option
Questions
ayuda
daypo
search.php

ERASED TEST, YOU MAY BE INTERESTED ON Casp+ D

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
Casp+ D

Description:
CompTIA CASP+

Author:
TheShed
Other tests from this author

Creation Date: 19/09/2024

Category: Computers

Number of questions: 83
Share the Test:
New CommentNuevo Comentario
No comments about this test.
Content:
An architect is designing security scheme for an organization that is concerned about APTs. Any proposed architecture must meet the following requirements: • Services must be able to be reconstituted quickly from a known-good state. • Network services must be designed to ensure multiple diverse layers of redundancy. • Defensive and responsive actions must be automated to reduce human operator demands. Which of the following designs must be considered to ensure the architect meets these requirements? (Choose three.) Increased efficiency by embracing advanced caching capabilities Geographic distribution of critical data and services Hardened and verified container usage Emulated hardware architecture usage Establishment of warm and hot sites for continuity of operations Heterogeneous architecture Deployment of IPS services that can identify and block malicious traffic mplementation and configuration of a SOAR.
A company is on a deadline to roll out an entire CRM platform to all users at one time. However, the company is behind schedule due to reliance on third-party vendors. Which of the following development approaches will allow the company to begin releases but also continue testing and development for future releases? Implement iterative software releases Revise the scope of the project to use a waterfall approach Change the scope of the project to use the spiral development methodology. Perform continuous integration.
A third-party organization has implemented a system that allows it to analyze customers’ data and deliver analysis results without being able to see the raw data. Which of the following is the organization implementing? Asynchronous keys Homomorphic encryption Data lake Machine learning.
Which of the following communication protocols is used to create PANs with small, low-power digital radios and supports a large number of nodes? Zigbee Wi-Fi CAN Modbus DNP3.
A software development company is building a new mobile application for its social media platform. The company wants to gain its users’ trust by reducing the risk of on-path attacks between the mobile client and its servers and by implementing stronger digital trust. To support users’ trust, the company has released the following internal guidelines: • Mobile clients should verity the identity of all social media servers locally. • Social media servers should improve TLS performance of their certificate status. • Social media servers should inform the client to only use HTTPS. Given the above requirements, which of the following should the company implement? (Choose two.) Quick UDP internet connection OCSP stapling Private CA DNSSEC CRL HSTS Distributed object model.
Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical according to CVSS to be fixed or mitigated. A security analyst notices that many vulnerabilities that were previously scored as medium are now breaching higher thresholds. Upon further investigation, the analyst notices certain ratings are not aligned with the approved system categorization. Which of the following can the analyst do to get a better picture of the risk while adhering to the organization’s policy? Align the exploitability metrics to the predetermined system categorization. Align the remediation levels to the predetermined system categorization. Align the impact subscore requirements to the predetermined system categorization. Align the attack vectors to the predetermined system categorization.
A cloud engineer is tasked with improving the responsiveness and security of a company’s cloud-based web application. The company is concerned that international users will experience increased latency. Which of the following is the BEST technology to mitigate this concern? Caching Containerization Content delivery network Clustering .
An organization thinks that its network has active, malicious activity on it. Which of the following capabilities would BEST help to expose the adversary? Installing a honeypot and other decoys Expanding SOC functions to include hunting Enumerating asset configurations Performing a penetration test.
An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file: mbedTLS: ca certificate is undefined Which of the following is the root cause of this issue? iOS devices have an empty root certificate chain by default. OpenSSL is not configured to support PKCS#12 certificate files. The VPN client configuration is missing the CA private key. The iOS keychain imported only the client public and private keys.
A security engineer has been informed by the firewall team that a specific Windows workstation is part of a command-and-control network. The only information the security engineer is receiving is that the traffic is occurring on a non-standard port (TCP 40322). Which of the following commands should the security engineer use FIRST to find the malicious process? tcpdump netstat tasklist traceroute ipconfig.
In a shared responsibility model for PaaS, which of the following is a customer's responsibility? Network security Physical security OS security Host infrastructure.
A security engineer notices the company website allows users to select which country they reside in, such as the following example: https://mycompany.com/main.php?Country=US Which of the following vulnerabilities would MOST likely affect this site? SQL injection Remote file inclusion Directory traversal Unsecure references.
