ERASED TEST, YOU MAY BE INTERESTED ON Casp+ F
COMMENTS | STATISTICS | RECORDS |
---|
TAKE THE TEST
Title of test:
Casp+ F Description: CompTIA CASP+ Author: TheShed Other tests from this author Creation Date: 22/09/2024 Category: Computers Number of questions: 90 |
Share the Test:
New Comment
No comments about this test.
Content:
Two companies that recently merged would like to unify application access between the companies, without initially merging internal authentication stores. Which of the following technical strategies would best meet this objective? Federation RADIUS TACACS+ MFA ABAC. A company has been the target of LDAP injections, as well as brute-force, whaling, and spear-phishing attacks. The company is concerned about ensuring continued system access. The company has already implemented a SSO system with strong passwords. Which of the following additional controls should the company deploy? Two-factor authentication Identity proofing Challenge questions Live identity verification. The results of an internal audit indicate several employees reused passwords that were previously included in a published list of compromised passwords. The company has the following employee password policy: Which of the following should be implemented to best address the password reuse issue? (Choose two.) Increase the minimum age to two days Increase the history to 20 Increase the character length to 12. Add case-sensitive requirements to character class. Decrease the maximum age to 30 days. Remove the complexity requirements Increase the maximum age to 120 days. A company recently deployed new servers to create an additional cluster to support a new application. The corporate security policy states that all new servers must be resilient. The new cluster has a high-availability configuration for a smooth failover. The failover was successful following a recent power outage, but both clusters lost critical data, which impacted recovery time. Which of the following needs to be configured to help ensure minimal delays when power outages occur in the future? Replication Caching Containerization Redudancy High availability. A company with customers in the United States and Europe wants to ensure its content is delivered to end users with low latency. Content includes both sensitive and public information. The company's data centers are located on the West Coast of the United States. Users on the East Coast of the United States and users in Europe are experiencing slow application response. Which of the following would allow the company to improve application response quickly? Installing reverse caching proxies in both data centers and implementing proxy autoscaling Using HTTPS to serve sensitive content and HTTP for public content Using colocation services in regions where the application response is slow Implementing a CDN and forcing all traffic through the CDN. A junior security researcher has identified a buffer overflow vulnerability leading to remote code execution in a former employer's software. The security researcher asks for the manager's advice on the vulnerability submission process. Which of the following is the best advice the current manager can provide the security researcher? Collect proof that the exploit works in order to expedite the process Publish proof-of-concept exploit code on a personal blog. Recommend legal consultation about the process. Visit a bug bounty website for the latest information. A company has identified a number of vulnerable, end-of-support systems with limited defensive capabilities. Which of the following would be the first step in reducing the attack surface in this environment? Utilizing hardening recommendations Deploying IPS/IDS throughout the environment Installing and updating antivirus Installing all available patches . A security administrator is setting up a virtualization solution that needs to run services from a single host. Each service should be the only one running in its environment. Each environment needs to have its own operating system as a base but share the kernel version and properties of the running host. Which of the following technologies would best meet these requirements? Containers Type 1 hypervisor Type 2 hypervisor Virtual desktop infrastructure Emulation. The primary advantage of an organization creating and maintaining a vendor risk registry is to: define the risk assessment methodology study a variety of risks and review the threat landscape. ensure that inventory of potential risk is maintained. ensure that all assets have low residual risk. A cloud security architect has been tasked with finding a solution for hardening VMs. The solution must meet the following requirements: • Data needs to be stored outside of the VMs. • No unauthorized modifications to the VMs are allowed. • If a change needs to be done, a new VM needs to be deployed. Which of the following is the best solution? Immutable system Data loss prevention Storage area network Baseline template. Which of the following security features do email signatures provide? Non-repudiation Body encryption Code signing Sender authentication Chain of custody. company management elects to cancel production. Which of the following risk strategies is the company using in this scenario? Avoidance Mitigation Rejection Acceptance. An organization has deployed a cloud-based application that provides virtual event services globally to clients. During a typical event, thousands of users access various entry pages within a short period of time. The entry pages include sponsor-related content that is relatively static and is pulled from a database. When the first major event occurs, users report poor response time on the entry pages. Which of the following features