CASP Missed questions

A security engineer evaluates the overall security of a custom mobile gaming application and notices that developers are bringing in a large number of open-source packages without appropriate patch management. Which of the following would the engineer most likely recommend for uncovering known vulnerabilities in the packages?. Use fuzz testing to uncover potential vulnerabilities in the application. Reverse engineer the application to look for vulnerable code paths. Leverage an exploitation framework to uncover vulnerabilities. Utilize a software composition analysis tool to report known vulnerabilities. Analyze the use of a HTTP intercepting proxy to dynamically uncover issues.

A risk assessment determined that company data was leaked to the general public during a migration. Which of the following best explains the root cause of this issue?. Incomplete firewall rules between the CSP and on-premise infrastructure. Misconfiguration of access controls on cloud storage containers. Failure to implement full disk encryption to on-premises data storage. Insufficient logging of cloud activities to company SIEM.

A security analyst is conducting an investigation regarding a potential insider threat. An unauthorized USB device might have been used to exfiltrate proprietary data from a Linux system. Which of the following options would identify the IoCs and provide the appropriate response?. Review the network logs and update the firewall rules. Review the operating system logs and update the DLP rules. Obtain the device ID using dmesg and update the portable storage inventory. Review the vulnerability logs and update the IDS rules.

An organization needs to disable TLS 1.0 on a retail website. Which of the following best explains the reason for this action?. Digital certificates are dependent on a newer protocol. The application software no longer supports TLS 1.0. Payment card industry compliance requires the change. Most browser manufactures are ending legacy support.

Employees are receiving certificates errors when visiting secure internet websites. A help desk technician reviews a sample of the certificates from various external websites and determines that an internal certificate with the name of the company's proxy is present in the middle of the certificate chain. The help desk technician escalates the issue to the security team. Which of the following should the security team do next to resolve this issue?. Use Wireshark to analyze network traffic for potential malicious activities. Contact the external websites about updating their certificates. Add the affected websites to the proxy's allow list. Renew and redeploy the intermediate CA certificate.

A security analyst identified a vulnerable and depreciated runtime engine that is supporting a public-facing banking application. The developers anticipate the transition to modern development environments will take at least a month. Which of the following controls would best mitigate the risk without interrupting the service during the transition?. Configuring IPS and WAF with signatures. Selectively blocking traffic on the affected port. Uninstalling the impacted runtime engine. Shutting down the system until the code is ready.

A security administrator is setting up a virtualization solution that needs to run services from a single host. Each service should be the only one running its environment. Each environment needs to have its own operating system as a base but share the kernel version and properties of the running host. Which of the following technologies would best meet these requirements?. Type 1 hypevisor. Emulation. Containers. VDI. Type 2 hypervisor.

A company uses a CSP to provide a front end for its new payment system offering. The new offering is currently certified a PCI compliant. In order for the integrated solution to be compliant, the customer: still needs to perform its own PCI assesment of the provider's managed serverless service. needs to perform a penetration test of the cloud provider's environment. must ensure in-scope systems for the new offering are also PCI compliant. must also be PCI compliant, because the risk is transferred to the provider.

A company has a website with a huge database. The company wants to ensure that a DR site could be brought online quickly in the event of a failover, and end users would miss no more than 30 minutes of data. Which of the following should the company do to meet these objectives?. Implement real-time replication for the DR site. Increase the network bandwidth to the DR site. Store the nightly full backups at the DR site. Build a content caching system at the DR site.

Which of the following objectives best supports leveraging tabletop exercises in business continuity planning?. Create new processes for identified gaps in continuity planning. Asses the effectiveness of the documented processes against a realistic senario. Establish new staff roles and responsibilities for continuity of operations. Determine the optimal placement of hot/warm sites within the enterprise architecture.

IoCs were missed during a recent security incident due to the reliance on a signature-based detection platform. A security engineer must recommend a solution that can be implemented to addresses this shortcoming. Which of the following would be the most appropriate recommendation?. CSPM. SASE. UEBA. EAP. FIM.

The primary advantage of an organization creating and maintaining a vendor risk registry is to: define the risk assessment methodology. ensure that inventory of potential risk is maintained. ensure that all assets have low residual risk. study a variety of risks and review the threat landscape.

An application security engineer is performing a vulnerability assessment against a new web application that uses SAML. The engineer wants to identify potential authentication issues within the application. Which of the following methods would be most appropriate for the engineer to perform?. Fuzz testing. Side-channel analysis. Static analysis. Dynamic analysis.

A security engineer investigates an incident and determines that a rogue device is on the network. Further investigation finds that an employee's personal device has been set up to access company resources and does not comply with standard security controls. Which of the following should the security engineer recommend to reduce the risk of future re-occurrence?. Enable MFA at the organization's SSO portal. Encrypt all workstation hard drives. Require device certificates to access company resources. Hide the company wireless SSID.

A security engineer has learned that terminated employees' accounts are not being disabled. The termination dates are updated automatically in the human resources information system software by the appropriate human resources staff. Which of the following would best reduce risks to the organization?. Exporting reports from the system on a weekly basis to disable terminated employees' accounts. Configuring allowed login times for all staff to only work during business hours. Automating a process to disable the accounts by integrating Active Directory and human resources information systems. Granting permission to human resources staff to mark terminated employees' accounts as disabled.

A security analyst is investigating unapproved cloud services that are being used in the organization. Which of the following would best allow for discovery of shadow IT?. Centralizing WAF deployment in the data center. Perfoming attack surface analysis. Setting up a reverse proxy and web filtering software. Monitoring for sign-up email of cloud services.