Weekend Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 1b2718643m

CAS-003 Exam Dumps - CompTIA Advanced Security Practitioner (CASP) Exam

Question # 4

A security technician receives a copy of a report that was originally sent to the board of directors by the Chief Information Security Officer (CISO).

The report outlines the following KPVKRI data for the last 12 months:

Which of the following BEST describes what could be interpreted from the above data?

A.

1. AV coverage across the fleet improved2. There is no correlation between infected systems and AV coverage.3. There is no correlation between detected phishing attempts and infected systems4. A correlation between threat landscape rating and infected systems appears to exist.5. Effectiveness and performance of the security team appears to be degrading.

B.

1. AV signature coverage has remained consistently high2. AV coverage across the fleet improved3. A correlation between phishing attempts and infected systems appears to exist4. There is a correlation between the threat landscape rating and the security team’s performance.5. There is no correlation between detected phishing attempts and infected systems

C.

1. There is no correlation between infected systems and AV coverage2. AV coverage across the fleet improved3. A correlation between phishing attempts and infected systems appears to exist4. There is no correlation between the threat landscape rating and the security team’s performance.5. There is a correlation between detected phishing attempts and infected systems

D.

1. AV coverage across the fleet declined2. There is no correlation between infected systems and AV coverage.3. A correlation between phishing attempts and infected systems appears to exist4. There is no correlation between the threat landscape rating and the security team’s performance5. Effectiveness and performance of the security team appears to be degrading.

Full Access
Question # 5

An organization is improving its web services to enable better customer engagement and self-service. The organization has a native mobile application and a rewards portal provided by a third party. The business wants to provide customers with the ability to log in once and have SSO between each of the applications. The integrity of the identity is important so it can be propagated through to back-end systems to maintain a consistent audit trail. Which of the following authentication and authorization types BEST meet the requirements? (Choose two.)

A.

SAML

B.

Social login

C.

OpenID connect

D.

XACML

E.

SPML

F.

OAuth

Full Access
Question # 6

An engineer is assisting with the design of a new virtualized environment that will house critical company services and reduce the datacenter’s physical footprint. The company has expressed concern about the integrity of operating systems and wants to ensure a vulnerability exploited in one datacenter segment would not lead to the compromise of all others.

Which of the following design objectives should the engineer complete to BEST mitigate the company’s concerns? (Choose two.)

A.

Deploy virtual desktop infrastructure with an OOB management network

B.

Employ the use of vT PM with boot attestation

C.

Leverage separate physical hardware for sensitive services and data

D.

Use a community CSP with independently managed security services

E.

Deploy to a private cloud with hosted hypervisors on each physical machine

Full Access
Question # 7

A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production code on the project.

Which of the following methods could be used in addition to an integrated development environment to reduce the severity of the issue?

A.

Conduct a penetration test on each function as it is developed

B.

Develop a set of basic checks for common coding errors

C.

Adopt a waterfall method of software development

D.

Implement unit tests that incorporate static code analyzers

Full Access
Question # 8

A large, multinational company currently has two separate databases One is used for ERP while the second is used for CRM To consolidate services and infrastructure, it is proposed to combine the databases The company's compliance manager is asked to review the proposal and is concerned about this integration Which of the following would pose the MOST concern to the compliance manager?

A.

The attack surface of the combined database is lower than the previous separate systems, so there likely are wasted resources on additional security controls that will not be needed

B.

There are specific regulatory requirements the company might be violating by combining these two types of services into one shared platform.

C.

By consolidating services in this manner, there is an increased risk posed to the organization due to the number of resources required to manage the larger data pool.

D.

Auditing the combined database structure will require more short-term resources, as the new system will need to be learned by the auditing team to ensure all security controls are in

Full Access
Question # 9

Providers at a healthcare system with many geographically dispersed clinics have been fined five times this year after an auditor received notice of the following SMS messages:

Which of the following represents the BEST solution for preventing future fines?

A.

Implement a secure text-messaging application for mobile devices and workstations.

B.

Write a policy requiring this information to be given over the phone only.

C.

Provide a courier service to deliver sealed documents containing public health informatics.

D.

Implement FTP services between clinics to transmit text documents with the information.

E.

Implement a system that will tokenize patient numbers.

Full Access
Question # 10

A security administrator is opening connectivity on a firewall between Organization A and Organization B Organization B just acquired Organization A. Which of the following risk mitigation strategies should the administrator implement to reduce the risk involved with this change?

A.

DLP on internal network nodes

B.

A network traffic analyzer for incoming traffic

C.

A proxy server to examine outgoing web traffic

D.

IPS/IDS monitoring on the new connection

Full Access
Question # 11

A security analyst who is concerned about sensitive data exfiltration reviews the following:

Which of the following tools would allow the analyst to confirm if data exfiltration is occuring?

A.

Port scanner

B.

SCAP tool

C.

File integrity monitor

D.

Protocol analyzer

Full Access
Question # 12

A product development team has submitted code snippets for review prior to release.

INSTRUCTIONS -

Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Full Access
Question # 13

A security analyst must carry out the incident response plan for a specific targeted attack that was detected by the security operations center. The director of network security wants to ensure this type of attack cannot be executed again in the environment. Which of the following should the analyst present to the director to BEST meet the director's goal?

A.

Incident downtime statistics

B.

Root cause analysis

C.

After-action report

D.

Incident scope and cost metrics

Full Access
Question # 14

Company policy mandates the secure disposal of sensitive data at the end of the useful lifespan of IT equipment. The IT department donates old devices to charity and recycles truly obsolete equipment In addition to deleting workstations from the systems responsible for monitoring network connections which of the following actions should the company implement? (Select TWO)

A.