is the most appropriate for the company to implement? Horizontal scalability Vertical scalability Containerization Static code analysis Caching. A company has a website with a huge database. The company wants to ensure that a DR site could be brought online quickly in the event of a failover, and end users would miss no more than 30 minutes of data. Which of the following should the company do to meet these objectives? Build a content caching system at the DR site Store the nightly full backups at the DR site. Increase the network bandwidth to the DR site Implement real-time replication for the DR site. A senior cybersecurity engineer is solving a digital certificate issue in which the CA denied certificate issuance due to failed subject identity validation. At which of the following steps within the PKI enrollment process would the denial have occurred? RA OCSP CA ldP. An organization needs to classify its systems and data in accordance with external requirements. Which of the following roles is best qualified to perform this task? Systems administrator Data Owner Data processor Data custodian Data steward. A security engineer has learned that terminated employees' accounts are not being disabled. The termination dates are updated automatically in the human resources information system software by the appropriate human resources staff. Which of the following would best reduce risks to the organization? Exporting reports from the system on a weekly basis to disable terminated employees' accounts Granting permission to human resources staff to mark terminated employees' accounts as disabled Configuring allowed login times for all staff to only work during business hours Automating a process to disable the accounts by integrating Active Directory and human resources information systems. A company has data it would like to aggregate from its PLCs for data visualization and predictive maintenance purposes. Which of the following is the most likely destination for the tag data from the PLCs? External drive Cloud storage System aggregator Local historian. Company A is merging with Company B. Company A is a small, local company. Company B has a large, global presence. The two companies have a lot of duplication in their IT systems, processes, and procedures. On the new Chief Information Officer's (CIO's) first day, a fire breaks out at Company B's main data center. Which of the following actions should the CIO take first? Determine whether the incident response plan has been tested at both companies, and use it to respond. Review the incident response plans, and engage the disaster recovery plan while relying on the IT leaders from both companies. Ensure hot, warm, and mobile disaster recovery sites are available, and give an update to the companies' leadership teams. Initiate Company A's IT systems processes and procedures, assess the damage, and perform a BIA. A security analyst identified a vulnerable and deprecated runtime engine that is supporting a public-facing banking application. The developers anticipate the transition to modern development environments will take at least a month. Which of the following controls would best mitigate the risk without interrupting the service during the transition? Shutting down the systems until the code is ready Uninstalling the impacted runtime engine Selectively blocking traffic on the affected port Configuring IPS and WAF with signatures. A security architect is implementing a SOAR solution in an organization's cloud production environment to support detection capabilities. Which of the following will be the most likely benefit? Improved security operations center performance Automated firewall log collection tasks Optimized cloud resource utilization Increased risk visibility. A security administrator wants to enable a feature that would prevent a compromised encryption key from being used to decrypt all the VPN traffic. Which of the following should the security administrator use? Salsa20 cipher TLS-based VPN PKI-based IKE IPSec negotiation Perfect forward secrecy. A help desk analyst suddenly begins receiving numerous calls from remote employees who state they are unable to connect to the VPN. The employees indicate the VPN client software is warning about an expired certificate. The help desk analyst determines the VPN certificate is valid. Which of the following is the most likely cause of the issue? The certificate has been compromised and needs to be replaced. The VPN concentrator is running an old version of code and needs to be upgraded. The NTP settings on the VPN concentrator are incorrectly configured. The end users are using outdated VPN client software. A security analyst has been provided the following partial Snort IDS rule to review and add into the company's Snort IDS to identify a CVE: alert tcp any any -> SHOME_NET 3389 (flow:to_server,established; content:"MS_T120|00|"; fasc_pattern:only) Which of the following should the analyst recommend to mitigate this type of vulnerability? IPSec rules OS patching Two-factor authentication TCP wrappers. The information security manager at a 24-hour manufacturing facility is reviewing a contract for potential risks to the organization. The contract pertains to the support of printers and multifunction devices during non-standard business hours. Which of the following will the security manager most likely identify as a risk? Print configurations settings for locked print jobs The lack of an NDA with the company that supports its devices The lack of an MSA to govern other services provided by the service provider The lack of chain of custody for devices prior to deployment at the company. An organization's load balancers have reached end of life and have a vulnerability that will require them to be replaced. The load balancers are scheduled to be decommissioned within the next month. The management team has decided not to resolve this risk and instead allow the load balancers to remain in place until their decommission date. Which of the following risk handling techniques is the management team using? Avoid Mitigate Accept Transfer. A security analyst is reviewing a new IOC in which data is injected into an online process. The IOC shows the data injection could happen in the following ways: • Five numerical digits followed by a dash, followed by four numerical digits; or • Five numerical digits When one of these IOCs is identified. the online process stops working. Which of the following regular expressions should be implemented in the NIPS? ^\d{4}(-\d{5})?