option
Questions
ayuda
daypo
CREATE TEST
search.php

ERASED TEST, YOU MAY BE INTERESTED ON Casp+ E

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
Casp+ E

Description:
CompTIA CASP+

Author:
TheShed
Other tests from this author

Creation Date: 20/09/2024

Category: Computers

Number of questions: 90
Share the Test:
New CommentNuevo Comentario
No comments about this test.
Content:
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed. Data on this network must be protected at the same level of each clearance holder. The need to know must be verified by the data owner. Which of the following should the security officer do to meet these requirements? Create a rule to authorize personnel only from certain IPs to access the files Assign labels to the files and require formal access authorization. Assign attributes to each file and allow authorized users to share the files Assign roles to users and authorize access to files based on the roles.
A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires: • All remote devices to have up-to-date antivirus • A HIDS • An up-to-date and patched OS Which of the following technologies should the company deploy to meet its security objectives? (Choose two.) NAC WAF NIDS Reverse proxy NGFW Bastion host.
A consultant needs access to a customer's cloud environment. The customer wants to enforce the following engagement requirements: • All customer data must remain under the control of the customer at all times. • Third-party access to the customer environment must be controlled by the customer. • Authentication credentials and access control must be under the customer's control. Which of the following should the consultant do to ensure all customer requirements are satisfied when accessing the cloud environment? Use the customer's SSO with read-only credentials and share data using the customer's provisioned secure network storage. Use the customer-provided VDI solution to perform work on the customer's environment. Provide code snippets to the customer and have the customer run code and securely deliver its output. Request API credentials from the customer and only use API calls to access the customer's environment.
A small software company deployed a new web application after a network security scan found no vulnerabilities. A customer using this application reported malicious activity believed to be associated with the application. During an investigation, the company discovered that the customer closed the browser tab and connected to another application, using the same credentials on both platforms. Which of the following detection methods should the software company implement before deploying the next version? Multifactor authentication Static application code scanning Stronger password policy A SIEM.
A systems administrator confirms that the company's remote server is providing the following list of preferred ciphers: • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) • TLS_RSA_WITH_RC4_128_SHA (0x5) • TLS_RSA_WITH_RC4_128_MD5 (0x4) Nevertheless, when the systems administrator's browser connects to the server, it negotiates TLS_RSA_WITH_RC4_128_MD5 (0x4), while all other employees' browsers negotiate TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030). Which of the following describes a potential attack to the systems administrator's browser? A cipher mismatch Key rotation A downgrade attack A compromised key Rekeying.
The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the ICS network. A controller was restarted as part of the troubleshooting process, and the following issue was identified when the controller was restarted: SECURE BOOT FAILED: FIRMWARE MISMATCH EXPECTED 0xFDC479 ACTUAL 0x79F31B During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum. Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique? Evasion Persistence Collection Lateral movement.
The Chief Information Security Officer is concerned about the possibility of employees downloading malicious files from the internet and opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk? Integrate the web proxy with threat intelligence feeds Scan all downloads using an antivirus engine on the web proxy. Block known malware sites on the web proxy Execute the files in the sandbox on the web proxy.
An internal security assessor identified large gaps in a company’s IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating? Due care Due diligence Due process Due notice.
An organization offers SaaS services through a public email and storage provider. To facilitate password resets, a simple online system is set up. During a routine check of the storage each month, a significant increase in use of storage can be seen. Which of the following techniques would remediate the attack? Including input sanitization to the logon page Configuring an account lockout policy Implementing a new password reset system Adding MFA to all accounts.
A security engineer has recently become aware of a Java application that processes critical information in real time on the company's network. The Java application was scanned with SAST prior to deployment, and all vulnerabilities have been mitigated. However, some known issues within the Java runtime environment cannot be resolved. Which of the following should the security engineer recommend to the developer in order to mitigate the issue with the LEAST amount of downtime? Perform software composition analysis on libraries from third parties. Run the application in a sandbox and perform penetration tests Rewrite and compile the application in C++ and then reinstall it Embed the current application into a virtual machine that runs on dedicated hardware.