Secure shredding of SSOs separate from laptop chassis

B.

Removing the devices from the asset management system

C.

Deleting and overwriting the boot sectors of each workstation

D.

Ensuring change notices for each asset are recorded

E.

Staggering device disposal dates to coordinate with acceptance testing

F.

Removing and storing hard drives for archival purposes

Full Access
Question # 15

A company s design team is increasingly concerned about intellectual property theft Members of the team often travel to suppliers' offices where they collaborate and share access to their sensitive data. Which of the following should be implemented?

A.

Apply MOM and enforce full disk encryption on all design team laptops

B.

Allow access to sensitive data only through a multifactor-authenticated VDI environment

C.

Require all sensitive files be saved only on company fileshares accessible only through multifactor-authenticated VPN

D.

Store all sensitive data on geographically/ restricted, public-facing SFTP servers authenticated using TOTP

Full Access
Question # 16

Historical information shows that a small aerospace R&D company has a lack of user security awareness and is susceptible to nation-state social-engineering attacks and zero-day exploits. A network engineer advises the Chief Information Security Officer (CISO) to invest m a next-generation firewall to guard against incoming traffic and allow for the development of ACLs for new sessions Which of the following is the FIRST course of action for the CISO to take?

A.

Conduct a vulnerability scan

B.

Develop a threat model

C.

Purchase the firewall as suggested

D.

Place the public-facing website in the DMZ

Full Access
Question # 17

While standing a proof-of-concept solution with a vendor, the following direction was given of connections to the default environments.

Which of the following is using used to secure the three environments from overlap if all of them reside on separate serves in the same DM2?

A.

Separation of environments policy

B.

Logical access controls

C.

Segmentation of VlLNs

D.

Subnetting of cloud environments

Full Access
Question # 18

A security analyst discovers what is believed to be evidence of a compromise due to a watering-note attack After an initial review of the incident the analyst notes there is ongoing web traffic to the same site. Which of the Mowing command-line tools would BEST allow the incident to be investigated?

A.

nc

B.

dd

C.

netatat

D.

tcpdump

Full Access
Question # 19

A network engineer recently configured a new wireless network that has issues with security stability and performance After auditing the configurations the engineer discovers some of them do not follow best practices Given the network information below

SSID = CompTIA Channel = 6 WPA-PSK

Which of the following would be the BEST approach to mitigate the issues?

A.

Avoid using 2 4GHz and prefer 5GHz to minimize interference Use WPA2-Enterpnse with EAPOL

B.

Do a site survey to determine the best channel to configure the wireless network Use WPA2-Enterprise with EAPOL.

C.

Hide the SSID Use WPA3 instead of WPA2.

D.

Change the radio channel to 11, as it has less interference Use CAPWAP to introduce a captive portal to force users to tog in to the wireless

Full Access
Question # 20

The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified. Which of the following should the incident response team perform to understand the crash and prevent it in the future?

A.

Root cause analysis

B.

Continuity of operations plan

C.

After-action report

D.

Lessons learned

Full Access
Question # 21

As a result of a recent breach a systems administrator is asked to review the security controls in place for an organization's cloud-based environment. The organization runs numerous instances and maintains several separate accounts for managing cloud-based resources. As part of the review the systems administrator finds MFA Is enabled for production-level systems but not staging systems. Which of the following is the primary risk associated with this configuration?

A.

Pivoting between staging and production instances

B.

The use of staging to harvest production-level account credentials

C.

The loss of data integrity within the code repositories being migrated to staging

D.

The accidental disclosure of data in production due to the use of unsecure protocols

Full Access
Question # 22

An administrative control that is put in place to ensure one person cannot carry out a critical task independently is:

A.

separation of duties

B.

job rotation

C.

mandatory vacation

D.

least privilege

Full Access
Question # 23

A security engineer has just been embedded in an agile development team to ensure security practices are maintained during frequent release cycles. A new web application includes an input form. Which of the following would work BEST to allow the security engineer to test how the application handles error conditions?

A.

Running a dynamic analysis at form submission

B.

Performing a static code analysis

C.

Fuzzing possible input of the form

D.

Conducing a runtime analysis of the code

Full Access
Question # 24

A company’s employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling . Which of the following is the MOST likely explanation? (Select TWO.)

A.

Outdated escalation attack

B.

Privilege escalation attack

C.

VPN on the mobile device

D.

Unrestricted email administrator accounts

E.

Chief use of UDP protocols

F.

Disabled GPS on mobile devices

Full Access
Question # 25

A security technician wants to learn about the latest zero-day threats and newly discovered vulnerabilities but does not have the budget to purchase a commercial threat intelligence service. Which of the following would BEST meet the needs of the security technician? (Select TWO)

A.

Social media platforms

B.

Conferences and local community security events

C.

Software vendor threat reports

D.

RSS feed from reputable security bloggers

E.

Regional CERT

F.

White papers and journal articles

Full Access
Question # 26

Employees who travel internationally have been issued corporate mobile devices When traveling through border security employees report border police officers have asked them to power on and unlock the* phones and tablets for inspection Non-compliance with these requests may lead to the devices being confiscated After the phones have been unlocked, the police connect them to laptops for several minutes The company rs concerned about potential exposure of IP financial data or other sensitive information Which of the following is MOST likely to protect the company's data m future situations''

A.

Administratively require all devices to go through forensic inspection upon return

B.

Implement full-device encryption and employ biometric authentication

C.

Install a monitoring application to record the border police's behavior

D.

Move the applications and data into a hardware-backed, encrypted container

E.