$ ^\d{5}(-\d{4})?$ ^\d{5-4}$ ^\d{9}$. Which of the following testing plans is used to discuss disaster recovery scenarios with representatives from multiple departments within an incident response team but without taking any invasive actions? Disaster recovery checklist Tabletop exercise Full interruption test Parallel test. Recently, two large engineering companies in the same line of business decided to approach cyberthreats in a united way. Which of the following best describes this unified approach? NDA ISA SLA MOU. Application owners are reporting performance issues with traffic using port 1433 from the cloud environment. A security administrator has various pcap files to analyze the data between the related source and destination servers. Which of the following tools should be used to help troubleshoot the issue? Fuzz testing Wireless vulnerability scan Exploit framework Password cracker Protocol analyzer. A risk assessment determined that company data was leaked to the general public during a migration. Which of the following best explains the root cause of this issue? Incomplete firewall rules between the CSP and on-premises infrastructure Insufficient logging of cloud activities to company SIEM Failure to implement full disk encryption to on-premises data storage Misconfiguration of access controls on cloud storage containers. Which of the following objectives best supports leveraging tabletop exercises in business continuity planning? Determine the optimal placement of hot/warm sites within the enterprise architecture. Create new processes for identified gaps in continuity planning. Establish new staff roles and responsibilities for continuity of operations Assess the effectiveness of documented processes against a realistic scenario. A security officer at an organization that makes and sells digital artwork must ensure the integrity of the artwork can be maintained. Which of the following are the best ways for the security officer to accomplish this task? (Choose two.) Hashing ECC IPSec Tokenization Watermarking Print blocking. A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. A single SSID and no guest access will be used. The customer facility is located in a crowded area of town. The customer has asked that the solution require low administrative overhead. Which of the following should the security consultant recommend? WPA3-Personal WPA2-TKIP WPA2-Enterprise WPA3-Enterprise. A software developer created an application for a large, multinational company. The company is concerned the program code could be reverse engineered by a foreign entity and intellectual property would be lost. Which of the following techniques should be used to prevent this situation? Obfuscation Code signing Watermarking Digital certificates. Which of the following best describes what happens if chain of custody is broken? Tracking record details are not properly labeled. Vital evidence could be deemed inadmissible. Evidence is not exhibited in the court of law. Evidence will need to be recollected. A security engineer investigates an incident and determines that a rogue device is on the network. Further investigation finds that an employee's personal device has been set up to access company resources and does not comply with standard security controls. Which of the following should the security engineer recommend to reduce the risk of future reoccurrence? Require device certificates to access company resources. Enable MFA at the organization's SSO portal. Encrypt all workstation hard drives Hide the company wireless SSID. The Chief Information Security Officer (CISO) is working with a new company and needs a legal document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign? SLA ISA Permissions and access Rules of engagement. A security analyst is reviewing suspicious emails that were forwarded by users. Which of the following is the best method for the analyst to use when reviewing attachments that came with these emails? Reverse engineering Protocol analysis Sandboxing Fuzz testing Steganography. A security engineer is trying to identify instances of a vulnerability in an internally developed line of business software. The software is hosted at the company's internal data center. Although a standard vulnerability definition does not exist, the identification and remediation results should be tracked in the company's vulnerability management system. Which of the following should the engineer use to identify this vulnerability? SIEM CASB SCAP OVAL. Add "Sensitive" data classification tags to all files that include matches to the payment card number format. Change the Filter action for Card_Data_Policy from Allow to Quarantine Add the Filter actions Block and Notify to the Confidential_Policy. Change the Filter action for all Attachment_Policy from Allow to Block. Change the Filter action for Personal_Email_Policy from Quarantine to Block. Configure the Monitor action to send automated