After installing an unapproved application on a personal device, a Chief Executive Officer reported an incident to a security analyst. This device is not controlled by the MDM solution, as stated in the BVOD policy. However, the device contained critical confidential information. The cyber incident response team performed the analysis on the device and found the following log: Wed 12 Dec 2020 10:00:03 Unknown sources is now enabled on this device. Which of the following is the MOST likely reason for the successful attack? Lack of MDM controls Auto-join hotspots enabled Sideloading Lack of application segmentation.
An organization has an operational requirement with a specific equipment vendor. The organization is located in the United States, but the vendor is located in another region. Which of the following risks would be MOST concerning to the organization in the event of equipment failure? Support may not be available during all business hours The organization requires authorized vendor specialists Each region has different regulatory frameworks to follow Shipping delays could cost the organization money.
A new requirement for legislators has forced a government security team to develop a validation process to verify the integrity of a downloaded file and the sender of the file. Which of the following is the BEST way for the security team to comply with this requirement? Digital signature Message hash Message digest Message authentication code.
A MSSP has taken on a large client that has government compliance requirements. Due to the sensitive nature of communications to its aerospace partners, the MSSP must ensure that all communications to and from the client web portal are secured by industry-standard asymmetric encryption methods. Which of the following should the MSSP configure to BEST meet this objective? ChaCha20 RSA AES256 RIPEMD.
Signed applications reduce risks by: encrypting the application’s data on the device requiring the developer to use code-level hardening techniques providing assurance that the application is using unmodified source code costing the developer money to publish, which reduces the likelihood of malicious intent.
A security engineer is assessing a legacy server and needs to determine if FTP is running and on which port. The service cannot be turned off, as it would impact a critical application's ability to function. Which of the following commands would provide the information necessary to create a firewall rule to prevent that service from being exploited? service –-status-all | grep ftpd chkconfig –-list netstat –tulpn systemctl list-unit-file –-type service ftpd service ftpd status.
A security assessor identified an internet-facing web service API provider that was deemed vulnerable. Execution of testssl provided the following insight: Which of the following configuration changes would BEST mitigate chosen ciphertext attacks? Enable 3DES ciphers IDEA. Enable export ciphers. Enable PFS ciphers Enable AEAD.
A company underwent an audit in which the following issues were enumerated: • Insufficient security controls for internet-facing services, such as VPN and extranet • Weak password policies governing external access for third-party vendors Which of the following strategies would help mitigate the risks of unauthorized access? 2FA RADIUS Federation OTP.
A company recently implemented a CI/CD pipeline and is now concerned with the current state of its software development processes. The company wants to augment its CI/CD pipeline with a solution to: • Prevent code configuration drifts. • Ensure coding standards are followed. Which of the following should the company implement to address these concerns? (Choose two.) Code signing Fuzzers Dynamic code analysis Manual approval processes Linters Regression testing.
A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier in the development process in order to reduce the average time to identify serverless application vulnerabilities and the costs associated with remediation. The startup began its early security testing efforts with DAST to cover public-facing application components and recently implemented a bug bounty program. Which of the following will BEST accomplish the company’s objectives? RASP SAST WAF CMS.
A security manager has written an incident response play book for insider attacks and is ready to begin testing it. Which of the following should the manager conduct to test the playbook? Automated vulnerability scanning Centralized logging, data analytics, and visualization Threat hunting Threat emulation.
A company wants to improve the security of its web applications that are running on in-house servers. A risk assessment has been performed, and the following capabilities are desired: • Terminate SSL connections at a central location • Manage both authentication and authorization for incoming and outgoing web service calls • Advertise the web service API • Implement DLP and anti-malware features Which of the following technologies will be the BEST option? WAF XML gateway ESB gateway API gateway.