Issue sanitized mobile devices to the employees poor to travel

Full Access
Question # 27

A corporation with a BYOO policy is very concerned about issues that may arise from data ownership. The corporation is investigating a new MOM solution and has gathered the following requirements as part of the requirements-gathering phase

• Each device must be issued a secure token of trust from the corporate PKl

• Al corporate applications and local data must be able to be deleted from a central console.

• Access to corporate data must be restricted on international travel

• Devices must be on the latest OS version within three weeks of an OS release

Which of the following should be features in the new MDM solution to meet these requirements? (Select TWO)

A.

Application-based containerization

B.

Enforced full-device encryption

C.

Geofencing

D.

Application allow listing

E.

Biometric requirement to unlock device

F.

Over-the-air update restriction

Full Access
Question # 28

A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online. Which of the following be the FIRST step taken by the team?

A.

Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.

B.

Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

C.

Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.

D.

Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.

Full Access
Question # 29

Which of the following is the primary cybersecurity-related difference between the goals of a risk assessment and a business impact analysts?

A.

Broad spectrum threat analysis

B.

Adherence to quantitative vs qualitative methods

C.

A focus on current state without regard to cost

D.

Measurements of ALE vs SLE and downtime

Full Access
Question # 30

A company has decided to move an ERP application to a public cloud vendor. The company wants to replicate some of its global policies from on premises to cloud. The policies include data encryption, token management, and limited user access to the ERP application. The Chief Information Officer (CIO) is mainly concerned about privileged accounts that might be compromised and used to alter data in the ERP application. Which of the following is the BEST option to meet the requirements?

A.

Sandboxing

B.

CASB

C.

MFA

D.

Security as a service

Full Access
Question # 31

An attacker has discovered an organization's web server is vulnerability to Shellshock. The attack runs the following command on a Linux box against the server:

Which of the following BEST describes how to prevent the attack?

A.

Implement x.508 certificates for mutual authentication.

B.

Use NTLM and send hashes over the network.

C.

Configure LDAP to authenticate user agents.

D.

Reduce the privileges of the user running the web-server daemon.

Full Access
Question # 32

A security analyst is examining threats with the following code function:

Which of the following threats should the security analyst report1?

A.

POST should be used instead of GET when making requests

B.

Root privileges are needed for the service to bind to the privileged port 8443

C.

The website allows unauthorized access to sensitive resources

D.

The web server allows insecure cookie storage

E.

There is unsafe execution of third-party JavaScript code

Full Access
Question # 33

A security tester is performing a Mack-box assessment of an RFID access control system. The tester has a handful of RFID tags and is able to access the reader However, the tester cannot disassemble the reader because it is in use by the company. Which of the following shows the steps the tester should take to assess the RFID access control system m the correct order?

A.

1. Attempt to eavesdrop and replay RFID communications

2. Determine the protocols being used between the tag and the reader

3. Retrieve the RFID tag identifier and manufacturer details

4. Take apart an RFID tag and analyze the chip

B.

1. Determine the protocols being used between the tag and the reader

2. Take apart an RFID tag and analyze the chip

3. Retrieve the RFID tag identifier and manufacturer details

4. Attempt to eavesdrop and replay RFID communications

C.

1. Retrieve the RFID tag identifier and manufacturer details

2. Determine the protocols being used between the tag and the reader

3. Attempt to eavesdrop and replay RFID communications

4. Take apart an RFID tag and analyze the chip

D.

1. Take apart an RFID lag and analyze the chip

2. Retrieve the RFO tag identifier and manufacturer details

3. Determine the protocols being used between the tag and the reader

4. Attempt to eavesdrop and replay RFID communications

Full Access
Question # 34

A factory-floor system uses critical legacy, and unsupported application software to enable factory operations A latent vulnerability was recently exposed, which permitted attackers to send a specific string of characters followed by arbitrary code for execution Patches are unavailable, as the manufacturer is no longer m business Which of the following would be the BEST approach the company should take to mitigate the risk of this vulnerability and other latent vulnerability exploits'' (Select TWO)

A.

Configure a host-based firewall on the application server and restrict access to necessary ports and services

B.

Create a factory-floor enclave segregated from direct LANWAN reachability

C.

implement a proxy that will sanitize input provided to the application

D.

install server-side X 509 certificates and enable TLS 1.0 or later for client access

E.

Install network and host-based IDS feeding logs to SIEM and alerts to SOC operators

F.

Create a hunt team focused on the factory-floor operations

Full Access
Question # 35

An organization recently experienced losses caused by users who installed applications from unauthorized sources on their smartphones. The organization wants to reduce the risk of reoccurrence but increase the monitoring and reporting of mobile device security at the enterprise level. Which of the following approaches would BEST meet these objectives?

A.

Configure and deploy an AD Group Policy that enforces an application whitelist on all x86-64 mobile devices, and feed logs to an enterprise audit management solution.

B.

Modify the organization's MAM configuration to capture events associated with application installations and removals, and set alerts to feed to the enterprise SIEM solution.

C.

Set GPOs to enable the enterprise SIEM tool to collect all application and server logs, and configure the SIEM and its dashboard to protect against unauthorized application installations on mobile devices.

D.

Enforce device configurations with agents that leverage the devices' APIs, and feed logs and events to the enterprise SIEM solution.

Full Access
Question # 36

A company decides to procure only laptops that use permanent, solid-stale storage. Which of the following risk mitigation strategies BEST meets the company's requirement to ensure all company data is destroyed before disposing of the laptops?

A.

Secure erase from the storage vendor

B.

Degaussing of the entire laptop

C.

Full disk encryption in the OS

D.

Deep formatting of the storage

Full Access
Question # 37

The Chief information Officer (CIO) wants to establish a non-banding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a format partnership. Which of the follow would MOST likely be used?

A.

MOU

B.

