Summer Special Sales Coupon - 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4s55disc

CAS-003 PDF

$49.5

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

CAS-003 PDF + Testing Engine

$79.2

$175.99

3 Months Free Update

  • Exam Name: CompTIA Advanced Security Practitioner (CASP) Exam
  • Last Update: May 16, 2022
  • Questions and Answers: 683
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

CAS-003 Engine

$59.4

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

CAS-003 CompTIA Advanced Security Practitioner (CASP) Exam Questions and Answers

Question # 6

A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?

A.

Hybrid IaaS solution in a single-tenancy cloud

B.

Pass solution in a multinency cloud

C.

SaaS solution in a community cloud

D.

Private SaaS solution in a single tenancy cloud.

Full Access
Question # 7

A breach was caused by an insider threat in which customer PII was compromised. Following the breach, a lead security analyst is asked to determine which vulnerabilities the attacker used to access company resources. Which of the following should the analyst use to remediate the vulnerabilities?

A.

Protocol analyzer

B.

Root cause analysis

C.

Behavioral analytics

D.

Data leak prevention

Full Access
Question # 8

A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization’s vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to the organization. The CISO determines systems administrators need to participate in industry security events. Which of the following is the CISO looking to improve?

A.

Vendor diversification

B.

System hardening standards

C.

Bounty programs

D.

Threat awareness

E.

Vulnerability signatures

Full Access
Question # 9

Several days after deploying an MDM for smartphone control, an organization began noticing anomalous behavior across the enterprise Security analysts observed the following:

• Unauthorized certificate issuance

• Access to mutually authenticated resources utilizing valid but unauthorized certificates

• Granted access to internal resources via the SSL VPN

To address the immediate problem security analysts revoked the erroneous certificates. Which of the following describes the MOST likely root cause of the problem and offers a solution?

A.

The VPN and web resources are configured with too weak a cipher suite and should be rekeyed to support AES 256 in GCM and ECC for digital signatures and key exchange

B.

A managed mobile device is rooted, exposing its keystore and the MDM should be reconfigured to wipe these devices and disallow access to corporate resources

C.

SCEP is configured insecurely which should be enabled for device onboarding against a PKI for mobile-exclusive use

D.

The CA is configured to sign any received CSR from mobile users and should be reconfigured to permit CSR signings only from domain administrators.

Full Access
Question # 10

Given the following information about a company’s internal network:

User IP space: 192.168.1.0/24

Server IP space: 192.168.192.0/25

A security engineer has been told that there are rogue websites hosted outside of the proper server space, and those websites need to be identified. Which of the following should the engineer do?

A.

Use a protocol analyzer on 192.168.1.0/24

B.

Use a port scanner on 192.168.1.0/24

C.

Use an HTTP interceptor on 192.168.1.0/24

D.

Use a port scanner on 192.168.192.0/25

E.

Use a protocol analyzer on 192.168.192.0/25

F.

Use an HTTP interceptor on 192.168.192.0/25

Full Access
Question # 11

A security analyst has requested network engineers integrate sFlow into the SOC’s overall monitoring picture. For this to be a useful addition to the monitoring capabilities, which of the following must be considered by the engineering team?

A.

Effective deployment of network taps

B.

Overall bandwidth available at Internet PoP

C.

Optimal placement of log aggregators

D.

Availability of application layer visualizers

Full Access
Question # 12

The Chief Information Security Officer (CISO) has asked the security team to determine whether the organization is susceptible to a zero-day exploit utilized in the banking industry and whether attribution is possible. The CISO has asked what process would be utilized to gather the information, and then wants to apply signatureless controls to stop these kinds of attacks in the future. Which of the following are the MOST appropriate ordered steps to take to meet the CISO’s request?

A.

1. Perform the ongoing research of the best practices2. Determine current vulnerabilities and threats3. Apply Big Data techniques4. Use antivirus control

B.

1. Apply artificial intelligence algorithms for detection2. Inform the CERT team3. Research threat intelligence and potential adversaries4. Utilize threat intelligence to apply Big Data techniques

C.

1. Obtain the latest IOCs from the open source repositories2. Perform a sweep across the network to identify positive matches3. Sandbox any suspicious files4. Notify the CERT team to apply a future proof threat model

D.

1. Analyze the current threat intelligence2. Utilize information sharing to obtain the latest industry IOCs3. Perform a sweep across the network to identify positive matches4. Apply machine learning algorithms

Full Access
Question # 13

A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes. Which of the following controls would BEST mitigate the identified vulnerability?

A.

Issue digital certificates to all users, including owners of group mailboxes, and enable S/MIME

B.

Federate with an existing PKI provider, and reject all non-signed emails

C.

Implement two-factor email authentication, and require users to hash all email messages upon receipt

D.

Provide digital certificates to all systems, and eliminate the user group or shared mailboxes

Full Access
Question # 14

A security analyst has been assigned incident response duties and must instigate the response on a Windows device that appears to be compromised. Which of the following commands should be executed on the client FIRST?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 15

After the departure of a developer under unpleasant circumstances, the company is concerned about the security of the software to which the developer has access. Which of the following is the BEST way to ensure security of the code following the incident?

A.