A bank hired a security architect to improve its security measures against the latest threats. The solution must meet the following requirements: • Recognize and block fake websites. • Decrypt and scan encrypted traffic on standard and non-standard ports. • Use multiple engines for detection and prevention. • Have central reporting. Which of the following is the BEST solution the security architect can propose? CASB Web filtering NGFW EDR.
An organization is running its e-commerce site in the cloud. The capacity is sufficient to meet the organization's needs throughout most of the year, except during the holidays when the organization plans to introduce a new line of products and expects an increase in traffic The organization is not sure how well its products will be received. To address this issue, the organization needs to ensure that: • System capacity is optimized. • Cost is reduced Which of the following should be implemented to address these requirements? (Choose two.) Containerization Load balancer Microsegmentation Autoscaling -WAF CDN.
A mobile administrator is reviewing the following mobile device DHCP logs to ensure the proper mobile settings are applied to managed devices: Which of the following mobile configuration settings is the mobile administrator verifying? Service set identifier authentication Wireless network auto joining 802.1X with mutual authentication Association MAC address randomization.
A company recently deployed a SIEM and began importing logs from a firewall, a file server, a domain controller, a web server, and a laptop. A security analyst receives a series of SIEM alerts and prepares to respond. The following is the alert information: Which of the following should the security analyst do FIRST? Disable Administrator on abc-usa-fs1; the local account is compromised. Shut down the abc-usa-fs1 server; a plaintext credential is being used Disable the jdoe account; it is likely compromised. Shut down abc-usa-fw01; the remote access VPN vulnerability is exploited.
A web service provider has just taken on a very large contract that comes with requirements that are currently not being implemented. In order to meet contractual requirements, the company must achieve the following thresholds: • 99.99% uptime • Load time in 3 seconds • Response time = <1.0 seconds Starting with the computing environment, which of the following should a security engineer recommend to BEST meet the requirements? (Choose three.) Installing a firewall at corporate headquarters Deploying a content delivery network Implementing server clusters Employing bare-metal loading of applications Lowering storage input/output Implementing RAID on the backup servers Utilizing redundant power for all developer workstations Ensuring technological diversity on critical servers.
A security architect is designing a solution for a new customer who requires significant security capabilities in its environment. The customer has provided the architect with the following set of requirements: • Capable of early detection of advanced persistent threats. • Must be transparent to users and cause no performance degradation. • Allow integration with production and development networks seamlessly. • Enable the security team to hunt and investigate live exploitation techniques. Which of the following technologies BEST meets the customer's requirements for security capabilities? Threat Intelligence Deception software Centralized logging Sandbox detonation.
A global financial firm wants to onboard a new vendor that sells a very specific SaaS application. The application is only hosted in the vendor's home country, and the firm cannot afford any significant downtime. Which of the following is the GREATEST risk to the firm, assuming the decision is made to work with the new vendor? The application's performance will be different in regional offices There are regulatory concerns with using SaaS applications The SaaS application will only be available to users in one country There is no geographical redundancy in case of network outages.
A company is experiencing a large number of attempted network-based attacks against its online store. To determine the best course of action, a security analyst reviews the following logs. Which of the following should the company do NEXT to mitigate the risk of a compromise from these attacks? Restrict HTTP methods Perform parameterized queries Implement input sanitization Validate content types.
An organization must implement controls that are aligned with its financial requirements; specifically, the organization is looking to implement the following: • Financial transactions that require one reviewer • Audits of funds disbursements • Cross-training of employees Which of the following controls will address the organization's requirements? Change management Job rotation Least privilege Separation of duties.
A company recently migrated all its workloads to the cloud and implemented a transit VPC with a managed firewall. The cloud infrastructure implements a 10.0.0.0/16 network, and the firewall implements the following ACLs: The Chief Information Security Officer wants to monitor relevant traffic for signs of data exfiltration. Which of the following should the organization place in its monitoring tool to BEST detect data exfiltration while reducing log size and the time to search logs? FROM UDP 10.0.0.0/16 ANY TO 0.0.0.0/0 ANY FROM TCP 10.0.0.0/16 80,443 TO 0.0.0.0/0 ANY FROM TCP 0.0.0.0/0 ANY TO 10.0.0.0/16 80,443,22 FROM IP 10.0.0.0/16 ANY TO 0.0.0.0/0 ANY FROM IP 0.0.0.0/0 ANY TO TCP 0.0.0.0/0 ANY FROM UDP 0.0.0.0/0 ANY TO 0.0.0.0/0 ANY.