alerts to the sender's immediate supervisor. Which of the following industrial protocols is most likely to be found in public utility applications, such as water or electric? CIP Zigbee Modbus DNP3. Following a Log4j outbreak, several network appliances were not managed and remained undetected despite an application inventory system being in place. Which of the following solutions should the security director recommend to best understand the composition of applications on unmanaged devices? Protocol analyzer Package monitoring Software bill of materials Fuzz testing. A commercial OSINT provider utilizes and reviews data from various sources of publicly available information. The provider is transitioning the subscription service to a model that limit's the scope of available data based on subscription tier. Which of the following approaches would best ensure subscribers are only granted access to data associated with their tier? (Choose two.) Storing collected data on separate physical media per tier Controlling access to data based on the role of users Employing attribute-based access control Implementing a behavior-based IDS positioned at the storage network gateway Establishing a classification and labeling scheme Implementing a mandatory access control scheme. A security engineer evaluates the overall security of a custom mobile gaming application and notices that developers are bringing in a large number of open-source packages without appropriate patch management. Which of the following would the engineer most likely recommend for uncovering known vulnerabilities in the packages? Leverage an exploitation framework to uncover vulnerabilities Use fuzz testing to uncover potential vulnerabilities in the application. Utilize a software composition analysis tool to report known vulnerabilities. Reverse engineer the application to look for vulnerable code paths. Analyze the use of an HTTP intercepting proxy to dynamically uncover issues. A company is rewriting a vulnerable application and adding the mprotect() system call in multiple parts of the application's code that was being leveraged by a recent exploitation tool. Which of the following should be enabled to ensure the application can leverage the new system call against similar attacks in the future? TPM Secure boot NX bit HSM. An incident response team completed recovery from offline backup for several workstations. The workstations were subjected to a ransomware attack after users fell victim to a spear-phishing campaign, despite a robust training program. Which of the following questions should be considered during the lessons-learned phase to most likely reduce the risk of reoccurrence? (Choose two.) Are there opportunities for legal recourse against the originators of the spear-phishing campaign? What internal and external stakeholders need to be notified of the breach? Which methods can be implemented to increase speed of offline backup recovery? What measurable user behaviors were exhibited that contributed to the compromise? Which technical controls, if implemented, would provide defense when user training fails? Which user roles are most often targeted by spear phishing attacks?. The following messages are displayed when a VPN client is attempting to connect to an OpenVPN server: OpenSSL: error: 140760FC:SSL routines: SSL23_GET_CLIENT_HELLO: unknown protocol' TLS_ERROR: BIO read tls_read_plaintext error' TLS_ERROR: TLS object->incoming plaintext read error' TLS_ERROR: TLS handshake failed' SIGUSR1 [soft, tls_error] received, client_instance restarting' Which of the following best explains the cause of these messages? The client is attempting to establish an unencrypted connection with the server The server is unreachable to the client and a connection cannot be established. The client is using LibreSSL libraries while the server is using OpenSSL libraries. A TLS version mismatch exists between the client and the server. An analyst determined that the current process for manually handling phishing attacks within the company is ineffective. The analyst is developing a new process to ensure phishing attempts are handled internally in an appropriate and timely manner. One of the analyst's requirements is that a blocklist be updated automatically when phishing attempts are identified. Which of the following would help satisfy this requirement? SOAR MSSP Containerization Virtualization MDR deploiment. A security analyst is conducting an investigation regarding a potential insider threat. An unauthorized USB device might have been used to exfiltrate proprietary data from a Linux system. Which of the following options would identify the IoCs and provide the appropriate response? Review the network logs and update the firewall rules. Review the operating system logs and update the DLP rules Review the vulnerability logs and update the IDS rules. Obtain the device ID using dmesg and update the portable storage inventory. A security engineer is implementing DLP. Which of the following should the security engineer include in the overall DLP strategy? Tokenization Network traffic analysis Data classification Multifactor authentication. Employees are receiving certificate errors when visiting secure internet websites. A help desk technician reviews a sample of the certificates from various external websites and determines that an internal certificate with the name of the company’s proxy is present in the middle of the certificate chain. The help desk technician escalates the issue to the security team. Which of the following should the security team do next to resolve this issue? Renew and redeploy the intermediate CA certificate. Contact the external websites about updating their certificates. Use Wireshark to