A bank has multiple subsidiaries that have independent infrastructures. The bank's support teams manage all these environments and want to use a single set of credentials. Which of the following is the BEST way to achieve this goal? SSO Federation Cross-domain Shared credentials.
A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier in the development process in order to reduce the average time to identify serverless application vulnerabilities and the costs associated with remediation. The startup began its early security testing efforts with DAST to cover public-facing application components and recently implemented a bug bounty program. Which of the following will BEST accomplish the company’s objectives? (Choose two.) IAST RASP SAST SCA WAF CMS.
Which of the following indicates when a company might not be viable after a disaster? Maximum tolerable downtime Recovery time objective Mean time to recovery Annual loss expectancy.
During an incident, an employee's web traffic was redirected to a malicious domain. The workstation was compromised, and the attacker was able to modify sensitive data from the company file server. Which of the following solutions would have BEST prevented the initial compromise from happening? (Choose two.) DNSSEC FIM Segmentation Firewall DLP Web proxy.
A software company wants to build a platform by integrating with another company's established product. Which of the following provisions would be MOST important to include when drafting an agreement between the two companies? Data sovereignty Shared responsibility Source code escrow Safe harbor considerations.
A security administrator sees several hundred entries in a web server security log that are similar to the following: The network source varies, but the URL, status, and user agent are the same. Which of the following would BEST protect the web server without blocking legitimate traffic? Replace the file xmlrpc.php with a honeypot form to collect further IOCs. Automate the addition of bot IP addresses into a deny list for the web host Script the daily collection of the WHOIS ranges to add to the WAF as a denied ACL. Block every subnet that is identified as having a bot that is a source of the traffic.
An organization had been leveraging RC4 to protect the confidentiality of a continuous, high-throughput 4K video stream but must upgrade to a more modern cipher. The new cipher must maximize speed, particularly on endpoints without crypto instruction sets or coprocessors. Which of the following is MOST likely to meet the organization's requirements? ChaCha20 ECDSA Blowfish AES-GCM AES-CBC.
Which of the following processes involves searching and collecting evidence during an investigation or lawsuit? E-discovery Review analysis Information governance Chain of custody.
A domestic, publicly traded, online retailer that sells makeup would like to reduce the risks to the most sensitive type of data within the organization but also the impact to compliance. A risk analyst is performing an assessment of the collection and processing of data used within business processes. Which of the following types of data pose the GREATEST risk? (Choose two.) Financial data from transactions Shareholder meeting minutes Data of possible European customers Customers' shipping addresses Deidentified purchasing habits Consumer product purchasing trends.
A security engineer is creating a single CSR for the following web server hostnames: • wwwint.internal • www.company.com • home.internal • www.internal Which of the following would meet the requirement? SAN CN CA CRL Issuer.
A managed security provider (MSP) is engaging with a customer who was working through a complete digital transformation. Part of this transformation involves a move to cloud servers to ensure a scalable, high-performance, online user experience. The current architecture includes: • Directory servers • Web servers • Database servers • Load balancers • Cloud-native VPN concentrator • Remote access server The MSP must secure this environment similarly to the infrastructure on premises. Which of the following should the MSP put in place to BEST meet this objective? (Choose three.) Content delivery network Virtual next-generation firewall Web application firewall Software-defined WAN External vulnerability scans Containers.
A security analyst has been tasked with providing key information in the risk register. Which of the following outputs or results would be used to BEST provide the information needed to determine the security posture for a risk decision? (Choose two.) Password cracker SCAP scanner Network traffic analyzer Vulnerability scanner Port scanner Protocol analyzer.
An organization is in frequent litigation and has a large number of legal holds. Which of the following types of functionality should the organization's new email system provide? DLP Encryption E-discovery Privacy-level agreements.
A security engineer based in Iceland works in an environment requiring an on-premises and cloud-based storage solution. The solution should take into consideration the following: 1. The company has sensitive data. 2. The company has proprietary data. 3. The company has its headquarters in Iceland, and the data must always reside in that country. Which cloud deployment model should be used? Hybrid cloud Community cloud Public cloud Private cloud.
When managing and mitigating SaaS cloud vendor risk, which of the following responsibilities belongs to the client? Data Storage Physical security Network.
Which of the following should be established when configuring a mobile device to protect user internet privacy, to ensure the connection is encrypted, and to keep user activity hidden? (Choose two.) Proxy Tunneling VDI MDM RDP MAC address randomization.