A security analyst is reviewing the data portion acquired from the following command: tcpdump -lnvi icmp and src net 192.168.1.0/24 and dst net 0.0.0.0/0 -w output.pcap The data portion of the packet capture shows the following: The analyst suspects that a data exfiltration attack is occurring using a pattern in which the last five digits are encoding sensitive information. Which of the following technologies and associated rules should the analyst implement to stop this specific attack? (Choose two.) Intrusion prevention system Data loss prevention sed -e 's/a-z.*0-9.*//g' reject icmp any any <> any any (msg:"alert"; regex [a-z]{26}[0-9]{5}) Second-generation firewall drop icmp from 192.168.1.0/24 to 0.0.0.0/0.
The Chief Security Officer (CSO) requested the security team implement technical controls that meet the following requirements: • Monitors traffic to and from both local NAS and cloud-based file repositories • Prevents on-site staff who are accessing sensitive customer PII documents on file repositories from accidentally or deliberately sharing sensitive documents on personal SaaS solutions • Uses document attributes to reduce false positives • Is agentless and not installed on staff desktops or laptops Which of the following when installed and configured would BEST meet the CSO’s requirements? (Choose two.) DLP NFFW UTM UEBA CASB HIPS.
A small bank is evaluating different methods to address and resolve the following requirements: • Must be able to store credit card data using the smallest amount of data possible. • Must be compliant with PCI DSS. • Must maintain confidentiality if one piece of the layer is compromised. Which of the following is the BEST solution for the bank? Scrubbing Tokenization Masking Homomorphic encryption.
When implementing serverless computing, an organization must still account for: the underlying computing network infrastructure hardware compatibility the security of its data. patching the service.
A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites. Which of the following would BEST support multiple domain names while minimizing the amount of certificates needed? OCSP CRL SAN CA.
An IT department is currently working to implement an enterprise DLP solution. Due diligence and best practices must be followed in regard to mitigating risk. Which of the following ensures that authorized modifications are well planned and executed? Risk management Network management Configuration management Change management.
A company’s Chief Information Security Officer wants to prevent the company from being the target of ransomware. The company’s IT assets need to be protected. Which of the following are the MOST secure options to address these concerns? (Choose three.) Antivirus EDR Sandboxing Application contro Host-based firewall IDS NGFW Strong authentication.
A security analyst has been tasked with assessing a new API. The analyst needs to be able to test for a variety of different inputs, both malicious and benign, in order to close any vulnerabilities. Which of the following should the analyst use to achieve this goal? Static analysis Input validation Fuzz testing Post-exploitation.
An online video shows a company’s Chief Executive Officer (CEO) making a company announcement. The CEO, however, did not make the announcement. Which of the following BEST describes this attack? Identity theft Deepfake Website defacement Social engineering.
A security engineer needs to implement a cost-effective authentication scheme for a new web-based application that requires: • Rapid authentication • Flexible authorization • Ease of deployment • Low cost but high functionality Which of the following approaches best meets these objectives? Kerberos EAP SAML OAuth TACACS+.
Which of the following technologies would benefit the most from the use of biometric readers, proximity badge entry systems, and the use of hardware security tokens to access various environments and data entry systems? Deep learning Machine learning Nanotechnology Passwordless authentication Biometric impersonation.
A hospital has fallen behind with patching known vulnerabilities due to concerns that patches may cause disruptions in the availability of data and impact patient care. The hospital does not have a tracking solution in place to audit whether systems have been updated or to track the length of time between notification of the weakness and patch completion. Since tracking is not in place, the hospital lacks accountability with regard to who is responsible for these activities and the timeline of patching efforts. Which of the following should the hospital do first to mitigate this risk? Complete a vulnerability analysis Obtain guidance from the health ISAC Purchase a ticketing system for auditing efforts Ensure CVEs are current Train administrators on why patching is important.
