CASP Test B

A Chief Information Security Officer (CISO) is concerned that a company's current data disposal procedures could result in data remanence. The company uses only SSDs. Which of the following would be the MOST secure way to dispose of the SSDs given the CISO's concern?. Degaussing. Overwriting. Shredding. Formatting. Incinerating.

Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?. IaaS. SaaS. FaaS. PaaS.

Which of the following technologies allows CSPs to add encryption across multiple data storages?. Symmetric encryption. Homomorphic encryption. Data dispersion. Bit splitting.

A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment. Which of the following should the security administrator do to mitigate the risk?. Explain to the networking team the reason Flash is no longer available and insist the team move up the timetable for replacemen. Air gap the legacy system from the network and dedicate a laptop with an end-of-life OS on it to connect to the system via crossover cable for management. Suggest that the networking team contact the original embedded system's vendor to get an update to the system that does not require Flash. Isolate the management interface to a private VLAN where a legacy browser in a VM can be used as needed to manage the system.

A review of the past year's attack patterns shows that attackers stopped reconnaissance after finding a susceptible system to compromise. The company would like to find a way to use this information to protect the environment while still gaining valuable attack information. Which of the following would be BEST for the company to implement?. A WAF. An IDS. A SIEM. A honeypot.

An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations: ✑ Protection from DoS attacks against its infrastructure and web applications is in place. ✑ Highly available and distributed DNS is implemented. ✑ Static content is cached in the CDN. ✑ A WAF is deployed inline and is in block mode. ✑ Multiple public clouds are utilized in an active-passive architecture. With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?. The public cloud provider is applying QoS to the inbound customer traffic. The API gateway endpoints are being directly targeted. The site is experiencing a brute-force credential attack. A DDoS attack is targeted at the CDN.

As part of the customer registration process to access a new bank account, customers are required to upload a number of documents, including their passports and driver's licenses. The process also requires customers to take a current photo of themselves to be compared against provided documentation. Which of the following BEST describes this process?. Deepfake. Know your customer. Identity proofing. Passwordless.

A healthcare system recently suffered from a ransomware incident. As a result, the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits, and had open RDP access to servers with personal health information. As the consultant builds the remediation plan, which of the following solutions would BEST solve these challenges? (Choose three.). SD-WAN. PAM. Remote access VPN. MFA. Network segmentation. BGP. NAC.

An organization's assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the business via an API. Given this information, which of the following is a noted risk?. Feature delay due to extended software development cycles. Financial liability from a vendor data breach. Technical impact to the API configuration. The possibility of the vendor's business ceasing operations.

An analyst received a list of IOCs from a government agency. The attack has the following characteristics: 1. The attack starts with bulk phishing. 2. If a user clicks on the link, a dropper is downloaded to the computer. 3. Each of the malware samples has unique hashes tied to the user. The analyst needs to identify whether existing endpoint controls are effective. Which of the following risk mitigation techniques should the analyst use?. Update the incident response plan. Blocklist the executable. Deploy a honeypot onto the laptops. Detonate in a sandbox.

A security analyst is evaluating the security of an online customer banking system. The analyst has a 12-character password for the test account. At the login screen, the analyst is asked to enter the third, eighth, and eleventh characters of the password. Which of the following describes why this request is a security concern? (Choose two.). The request is evidence that the password is more open to being captured via a keylogger. The request proves that salt has not been added to the password hash, thus making it vulnerable to rainbow tables. The request proves the password is encoded rather than encrypted and thus less secure as it can be easily reversed. The request proves a potential attacker only needs to be able to guess or brute force three characters rather than 12 characters of the password. The request proves the password is stored in a reversible format, making it readable by anyone at the bank who is given access. The request proves the password must be in cleartext during transit, making it open to on-path attacks.

A security architect was asked to modify an existing internal network design to accommodate the following requirements for RDP: ✑ Enforce MFA for RDP. ✑ Ensure RDP connections are only allowed with secure ciphers. The existing network is extremely complex and not well segmented. Because of these limitations, the company has requested that the connections not be restricted by network-level firewalls or ACLs. Which of the following should the security architect recommend to meet these requirements?. Implement a reverse proxy for remote desktop with a secure cipher configuration enforced. Implement a bastion host with a secure cipher configuration enforced. Implement a remote desktop gateway server, enforce secure ciphers, and configure to use OTP. Implement a GPO that enforces TLS cipher suites and limits remote desktop access to only VPN users.

An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment's notice. Which of the following should the organization consider FIRST to address this requirement?. Implement a change management plan to ensure systems are using the appropriate versions. Hire additional on-call staff to be deployed if an event occurs. Design an appropriate warm site for business continuity. Identify critical business processes and determine associated software and hardware requirements.

A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes. Which of the following should a security architect recomm. A DLP program to identify which files have customer data and delete them. An ERP program to identify which processes need to be tracked. A CMDB to report on systems that are not configured to security baselines. A CRM application to consolidate the data and provision access based on the process and need.

An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to-back firewalls separating the corporate and OT systems. Which of the following is the MOST likely security consequence of this attack?. A turbine would overheat and cause physical harm. The engineers would need to go to the historian. The SCADA equipment could not be maintained. Data would be exfiltrated through the data diodes.

A company is adopting a new artificial-intelligence-based analytics SaaS solution. This is the company's first attempt at using a SaaS solution, and a security architect has been asked to determine any future risks. Which of the following would be the GREATEST risk in adopting this solution?. The inability to require the service provider process data in a specific country. The inability to obtain company data when migrating to another service. The inability to assign access controls to comply with company policy. The inability to conduct security assessments against a service provider.