OLA

C.

NDA

D.

SLA

Full Access
Question # 38

A remote user reports the inability to authenticate to the VPN concentrator. During troubleshooting, a security administrate captures an attempted authentication and discovers the following being presented by the user's VPN client:

Which of the following BEST describes the reason the user is unable to connect to the VPN service?

A.

The user's certificate is not signed by the VPN service provider

B.

The user's certificate has been compromised and should be revoked.

C.

The user's certificate was not created for VPN use

D.

The user's certificate was created using insecure encryption algorithms

Full Access
Question # 39

An enterprise’s Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) are meeting to discuss ongoing capacity and resource planning issues. The enterprise has experienced rapid, massive growth over the last 12 months, and the technology department is stretched thin for resources. A new accounting service is required to support the enterprise’s growth, but the only available compute resources that meet the accounting service requirements are on the virtual platform, which is hosting the enterprise’s website.

Which of the following should the CISO be MOST concerned about?

A.

Poor capacity planning could cause an oversubscribed host, leading to poor performance on the company’s website.

B.

A security vulnerability that is exploited on the website could expose the accounting service.

C.

Transferring as many services as possible to a CSP could free up resources.

D.

The CTO does not have the budget available to purchase required resources and manage growth.

Full Access
Question # 40

A company uses an application in its warehouse that works with several commercially available tablets and can only be accessed inside the warehouse. The support department would like the selection of tablets to be limited to three models to provide better support and ensure spares are on hand. Users often keep the tablets after they leave the department, as many of them store personal media items.

Which of the following should the security engineer recommend to meet these requirements?

A.

COPE with geofencing

B.

BYOD with containerization

C.

MDM with remote wipe

D.

CYOD with VPN

Full Access
Question # 41

A company’s Chief Operating Officer (COO) is concerned about the potential for competitors to infer proprietary information gathered from employees’ social media accounts.

Which of the following methods should the company use to gauge its social media threat level without targeting individual employees?

A.

Utilize insider threat consultants to provide expertise.

B.

Require that employees divulge social media accounts.

C.

Leverage Big Data analytical algorithms.

D.

Perform social engineering tests to evaluate employee awareness.

Full Access
Question # 42

Staff members are reporting an unusual number of device thefts associated with time out of the office. Thefts increased soon after the company deployed a new social networking app. Which of the following should the Chief Information Security Officer (CISO) recommend implementing?

A.

Automatic location check-ins

B.

Geolocated presence privacy

C.

Integrity controls

D.

NAC checks to quarantine devices

Full Access
Question # 43

A project manager is working with system owners to develop maintenance windows for system pathing and upgrades in a cloud-based PaaS environment. Management has indicated one maintenance windows will be authorized per month, but clients have stated they require quarterly maintenance windows to meet their obligations. Which of the following documents should the project manager review?

A.

MOU

B.

SOW

C.

SRTM

D.

SLA

Full Access
Question # 44

A vendor develops a mobile application for global customers. The mobile application supports advanced encryption of data between the source (the mobile device) and the destination (the organization’s ERP system).

As part of the vendor’s compliance program, which of the following would be important to take into account?

A.

Mobile tokenization

B.

Export controls

C.

Device containerization

D.

Privacy policies

Full Access
Question # 45

An investigation showed a worm was introduced from an engineer’s laptop. It was determined the company does not provide engineers with company-owned laptops, which would be subject to a company policy and technical controls. Which of the following would be the MOST secure control implement?

A.

Deploy HIDS on all engineer-provided laptops, and put a new router in the management network.

B.

Implement role-based group policies on the management network for client access.

C.

Utilize a jump box that is only allowed to connect to client from the management network.

D.

Deploy a company-wide approved engineering workstation for management access.

Full Access
Question # 46

During a sprint, developers are responsible for ensuring the expected outcome of a change is thoroughly evaluated for any security impacts. Any impacts must be reported to the team lead. Before changes are made to the source code, which of the following MUST be performed to provide the required information to the team lead?

A.

Risk assessment

B.

Regression testing

C.

User story development

D.

Data abstraction

E.

Business impact assessment

Full Access
Question # 47

An organization is reviewing endpoint security solutions. In evaluating products, the organization has the following requirements:

  • Support server, laptop, and desktop infrastructure
  • Due to limited security resources, implement active protection capabilities
  • Provide users with the ability to self-service classify information and apply policies
  • Protect data-at-rest and data-in-use

Which of the following endpoint capabilities would BEST meet the above requirements? (Select two.)

A.

Data loss prevention

B.

Application whitelisting

C.

Endpoint detect and respond

D.

Rights management

E.

Log monitoring

F.

Antivirus

Full Access
Question # 48

A security engineer is working to secure an organization’s VMs. While reviewing the workflow for creating VMs on demand, the engineer raises a concern about the integrity of the secure boot process of the VM guest.

Which of the following would BEST address this concern?

A.

Configure file integrity monitoring of the guest OS.

B.

Enable the vTPM on a Type 2 hypervisor.

C.

Only deploy servers that are based on a hardened image.

D.

Protect the memory allocation of a Type 1 hypervisor.

Full Access
Question # 49

A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a specific platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After the new vulnerability, it was determined that web services provided are being impacted by this new threat. Which of the following data types MOST likely at risk of exposure based on this new threat? (Select Two)

A.

Cardholder data

B.

Intellectual property

C.

Personal health information

D.

Employee records

E.

Corporate financial data

Full Access
Question # 50

The Chief Executive Officer (CEO) instructed the new Chief Information Security Officer (CISO) to provide a list of enhancements to the company’s cybersecurity operation. As a result, the CISO has identified the need to align security operations with industry best practices. Which of the following industry references is appropriate to accomplish this?