The Chief Executive Officer of an online retailer notices a sudden drop in sales. A security analyst at the retailer detects a redirection of unsecure web traffic to a competitor’s site. Which of the following would best prevent this type of attack? Enabling HSTS Configuring certificate pinning Enforcing DNSSEC Deploying certificate stapling.
A security administrator is trying to securely provide public access to specific data from a web application. Clients who want to access the application will be required to: • Only allow the POST and GET options. • Transmit all data secured with TLS 1.2 or greater. • Use specific URLs to access each type of data that is requested. • Authenticate with a bearer token. Which of the following should the security administrator recommend to meet these requirements? API gateway Application load balancer Web application firewall Reverse proxy.
An organization established an agreement with a partner company for specialized help desk services. A senior security officer within the organization is tasked with providing documentation required to set up a dedicated VPN between the two entities. Which of the following should be required? SLA ISA NDA MOU.
During a network defense engagement, a red team is able to edit the following registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Which of the following tools is the red team using to perform this action? PowerShell SCAP scanner Network vulnerability scanner Fuzzer.
An IoT device implements an encryption module built within its SoC, where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware. Which of the following should the IoT manufacture do if the private key is compromised? Use over-the-air updates to replace the private key Manufacture a new IoT device with a redesigned SoC Replace the public portion of the IoT key on its servers. Release a patch for the SoC software.
Which of the following is record-level encryption commonly used to do? Protect database fields. Protect individual files Encrypt individual packets. Encrypt the master boot record.
An ISP is receiving reports from a portion of its customers who state that typosquatting is occurring when they type in a portion of the URL for the ISP’s website. The reports state that customers are being directed to an advertisement website that is asking for personal information. The security team has verified the DNS system is returning proper results and has no known IOCs. Which of the following should the security team implement to best mitigate this situation? DNSSEC DNS filtering Multifactor authentication Self-signed certificates Revocation of compromised certificates.
A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are: • www.mycompany.org • www.mycompany.com • campus.mycompany.com • wiki.mycompany.org The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the best solution? Purchase one SAN certificate Implement self-signed certificates Purchase one certificate for each website. Purchase one wildcard certificate.
A partner organization is requesting that a security administrator exchange S/MIME certificates for email between the two organizations. The partner organization is most likely trying to: utilize digital signatures to ensure data integrity reduce the amount of impersonation spam the organization receives enable a more decentralized IT infrastructure eliminate the organization’s business email compromise risks.
The general counsel at an organization has received written notice of upcoming litigation. The general counsel has issued a legal records hold. Which of the following actions should the organization take to comply with the request? Preserve all communication matching the requested search terms. Block communication with the customer while litigation is ongoing Require employees to be trained on legal record holds. Request that all users do not delete any files.
An organization recently completed a security controls assessment. The results highlighted the following vulnerabilities: • Out-of-date definitions • Misconfigured operating systems • An inability to detect active attacks • Unimpeded access to critical servers’ USB ports Which of the following will most likely reduce the risks that were identified by the assessment team? Install EDR on endpoints, configure group policy, lock server room doors, and install a camera system with guards watching 24/7. Create an information security program that addresses user training, perform weekly audits of user workstations, and utilize a centralized configuration management program Update antivirus definitions, install NGFW with logging enabled, use USB port lockers, and run SCAP scans weekly Implement a vulnerability management program and a SIEM tool with alerting, install a badge system with zones, and restrict privileged access.
A penetration tester discovers a condition that causes unexpected behavior in a web application. This results in the dump of the interpreter's debugging information, which includes the interpreter’s version, full path of binary files, and the user ID running the process. Which of the following actions would best mitigate this risk? Include routines in the application for message handling. Adopt a compiled programming language instead. Perform SAST vulnerability scans on every build. Validate user-generated input.