Hire an external red tem to conduct black box testing

B.

Conduct a peer review and cross reference the SRTM

C.

Perform white-box testing on all impacted finished products

D.

Perform regression testing and search for suspicious code

Full Access
Question # 16

A company recently deployed an agent-based DLP solution to all laptop in the environment. The DLP solution is configured to restrict the following:

• USB ports

• FTP connections

• Access to cloud-based storage sites

• Outgoing email attachments

• Saving data on the local C: drive

Despite these restrictions, highly confidential data was from a secure fileshare in the research department. Which of the following should the security team implement FIRST?

A.

Application whitelisting for all company-owned devices

B.

A secure VDI environment for research department employees

C.

NIDS/NIPS on the network segment used by the research department

D.

Bluetooth restriction on all laptops

Full Access
Question # 17

A development team is testing an in-house-developed application for bugs. During the test, the application crashes several times due to null pointer exceptions. Which of the following tools, if integrated into an IDE during coding, would identify these bugs routinely?

A.

Issue tracker

B.

Static code analyzer

C.

Source code repository

D.

Fuzzing utility

Full Access
Question # 18

A consultant is hired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessment will be considered successful if the consultant can discover the name of one of the IT administrators. Which of the following is MOST likely to produce the needed information?

A.

Whois

B.

DNS enumeration

C.

Vulnerability scanner

D.

Fingerprinting

Full Access
Question # 19

A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities. The analyst inspects the following portions of different configuration files:

Configuration file 1:

Operator ALL=/sbin/reboot

Configuration file 2:

Command=”/sbin/shutdown now”, no-x11-forwarding, no-pty, ssh-dss

Configuration file 3:

Operator:x:1000:1000::/home/operator:/bin/bash

Which of the following explains why an intended operator cannot perform the intended action?

A.

The sudoers file is locked down to an incorrect command

B.

SSH command shell restrictions are misconfigured

C.

The passwd file is misconfigured

D.

The SSH command is not allowing a pty session

Full Access
Question # 20

An organization based in the United States is planning to expand its operations into the European market later in the year Legal counsel is exploring the additional requirements that must be established as a result of the expansion. The BEST course of action would be to

A.

revise the employee provisioning and deprovisioning procedures

B.

complete a quantitative risk assessment

C.

draft a memorandum of understanding

D.

complete a security questionnaire focused on data privacy.

Full Access
Question # 21

You are a security analyst tasked with interpreting an Nmap scan output from Company A's privileged network.

The company's hardening guidelines indicate the following:

• There should be one primary server or service per device.

• Only default ports should be used.

• Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed. For each device found, add a device entry to the Devices Discovered list, with the following information:

• The IP address of the device

• The primary server or service of the device

• The protocol(s) that should be disabled based on the hardening guidelines

Full Access
Question # 22

A SaaS provider decides to offer data storage as a service. For simplicity, the company wants to make the service available over industry standard APIs, routable over the public Internet. Which of the following controls offers the MOST protection to the company and its customers' information?

A.

Detailed application logging

B.

Use of non-standard ports

C.

Web application firewall

D.

Multifactor authentication

Full Access
Question # 23

During a security assessment, activities were divided into two phases; internal and external exploitation. The security assessment team set a hard time limit on external activities before moving to a compromised box within the enterprise perimeter.

Which of the following methods is the assessment team most likely to employ NEXT?

A.

Pivoting from the compromised, moving laterally through the enterprise, and trying to exfiltrate data and compromise devices.

B.

Conducting a social engineering attack attempt with the goal of accessing the compromised box physically.

C.

Exfiltrating network scans from the compromised box as a precursor to social media reconnaissance

D.

Open-source intelligence gathering to identify the network perimeter and scope to enable further system compromises.

Full Access
Question # 24

A large, multinational company currently has two separate databases One is used for ERP while the second is used for CRM To consolidate services and infrastructure, it is proposed to combine the databases The company's compliance manager is asked to review the proposal and is concerned about this integration Which of the following would pose the MOST concern to the compliance manager?

A.

The attack surface of the combined database is lower than the previous separate systems, so there likely are wasted resources on additional security controls that will not be needed

B.

There are specific regulatory requirements the company might be violating by combining these two types of services into one shared platform.

C.

By consolidating services in this manner, there is an increased risk posed to the organization due to the number of resources required to manage the larger data pool.

D.

Auditing the combined database structure will require more short-term resources, as the new system will need to be learned by the auditing team to ensure all security controls are in

Full Access
Question # 25

A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production code on the project.

Which of the following methods could be used in addition to an integrated development environment to reduce the severity of the issue?

A.

Conduct a penetration test on each function as it is developed

B.

Develop a set of basic checks for common coding errors

C.

Adopt a waterfall method of software development

D.

Implement unit tests that incorporate static code analyzers

Full Access
Question # 26

A company’s existing forward proxies support software-based TLS decryption, but are currently at 60% load just dealing with AV scanning and content analysis for HTTP traffic. More than 70% outbound web traffic is currently encrypted. The switching and routing network infrastructure precludes adding capacity, preventing the installation of a dedicated TLS decryption system. The network firewall infrastructure is currently at 30% load and has software decryption modules that can be activated by purchasing additional license keys. An existing project is rolling out agent updates to end-user desktops as part of an endpoint security refresh.

