CASP test E

An organization is running its e-commerce site in the cloud. The capacity is sufficient to meet the organization's needs throughout most of the year, except during the holidays when the organization plans to introduce a new line of products and expects an increase in traffic The organization is not sure how well its products will be received. To address this issue, the organization needs to ensure that: • System capacity is optimized. • Cost is reduced Which of the following should be implemented to address these requirements? (Choose two.). Containerization. Microsegmentation. CND. Autoscaling -WAF. Load balancer.

A Chief Information Security Officer (CISO) received a call from the Chief Executive Officer (CEO) about a data breach from the SOC lead around 9:00 a.m. At 10:00 a.m. The CEO informs the CISO that a breach of the firm is being reported on national news. Upon investigation, it is determined that a network administrator has reached out to a vendor prior to the breach for information on a security patch that failed to be installed. Which of the following should the CISO do to prevent this from happening again?. Send out a press release denying the breach until more information can be obtained. Create an effective communication plan and socialize it with all employees. Implement a more robust vulnerability identification process. Properly triage events based on brand imaging and ensure the CEO is on the call roster.

A Chief Information Security Officer is concerned about the condition of the code security being used for web applications. It is important to get the review right the first time, and the company is willing to use a tool that will allow developers to validate code as it is written. Which of the following methods should the company use?. DAST. SAST. Fuzz testing. Intercepting proxy.

The Chief Executive Officer of an online retailer notices a sudden drop in sales. A security analyst at the retailer detects a redirection of unsecure web traffic to a competitor’s site. Which of the following would best prevent this type of attack?. Enforcing DNSSEC. Deploying certificate stapling. Configuring certificate pinning. Enabling HSTS.

A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites. Which of the following would BEST support multiple domain names while minimizing the amount of certificates needed?. CRL. SAN. CA. OCSP.

A penetration tester discovers a condition that causes unexpected behavior in a web application. This results in the dump of the interpreter's debugging information, which includes the interpreter’s version, full path of binary files, and the user ID running the process. Which of the following actions would best mitigate this risk?. Include routines in the application for message handling. Perform SAST vulnerability scans on every build. Adopt a compiled programming language instead. Validate user-generated input.

A senior security analyst is helping the development team improve the security of an application that is being developed. The developers use third-party libraries and applications. The software in development used old, third-party packages that were not replaced before market distribution. Which of the following should be implemented into the SDLC to resolve the issue?. Software composition analysis. A SAST. A DAST. A SCAP scanner.

An organization offers SaaS services through a public email and storage provider. To facilitate password resets, a simple online system is set up. During a routine check of the storage each month, a significant increase in use of storage can be seen. Which of the following techniques would remediate the attack?. Configuring an account lockout policy. Including input sanitization to the logon page. Adding MFA to all accounts. Implementing a new password reset system.

A financial institution generates a list of newly created accounts and sensitive information on a daily basis. The financial institution then sends out a file containing thousands of lines of data. Which of the following would be the best way to reduce the risk of a malicious insider making changes to the file that could go undetected?. Implement a FIM that automatically generates alerts when the file is accessed by IP addresses that are not associated with the application. Write a SIEM rule that generates a critical alert when files are created on the application server. Create a script that compares the size of the file on an hourly basis and generates alerts when changes are identified. Tune the rules on the host-based IDS for the application server to trigger automated alerts when the application server is accessed from the internet.

An internal security assessor identified large gaps in a company’s IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?. Due diligence. Due care. Due notice. Due process.

The Chief Information Security Officer is concerned about the possibility of employees downloading malicious files from the internet and opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk?. Block known malware sites on the web proxy. Scan all downloads using an antivirus engine on the web proxy. Execute the files in the sandbox on the web proxy. Integrate the web proxy with threat intelligence feeds.

A company with only U.S.-based customers wants to allow developers from another country to work on the company's website. However, the company plans to block normal internet traffic from the other country. Which of the following strategies should the company use to accomplish this objective? (Choose two.). Block foreign IP addresses from accessing the website. Give the developers access to a jump box on the network. Implement a WAF for the website. Use NAT to enable access for the developers. Employ a reverse proxy for the developers. Have the developers use the company's VPN.

A security analyst is participating in a risk assessment and is helping to calculate the exposure factor associated with various systems and processes within the organization. Which of the following resources would be most useful to calculate the exposure factor in this scenario?. Lessons learned. Risk register. Information security policy. Gap analysis. Business impact analysis.