A company with multiple locations has taken a cloud-only approach to its infrastructure. The company does not have standard vendors or systems, resulting in a mix of various solutions put in place by each location. The Chief Information Security Officer wants to ensure that the internal security team has visibility into all platforms. Which of the following best meets this objective? Security information and event management Cloud security posture management SNMPv2 monitoring and log aggregation Managed detection and response services from a third party.
A cyberanalyst for a government agency is concerned about how PII is protected. A supervisor indicates that a Privacy Impact Assessment must be done. Which of the following describes a function of a Privacy Impact Assessment? To validate the project participants To identify the network ports To document residual risks To evaluate threat acceptance.
A Chief Information Security Officer (CISO) reviewed data from a cyber exercise that examined all aspects of the company’s response plan. Which of the following best describes what the CISO reviewed? An after-action report A tabletop exercise A system security plan A disaster recovery plan.
A pharmaceutical company uses a cloud provider to host thousands of independent resources in object storage. The company needs a practical and effective means of discovering data, monitoring changes, and identifying suspicious activity. Which of the following would best meet these requirements? A machine-learning-based data security service A file integrity monitoring service A cloud configuration assessment and compliance service A cloud access security broker.
A multinational organization was hacked, and the incident response team’s timely action prevented a major disaster. Following the event, the team created an after action report. Which of the following is the primary goal of an after action review? To gather evidence for subsequent legal action To determine the identity of the attacker To identify ways to improve the response process To create a plan of action and milestones.
A security engineer needs to select the architecture for a cloud database that will protect an organization’s sensitive data. The engineer has a choice between a single-tenant or a multitenant database architecture offered by a cloud vendor. Which of the following best describes the security benefits of the single-tenant option? (Choose two.) Most cost-effective Ease of backup and restoration High degree of privacy Low resilience to side-channel attacks Full control and ability to customize Increased geographic diversity.
A security engineer at a manufacturing facility is trying to determine whether any of the OT devices are susceptible to a recently announced vulnerability. Which of the following is the best way for the engineer to detect exploitable vulnerabilities? Utilize a passive vulnerability scanner on the network Compare deployed equipment to the CVE disclosure Perform threat hunting on the OT segment Review software inventory for vulnerable versions.
A security administrator needs to implement a security solution that will: • Limit the attack surface in case of an incident. • Improve access control for external and internal network security. • Improve performance with less congestion on network traffic. Which of the following should the security administrator do? Integrate threat intelligence feeds into the FIM Update firewall rules to match new IP addresses in use Configure SIEM dashboards to provide alerts and visualizations Deploy DLP rules based on updated PII formatting.
A security team performed an external attack surface analysis and discovered the following issues on a group of application servers: • The majority of the systems have end-of-life operating systems. • The latest patches that are available are over two years old. • The systems are considered mission critical for client support. • The proprietary software running on the systems is not compatible with newer versions of the operating system. • Server outages would negatively affect quarterly revenue projections. Which of the following would allow the security team to immediately mitigate the risks inherent to this situation? Implement a WAF between the application servers and the external perimeter Contact the vendor for the proprietary software and negotiate a new maintenance contract Document the application servers as being end of life and define a target date for decommission Isolate the servers from the internet and configure an internal ACL, only allowing to authorized employees.
In a situation, where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response? Risk transfer Risk mitigation Risk acceptance Risk avoidance.
A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce. The security architect's key objectives are to: • Maintain customer trust • Minimize data leakage • Ensure non-repudiation Which of the following would be the best set of recommendations from the security architect? Enable the user authentication requirement, enable end-to-end encryption, and enable waiting rooms. Disable file exchange, enable watermarking, and enable the user authentication requirement. Enable end-to-end encryption, disable video recording, and disable file exchange Enable watermarking, enable the user authentication requirement, and disable video recording.