analyze network traffic for potential malicious activities Add the affected websites to the proxy's allow list. A PKI engineer is defining certificate templates for an organization's CA and would like to ensure at least two of the possible SAN certificate extension fields populate for documentation purposes. Which of the following are explicit options within this extension? (Choose two.) Type Email OSCP responder Registration authority Common name DNS name . An organization needs to disable TLS 1.0 on a retail website. Which of the following best explains the reason for this action? Payment card industry compliance requires the change Digital certificates are dependent on a newer protocol. Most browser manufacturers are ending legacy support. The application software no longer supports TLS 1.0. A security review of the architecture for an application migration was recently completed. The following observations were made: • External inbound access is blocked. • A large amount of storage is available. • Memory and CPU usage are low. • The load balancer has only a single server assigned. • Multiple APIs are integrated. Which of the following needs to be addressed? Scalability Automation Availability Perfomance. A security technician is trying to connect a remote site to the central office over a site-to-site VPN. The technician has verified the source and destination IP addresses are correct, but the technician is unable to get the remote site to connect. The following error message keeps repeating: An error has occurred during Phase 1 handshake. Deleting keys and retrying... Which of the following is most likely the reason the connection is failing? The IKE hashing algorithm uses different key lengths on each VPN device The IPSec settings allow more than one cipher suite on both devices. The Diffie-Hellman group on both sides matches but is a legacy group. The remote VPN is attempting to connect with a protocol other than SSL/TLS. A company uses a CSP to provide a front end for its new payment system offering. The new offering is currently certified as PCI compliant. In order for the integrated solution to be compliant, the customer: must also be PCI compliant, because the risk is transferred to the provider still needs to perform its own PCI assessment of the provider's managed serverless service needs to perform a penetration test of the cloud provider's environment. must ensure in-scope systems for the new offering are also PCI compliant. A company would like to move its payment card data to a cloud provider. Which of the following solutions will best protect account numbers from unauthorized disclosure? Storing the data in an encoded file Implementing database encryption at rest Only storing tokenized card data Implementing data field masking. A recent batch of bug bounty findings indicates a systematic issue related to directory traversal. A security engineer needs to prevent flawed code from being deployed into production. Which of the following is the best mitigation strategy for the engineer? Setting up secure development training with a focus on filesystem access issues Implementing static code analysis testing into the CI/CD pipeline and blocking based on findings Using a software composition analysis tool to look for directory traversal issues in the application Developing a secure library for filesystem access and blocking builds that do not use the library Leveraging a dynamic application security testing tool to uncover issues related to directory traversal. A company recently migrated its critical web application to a cloud provider’s environment. As part of the company's risk management program, the company intends to conduct an external penetration test. According to the scope of work and the rules of engagement, the penetration tester will validate the web application's security and check for opportunities to expose sensitive company information in the newly migrated cloud environment. Which of the following should be the first consideration prior to engaging in the test? Prepare a redundant server to ensure the critical web application's availability during the test. Obtain agreement between the company and the cloud provider to conduct penetration testing. Ensure the latest patches and signatures are deployed on the web server Create an NDA between the external penetration tester and the company. A threat hunting team receives a report about possible APT activity in the network. Which of the following threat management frameworks should the team implement? NIST SP 800-53 MITRE ATT&CK OWASP The Diamond Model of Intrusion Analysis. A software development company needs to mitigate third-party risks to its software supply chain. Which of the following techniques should the company use in the development environment to best meet this objective? Performing software composition analysis Requiring multifactor authentication Establishing coding standards and monitoring for compliance Implementing a robust unit and regression-testing scheme. IoCs were missed during a recent security incident due to the reliance on a signature-based detection platform. A security engineer must recommend a solution that can be implemented to address this shortcoming. Which of the following would be the most appropriate recommendation? FIM SASE UEBA CSPM EAP. A common industrial protocol has the following characteristics: • Provides for no authentication/security • Is often implemented in a client/server relationship • Is implemented as either RTU or TCP/IP Which of the following is being described? Profinet Modbus Zigbee Z-Wave. After investigating a recent security incident, a SOC analyst is charged with creating a reference guide for the entire team to use. Which of the following