A company recently implemented a CI/CD pipeline and is now concerned with the current state of its software development processes. The company wants to augment its CI/CD pipeline with a solution to: • Prevent code configuration drifts. • Ensure coding standards are followed. Which of the following should the company implement to address these concerns? (Choose two.). Code signing. Manual approval processes. Linters. Regression testing. Fuzzers. Dynamic code analysis.

A security engineer needs to select the architecture for a cloud database that will protect an organization’s sensitive data. The engineer has a choice between a single-tenant or a multitenant database architecture offered by a cloud vendor. Which of the following best describes the security benefits of the single-tenant option? (Choose two.). Ease of backup and restoration. Increased geographic diversity. Full control and ability to customize. Most cost-effective. Low resilience to side-channel attacks. High degree of privacy.

A security administrator needs to implement a security solution that will: • Limit the attack surface in case of an incident. • Improve access control for external and internal network security. • Improve performance with less congestion on network traffic. Which of the following should the security administrator do?. Integrate threat intelligence feeds into the FIM. Configure SIEM dashboards to provide alerts and visualizations. Update firewall rules to match new IP addresses in use. Deploy DLP rules based on updated PII formatting.

A software developer has been tasked with creating a unique threat detection mechanism that is based on machine learning. The information system for which the tool is being developed is on a rapid CI/CD pipeline, and the tool developer is considered a supplier to the process. Which of the following presents the most risk to the development life cycle and to the ability to deliver the security tool on time?. Big Data processing required for maturity. Secure, multiparty computation requirements. Computing capabilities available to the developer. Deep learning language barriers.

An organization recently completed a security controls assessment. The results highlighted the following vulnerabilities: • Out-of-date definitions • Misconfigured operating systems • An inability to detect active attacks • Unimpeded access to critical servers’ USB ports Which of the following will most likely reduce the risks that were identified by the assessment team?. Install EDR on endpoints, configure group policy, lock server room doors, and install a camera system with guards watching 24/7. Update antivirus definitions, install NGFW with logging enabled, use USB port lockers, and run SCAP scans weekly. Implement a vulnerability management program and a SIEM tool with alerting, install a badge system with zones, and restrict privileged access. Create an information security program that addresses user training, perform weekly audits of user workstations, and utilize a centralized configuration management program.

A cyberanalyst for a government agency is concerned about how PII is protected. A supervisor indicates that a Privacy Impact Assessment must be done. Which of the following describes a function of a Privacy Impact Assessment?. To identify the network ports. To validate the project participants. To evaluate threat acceptance. To document residual risks.

A global financial firm wants to onboard a new vendor that sells a very specific SaaS application. The application is only hosted in the vendor's home country, and the firm cannot afford any significant downtime. Which of the following is the GREATEST risk to the firm, assuming the decision is made to work with the new vendor?. The application's performance will be different in regional offices. There are regulatory concerns with using SaaS applications. There is no geographical redundancy in case of network outages. The SaaS application will only be available to users in one country.

A security engineer is re-architecting a network environment that provides regional electric distribution services. During a pretransition baseline assessment, the engineer identified the following security-relevant characteristics of the environment: • Enterprise IT servers and supervisory industrial systems share the same subnet. • Supervisory controllers use the 750MHz band to direct a portion of fielded PLCs. • Command and telemetry messages from industrial control systems are unencrypted and unauthenticated. Which of the following re-architecture approaches would be best to reduce the company's risk?. Characterize safety-critical versus non-safety-critical systems, isolate safety-critical systems from other systems, and increase the directionality of RF links in the field. Segment supervisory controllers from field PLCs, disconnect the entire network from the internet, and use only the 750MHz link for controlling energy distribution services. Create a new network segment for enterprise IT servers, configure NGFW to enforce a well-defined segmentation policy, and implement a WIDS to monitor the spectrum. Implement a one-way guard between enterprise IT services and mission- critical systems, obfuscate legitimate RF signals by broadcasting noise, and implement modern protocols to authenticate ICS messages.

An IoT device implements an encryption module built within its SoC, where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware. Which of the following should the IoT manufacture do if the private key is compromised?. Manufacture a new IoT device with a redesigned SoC. Replace the public portion of the IoT key on its servers. Use over-the-air updates to replace the private key. Release a patch for the SoC software.

A company’s Chief Information Security Officer wants to prevent the company from being the target of ransomware. The company’s IT assets need to be protected. Which of the following are the MOST secure options to address these concerns? (Choose three.). Host-based firewall. IDS. Application contro. Strong authentication. NGFW. EDR. Antivirus. Sandboxing.