Based on a recent security audit, a company discovered the perimeter strategy is inadequate for its recent growth. To address this issue, the company is looking for a solution that includes the following requirements: • Collapse of multiple network security technologies into a single footprint • Support for multiple VPNs with different security contexts • Support for application layer security (Layer 7 of the OSI Model) Which of the following technologies would be the most appropriate solution given these requirements? NAT gateway Reverse proxy NGFW NIDS.
Which of the following is a risk associated with SDN? Expanded attack surface Increased hardware management cots Reduced visibility of scaling capabilities New firmware vulnerabilities.
A security analyst received a report that a suspicious flash drive was picked up in the office's waiting area, located beyond the secured door. The analyst investigated the drive and found malware designed to harvest and transmit credentials. Security cameras in the area where the flash drive was discovered showed a vendor representative dropping the drive. Which of the following should the analyst recommend as an additional way to identify anyone who enters the building, in the event the camera system fails? Employee badge logs Phone call log Vehicle registration logs Visitor logs.
An IT director is working on a solution to meet the challenge of remotely managing laptop devices and securely locking them down. The solution must meet the following requirements: • Cut down on patch management. • Make use of standard configurations. • Allow for custom resource configurations. • Provide access to the enterprise system from multiple types of devices. MDM Emulator Hosted hypervisor VDI.
A software developer has been tasked with creating a unique threat detection mechanism that is based on machine learning. The information system for which the tool is being developed is on a rapid CI/CD pipeline, and the tool developer is considered a supplier to the process. Which of the following presents the most risk to the development life cycle and to the ability to deliver the security tool on time? Deep learning language barriers Big Data processing required for maturity Secure, multiparty computation requirements Computing capabilities available to the developer.
Which of the following should be established when configuring a mobile device to protect user internet privacy, to ensure the connection is encrypted, and to keep user activity hidden? (Choose two.) Proxy Tunneling VDI MDM RDP Containerization.
A security team is concerned with attacks that are taking advantage of return-oriented programming against the company's public-facing applications. Which of the following should the company implement on the public-facing servers? IDS ASLR TPM HSM.
A financial institution generates a list of newly created accounts and sensitive information on a daily basis. The financial institution then sends out a file containing thousands of lines of data. Which of the following would be the best way to reduce the risk of a malicious insider making changes to the file that could go undetected? Write a SIEM rule that generates a critical alert when files are created on the application server Implement a FIM that automatically generates alerts when the file is accessed by IP addresses that are not associated with the application. Create a script that compares the size of the file on an hourly basis and generates alerts when changes are identified. Tune the rules on the host-based IDS for the application server to trigger automated alerts when the application server is accessed from the internet.
A security architect examines a section of code and discovers the following: char username[20] char password[20] gets(username) checkUserExists(username) Which of the following changes should the security architect require before approving the code for release? Allow only alphanumeric characters for the username Make the password variable longer to support more secure passwords. Prevent more than 20 characters from being entered. Add a password parameter to the checkUserExists function.
A Chief Information Security Officer is concerned about the condition of the code security being used for web applications. It is important to get the review right the first time, and the company is willing to use a tool that will allow developers to validate code as it is written. Which of the following methods should the company use? SAST DAST Fuzz testing Intercepting proxy.
The IT team suggests the company would save money by using self-signed certificates, but the security team indicates the company must use digitally signed third-party certificates. Which of the following is a valid reason to pursue the security team's recommendation? PKCS #10 is still preferred over PKCS #12. Private-key CSR signage prevents on-path interception There is more control in using a local certificate over a third-party certificate. There is minimal benefit in using a certificate revocation list.
Which of the following is a security concern for DNP3? Free-form messages require support. Available function codes are not standardized. Authentication is not allocated. It is an open source protocol.
A security team is creating tickets to track the progress of remediation. Which of the following is used to specify the due dates for high- and critical-priority findings? MSA SLA ISA MOU.
Before launching a new web application, an organization would like to perform security testing. Which of the following resources should the organization use to determine the objectives for the test? CASB SOAR OWASP ISAC.