A.

OSSM

B.

NIST

C.

PCI

D.

OWASP

Full Access
Question # 51

A security engineer is analyzing an application during a security assessment to ensure it is configured to protect against common threats. Given the output below:

Which of the following tools did the security engineer MOST likely use to generate this output?

A.

Application fingerprinter

B.

Fuzzer

C.

HTTP interceptor

D.

Vulnerability scanner

Full Access
Question # 52

A manufacturing company's security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently proposed some techniques to reduce the attack surface of the ICS to the Chief Information Security Officer (CISO). Which of the following would BEST track the reductions to show the CISO the engineer's plan is successful during each phase?

A.

Conducting tabletop exercises to evaluate system risk

B.

Contracting a third-party auditor after the project is finished

C.

Performing pre- and post-implementation penetration tests

D.

Running frequent vulnerability scans during the project

Full Access
Question # 53

A cybersecurity analyst is conducting packet analysis on the following:

Which of the following is occurring in the given packet capture?

A.

ARP spoofing

B.

Broadcast storm

C.

Smurf attack

D.

Network enurneration

E.

Zero-day exploit

Full Access
Question # 54

Joe, a penetration tester, is assessing the security of an application binary provided to him by his client. Which of the following methods would be the MOST effective in reaching this objective?

A.

Employ a fuzzing utility

B.

Use a static code analyzer

C.

Run the binary in an application sandbox

D.

Manually review the binary in a text editor

Full Access
Question # 55

The Chief Information Security Officer (CISO) of a company that has highly sensitive corporate locations wants its security engineers to find a solution to growing concerns regarding mobile devices The CISO mandates the following requirements:

• The devices must be owned by the company for legal purposes.

• The device must be as fully functional as possible when off site.

• Corporate email must be maintained separately from personal email

• Employees must be able to install their own applications.

Which of the following will BEST meet the CISO's mandate? (Select TWO).

A.

Disable the device's camera

B.

Allow only corporate resources in a container.

C.

Use an MDM to wipe the devices remotely

D.

Block all sideloading of applications on devices

E.

Use geofencmg on certain applications

F.

Deploy phones in a BYOD model

Full Access
Question # 56

During a recent incident, sensitive data was disclosed and subsequently destroyed through a properly secured, cloud-based storage platform. An incident response technician is working with management to develop an after action report that conveys critical metrics regarding the incident.

Which of the following would be MOST important to senior leadership to determine the impact of the breach?

A.

The likely per-record cost of the breach to the organization

B.

The legal or regulatory exposure that exists due to the breach

C.

The amount of downtime required to restore the data

D.

The number of records compromised

Full Access
Question # 57

A global company has decided to implement a cross-platform baseline of security settings for all company laptops. A security engineer is planning and executing the project. Which of the following should the security engineer recommend?

A.

Replace each laptop in the company's environment with a standardized laptop that is preconfigured to match the baseline settings

B.

Create batch script files that will enable the baseline security settings and distribute them to global employees for execution

C.

Send each laptop to a regional IT office to be reimaged with the new baseline security settings enabled and then redeployed

D.

Establish GPO configurations for each baseline setting, test that each works as expected, and have each setting deployed to the laptops.

E.

Leverage an MDM solution to apply the baseline settings and deploy continuous monitoring of security configurations.

Full Access
Question # 58

A company is the victim of a phishing and spear-phishing campaign Users are Clicking on website links that look like common bank sites and entering their credentials accidentally A security engineer decides to use a layered defense to prevent the phishing or lessen its impact Which of the following should the security engineer implement? (Select TWO)

A.

Spam filter

B.

Host intrusion prevention

C.

Client certificates

D.

Content filter

E.

Log monitoring

F.

Data loss prevention

Full Access
Question # 59

A security appliance vendor is reviewing an RFP that is requesting solutions for the defense of a set of web-based applications. This RFP is from a financial institution with very strict performance requirements. The vendor would like to respond with its solutions.

Before responding, which of the following factors is MOST likely to have an adverse effect on the vendor’s qualifications?

A.

The solution employs threat information-sharing capabilities using a proprietary data model.

B.

The RFP is issued by a financial institution that is headquartered outside of the vendor’s own country.

C.

The overall solution proposed by the vendor comes in less that the TCO parameter in the RFP.

D.

The vendor’s proposed solution operates below the KPPs indicated in the RFP.

Full Access
Question # 60

A security engineer is investigating a compromise that occurred between two internal computers. The engineer has determined during the investigation that one computer infected another. While reviewing the IDS logs, the engineer can view the outbound callback traffic, but sees no traffic between the two computers. Which of the following would BEST address the IDS visibility gap?

A.

Install network taps at the edge of the network.

B.

Send syslog from the IDS into the SIEM.

C.

Install HIDS on each computer.

D.

SPAN traffic form the network core into the IDS.

Full Access
Question # 61

As part of incident response, a technician is taking an image of a compromised system and copying the image to a remote image server (192.168.45.82). The system drive is very large but does not contain the sensitive data. The technician has limited time to complete this task. Which of the following is the BEST command for the technician to run?

A.

tar cvf - / | ssh 192.168.45.82 “cat - > /images/image.tar”

B.

dd if=/dev/mem | scp - 192.168.45.82:/images/image.dd

C.

memdump /dev/sda1 | nc 192.168.45.82 3000

D.

dd if=/dev/sda | nc 192.168.45.82 3000

Full Access
Question # 62

A malware infection spread to numerous workstations within the marketing department. The workstations were quarantined and replaced with machines. Which of the following represents a FINAL step in the prediction of the malware?

A.

The workstations should be isolated from the network.

B.