Which of the following is the BEST way to address these issues and mitigate risks to the organization?

A.

Purchase the SSL, decryption license for the firewalls and route traffic back to the proxies for end-user categorization and malware analysis.

B.

Roll out application whitelisting to end-user desktops and decommission the existing proxies, freeing up network ports.

C.

Use an EDP solution to address the malware issue and accept the diminishing role of the proxy for URL categorization in the short team.

D.

Accept the current risk and seek possible funding approval in the next budget cycle to replace the existing proxies with ones with more capacity.

Full Access
Question # 27

Click on the exhibit buttons to view the four messages.

A security architect is working with a project team to deliver an important service that stores and processes customer banking details. The project, internally known as ProjectX, is due to launch its first set of features publicly within a week, but the team has not been able to implement encryption-at-rest of the customer records. The security architect is drafting an escalation email to senior leadership.

Which of the following BEST conveys the business impact for senior leadership?

A.

Message 1

B.

Message 2

C.

Message 3

D.

Message 4

Full Access
Question # 28

An attacker exploited an unpatched vulnerability in a web framework, and then used an application service account that had an insecure configuration to download a rootkit The attacker was unable to obtain root privileges Instead the attacker then downloaded a crypto-currency mining program and subsequently was discovered The server was taken offline, rebuilt, and patched. Which of the following should the security engineer suggest to help prevent a similar scenario in the future?

A.

Remove root privileges from the application service account

B.

Implement separation of duties.

C.

Properly configure SELinux and set it to enforce.

D.

Use cron to schedule regular restarts of the service to terminate sessions.

E.

Perform regular uncredentialed vulnerability scans

Full Access
Question # 29

A systems administrator has installed a disk wiping utility on all computers across the organization and configured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. The company has also instituted a policy that requires users to erase files containing sensitive information when they are no longer needed.

To ensure the process provides the intended results, an auditor reviews the following content from a randomly selected decommissioned hard disk:

Which of the following should be included in the auditor’s report based on the above findings?

A.

The hard disk contains bad sectors

B.

The disk has been degaussed.

C.

The data represents part of the disk BIOS.

D.

Sensitive data might still be present on the hard drives.

Full Access
Question # 30

A company enlists a trusted agent to implement a way to authenticate email senders positively Which of the following is the BEST method for the company to prove Vie authenticity of the message?

A.

issue PlN-enabled hardware tokens

B.

Create a CA win all users

C.

Configure the server to encrypt all messages in transit

D.

include a hash in the body of the message

Full Access
Question # 31

A user asks a security practitioner for recommendations on securing a home network. The user recently purchased a connected home assistant and multiple IoT devices in an effort to automate the home. Some of the IoT devices are wearables, and other are installed in the user’s automobiles. The current home network is configured as a single flat network behind an ISP-supplied router. The router has a single IP address, and the router performs NAT on incoming traffic to route it to individual devices.

Which of the following security controls would address the user’s privacy concerns and provide the BEST level of security for the home network?

A.

Ensure all IoT devices are configured in a geofencing mode so the devices do not work when removed from the home network. Disable the home assistant unless actively using it, and segment the network so each IoT device has its own segment.

B.

Install a firewall capable of cryptographically separating network traffic require strong authentication to access all IoT devices, and restrict network access for the home assistant based on time-of-day restrictions.

C.

Segment the home network to separate network traffic from users and the IoT devices, ensure security settings on the home assistant support no or limited recording capability, and install firewall rules on the router to restrict traffic to the home assistant as much as possible.

D.

Change all default passwords on the IoT devices, disable Internet access for the IoT devices and the home assistant, obtain routable IP addresses for all devices, and implement IPv6 and IPSec protections on all network traffic.

Full Access
Question # 32

After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees’ devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees’ devices into the network securely?

A.

Distribute a NAC client and use the client to push the company’s private key to all the new devices.

B.

Distribute the device connection policy and a unique public/private key pair to each new employee’s device.

C.

Install a self-signed SSL certificate on the company’s RADIUS server and distribute the certificate’s public key to all new client devices.

D.

Install an 802.1X supplicant on all new devices and let each device generate a self-signed certificate to use for network access.

Full Access
Question # 33

Given the following:

Which of the following vulnerabilities is present in the above code snippet?

A.

Disclosure of database credential

B.

SQL-based string concatenation

C.

DOM-based injection

D.

Information disclosure in comments

Full Access
Question # 34

When reviewing KRIs of the email security appliance with the Chief Information Security Officer (CISO) of an insurance company, the security engineer notices the following:

Which of the following measures should the security engineer take to ensure PII is not intercepted in transit while also preventing interruption to business?

A.

Quarantine emails sent to external domains containing PII and release after inspection.

B.

Prevent PII from being sent to domains that allow users to sign up for free webmail.

C.

Enable transport layer security on all outbound email communications and attachments.

D.

Provide security awareness training regarding transmission of PII.

Full Access
Question # 35

A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security. The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises. Which of the following should the consultant recommend be performed to evaluate potential risks?

A.