should the analyst create to address future incidents? Root cause analysis Communication plan Runbook Lessons learned. A control systems analyst is reviewing the defensive posture of engineering workstations on the shop floor. Upon evaluation, the analyst makes the following observations: • Unsupported, end-of-life operating systems were still prevalent on the shop floor. • There are no security controls for systems with supported operating systems. • There is little uniformity of installed software among the workstations. Which of the following would have the greatest impact on the attack surface? Deploy antivirus software to all of the workstations. Increase the level of monitoring on the workstations. Utilize network-based allow and block lists. Harden all of the engineering workstations using a common strategy. An organization developed a containerized application. The organization wants to run the application in the cloud and automatically scale it based on demand. The security operations team would like to use container orchestration but does not want to assume patching responsibilities. Which of the following service models best meets these requirements? PaaS SaaS IaaS MaaS. An application engineer is using the Swagger framework to leverage REST APIs to authenticate endpoints. The engineer is receiving HTTP 403 responses. Which of the following should the engineer do to correct this issue? (Choose two.) Obtain a security token. Obtain a public key Leverage Kerberos for authentication Leverage OAuth for authentication Leverage LDAP for authentication. Obtain a hash value. A security analyst discovers a new device on the company's dedicated IoT subnet during the most recent vulnerability scan. The scan results show numerous open ports and insecure protocols in addition to default usernames and passwords. A camera needs to transmit video to the security server in the IoT subnet. Which of the following should the security analyst recommend to securely operate the camera? Harden the camera configuration. Send camera logs to the SIEM. Encrypt the camera's video stream. Place the camera on an isolated segment. A company's software developers have indicated that the security team takes too long to perform application security tasks. A security analyst plans to improve the situation by implementing security into the SDLC. The developers have the following requirements: 1. The solution must be able to initiate SQL injection and reflected XSS attacks. 2. The solution must ensure the application is not susceptible to memory leaks. Which of the following should be implemented to meet these requirements? (Choose two.) Side-channel analysis Protocol scanner HTTP interceptor DAST Fuzz testing SAST SCAP. To bring digital evidence in a court of law, the evidence must be: material tangible consistent conserved. A compliance officer is responsible for selecting the right governance framework to protect individuals' data. Which of the following is the appropriate framework for the company to consult when collecting international user data for the purpose of processing credit cards? ISO 27001 COPPA NIST 800-53 PCI DSS. Which of the following describes how a risk assessment is performed when an organization has a critical vendor that provides multiple products? At the individual product level Through the selection of a random product Using a third-party audit report By choosing a major product. An application security engineer is performing a vulnerability assessment against a new web application that uses SAML. The engineer wants to identify potential authentication issues within the application. Which of the following methods would be most appropriate for the engineer to perform? Fuzz testing Static analysis Side-channel analysis Dynamic analysis. A DNS forward lookup zone named comptia.org must: • Ensure the DNS is protected from on-path attacks. • Ensure zone transfers use mutual authentication and are authenticated and negotiated. Which of the following should the security architect configure to meet these requirements? (Choose two.) Public keys Conditional forwarders Root hints DNSSEC CNAME records SRV records. An accounting team member received a voicemail message from someone who sounded like the Chief Financial Officer (CFO). In the voicemail message, the caller requested a wire transfer to a bank account the organization had not used before. Which of the following best describes this type of attack? The attacker used deepfake technology to simulate the CFO's voice. The CFO tried to commit a form of embezzlement The attacker used caller ID spoofing to imitate the CFO's internal phone extension. The attacker successfully phished someone in the accounts payable department. A social media company wants to change encryption ciphers after identifying weaknesses in the implementation of the existing ciphers. The company needs the new ciphers to meet the following requirements: • Utilize less RAM than competing ciphers. • Be more CPU-efficient than previous ciphers. • Require customers to use TLS 1.3 while broadcasting video or audio. Which of the following is the best choice for the social media company? IDEA-CBC AES-GCM ChaCha20-Poly1305 Camellia-CBC. While performing mandatory monthly patch updates on a production application server, the security analyst reports an instance of buffer overflow for a new application that was migrated to the cloud and is also publicly exposed. Security policy requires that only internal users have access to the application. Which of the following should the analyst implement to mitigate the issues reported? (Choose two.) Configure firewall rules to block all external traffic. Enable input validation for all fields Enable automatic updates to be