The workstations should be donated for refuse.

C.

The workstations should be reimaged

D.

The workstations should be patched and scanned.

Full Access
Question # 63

A security engineer is assessing the controls that are in place to secure the corporate-Internet-facing DNS server. The engineer notices that security ACLs exist but are not being used properly. The DNS server should respond to any source but only provide information about domains it has authority over. Additionally, the DNS administrator have identified some problematic IP addresses that should not be able to make DNS requests. Given the ACLs below:

Which of the following should the security administrator configure to meet the DNS security needs?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 64

A penetration tester is given an assignment lo gain physical access to a secure facility with perimeter cameras. The secure facility does not accept visitors and entry is available only through a door protected by an RFID key and a guard stationed inside the door Which of the following would be BEST for the penetration tester to attempt?

A.

Gam entry into the building by posing as a contractor who is performing routine building maintenance.

B.

Tailgate into the facility with an employee who has a valid RFID badge to enter

C.

Duplicate an employees RFID badge and use an IR camera to see when the guard leaves the post.

D.

Look for an open window that can be used to gain unauthorized entry into the facility

Full Access
Question # 65

A developer implement the following code snippet.

Which of the following vulnerabilities does the code snippet resolve?

A.

SQL inject

B.

Buffer overflow

C.

Missing session limit

D.

Information leakage

Full Access
Question # 66

A Chief Information Security Officer (CISO) is running a test to evaluate the security of the corporate network and attached devices. Which of the following components should be executed by an outside vendor?

A.

Penetration tests

B.

Vulnerability assessment

C.

Tabletop exercises

D.

Blue-team operations

Full Access
Question # 67

While an employee is on vacation, suspicion arises that the employee has been involved in malicious activity on

the network. The security engineer is concerned the investigation may need to continue after the employee

returns to work. Given this concern, which of the following should the security engineer recommend to maintain

the integrity of the investigation?

A.

Create archival copies of all documents and communications related to the employee

B.

Create a forensic image of network infrastructure devices

C.

Create an image file of the employee’s network drives and store it with hashes

D.

Install a keylogger to capture the employee’s communications and contacts

Full Access
Question # 68

A healthcare company wants to increase the value of the data it collects on its patients by making the data available to third-party researchers for a fee Which of the following BEST mitigates the risk to the company?

A.

Log all access to the data and correlate with the researcher

B.

Anonymize identifiable information using keyed strings

C.

Ensure all data is encrypted in transit to the researcher

D.

Ensure all researchers sign and abide by non-disclosure agreements

E.

Sanitize date and time stamp information in the records.

Full Access
Question # 69

The Chief Executive Officer (CEO) of a company has considered implementing a cost-saving measure that

might result in new risk to the company. When deciding whether to implement this measure, which of the

following would be the BEST course of action to manage the organization’s risk?

A.

Present the detailed risk resulting from the change to the company’s board of directors

B.

Pilot new mitigations that cost less than the total amount saved by the change

C.

Modify policies and standards to discourage future changes that increase risk

D.

Capture the risk in a prioritized register that is shared routinely with the CEO

Full Access
Question # 70

A product owner is reviewing the output of a web-application penetration test and has identified an application

that is presenting sensitive information in cleartext on a page. Which of the following code snippets would be

BEST to use to remediate the vulnerability?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 71

Which of the following is MOST likely to be included in a security services SLA with a third-party vendor?

A.

The standard of quality for anti-malware engines

B.

Parameters for applying critical patches

C.

The validity of program productions

D.

Minimum bit strength for encryption-in-transit.

Full Access
Question # 72

A security manager is determining the best DLP solution for an enterprise. A list of requirements was created to use during the source selection. The security manager wants to confirm a solution exists for the requirements that have been defined. Which of the following should the security manager use?

A.

NDA

B.

RFP

C.

RFQ

D.

MSA

E.

RFI

Full Access
Question # 73

A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP. Block is an except of output from the troubleshooting session:

Which of the following BEST explains why secure LDAP is not working? (Select TWO.)

A.

The clients may not trust idapt by default.

B.

The secure LDAP service is not started, so no connections can be made.

C.

Danvills.com is under a DDoS-inator attack and cannot respond to OCSP requests.

D.

Secure LDAP should be running on UDP rather than TCP.

E.

The company is using the wrong port. It should be using port 389 for secure LDAP.

F.

Secure LDAP does not support wildcard certificates.

G.

The clients may not trust Chicago by default.

Full Access
Question # 74

A company is in the process of re-architecting its sensitive system infrastructure to take advantage of on-demand computing through a public cloud provider The system to be migrated is sensitive with respect to latency availability, and integrity The infrastructure team agreed to the following

• Application and middleware servers will migrate to the cloud " Database servers will remain on-site

• Data backup wilt be stored in the cloud

Which of the following solutions would ensure system and security requirements are met?

A.

Implement a direct connection from the company to the cloud provider

B.

Use a cloud orchestration tool and implement appropriate change control processes

C.

Implement a standby database on the cloud using a CASB for data-at-rest security

D.

Use multizone geographic distribution with satellite relays

Full Access
Question # 75

Following the most recent patch deployment, a security engineer receives reports that the ERP application is no longer accessible. The security engineer reviews the situation and determines a critical security patch that was applied to the ERP server is the cause. The patch is subsequently backed out Which of the following security controls would be BEST to implement to mitigate the threat caused by the missing patch?

A.

Anti-malware

B.

Patch testing

C.

HIPS

D.

Vulnerability scanner

Full Access
Question # 76

A network service on a production system keeps crashing at random times. The systems administrator suspects a bug in the listener is causing the service to crash, resuming in the a DoS. Which the service crashes, a core dump is left in the /tmp directory. Which of the following tools can the systems administrator use to reproduction these symptoms?