An organization does not have visibility into when company-owned assets are off network or not connected via a VPN. The lack of visibility prevents the organization from meeting security and operational objectives. Which of the following cloud-hosted solutions should the organization implement to help mitigate the risk? Antivirus UEBA EDR HIDS.
A company has retained the services of a consultant to perform a security assessment. As part of the assessment, the consultant recommends engaging with others in the industry to collaborate in regards to emerging attacks. Which of the following would BEST enable this activity? ISAC OSINT CVSS Threat modeling.
A law firm experienced a breach in which access was gained to a secure server. During an investigation to determine how the breach occurred, an employee admitted to clicking on a spear-phishing link. A security analyst reviewed the event logs and found the following: • PAM had not been bypassed. • DLP did not trigger any alerts. • The antivirus was updated to the most current signatures. Which of the following MOST likely occurred? Exploitation Exfilitration Privilege escalation Lateral movement.
A company processes sensitive cardholder information that is stored in an internal production database and accessed by internet-facing web servers. The company's Chief Information Security Officer (CISO) is concerned with the risks related to sensitive data exposure and wants to implement tokenization of sensitive information at the record level. The company implements a one-to-many mapping of primary credit card numbers to temporary credit card numbers. Which of the following should the CISO consider in a tokenization system? Data field watermarking Field tagging Single-use translation Salted hashing.
A network administrator receives a ticket regarding an error from a remote worker who is trying to reboot a laptop. The laptop has not yet loaded the operating system, and the user is unable to continue the boot process. The administrator is able to provide the user with a recovery PIN, and the user is able to reboot the system and access the device as needed. Which of the following is the MOST likely cause of the error? Lockout of privileged access account Duration of the BitLocker lockout period Failure of the Kerberos time drift sync Failure of TPM authentication.
A security engineer is concerned about the threat of side-channel attacks. The company experienced a past attack that degraded parts of a SCADA system, causing a fluctuation to 20,000rpm from its normal operating range. As a result, the part deteriorated more quickly than the mean time to failure. A further investigation revealed the attacker was able to determine the acceptable rpm range, and the malware would then fluctuate the rpm until the part failed. Which of the following solutions would be BEST to prevent a side-channel attack in the future? Installing online hardware sensors Air gapping important ICS and machines Implementing a HIDS Installing a SIEM agent on the endpoint.
Which of the following is the primary reason that a risk practitioner determines the security boundary prior to conducting a risk assessment? To determine the scope of the risk assessment To determine the business owner(s) of the system To decide between conducting a quantitative or qualitative analysis To determine which laws and regulations apply.
A security architect must mitigate the risks from what is suspected to be an exposed, private cryptographic key. Which of the following is the BEST step to take? Revoke the certificate. Inform all the users of the certificate Contact the company's Chief Information Security Officer Disable the website using the suspected certificate Alert the root CA.
An employee's device was missing for 96 hours before being reported. The employee called the help desk to ask for another device. Which of the following phases of the incident response cycle needs improvement? Containment Preparation Resolution Investigation.
A security consultant has been asked to recommend a secure network design that would: • Permit an existing OPC server to communicate with a new Modbus server that is controlling electrical relays. • Limit operational disruptions. Due to the limitations within the Modbus protocol, which of the following configurations should the security engineer recommend as part of the solution? Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 135. Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 102. Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 5000. Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.
A forensic investigator started the process of gathering evidence on a laptop in response to an incident. The investigator took a snapshot of the hard drive, copied relevant log files, and then performed a memory dump. Which of the following steps in the process should have occurred FIRST? Preserve secure storage. Clone the disk. Collect the most volatile data. Copy the relevant log files.
A company is designing a new system that must have high security. This new system has the following requirements: • Permissions must be assigned based on role. • Fraud from a single person must be prevented. • A single entity must not have full access control. Which of the following can the company use to meet these requirements? Dual responsibility Separation of duties Need to know Least privilege.
A Chief Security Officer (CSO) is concerned about the number of successful ransomware attacks that have hit the company. The data indicates most of the attacks came through a fake email. The company has added training, and the CSO now wants to evaluate whether the training has been successful. Which of the following should the CSO implement? Simulating a spam campaign Conducting a sanctioned vishing attack Performing a risk assessment Executing a penetration test.
A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup. Which of the following solutions will BEST meet this requirement? Mirror the blobs at a local data center. Enable fast recovery on the storage account. Implement soft delete for blobs Make the blob immutable.