A Chief Information Security Officer (CISO) received a call from the Chief Executive Officer (CEO) about a data breach from the SOC lead around 9:00 a.m. At 10:00 a.m. The CEO informs the CISO that a breach of the firm is being reported on national news. Upon investigation, it is determined that a network administrator has reached out to a vendor prior to the breach for information on a security patch that failed to be installed. Which of the following should the CISO do to prevent this from happening again? Properly triage events based on brand imaging and ensure the CEO is on the call roster. Create an effective communication plan and socialize it with all employees. Send out a press release denying the breach until more information can be obtained. Implement a more robust vulnerability identification process.
An internal security audit determines that Telnet is currently being used within the environment to manage network switches. Which of the following tools should be utilized to identify credentials in plaintext that are used to log in to these devices? Fuzzer Network traffic analyzer HTTP interceptor Port Scanner Password cracker.
Which of the following provides the best solution for organizations that want to securely back up the MFA seeds for its employees in a central, offline location with minimal management overhead? Key escrow service Secrets management Encrypted database Hardware security module.
A senior security analyst is helping the development team improve the security of an application that is being developed. The developers use third-party libraries and applications. The software in development used old, third-party packages that were not replaced before market distribution. Which of the following should be implemented into the SDLC to resolve the issue? Software composition analysis A SCAP scanner A SAST A DAST.
A security researcher identified the following messages while testing a web application: /file/admin/myprofile.php ERROR file does not exist. /file/admin/userinfo.php ERROR file does not exist. /file/admin/adminprofile.php ERROR file does not exist. /file/admin/admininfo.php ERROR file does not exist. /file/admin/universalprofile.php ERROR file does not exist. /file/admin/universalinfo.php ERROR file does not exist. /file/admin/restrictedprofile.php ACCESS is denied. /file/admin/restrictedinfo.php ERROR file does not exist. Which of the following should the researcher recommend to remediate the issue? Software composition analysis Packet inspection Proper error handling Elimination of the use of unsafe functions.
A company with only U.S.-based customers wants to allow developers from another country to work on the company's website. However, the company plans to block normal internet traffic from the other country. Which of the following strategies should the company use to accomplish this objective? (Choose two.) Block foreign IP addresses from accessing the website. Have the developers use the company's VPN. Implement a WAF for the website Give the developers access to a jump box on the network Employ a reverse proxy for the developers. Use NAT to enable access for the developers.
A security engineer is re-architecting a network environment that provides regional electric distribution services. During a pretransition baseline assessment, the engineer identified the following security-relevant characteristics of the environment: • Enterprise IT servers and supervisory industrial systems share the same subnet. • Supervisory controllers use the 750MHz band to direct a portion of fielded PLCs. • Command and telemetry messages from industrial control systems are unencrypted and unauthenticated. Which of the following re-architecture approaches would be best to reduce the company's risk? Implement a one-way guard between enterprise IT services and mission-critical systems, obfuscate legitimate RF signals by broadcasting noise, and implement modern protocols to authenticate ICS messages. Characterize safety-critical versus non-safety-critical systems, isolate safety-critical systems from other systems, and increase the directionality of RF links in the field. Create a new network segment for enterprise IT servers, configure NGFW to enforce a well-defined segmentation policy, and implement a WIDS to monitor the spectrum. Segment supervisory controllers from field PLCs, disconnect the entire network from the internet, and use only the 750MHz link for controlling energy distribution services.
A security architect is reviewing the following organizational specifications for a new application: • Be sessionless and API-based • Accept uploaded documents with PII, so all storage must be ephemeral • Be able to scale on-demand across multiple nodes • Restrict all network access except for the TLS port Which of the following ways should the architect recommend the application be deployed in order to meet security and organizational infrastructure requirements? Utilizing the cloud container service On server instances with autoscaling groups Using scripted delivery With a content delivery network.
A security analyst is participating in a risk assessment and is helping to calculate the exposure factor associated with various systems and processes within the organization. Which of the following resources would be most useful to calculate the exposure factor in this scenario? Gap analysis Business impact analysis Risk register Information security policy Lessons learned.
Report abuse