A.

Fuzzer

B.

Vulnerability scanner

C.

Core dump analyzer

D.

Debugger

Full Access
Question # 77

A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?

A.

Hybrid IaaS solution in a single-tenancy cloud

B.

Pass solution in a multinency cloud

C.

SaaS solution in a community cloud

D.

Private SaaS solution in a single tenancy cloud.

Full Access
Question # 78

An organization is concerned that its hosted web servers are not running the most updated version of

software. Which of the following would work BEST to help identify potential vulnerabilities?

A.

hping3 –S comptia.org –p 80

B.

nc –1 –v comptia.org –p 80

C.

nmap comptia.org –p 80 –sV

D.

nslookup –port=80 comptia.org

Full Access
Question # 79

A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following.

* Transactions being required by unauthorized individual

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attacker using email to distribute malware and ransom ware.

* Exfiltration of sensitivity company information.

The cloud-based email solution will provide an6-malware, reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the board’s concerns for this email migration?

A.

Data loss prevention

B.

Endpoint detection response

C.

SSL VPN

D.

Application whitelisting

Full Access
Question # 80

A security engineer is helping the web developers assess a new corporate web application The application will be Internet facing so the engineer makes the following recommendation:

In an htaccess file or the site config add:

or add to the location block:

Which of the following is the security engineer trying to accomplish via cookies? (Select TWO)

A.

Ensure session IDs are generated dynamically with each cookie request

B.

Prevent cookies from being transmitted to other domain names

C.

Create a temporary space on the user's drive root for ephemeral cookie storage

D.

Enforce the use of plain text HTTP transmission with secure local cookie storage

E.

Add a sequence ID to the cookie session ID while in transit to prevent CSRF.

F.

Allow cookie creation or updates only over TLS connections

Full Access
Question # 81

A security administrator wants to implement an MDM solution to secure access to company email and files in a BYOD environment. The solution must support the following requirements:

* Company administrators should not have access to employees' personal information.

* A rooted or jailbroken device should not have access to company sensitive information.

Which of the following BEST addresses the associated risks?

A.

Code signing

B.

VPN

C.

FDE

D.

Containerization

Full Access
Question # 82

Joe an application security engineer is performing an audit of an environmental control application He has implemented a robust SDLC process and is reviewing API calls available to the application During the review. Joe finds the following in a log file.

Which of the following would BEST mitigate the issue Joe has found?

A.

Ensure the API uses SNMPv1.

B.

Perform authentication via a secure channel

C.

Verify the API uses HTTP GET instead of POST

D.

Deploy a WAF in front of the API and implement rate limiting

Full Access
Question # 83

A vulnerability scan with the latest definitions was performed across Sites A and B.

Match each relevant finding to the affected host-After associating the finding with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Full Access
Question # 84

Ann, a user' brings her laptop to an analyst after noticing it has been operating very slowly. The security analyst examines the laptop and obtains the following output.

Which of the following will the analyst most likely use NEXT?

A.

Process explorer

B.

Vulnerability scanner

C.

Antivirus

D.

Network enumerator

Full Access
Question # 85

A researcher is working to identify what appears to be a new variant of an existing piece of malware commonly used in ransomware attacks While it is not identical to the malware previously evaluated. it has a number of similarities including language, payload. and algorithms. Which of the following would help the researcher safely compare the code base of the two variants?

A.

Virtualized sandbox

B.

Vulnerability scanner

C.

Software-defined network

D.

HTTP interceptor

Full Access
Question # 86

A red team is able to connect a laptop with penetration testing tools directly into an open network port The team then is able to take advantage of a vulnerability on the domain controller to create and promote a new enterprise administrator. Which of the following technologies would MOST likely eliminate this attack vector m the future?

A.

Monitor for anomalous creations of privileged domain accounts

B.

Install a NIPS with rules appropriate to drop most exploit traffic

C.

Ensure the domain controller has the latest security patches

D.

Implement 802.1X with certificate-based authentication

Full Access
Question # 87

A company recently experienced a period of rapid growth, and it now needs to move to a more scalable cloud-based solution Historically. salespeople have maintained separate systems for information on competing customers to prevent the inadvertent disclosure of one customer's information to another customer Which of the following would be the BEST method to provide secure data separation?

A.

Use a CRM tool to separate data stores

B.

Migrate to a single-tenancy cloud infrastructure

C.

Employ network segmentation to provide isolation among salespeople

D.

Implement an open-source public cloud CRM

Full Access
Question # 88

A consultant is planning an assessment of a customer-developed system. The system consists of a custom-engineered board with modified open-source drivers and a one-off management GUI The system relies on two- factor authentication for interactive sessions, employs strong certificate-based data-in-transit encryption, and randomly switches ports for each session. Which of the following would yield the MOST useful information'?

A.

Password cracker

B.

Wireless network analyzer

C.

Fuzzing tools

D.

Reverse engineering principles

Full Access
Question # 89

You are a security analyst tasked with interpreting an Nmap scan output from Company A's privileged network.

The company's hardening guidelines indicate the following:

• There should be one primary server or service per device.

• Only default ports should be used.

• Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed. For each device found, add a device entry to the Devices Discovered list, with the following information:

• The IP address of the device

• The primary server or service of the device

• The protocol(s) that should be disabled based on the hardening guidelines

Full Access
Question # 90

A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate RTO and RPO for the organization’s ERP. Which of the following should the CISO interview as MOST qualified to provide RTO/RPO metrics?

A.

Data custodian

B.

Data owner

C.

Security analyst

D.

Business unit director

E.