The consultant should attempt to gain access to physical offices through social engineering and then attempt data exfiltration

B.

The consultant should be granted access to all physical access control systems to review logs and evaluate the likelihood of the threat

C.

The company should conduct internal audits of access logs and employee social media feeds to identify potential insider threats

D.

The company should install a temporary CCTV system to detect unauthorized access to physical offices

Full Access
Question # 36

Following a recent data breach, a company has hired a new Chief Information Security Officer (CISO). The CISO is very concerned about the response time to the previous breach and wishes to know how the security team expects to react to a future attack. Which of the following is the BEST method to achieve this goal while minimizing disruption?

A.

Perform a black box assessment

B.

Hire an external red team audit

C.

Conduct a tabletop exercise.

D.

Recreate the previous breach.

E.

Conduct an external vulnerability assessment.

Full Access
Question # 37

Which of the following is the GREATEST security concern with respect to BYOD?

A.

The filtering of sensitive data out of data flows at geographic boundaries.

B.

Removing potential bottlenecks in data transmission paths.

C.

The transfer of corporate data onto mobile corporate devices.

D.

The migration of data into and out of the network in an uncontrolled manner.

Full Access
Question # 38

An incident response analyst is investigating a compromise on a application server within an organization. The analyst identifies an anomalous process that is executing and maintaining a persistent TCP connection to an external IP Which of the following actions should the analyst take NEXT?

A.

Capture running memory

B.

Create a BitCopy of the hard disk

C.

Use no to conduct banner grabbing on the remote IP

D.

Review /var/log/* for anomalous entries

Full Access
Question # 39

The latest security scan of a web application reported multiple high vulnerabilities in session management Which of the following is the BEST way to mitigate the issue?

A.

Prohibiting session hijacking of cookies

B.

Using secure cookie storage and transmission

C.

Performing state management on the server

D.

Using secure and HttpOnly settings on cookies

Full Access
Question # 40

A security tester is performing a Mack-box assessment of an RFID access control system. The tester has a handful of RFID tags and is able to access the reader However, the tester cannot disassemble the reader because it is in use by the company. Which of the following shows the steps the tester should take to assess the RFID access control system m the correct order?

A.

1. Attempt to eavesdrop and replay RFID communications

2. Determine the protocols being used between the tag and the reader

3. Retrieve the RFID tag identifier and manufacturer details

4. Take apart an RFID tag and analyze the chip

B.

1. Determine the protocols being used between the tag and the reader

2. Take apart an RFID tag and analyze the chip

3. Retrieve the RFID tag identifier and manufacturer details

4. Attempt to eavesdrop and replay RFID communications

C.

1. Retrieve the RFID tag identifier and manufacturer details

2. Determine the protocols being used between the tag and the reader

3. Attempt to eavesdrop and replay RFID communications

4. Take apart an RFID tag and analyze the chip

D.

1. Take apart an RFID lag and analyze the chip

2. Retrieve the RFO tag identifier and manufacturer details

3. Determine the protocols being used between the tag and the reader

4. Attempt to eavesdrop and replay RFID communications

Full Access
Question # 41

A new identity management program was recently initialed to reduce risk and improve the employee experience. The environment is complex it does not support rest APIs but has multiple identity stores Password resets are the help desk's top ticket item and it takes the organization weeks to manually create access for new employees. The applications in the scope of the program are the enterprise service bus SaaS web portals and internal web portal. The goals of the program include

• Reducing costs by centralizing authentication and authorization

• Streamlining business processes

• Enabling employees to have immediate access

• Reducing password reset tickets by 90%

To meet the above goals and the business case which of the following authentication and authorization capabilities does the security architect need to implement?

A.

OpenlD. SPML LOAP. and WAYF

B.

OAuth, SCIM AD and WS-Security

C.

Kerberos XACML AD and SPML

D.

SAML. XACML SCIM. and LDAP

Full Access
Question # 42

A product owner is working w*h a security engineer to improve the security surrounding certificate revocation which is important for the clients using a web application. The organization is currently using a CRL configuration to manage revocation, but it is looking for a solution that addresses the reporting delays associated with CRLs. The security engineer recommends OCSP but the product owner is concerned about the overhead associated with its use Which of the following would the security engineer MOST likely suggest to address the product owner's concerns?

A.

Key escrow can be used on the WAF

B.

S/MIME can be used m lieu of OCSP

C.

Stapling should be used with OCSP

D.

The organization should use wildcard certificates

Full Access
Question # 43

A human resources employee receives a call from an individual who is representing a background verification firm that is conducting a background check on a prospective candidate. The employee verifies the employment dates and title of the candidate. The caller then requests the employee's email address to complete the verification process. The employee receives an email containing a URL for completing the process. After clicking the link, the employee's workstation is infected with ransomware. Which of the following BEST describes the initial phone call made by the threat actor?

A.

Pretexting

B.

Phishing

C.

Pivoting

D.

Reconnaissance

Full Access
Question # 44

An organization recently suffered a high-impact loss due to a zero-day vulnerability exploited in a concentrator enabling iPSec VPN access for users The attack included a pivot into the internal server subnet. The organization now wants to integrate new changes into its architecture to make a similar future attack less impactful Which of the following changes would BEST achieve this objective''

A.