To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within its proprietary software. Which of the following should the company consider to maximize risk reduction from vulnerabilities introduced by OpenSSL? Include stable, long-term releases of third-party libraries instead of using newer versions. Ensure the third-party library implements the TLS and disable weak ciphers. Compile third-party libraries into the main code statically instead of using dynamic loading. Implement an ongoing, third-party software and library review and regression testing.
After the latest risk assessment, the Chief Information Security Officer (CISO) decides to meet with the development and security teams to find a way to reduce the security task workload. The CISO would like to: • Have a solution that uses API to communicate with other security tools. • Use the latest technology possible. • Have the highest controls possible on the solution. Which of following is the BEST option to meet these requirements? EDR CSP SOAR CASB.
A new, online file hosting service is being offered. The service has the following security requirements: • Threats to customer data integrity and availability should be remediated first. • The environment should be dynamic to match increasing customer demands. • The solution should not interfere with customers’ ability to access their data at anytime. • Security analysts should focus on high-risk items. Which of the following would BEST satisfy the requirements? Expanding the use of IPS and NGFW devices throughout the environment Increasing the number of analysts to identify risks that need remediation Implementing a SOAR solution to address known threats Integrating enterprise threat feeds in the existing SIEM.
In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on: cloud-native applications containerization. serverless configurations. software-defined networking secure access service edge.
A pharmaceutical company was recently compromised by ransomware. Given the following EDR output from the process investigation: On which of the following devices and processes did the ransomware originate? cpt-ws018, powershell.exe cpt-ws026, DearCry.exe cpt-ws002, NO-AV.exe cpt-ws026, NO-AV.exe cpt-ws002, DearCry.exe.
A company has instituted a new policy in which all outbound traffic must go over TCP ports 80 and 443 for all its managed mobile devices. No other IP traffic is allowed to be initiated from a device. Which of the following should the organization consider implementing to ensure internet access continues without interruption? CYOD MDM WPA3 DoH.
A cloud security architect has been tasked with selecting the appropriate solution given the following: • The solution must allow the lowest RTO possible. • The solution must have the least shared responsibility possible. • Patching should be a responsibility of the CSP. Which of the following solutions can BEST fulfil the requirements? PaaS IaaS Private SaaS.
A network administrator who manages a Linux web server notices the following traffic: http://comptia.org/../../../../etc/shadow Which of the following is the BEST action for the network administrator to take to defend against this type of web attack? Validate the server certificate and trust chain Validate the server input and append the input to the base directory path. Validate that the server is not deployed with default account credentials. Validate that multifactor authentication is enabled on the server for all user accounts.
A mobile application developer is creating a global, highly scalable, secure chat application. The developer would like to ensure the application is not susceptible to on-path attacks while the user is traveling in potentially hostile regions. Which of the following would BEST achieve that goal? Utilize the SAN certificate to enable a single certificate for all regions Deploy client certificates to all devices in the network. Configure certificate pinning inside the application Enable HSTS on the application's server side for all communication.
A corporation discovered its internet connection is saturated with traffic originating from multiple IP addresses across the internet. A security analyst needs to find a solution to address future occurrences of this type of attack. Which of the following would be the BEST solution to meet this goal? Implementing cloud-scrubbing services Upgrading the internet link Deploying a web application firewall Provisioning a reverse proxy.
A security engineer is working for a service provider and analyzing logs and reports from a new EDR solution, which is installed on a small group of workstations. Later that day, another security engineer receives an email from two developers reporting the software being used for development activities is now blocked. The developers have not made any changes to the software being used. Which of the following is the EDR reporting? True positive False negative False positive True negative.
An organization has just been breached, and the attacker is exfiltrating data from workstations. The security analyst validates this information with the firewall logs and must stop the activity immediately. Which of the following steps should the security analyst perform NEXT? Determine what data is being stolen and change the folder permissions to read only. Determine which users may have clicked on a malicious email link and suspend their accounts Determine where the data is being transmitted and create a block rule Determine if a user inadvertently installed malware from a USB drive and update antivirus definitions Determine if users have been notified to save their work and turn off their workstations.
A security architect is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business. Which of the following techniques should have been implemented to prevent these types of risks? Code reviews Supply chain visibility Software audits Source code escrows.