Chief Executive Officer (CEO)

Full Access
Question # 91

An architect was recently hired by a power utility to increase the security posture of the company’s power generation and distribution sites. Upon review, the architect identifies legacy hardware with highly vulnerable and unsupported software driving critical operations. These systems must exchange data with each other, be highly synchronized, and pull from the Internet time sources. Which of the following architectural decisions would BEST reduce the likelihood of a successful attack without harming operational capability? (Choose two.)

A.

Isolate the systems on their own network

B.

Install a firewall and IDS between systems and the LAN

C.

Employ own stratum-0 and stratum-1 NTP servers

D.

Upgrade the software on critical systems

E.

Configure the systems to use government-hosted NTP servers

Full Access
Question # 92

An internal penetration tester finds a legacy application that takes measurement input made in a text box and outputs a specific string of text related to industry requirements. There is no documentation about how this application works, and the source code has been lost. Which of the following would BEST allow the penetration tester to determine the input and output relationship?

A.

Running an automated fuzzer

B.

Constructing a known cipher text attack

C.

Attempting SQL injection commands

D.

Performing a full packet capture

E.

Using the application in a malware sandbox

Full Access
Question # 93

A database administrator is required to adhere to and implement privacy principles when executing daily tasks. A manager directs the administrator to reduce the number of unique instances of PII stored within an organization’s systems to the greatest extent possible. Which of the following principles is being demonstrated?

A.

Administrator accountability

B.

PII security

C.

Record transparency

D.

Data minimization

Full Access
Question # 94

When reviewing KRIs of the email security appliance with the Chief Information Security Officer (CISO) of an insurance company, the security engineer notices the following:

Which of the following measures should the security engineer take to ensure PII is not intercepted in transit while also preventing interruption to business?

A.

Quarantine emails sent to external domains containing PII and release after inspection.

B.

Prevent PII from being sent to domains that allow users to sign up for free webmail.

C.

Enable transport layer security on all outbound email communications and attachments.

D.

Provide security awareness training regarding transmission of PII.

Full Access
Question # 95

An organization is currently performing a market scan for managed security services and EDR capability. Which of the following business documents should be released to the prospective vendors in the first step of the process? (Select TWO).

A.

MSA

B.

RFP

C.

NDA

D.

RFI

E.

MOU

F.

RFQ

Full Access
Question # 96

A security engineer is designing a system in which offshore, outsourced staff can push code from the development environment to the production environment securely. The security engineer is concerned with data loss, while the business does not want to slow down its development process. Which of the following solutions BEST balances security requirements with business need?

A.

Set up a VDI environment that prevents copying and pasting to the local workstations of outsourced staff members

B.

Install a client-side VPN on the staff laptops and limit access to the development network

C.

Create an IPSec VPN tunnel from the development network to the office of the outsourced staff

D.

Use online collaboration tools to initiate workstation-sharing sessions with local staff who have access to the development network

Full Access
Question # 97

An internal penetration tester was assessing a recruiting page for potential issues before it was pushed to the production website. The penetration tester discovers an issue that must be corrected before the page goes live. The web host administrator collects the log files below and gives them to the development team so improvements can be made to the security design of the website.

Which of the following types of attack vector did the penetration tester use?

A.

SQL injection

B.

CSRF

C.

Brute force

D.

XSS

E.

TOC/TOU

Full Access
Question # 98

A company has entered into a business agreement with a business partner for managed human resources services. The Chief Information Security Officer (CISO) has been asked to provide documentation that is required to set up a business-to-business VPN between the two organizations.

Which of the following is required in this scenario?

A.

ISA

B.

BIA

C.

SLA

D.

RA

Full Access
Question # 99

An organization has established the following controls matrix:

The following control sets have been defined by the organization and are applied in aggregate fashion:

  • Systems containing PII are protected with the minimum control set.
  • Systems containing medical data are protected at the moderate level.
  • Systems containing cardholder data are protected at the high level.

The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients. Based on the controls classification, which of the following controls would BEST meet these requirements?

A.

Proximity card access to the server room, context-based authentication, UPS, and full-disk encryption for the database server.

B.

Cipher lock on the server room door, FDE, surge protector, and static analysis of all application code.

C.

Peer review of all application changes, static analysis of application code, UPS, and penetration testing of the complete system.

D.

Intrusion detection capabilities, network-based IPS, generator, and context-based authentication.

Full Access
Question # 100

A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet:

Which of the following should the penetration tester conclude about the command output?

A.

The public/private views on the Comptia.org DNS servers are misconfigured

B.

Comptia.org is running an older mail server, which may be vulnerable to exploits

C.

The DNS SPF records have not been updated for Comptia.org

D.

192.168.102.67 is a backup mail server that may be more vulnerable to attack

Full Access
Question # 101

An organization wants to allow its employees to receive corporate email on their own smartphones. A security analyst is reviewing the following information contained within the file system of an employee’s smartphone:

FamilyPix.jpg

Taxreturn.tax

paystub.pdf

employeesinfo.xls

SoccerSchedule.doc

RecruitmentPlan.xls

Based on the above findings, which of the following should the organization implement to prevent further exposure? (Select two).

A.

Remote wiping

B.

Side loading

C.

VPN

D.

Containerization

E.

Rooting

F.

Geofencing

G.

Jailbreaking

Full Access
Question # 102

A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior. The company must deploy a host solution to meet the following requirements:

  • Detect administrative actions
  • Block unwanted MD5 hashes
  • Provide alerts
  • Stop exfiltration of cardholder data

Which of the following solutions would BEST meet these requirements? (Choose two.)

A.

AV

B.

EDR

C.

HIDS

D.

DLP

E.

HIPS

F.

EFS

Full Access