Configure the IPSec VPN concentrator to support cipher suites with ephemeral keys.

B.

Routinely restore servers to a known state to reduce the likelihood of attacker persistence

C.

Restrict user access to email and file services when connecting remotely

D.

Install a redundant VPN concentrator for high availability

E.

Deploy and tune ACLs NIPS, and sensors within the server subnet

Full Access
Question # 45

Several corporate users returned from an international trip with compromised operating systems on their cellular devices Additionally. intelligence reports confirm some international carriers are able to modify firmware unexpectedly even when the WDM policy is set to disable FOTA updates Which of the following mitigations is operationally feasible and MOST likely to reduce the risk of firmware compromise by a carrier white traveling internationally?

A.

Disable the ability to connect to third-party application stores

B.

Disable the smartphone's cellular radio and require the use of Wifi.

C.

Enforce the use of an always-on SSL VPN with FlPS-validated encryption

D.

issue device PKI certificates to ensure mutual authentication

Full Access
Question # 46

A product development team has submitted code snippets for review prior to release.

INSTRUCTIONS -

Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Full Access
Question # 47

An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:

* Be based on open-source Android for user familiarity and ease.

* Provide a single application for inventory management of physical assets.

* Permit use of the camera be only the inventory application for the purposes of scanning

* Disallow any and all configuration baseline modifications.

* Restrict all access to any device resource other than those requirement ?

A.

Set an application wrapping policy, wrap the application, distributes the inventory APK via the MAM tool, and test the application restrictions.

B.

Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode.

C.

Swap out Android Linux kernel version for >2,4,0, but the internet build Android, remove unnecessary functions via MDL, configure to block network access, and perform integration testing

D.

Build and install an Android middleware policy with requirements added, copy the file into/ user/init, and then built the inventory application.

Full Access
Question # 48

An administrative control that is put in place to ensure one person cannot carry out a critical task independently is:

A.

separation of duties

B.

job rotation

C.

mandatory vacation

D.

least privilege

Full Access
Question # 49

A consulting firm is performing RD on a machine teaming system to characterize a network environment for new clients rapidly. The goal is to be able to label service/consumer behaviors to establish a "normal baseline. Which of tie following represents the GREATEST limiting factor toward successful deployment of this new machine learning system?

A.

Supportability for non-traditional ports protocols, and services

B.

Non-availability or insufficiency of training data

C.

Lack of target environment design documentation

D.

Unanticipated presence of ICS and SCADA equipment within client networks

Full Access
Question # 50

A company decides to procure only laptops that use permanent, solid-stale storage. Which of the following risk mitigation strategies BEST meets the company's requirement to ensure all company data is destroyed before disposing of the laptops?

A.

Secure erase from the storage vendor

B.

Degaussing of the entire laptop

C.

Full disk encryption in the OS

D.

Deep formatting of the storage

Full Access
Question # 51

A recent incident revealed a log entry was modified alter its original creation. Which of the following technologies would BEST ensure end user systems are able to defend against future incidents?

A.

Use an offline archival server

B.

Deploy MFA for access to services.

C.

Implement a blockchain scheme.

D.

Employ a behavioral HIDS on end user devices.

Full Access
Question # 52

A security technician wants to learn about the latest zero-day threats and newly discovered vulnerabilities but does not have the budget to purchase a commercial threat intelligence service. Which of the following would BEST meet the needs of the security technician? (Select TWO)

A.

Social media platforms

B.

Conferences and local community security events

C.

Software vendor threat reports

D.

RSS feed from reputable security bloggers

E.

Regional CERT

F.

White papers and journal articles

Full Access
Question # 53

An extensive third-party audit reveals a number of weaknesses m a company's endpoint security posture. The most significant issues are as follows:

Which of the following endpoint security solutions mitigate the GREATEST amount of risk?

A.

Integrated patch management capabilities an integrated desktop firewall intrusion prevention capabilities and signature-based anti-malware capabilities

B.

Comprehensive data leakage prevention capabilities machine-learning-based advanced malware prevention capabilities extensive EDR capabilities, and removable media management

capabilities

C.

Machine-learning-based advanced malware prevention capabilities. an integrated desktop firewall, user behavioral analytics capabilities and file-integrity monitoring capabilities

D.

Removable media management capabilities signature-based anti-malware capabilities we-integrity monitoring capabilities, and extensive EDR capabilities

Full Access
Question # 54

A security analyst is validating the MAC policy on a set of Android devices. The policy was written to ensure non-critical applications are unable to access certain resources. When reviewing dmesg, the analyst notes many entries such as:

Despite the deny message, this action was still permit following is the MOST likely fix for this issue?

A.

Add the objects of concern to the default context.

B.

Set the devices to enforcing

C.

Create separate domain and context files for irc.

D.

Rebuild the policy, reinstall, and test.

Full Access
Question # 55

Company policy mandates the secure disposal of sensitive data at the end of the useful lifespan of IT equipment. The IT department donates old devices to charity and recycles truly obsolete equipment In addition to deleting workstations from the systems responsible for monitoring network connections which of the following actions should the company implement? (Select TWO)

A.

Secure shredding of SSOs separate from laptop chassis

B.