A company has decided that only administrators are permitted to use PowerShell on their Windows computers. Which of the following is the BEST way for an administrator to implement this decision? Monitor the Application and Services Logs group within Windows Event Log. Uninstall PowerShell from all workstations. Configure user settings In Group Policy. Provide user education and training. Block PowerShell via HIDS.
A recent security audit identified multiple endpoints have the following vulnerabilities: • Various unsecured open ports • Active accounts for terminated personnel • Endpoint protection software with legacy versions • Overly permissive access rules Which of the following would BEST mitigate these risks? (Choose three). Local drive encryption Secure boot Address space layout randomization Unneeded services disabled Patching Logging Removal of unused accounts Enabling BIOS password.
A client is adding scope to a project. Which of the following processes should be used when requesting updates or corrections to the client's systems? The implementation engineer requests direct approval from the systems engineer and the Chief Information Security Officer The change control board must review and approve a submission. The information system security officer provides the systems engineer with the system updates The security engineer asks the project manager to review the updates for the client's system.
A company is looking at sending historical backups containing customer PII to a cloud service provider to save on storage costs. Which of the following is the MOST important consideration before making this decision? Availability Data sovereignty Geography Vendor lock-in.
A cybersecurity analyst discovered a private key that could have been exposed. Which of the following is the BEST way for the analyst to determine if the key has been compromised? HSTS PKI CSRs OCSP.
ACSP, which wants to compete in the market, has been approaching companies in an attempt to gain business, The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following would be the MOST significant business risk to a company that signs a contract with this CSP? Resource exhaustion Geographic location Control plane breach Vendor lock-in.
A forensics investigator is analyzing an executable file extracted from storage media that was submitted for evidence. The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file. Which of the following should the investigator use while preserving evidence integrity? ldd bcrypt SHA-3 ssdeep dcfidd.
A major broadcasting company that requires continuous availability to streaming content needs to be resilient against DDoS attacks. Which of the following Is the MOST important infrastructure security design element to prevent an outage? Supporting heterogeneous architecture Leveraging content delivery network across multiple regions Ensuring cloud autoscaling is in place Scaling horizontally to handle increases in traffic.
A security analyst is monitoring an organization's IDS and DLP systems for an alert indicating files were removed from the network. The files were from the workstation of an employee who was authenticated but not authorized to access the files. Which of the following should the organization do FIRST to address this issue? Provide additional security awareness training Disable the employee's credentials until the issue is resolved Ask human resources to notify the employee that sensitive files were accessed. Isolate the employee's network segment and investigate further.
In order to authenticate employees who, call in remotely, a company's help desk staff must be able to view partial information about employees because the full information may be considered sensitive. Which of the following solutions should be implemented to authenticate employees? Data scrubbing Field masking Encryption in transit Metadata.
A systems administrator was given the following IOC to detect the presence of a malicious piece of software communicating with its commandand-control server: POST /malicious.php - User-Agent: Malicious Tool V 1.0 Host: www.malicious.com - The IOC documentation suggests the URL is the only part that could change. Which of the following regular expressions would allow the systems administrator to determine if any of the company hosts are compromised, while reducing false positives? User-Agent: Malicious Tool.* www\.malicious\.com\/malicious.php Post /malicious\.php Host: [a-z]*\.malicious\.com malicious.*.
A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead and be resistant to offline password attacks. Which of the following should the security consultant recommend? WPA2-Preshared Key WPA3-Enterprise WPA3-Personal WPA2-Enterprise.
A security consultant is designing an infrastructure security solution for a client company that has provided the following requirements: • Access to critical web services at the edge must be redundant and highly available. • Secure access services must be resilient to a proprietary zero-day vulnerability in a single component. • Automated transition of secure access solutions must be able to be triggered by defined events or manually by security operations staff. Which of the following solutions BEST meets these requirements? Implementation of multiple IPSec VPN solutions with diverse endpoint configurations enabling user optionality in the selection of a remote access provider Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks Two separate secure access solutions orchestrated by SOAR with components provided by the same vendor for compatibility Reverse TLS proxy configuration using OpenVPN/OpenSSL with scripted failover functionality that connects critical web services out to endpoint computers.
A software company decides to study and implement some new security features in the software it develops in C++ language. Developers are trying to find a way to avoid a malicious process that can access another process's execution area. Which of the following techniques can the developers do? Enable NX. Move to Java. Execute SAST Implement memory encryption.
