CASP Test A

Which of the following are risks associated with vendor lock-in? (Choose two.). The client can seamlessly move data. The vendor can change product offerings. The client receives a sufficient level of service. The client experiences decreased quality of service. The client can leverage a multicloud approach. The client experiences increased interoperability.

An organization's hunt team thinks a persistent threats exists and already has a foothold in the enterprise network. Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?. Deploy a SOAR tool. Modify user password history and length requirements. Apply new isolation and segmentation schemes. Implement decoy files on adjacent hosts.

An organization is designing a network architecture that must meet the following requirements: ✑ Users will only be able to access predefined services. ✑ Each user will have a unique allow list defined for access. ✑ The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?. Peer-to-peer secure communications enabled by mobile applications. Proxied application data connections enabled by API gateways. Microsegmentation enabled by software-defined networking. VLANs enabled by network infrastructure devices.

A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios: ✑ Unauthorized insertions into application development environments ✑ Authorized insiders making unauthorized changes to environment configurations Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.). Perform static code analysis of committed code and generate summary reports. Implement an XML gateway and monitor for policy violations. Monitor dependency management tools and report on susceptible third-party libraries. Install an IDS on the development subnet and passively monitor for vulnerable services. Model user behavior and monitor for deviations from normal. Continuously monitor code commits to repositories and generate summary logs.

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization's headquarters location. The solution must also have the lowest power requirement on the CA. Which of the following is the BEST solution?. Deploy an RA on each branch office. Use Delta CRLs at the branches. Configure clients to use OCSP. Send the new CRLs by using GPO.

A small company recently developed prototype technology for a military program. The company's security engineer is concerned about potential theft of the newly developed, proprietary information. Which of the following should the security engineer do to BEST manage the threats proactively?. Join an information-sharing community that is relevant to the company. Leverage the MITRE ATT&CK framework to map the TTP. Use OSINT techniques to evaluate and analyze the threats. Update security awareness training to address new threats, such as best practices for data security.

In preparation for the holiday season, a company redesigned the system that manages retail sales and moved it to a cloud service provider. The new infrastructure did not meet the company's availability requirements. During a postmortem analysis, the following issues were highlighted: 1. International users reported latency when images on the web page were initially loading. 2. During times of report processing, users reported issues with inventory when attempting to place orders. 3. Despite the fact that ten new API servers were added, the load across servers was heavy at peak times. Which of the following infrastructure design changes would be BEST for the organization to implement to avoid these issues in the future?. Serve static content via distributed CDNs, create a read replica of the central database and pull reports from there, and auto-scale API servers based on performance. Increase the bandwidth for the server that delivers images, use a CDN, change the database to a non-relational database, and split the ten API servers across two load balancers. Serve images from an object storage bucket with infrequent read times, replicate the database across different regions, and dynamically create API servers based on load. Serve static-content object storage across different regions, increase the instance size on the managed relational database, and distribute the ten API servers across multiple region.

An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue. Which of the following is the MOST cost-effective solution?. Move the server to a cloud provider. Change the operating system. Buy a new server and create an active-active cluster. Upgrade the server with a new one.

A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization. Which of the following actions would BEST resolve the issue? (Choose two.). Conduct input sanitization. Deploy a SIEM. Use containers. Patch the OS. Deploy a WAF. Deploy a reverse proxy. Deploy an IDS.

A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application. Which of the following is the MOST likely cause?. The user agent client is not compatible with the WAF. A certificate on the WAF is expired. HTTP traffic is not forwarding to HTTPS to decrypt. Old, vulnerable cipher suites are still being used.

A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered data. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements. Which of the following would MOST likely help the company gain consensus to move the data to the cloud?. Designing data protection schemes to mitigate the risk of loss due to multitenancy. Implementing redundant stores and services across diverse CSPs for high availability. Emulating OS and hardware architectures to blur operations from CSP view. Purchasing managed FIM services to alert on detected modifications to covered data.

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code. Which of the following would BEST secure the company's CI/CD pipeline?. Utilizing a trusted secrets manager. Performing DAST on a weekly basis. Performing DAST on a weekly basis. Deploying instance tagging.

A company is preparing to deploy a global service. Which of the following must the company do to ensure GDPR compliance? (Choose two.). Inform users regarding what data is stored. Provide opt-in/out for marketing messages. Provide data deletion capabilities. Provide optional data encryption. Grant data access to third parties. Provide alternative authentication techniques.

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable. Which of the following should the security team recommend FIRST?. Investigating a potential threat identified in logs related to the identity management system. Updating the identity management system to use discretionary access control. Beginning research on two-factor authentication to later introduce into the identity management system. Working with procurement and creating a requirements document to select a new IAM system/vendor.

A customer reports being unable to connect to a website at www.test.com to consume services. The customer notices the web application has the following published cipher suite: Which of the following is the MOST likely cause of the customer's inability to connect?. The server name should be test.com. The default should be on port 80. Weak ciphers are being used. The public key should be using ECDSA.

Contact the email service provider and ask if the company IP is blocked. Create an IMAPS firewall rule to ensure email is allowed. Confirm the email server certificate is installed on the corporate computers. Make sure the UTM certificate is imported on the corporate computers.

A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company's services to ensure false positives do not drop legitimate traffic. Which of the following would satisfy the requirement?. WAF. Reverse proxy. NIPS. NIDS.

A security engineer was auditing an organization's current software development practice and discovered that multiple open-source libraries were Integrated into the organization's software. The organization currently performs SAST and DAST on the software it develops. Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?. Perform additional SAST/DAST on the open-source libraries. Perform unit testing of the open-source libraries. Implement the SDLC security guidelines. Track the library versions and monitor the CVE website for related vulnerabilities.

An organization wants to perform a scan of all its systems against best-practice security configurations. Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machinereadable checklist format for full automation? (Choose two.). CVSS. ARF. CPE. DVAL. XCCDF. CVE.

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be: ✑ Leaked to the media via printing of the documents ✑ Sent to a personal email address Accessed and viewed by systems administrators ✑ Uploaded to a file storage site Which of the following would mitigate the department's concerns?. VDI, proxy, CASB, and DRM. Watermarking, forward proxy, DLP, and MFA. Data loss detection, reverse proxy, EDR, and PGP. Proxy, secure VPN, endpoint encryption, and AV.

A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following: 1. The network supports core applications that have 99.99% uptime. 2. Configuration updates to the SD-WAN routers can only be initiated from the management service. 3. Documents downloaded from websites must be scanned for malware. Which of the following solutions should the network architect implement to meet the requirements?. Reverse proxy, stateful firewalls, and VPNs at the local sites. IDSs, WAFs, and forward proxy IDS. DoS protection at the hub site, mutual certificate authentication, and cloud proxy. IPSs at the hub, Layer 4 firewalls, and DLP.

Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity?. Key sharing. Key escrow. Key recovery. Key distribution.

An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization's headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application: ✑ Low latency for all mobile users to improve the users' experience ✑ SSL offloading to improve web server performance ✑ Protection against DoS and DDoS attacks ✑ High availability Which of the following should the organization implement to BEST ensure all requirements are met?. Dual gigabit-speed Internet connections with managed DDoS prevention. A cache server farm in its datacenter. A CDN with the origin set to its datacenter. A load-balanced group of reverse proxy servers with SSL acceleration.

A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident. Which of the following would be BEST to proceed with the transformation?. A multicloud provider solution. An on-premises solution as a backup. A load balancer with a round-robin configuration. An active-active solution within the same tenant.