Removing the devices from the asset management system

C.

Deleting and overwriting the boot sectors of each workstation

D.

Ensuring change notices for each asset are recorded

E.

Staggering device disposal dates to coordinate with acceptance testing

F.

Removing and storing hard drives for archival purposes

Full Access
Question # 56

An organization uses an internal, web-based chat service that is served by an Apache HTTP daemon. A vulnerability scanner has identified this service is susceptible to a POODLE attack. Which of the following strings within me server's virtual-host configuration block is at fault and needs to be changed?

A.

AccessFileName /vac/http/.acl

B.

SSLProtocol -all +SSLv3

C.

AllowEncodedSlashes on

D.

SSLCertificateFile /var/certs/home.pem

E.

AllowOverride Nonfatal-All AuthConfig

Full Access
Question # 57

Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.

Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?

A.

Compile a list of firewall requests and compare than against interesting cloud services.

B.

Implement a CASB solution and track cloud service use cases for greater visibility.

C.

Implement a user-behavior system to associate user events and cloud service creation events.

D.

Capture all log and feed then to a SIEM and then for cloud service events

Full Access
Question # 58

A company has experienced negative publicity associated with users giving out their credentials accidentally or sharing intellectual secrets that were not property defined. The company recently implemented some new process and is now testing their effectiveness Over the last three months the number of phishing victims dropped from 100 to only two in the last test. The DLP solution that was implemented catches potential material leaks and the user responsible is retrained Personal email accounts and USB drives are restricted from the corporate network Given the improvements which of the following would a security engineer identify as being needed n a gap analysis?

A.

Additional corporate-wide training on phishing

B.

A policy outlining what is and is not acceptable on social media

C.

Notifications when a user falls victim to a phishing attack

D.

Positive DLP preventions with stronger enforcement

Full Access
Question # 59

Which of the following is a major goal of stakeholder engagement?

A.

Completing risk compliance outreach and understanding

B.

Determining which security requirements can be deferred safety

C.

Ensuring security requirements are supportive of business goals

D.

Understanding the best way to limit user privilege escalation

Full Access
Question # 60

The HVAC and fire suppression systems that were recently deployed at multiple locations are susceptible to a new vulnerability A security engineer needs to ensure the vulnerability is not exploited The devices are directly managed by a smart controller and do not need access to other pans of the network Signatures are available to detect this vulnerability Which of the following should be the FIRST step mi completing the request?

A.

Deploy a NAC solution that disables devices with unknown MACs

B.

Create a firewall policy with access to the smart controller from the internal network only.

C.

Create a segmented subnet for all HVAC devices and the smart controller

D.

Create an IPS profile for the HVAC devices that includes the signatures

Full Access
Question # 61

The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank’s risk committee is to ensure:

A.

Budgeting for cybersecurity increases year over year.

B.

The committee knows how much work is being done.

C.

Business units are responsible for their own mitigation.

D.

The bank is aware of the status of cybersecurity risks

Full Access
Question # 62

A security analyst is responsible for the completion of a vulnerability assessment at a regional healthcare facility The analyst reviews the following Nmap output:

nmap -v -p scription=SMB-check-value ---scription-ags=unsafe =1 192.168.1.0/24

Which of the following is MOST likely what the security analyst is reviewing?

A.

An Nmap script to scan (or unsafe servers on UOP 445

B.

An Nmap script 10 run the SMB servers

C.

An Nmap script to stop the SMB servers

D.

An Nmap script to scan for vulnerable SMB servers

Full Access
Question # 63

Which of the following is the BEST way for a company to begin understanding product-based solutions to mitigate a known risk?

A.

RFQ

B.

RFI

C.

OLA

D.

MSA

E.

RFP

Full Access
Question # 64

A security architect is reviewing the code for a company’s financial website. The architect suggests adding the following HTML element, along with a server-side function, to generate a random number on the page used to initiate a funds transfer:

Which of the following attacks is the security architect attempting to prevent?

A.

SQL injection

B.

XSRF

C.

XSS

D.

Clickjacking

Full Access
Question # 65

A new database application was added to a company’s hosted VM environment. Firewall ACLs were modified to allow database users to access the server remotely. The company’s cloud security broker then identified abnormal from a database user on-site. Upon further investigation, the security team noticed the user ran code on a VM that provided access to the hypervisor directly and access to other sensitive data.

Which of the following should the security do to help mitigate future attacks within the VM environment? (Choose two.)

A.

Install the appropriate patches.

B.

Install perimeter NGFW.

C.

Configure VM isolation.

D.

Deprovision database VM.

E.

Change the user’s access privileges.

F.

Update virus definitions on all endpoints.

Full Access
Question # 66

The finance department has started to use a new payment system that requires strict PII security restrictions on various network devices. The company decides to enforce the restrictions and configure all devices appropriately. Which of the following risk response strategies is being used?

A.

Avoid

B.

Mitigate

C.

Transfer

D.

Accept

Full Access
Question # 67

An attacker has been compromising banking institution targets across a regional area. The Chief Information Security Officer (CISO) at a local bank wants to detect and prevent an attack before the bank becomes a victim. Which of the following actions should the CISO take?