A security architect recommends replacing the company's monolithic software application with a containerized solution. Historically, secrets have been stored in the application's configuration files. Which of the following changes should the security architect make in the new system? Use a secrets management tool. Save secrets in key escrow Store the secrets inside the Dockerfiles. Run all Dockerfiles in a randomized namespace.
Law enforcement officials informed an organization that an investigation has begun. Which of the following is the FIRST step the organization should take? Initiate a legal hold. Refer to the retention policy. Perform e-discovery. Review the subpoena.
A security analyst at a global financial firm was reviewing the design of a cloud-based system to identify opportunities to improve the security of the architecture. The system was recently involved in a data breach after a vulnerability was exploited within a virtual machine's operating system. The analyst observed the VPC in which the system was located was not peered with the security VPC that contained the centralized vulnerability scanner due to the cloud provider's limitations. Which of the following is the BEST course of action to help prevent this situation in the near future? Establish cross-account trusts to connect all VPCs via API for secure configuration scanning Migrate the system to another larger, top-tier cloud provider and leverage the additional VPC peering flexibility. Implement a centralized network gateway to bridge network traffic between all VPCs. Enable VPC traffic mirroring for all VPCs and aggregate the data for threat detection.
A company wants to refactor a monolithic application to take advantage of cloud native services and service microsegmentation to secure sensitive application components. Which of the following should the company implement to ensure the architecture is portable? Virtualized emulators Type 2 hypervisors Orchestration Containerization.
The Chief Information Security Officer (CISO) asked a security manager to set up a system that sends an alert whenever a mobile device enters a sensitive area of the company's data center. The CISO would also like to be able to alert the individual who is entering the area that the access was logged and monitored. Which of the following would meet these requirements? Near-field communication Short Message Service Geofencing Bluetooth.
A startup software company recently updated its development strategy to incorporate the Software Development Life Cycle, including revamping the quality assurance and release processes for gold builds. Which of the following would most likely be developed FIRST as part of the overall strategy? Security requirements Code signing Application vetting Secure coding standards.
An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal? Properly configure a secure file transfer system to ensure file integrity. Have the external parties sign non-disclosure agreements before sending any images Only share images with external parties that have worked with the firm previously Utilize watermarks in the images that are specific to each external party.
A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert. Based on this information, the security analyst acknowledges this alert. Which of the following event classifications is MOST likely the reason for this action? True negative False negative False positive Non-automated response.
A security administrator wants to detect a potential forged sender claim in the envelope of an email. Which of the following should the security administrator implement? (Choose two.) MX record DMARC SPF DNSSEC S/MIME TLS.
A company is acquiring a competitor, and the security team is performing due diligence activities on the competitor prior to the acquisition. The team found a recent compliance audit of the competitor's environment that shows a mature security infrastructure, but it lacks a cohesive policy and process framework. Based on the audit findings, the security team determines the competitor's existing security capabilities are sufficient, but they will need to incorporate additional security policies. Which of the following risk management strategies is the security team recommending? Mitigate and avoid Transfer and accept Avoid and transfer Accept and mitigate.
A security engineer performed an assessment on a recently deployed web application. The engineer was able to exfiltrate a company report by visiting the following URL: www.intranet.abc.com/get-files.jsp?file=report.pdf Which of the following mitigation techniques would be BEST for the security engineer to recommend? Input validation Firewall WAF DLP.
A help desk technician is troubleshooting an issue with an employee's laptop that will not boot into its operating system. The employee reported the laptop had been stolen but then found it one day later. The employee has asked the technician for help recovering important data. The technician has identified the following: • The laptop operating system was not configured with BitLocker. • The hard drive has no hardware failures. • Data is present and readable on the hard drive, although it appears to be illegible. Which if the following is the MOST likely reason the technician is unable to retrieve legible data from the hard drive? The employee's password was changed, and the new password needs to be used. The PKI certificate was revoked, and a new one must be installed. The hard drive experienced crypto-shredding The technician is using the incorrect cipher to read the data.
A security team is concerned with attacks that are taking advantage of return-oriented programming against the company's public facing applications. Which of the following should the company implement on the public-facing servers? WAF ASLR NX HSM.
A cyberanalyst has been tasked with recovering PDF files from a provided image file. Which of the following is the BEST file-carving tool for PDF recovery? objdump Strings dd Foremost.
Report abuse