segment with no external access

B.

assess the risks associated with accepting non-compliance with regulatory requirements

C.

update system implementation procedures to comply with regulations

D.

review regulatory requirements and implement new policies on any newly provisioned servers

Full Access
Question # 72

A development team is testing an in-house-developed application for bugs. During the test, the application crashes several times due to null pointer exceptions. Which of the following tools, if integrated into an IDE during coding, would identify these bugs routinely?

A.

Issue tracker

B.

Static code analyzer

C.

Source code repository

D.

Fuzzing utility

Full Access
Question # 73

A security consultant is improving the physical security of a sensitive site and takes pictures of the unbranded building to include in the report. Two weeks later, the security consultant misplaces the phone, which only has one hour of charge left on it. The person who finds the phone removes the MicroSD card in an attempt to discover the owner to return it.

The person extracts the following data from the phone and EXIF data from some files:

DCIM Images folder

Audio books folder

Torrentz

My TAX.xls

Consultancy HR Manual.doc

Camera: SM-G950F

Exposure time: 1/60s

Location: 3500 Lacey Road USA

Which of the following BEST describes the security problem?

A.

MicroSD in not encrypted and also contains personal data.

B.

MicroSD contains a mixture of personal and work data.

C.

MicroSD in not encrypted and contains geotagging information.

D.

MicroSD contains pirated software and is not encrypted.

Full Access
Question # 74

A medical facility wants to purchase mobile devices for doctors and nurses. To ensure accountability, each individual will be assigned a separate mobile device. Additionally, to protect patients’ health information, management has identified the following requirements:

  • Data must be encrypted at rest.
  • The device must be disabled if it leaves the facility.
  • The device must be disabled when tampered with.

Which of the following technologies would BEST support these requirements? (Select two.)

A.

eFuse

B.

NFC

C.

GPS

D.

Biometric

E.

USB 4.1

F.

MicroSD

Full Access
Question # 75

Following a recent security incident on a web server the security analyst takes HTTP traffic captures for further investigation The analyst suspects certain jpg files have important data hidden within them. Which of the following tools will help get all the pictures from within the HTTP traffic captured to a specified folder?

A.

tshark

B.

memdump

C.

nbtstat

D.

dd

Full Access
Question # 76

Ann, a terminated employee, left personal photos on a company-issued laptop and no longer has access to them. Ann emails her previous manager and asks to get her personal photos back. Which of the following BEST describes how the manager should respond?

A.

Determine if the data still exists by inspecting to ascertain if the laptop has already been wiped and if the storage team has recent backups.

B.

Inform Ann that the laptop was for company data only and she should not have stored personal photos on a company asset.

C.

Report the email because it may have been a spoofed request coming from an attacker who is trying to exfiltrate data from the company laptop.

D.

Consult with the legal and/or human resources department and check company policies around employment and termination procedures.

Full Access
Question # 77

The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation. The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board meeting. Which of the following would be the BEST methods to prepare this report? (Choose two.)

A.

Review the CVE database for critical exploits over the past year

B.

Use social media to contact industry analysts

C.

Use intelligence gathered from the Internet relay chat channels

D.

Request information from security vendors and government agencies

E.

Perform a penetration test of the competitor’s network and share the results with the board

Full Access
Question # 78

A security engineer is performing an assessment again for a company. The security engineer examines the following output from the review:

Which of the following tools is the engineer utilizing to perform this assessment?

A.

Vulnerability scanner

B.

SCAP scanner

C.

Port scanner

D.

Interception proxy

Full Access
Question # 79

Following a merger, the number of remote sites for a company has doubled to 52. The company has decided to secure each remote site with an NGFW to provide web filtering, NIDS/NIPS, and network antivirus. The Chief Information Officer (CIO) has requested that the security engineer provide recommendations on sizing for the firewall with the requirements that it be easy to manage and provide capacity for growth.

The tables below provide information on a subset of remote sites and the firewall options:

Which of the following would be the BEST option to recommend to the CIO?

A.

Vendor C for small remote sites, and Vendor B for large sites.

B.

Vendor B for all remote sites

C.

Vendor C for all remote sites

D.

Vendor A for all remote sites

E.

Vendor D for all remote sites

Full Access
Question # 80

Which of the following is the GREATEST security concern with respect to BYOD?

A.

The filtering of sensitive data out of data flows at geographic boundaries.

B.

Removing potential bottlenecks in data transmission paths.

C.

The transfer of corporate data onto mobile corporate devices.

D.

The migration of data into and out of the network in an uncontrolled manner.

Full Access
Question # 81

A company’s employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling . Which of the following is the MOST likely explanation? (Select TWO.)

A.

Outdated escalation attack

B.

Privilege escalation attack

C.

VPN on the mobile device

D.

Unrestricted email administrator accounts

E.

Chief use of UDP protocols

F.

Disabled GPS on mobile devices

Full Access
Question # 82

A cybersecurity analyst receives a ticket that indicates a potential incident is occurring. There has been a large in log files generated by a generated by a website containing a ‘’Contact US’’ form. The analyst must determine if the increase in website traffic is due to a recent marketing campaign of if this is a potential incident. Which of the following would BEST assist the analyst?

A.

Ensuring proper input validation is configured on the ‘’Contact US’’ form

B.

Deploy a WAF in front of the public website

C.

Checking for new rules from the inbound network IPS vendor

D.

Running the website log files through a log reduction and analysis tool

Full Access
Question # 83

A company is repeatedly being breached by hackers who valid credentials. The company’s Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?

A.

Implement strict three-factor authentication.

B.

Implement least privilege policies

C.

Switch to one-time or all user authorizations.

D.

Strengthen identify-proofing procedures

Full Access
Question # 84

Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the must occur to ensure the integrity of the image?

A.

The image must be password protected against changes.

B.

A hash value of the image must be computed.

C.

The disk containing the image must be placed in a seated container.

D.

A duplicate copy of the image must be maintained

Full Access
Question # 85

During the migration of a company’s human resources application to a PaaS provider, the Chief Privacy Officer (CPO) expresses concern the vendor’s staff may be able to access data within the migrating applications. The application stack includes a multitier architecture and uses commercially available, vendor-supported software packages. Which of the following BEST addresses the CPO’s concerns?

A.

Execute non-disclosure agreements and background checks on vendor staff.

B.

Ensure the platform vendor implement date-at-rest encryption on its storage.

C.

Enable MFA to the vendor’s tier of the architecture.

D.

Impalement a CASB that tokenizes company data in transit to the migrated applications.

Full Access