A.

Utilize cloud-based threat analytics to identify anomalous behavior in the company's B2B and vendor traffic

B.

Purchase a CASB solution to identify and control access to cloud-based applications and services and integrate them with on-premises legacy security monitoring

C.

Instruct a security engineer to configure the IDS to consume threat intelligence feeds from an information-sharing association in the banking sector

D.

Attend and present at the regional banking association lobbying group meetings each month and facilitate a discussion on the topic.

Full Access
Question # 68

An enterprise solution requires a central monitoring platform to address the growing networks of various departments and agencies that connect to the network. The current vendor products are not adequate due to the growing number of heterogeneous devices. Which of the following is the primary concern?

A.

Scalability

B.

Usability

C.

Accountability

D.

Performance

Full Access
Question # 69

A security consultant is conducting a penetration test against a customer enterprise local comprises local hosts and cloud-based servers The hosting service employs a multitenancy model with elastic provisioning to meet customer demand The customer runs multiple virtualized servers on each provisioned cloud host. The security consultant is able to obtain multiple sets of administrator credentials without penetrating the customer network. Which of the following is the MOST likely risk the tester exploited?

A.

Data-at-rest encryption misconfiguration and repeated key usage

B.

Offline attacks against the cloud security broker service

C.

The ability to scrape data remnants in a multitenancy environment

D.

VM escape attacks against the customer network hypervisors

Full Access
Question # 70

A company has completed the implementation of technical and management controls as required by its adopted security, ponies and standards. The implementation took two years and consumed s the budget approved to security projects. The board has denied any further requests for additional budget. Which of the following should the company do to address the residual risk?

A.

Transfer the risk

B.

Baseline the risk.

C.

Accept the risk

D.

Remove the risk

Full Access
Question # 71

A Chief Information Security Officer (CISO) recently changed jobs into a new industry. The CISO’s first task is to write a new, relevant risk assessment for the organization. Which of the following help to the CISO find relevant risks to the organization? (Choose two.)

A.

Perform a penetration test.

B.

Conduct a regulatory audit.

C.

Hire a third-party consultant.

D.

Define the threat model.

E.

Review the existing BIA.

F.

Perform an attack path analysis.

Full Access
Question # 72

A technician uses an old SSL server due to budget constraints and discovers performance degrades dramatically after enabling PFS The technician cannot determine why performance degraded so dramatically A newer version of the SSL server does not suffer the same performance degradation. Performance rather than security is the main priority for the technician

The system specifications and configuration of each system are listed below:

Which of the following is MOST likely the cause of the degradation in performance and should be changed?

A.

Using ECC

B.

Using RSA

C.

Disk size

D.

Memory size

E.

Decryption chips

F.

Connection requests

Full Access
Question # 73

A recent security assessment revealed a web application may be vulnerable to clickjacking. According to the application developers, a fix may be months away. Which of the following should a security engineer configure on the web server to help mitigate the issue?

A.

File upload size limits

B.

HttpOnly cookie field

C.

X-Frame-Options header

D.

Input validation

Full Access
Question # 74

An organization is attempting to harden its web servers and reduce the information that might be disclosed by potential attackers. A security anal... reviewing vulnerability scan result from a recent web server scan.

Portions of the scan results are shown below:

Finding# 5144322

First time detected 10 nov 2015 09:00 GMT_0600

Last time detected 10 nov 2015 09:00 GMT_0600

CVSS base: 5

Access path: http://myorg.com/mailinglist.htm

Request: GET http://mailinglist.aspx?content=volunteer

Response: C:\Docments\MarySmith\malinglist.pdf

Which of the following lines indicates information disclosure about the host that needs to be remediated?

A.

Response: C:\Docments\marysmith\malinglist.pdf

B.

Finding#5144322

C.

First Time detected 10 nov 2015 09:00 GMT_0600

D.

Access path: http//myorg.com/mailinglist.htm

E.

Request: GET http://myorg.come/mailinglist.aspx?content=volunteer

Full Access
Question # 75

A security consultant was hired to audit a company’s password are account policy. The company implements the following controls:

Minimum password length: 16

Maximum password age: 0

Minimum password age: 0

Password complexity: disabled

Store passwords in plain text: disabled

Failed attempts lockout: 3

Lockout timeout: 1 hour

The password database uses salted hashes and PBKDF2. Which of the following is MOST likely to yield the greatest number of plain text passwords in the shortest amount of time?

A.

Offline hybrid dictionary attack

B.

Offline brute-force attack

C.

Online hybrid dictionary password spraying attack

D.

Rainbow table attack

E.

Online brute-force attack

F.

Pass-the-hash attack

Full Access
Question # 76

A security engineer is assessing a new IoT product. The product interfaces with the ODBII port of a vehicle and uses a Bluetooth connection to relay data to an onboard data logger located in the vehicle. The data logger can only transfer data over a custom USB cable. The engineer suspects a relay attack is possible against the cryptographic implementation used to secure messages between segments of the system. Which of the following tools should the engineer use to confirm the analysis?

A.

Binary decompiler

B.

Wireless protocol analyzer

C.

Log analysis and reduction tools

D.