installed on all servers Configure the security group to enable external traffic. Set up a DLP policy to alert for exfiltration on all application servers. Enable nightly vulnerability scans. A company implements the following access control methodology based on the following data classifications:The Chief Information Security Officer (CISO) wants to implement an additional layer of access control based on the geographic location of theunderlying system that processes and stores data. The additional layer will be added to the existing access control system. Which of the followingcomponents must be implemented to achieve these goals? (Choose two.) Tagging Attribute-based access control Role-based access control Groups Tokenization Digital rights management. A security engineer is assessing a new tool to segment data and communications between domains. The assessment must determine how data transmission controls can be bypassed without detection. Which of the following techniques should the security engineer use? Machine-learning statistical analysis Fuzz testing Covert channel analysis Protocol analysis. An engineer has had scaling issues with a web application hosted on premises and would like to move to a serverless architecture. Which of the following cloud benefits would be best to utilize for this project? Cost savings for hosting Automation of resource provisioning Providing geo-redundant hosting Eliminating need to patch. Multiple users have reported that an internal website's status is listed as insecure because the TLS certificate has expired. Although a new certificate was generated, this issue has become a common occurrence throughout the year for multiple websites. Which of the following best prevents recurrence of this issue? OCSP responder Life-cycle management Wildcard certificates Certificate pinning. Following a successful exploitation of an RCE vulnerability during a penetration test, a systems administrator is performing remediation activities of the target system. Since the systems administrator was not involved in the planning process for the penetration test, a production server was inadvertently targeted and impacted by the actions of the penetration tester. Which of the following would be the most appropriate to reduce the impact of the penetration test in the future? Leverage a purple team approach to refine scope definition Exclude non-production systems from the penetration test. Implement a black-box approach for the penetration test. Include an intercepting proxy in the production environment. Rely on web application vulnerability scans instead of penetration testing. An organization is working to secure its development process to ensure developers cannot deploy artifacts directly into the production environment. Which of the following security practice recommendations would be the best to accomplish this objective? Implement least privilege access to all systems Roll out security awareness training for all users. Set up policies and systems with separation of duties. Enforce job rotations for all developers and administrators. Utilize mandatory vacations for all developers. Review all access to production systems on a quarterly basis. An organization handles sensitive information that must be displayed on call center technicians’ screens to verify the identities of remote callers. The technicians use three randomly selected fields of information to complete the identity verification process. Some of the fields contain PII that are unique identifiers for the remote callers. Which of the following should be implemented to identify remote callers while also reducing the risk that technicians could improperly use the identification information? Data masking Encryption Tokenization Scrubbing Substitution. Which of the following is the best reason for obtaining file hashes from a confiscated laptop? To prevent metadata tampering on each file To later validate the integrity of each file To generate unique identifiers for each file To preserve the chain of custody of files. During the development process, the team identifies major components that need to be rewritten. As a result, the company hires a security consultant to help address major process issues. Which of the following should the consultant recommend to best prevent these issues from reoccurring in the future? Implementing a static analysis tool within the CI/CD system Configuring a dynamic application security testing tool Performing software composition analysis on all third-party components Utilizing a risk-based threat modeling approach on new projects Setting up an interactive application security testing tool. A security manager discovers that a system's log files contain evidence of potential criminal activity. Which of the following actions should be done next? Power off all systems immediately to block any further actions. Perform a thorough investigation with law enforcement. Contact the user who appears in the log files Take a system snapshot to preserve any evidence. Reach out to the human resources department. Which of the following is the best reason to maintain visibility into vendor supply chains? To circumvent interdiction of shipments by nation-state actors To prevent clandestine tampering with components in transit To comply with import/export legal regulations To ensure the lowest possible price is quoted. A security analyst is investigating unapproved cloud services that are being used in the organization. Which of the following would best allow for discovery of shadow IT? Monitoring for sign-up emails of cloud services Centralizing WAF deployment in the data center Setting up a reverse proxy and web filtering software Performing attack surface analysis. |
Report abuse