Network-based fuzzer

Full Access
Question # 77

A company is migrating systems from an on-premises facility to a third-party managed datacenter. For continuity of operations and business agility, remote access to all hardware platforms must be available at all times. Access controls need to be very robust and provide an audit trail. Which of the following security controls will meet the company’s objectives? (Select two.)

A.

Integrated platform management interfaces are configured to allow access only via SSH

B.

Access to hardware platforms is restricted to the systems administrator’s IP address

C.

Access is captured in event logs that include source address, time stamp, and outcome

D.

The IP addresses of server management interfaces are located within the company’s extranet

E.

Access is limited to interactive logins on the VDi

F.

Application logs are hashed cryptographically and sent to the SIEM

Full Access
Question # 78

An organization is deploying IoT locks, sensors, and cameras, which operate over 802.11, to replace legacy building access control systems. These devices are capable of triggering physical access changes, including locking and unlocking doors and gates. Unfortunately, the devices have known vulnerabilities for which the vendor has yet to provide firmware updates.

Which of the following would BEST mitigate this risk?

A.

Direct wire the IoT devices into physical switches and place them on an exclusive VLAN.

B.

Require sensors to sign all transmitted unlock control messages digitally.

C.

Associate the devices with an isolated wireless network configured for WPA2 and EAP-TLS.

D.

Implement an out-of-band monitoring solution to detect message injections and attempts.

Full Access
Question # 79

A security engineer wants to introduce key stretching techniques to the account database to make password guessing attacks more difficult Which of the following should be considered to achieve this? (Select TWO)

A.

Digital signature

B.

bcrypt

C.

Perfect forward secrecy

D.

SHA-256

E.

P-384

F.

PBKDF2

G.

Record-level encryption

Full Access
Question # 80

An internal application has been developed to increase the efficiency of an operational process of a global manufacturer. New code was implemented to fix a security bug, but it has caused operations to halt. The executive team has decided fixing the security bug is less important than continuing operations.

Which of the following would BEST support immediate rollback of the failed fix? (Choose two.)

A.

Version control

B.

Agile development

C.

Waterfall development

D.

Change management

E.

Continuous integration

Full Access
Question # 81

A company’s security policy states any remote connections must be validated using two forms of network-based authentication. It also states local administrative accounts should not be used for any remote access. PKI currently is not configured within the network. RSA tokens have been provided to all employees, as well as a mobile application that can be used for 2FA authentication. A new NGFW has been installed within the network to provide security for external connections, and the company has decided to use it for VPN connections as well. Which of the following should be configured? (Choose two.)

A.

Certificate-based authentication

B.

TACACS+

C.

802.1X

D.

RADIUS

E.

LDAP

F.

Local user database

Full Access
Question # 82

The Chief Executive Officer (CEO) of a fast-growing company no longer knows all the employees and is concerned about the company's intellectual property being stolen by an employee. Employees are allowed to work remotely with flexible hours, creating unpredictable schedules. Roles are poorly defined due to frequent shifting needs across the company. Which of the following new initiatives by the information security team would BEST secure the company and mitigate the CEO's concerns?

A.

Begin simulated phishing campaigns for employees and follow up with additional security awareness training.

B.

Seed company fileshares and servers with text documents containing fake passwords and then monitor for their use.

C.

Implement DLP to monitor data transfer between employee accounts and external parties and services

D.

Report data from a user-behavior monitoring tool and assign security analysts to review it daily

Full Access
Question # 83

Following a recent network intrusion, a company wants to determine the current security awareness of all of its employees. Which of the following is the BEST way to test awareness?

A.

Conduct a series of security training events with comprehensive tests at the end

B.

Hire an external company to provide an independent audit of the network security posture

C.

Review the social media of all employees to see how much proprietary information is shared

D.

Send an email from a corporate account, requesting users to log onto a website with their enterprise account

Full Access
Question # 84

The security administrator of a small firm wants to stay current on the latest security vulnerabilities and attack vectors being used by crime syndicates and nation-states. The information must be actionable and reliable. Which of the following would BEST meet the needs of the security administrator?

A.

Software vendor threat reports

B.

White papers

C.

Security blogs

D.

Threat data subscription

Full Access
Question # 85

As part of an organization's ongoing vulnerability assessment program, the Chief Information Security Officer (CISO) wants to evaluate the organization's systems, personnel, and facilities for various threats As part of the assessment the CISO plans to engage an independent cybersecurity assessment firm to perform social engineering and physical penetration testing against the organization's corporate offices and remote locations. Which of the following techniques would MOST likely be employed as part of this assessment? (Select THREE).

A.

Privilege escalation

B.

SQL injection

C.

TOC/TOU exploitation

D.

Rogue AP substitution

E.

Tailgating

F.

Vulnerability scanning

G.

Vishing

Full Access
Question # 86

A security engineer is analyzing an application during a security assessment to ensure it is configured to protect against common threats. Given the output below:

Which of the following tools did the security engineer MOST likely use to generate this output?

A.

Application fingerprinter

B.

Fuzzer

C.

HTTP interceptor

D.

Vulnerability scanner

Full Access
Question # 87

A developer is reviewing the following transaction logs from a web application:

Username: John Doe

Street name: Main St.

Street number: