March Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netbudy65

CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam Questions and Answers

Questions 4

A bank hired a security architect to improve its security measures against the latest threats The solution must meet the following requirements

• Recognize and block fake websites

• Decrypt and scan encrypted traffic on standard and non-standard ports

• Use multiple engines for detection and prevention

• Have central reporting

Which of the following is the BEST solution the security architect can propose?

Options:

A.

CASB

B.

Web filtering

C.

NGFW

D.

EDR

Buy Now
Questions 5

A security administrator needs to recommend an encryption protocol after a legacy stream cipher was deprecated when a security flaw was discovered. The legacy cipher excelled at maintaining strong cryptographic security and provided great performance for a streaming video service. Which of the following AES modes should the security administrator recommend given these requirements?

Options:

A.

CTR

B.

ECB

C.

OF8

D.

GCM

Buy Now
Questions 6

A financial institution generates a list of newly created accounts and sensitive information on a daily basis. The financial institution then sends out a file containing thousands of lines of data. Which of the following would be the best way to reduce the risk of a malicious insider making changes to the file that could go undetected?

Options:

A.

Write a SIEM rule that generates a critical alert when files are created on the application server.

B.

Implement a FIM that automatically generates alerts when the file is accessed by IP addresses that are not associated with the application.

C.

Create a script that compares the size of the file on an hourly basis and generates alerts when changes are identified.

D.

Tune the rules on the host-based IDS for the application server to trigger automated alerts when the application server is accessed from the internet.

Buy Now
Questions 7

A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:

1. The network supports core applications that have 99.99% uptime.

2. Configuration updates to the SD-WAN routers can only be initiated from the management service.

3. Documents downloaded from websites must be scanned for malware.

Which of the following solutions should the network architect implement to meet the requirements?

Options:

A.

Reverse proxy, stateful firewalls, and VPNs at the local sites

B.

IDSs, WAFs, and forward proxy IDS

C.

DoS protection at the hub site, mutual certificate authentication, and cloud proxy

D.

IPSs at the hub, Layer 4 firewalls, and DLP

Buy Now
Questions 8

An organization recently experienced a ransomware attack. The security team leader is concerned about the attack reoccurring. However, no further security measures have been implemented.

Which of the following processes can be used to identify potential prevention recommendations?

Options:

A.

Detection

B.

Remediation

C.

Preparation

D.

Recovery

Buy Now
Questions 9

An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?

Options:

A.

Properly configure a secure file transfer system to ensure file integrity.

B.

Have the external parties sign non-disclosure agreements before sending any images.

C.

Only share images with external parties that have worked with the firm previously.

D.

Utilize watermarks in the images that are specific to each external party.

Buy Now
Questions 10

A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?

Options:

A.

MD5-based envelope method

B.

HMAC SHA256

C.

PBKDF2

D.

PGP

Buy Now
Questions 11

A security administrator needs to implement a security solution that will

• Limit the attack surface in case of an incident

• Improve access control for external and internal network security.

• Improve performance with less congestion on network traffic

Which of the following should the security administrator do?

Options:

A.

Integrate threat intelligence feeds into the FIM

B.

Update firewall rules to match new IP addresses in use

C.

Configure SIEM dashboards to provide alerts and visualizations

D.

Deploy DLP rules based on updated Pll formatting

Buy Now
Questions 12

A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability. Which of the following would BEST resolve and mitigate the issue? (Select TWO).

Options:

A.

Deploying a WAF signature

B.

Fixing the PHP code

C.

Changing the web server from HTTPS to HTTP

D.

UsingSSLv3

E.

Changing the code from PHP to ColdFusion

F.

Updating the OpenSSL library

Buy Now
Questions 13

A software company is developing an application in which data must be encrypted with a cipher that requires the following:

* Initialization vector

* Low latency

* Suitable for streaming

Which of the following ciphers should the company use?

Options:

A.

Cipher feedback

B.

Cipher block chaining message authentication code

C.

Cipher block chaining

D.

Electronic codebook

Buy Now
Questions 14

A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

Options:

A.

Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

B.

Required all laptops to connect to the VPN before accessing email.

C.

Implement cloud-based content filtering with sandboxing capabilities.

D.

Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Buy Now
Questions 15

The Chief Information Security Officer is concerned about the possibility of employees downloading ‘malicious files from the internet and ‘opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk?

Options:

A.

Integrate the web proxy with threat intelligence feeds.

B.

Scan all downloads using an antivirus engine on the web proxy.

C.

Block known malware sites on the web proxy.

D.

Execute the files in the sandbox on the web proxy.

Buy Now
Questions 16

Which of the following is a risk associated with SDN?

Options:

A.

Expanded attack surface

B.

Increased hardware management costs

C.

Reduced visibility of scaling capabilities

D.

New firmware vulnerabilities

Buy Now
Questions 17

A cloud security architect has been tasked with selecting the appropriate solution given the following:

* The solution must allow the lowest RTO possible.

* The solution must have the least shared responsibility possible.

« Patching should be a responsibility of the CSP.

Which of the following solutions can BEST fulfill the requirements?

Options:

A.

Paas

B.

laas

C.

Private

D.

Saas

Buy Now
Questions 18

Which of the following objectives BEST supports leveraging tabletop exercises in business continuity planning?

Options:

A.

Determine the optimal placement of hot/warm sites within the enterprise architecture.

B.

Create new processes for identified gaps in continuity planning.

C.

Establish new staff roles and responsibilities for continuity of operations.

D.

Assess the effectiveness of documented processes against a realistic scenario.

Buy Now
Questions 19

A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are:

* www.mycompany.org

* www.mycompany.com

* campus.mycompany.com

* wiki. mycompany.org

The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the BEST solution?

Options:

A.

Purchase one SAN certificate.

B.

Implement self-signed certificates.

C.

Purchase one certificate for each website.

D.

Purchase one wildcard certificate.

Buy Now
Questions 20

An investigator is attempting to determine if recent data breaches may be due to issues with a company's web server that offers news subscription services. The investigator has gathered the following

data:

• Clients successfully establish TLS connections to web services provided by the server.

• After establishing the connections, most client connections are renegotiated

• The renegotiated sessions use cipher suite SHR.

Which of the following is the MOST likely root cause?

Options:

A.

The clients disallow the use of modern cipher suites

B.

The web server is misconfigured to support HTTP/1.1.

C.

A ransomware payload dropper has been installed

D.

An entity is performing downgrade attacks on path

Buy Now
Questions 21

Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the

website and capturing tramc via Wire-shark. The security architect finds that the issue is the time required to validate the certificate. Which of the following solutions should the security architect

recommend?

Options:

A.

Adding more nodes to the web server clusters

B.

Changing the cipher algorithm used on the web server

C.

Implementing OCSP stapling on the server

D.

Upgrading to TLS 1.3

Buy Now
Questions 22

A security solution uses a sandbox environment to execute zero-day software and collect indicators of compromise. Which of the following should the organization do to BEST take advantage of this solution?

Options:

A.

Develop an Nmap plug-in to detect the indicator of compromise.

B.

Update the organization's group policy.

C.

Include the signature in the vulnerability scanning tool.

D.

Deliver an updated threat signature throughout the EDR system

Buy Now
Questions 23

The Chief Information Security Officer (CISO) is working with a new company and needs a legal “document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign?

Options:

A.

SLA

B.

ISA

C.

Permissions and access

D.

Rules of engagement

Buy Now
Questions 24

A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer

facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead

and be resistant to offline password attacks. Which of the following should the security consultant recommend?

Options:

A.

WPA2-Preshared Key

B.

WPA3-Enterprise

C.

WPA3-Personal

D.

WPA2-Enterprise

Buy Now
Questions 25

A penetration tester inputs the following command:

This command will allow the penetration tester to establish a:

Options:

A.

port mirror

B.

network pivot

C.

reverse shell

D.

proxy chain

Buy Now
Questions 26

An organization has an operational requirement with a specific equipment vendor The organization is located in the United States, but the vendor is located in another region Which of the following risks would be most concerning to the organization in the event of equipment failure?

Options:

A.

Support may not be available during all business hours

B.

The organization requires authorized vendor specialists.

C.

Each region has different regulatory frameworks to follow

D.

Shipping delays could cost the organization money

Buy Now
Questions 27

An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform?

Options:

A.

Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.

B.

Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.

C.

Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.

D.

Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.

Buy Now
Questions 28

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process ‘memory location. Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

Options:

A.

Execute never

B.

Noexecute

C.

Total memory encryption

D.

Virtual memory protection

Buy Now
Questions 29

A security engineer performed an assessment on a recently deployed web application. The engineer was able to exfiltration a company report by visiting the following URL:

www.intranet.abc.com/get-files.jsp?file=report.pdf

Which of the following mitigation techniques would be BEST for the security engineer to recommend?

Options:

A.

Input validation

B.

Firewall

C.

WAF

D.

DLP

Buy Now
Questions 30

A consultant needs access to a customer's cloud environment. The customer wants to enforce the following engagement requirements:

• All customer data must remain under the control of the customer at all times.

• Third-party access to the customer environment must be controlled by the customer.

• Authentication credentials and access control must be under the customer's control.

Which of the following should the consultant do to ensure all customer requirements are satisfied when accessing the cloud environment?

Options:

A.

use the customer's SSO with read-only credentials and share data using the customer's provisioned secure network storage

B.

use the customer-provided VDI solution to perform work on the customer's environment.

C.

Provide code snippets to the customer and have the customer run code and securely deliver its output

D.

Request API credentials from the customer and only use API calls to access the customer's environment.

Buy Now
Questions 31

A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by reducing the risk of on-path attacks between the mobile

client and its servers and by implementing stronger digital trust. To support users' trust, the company has released the following internal guidelines:

• Mobile clients should verify the identity of all social media servers locally.

• Social media servers should improve TLS performance of their certificate status

• Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Options:

A.

Quick UDP internet connection

B.

OCSP stapling

C.

Private CA

D.

DNSSEC

E.

CRL

F.

HSTS

G.

Distributed object model

Buy Now
Questions 32

A company is on a deadline to roll out an entire CRM platform to all users at one time. However, the company is behind schedule due to reliance on third-party vendors. Which of the following development approaches will allow the company to begin releases but also continue testing and development for future releases?

Options:

A.

Implement iterative software releases.

B.

Revise the scope of the project to use a waterfall approach

C.

Change the scope of the project to use the spiral development methodology.

D.

Perform continuous integration.

Buy Now
Questions 33

A security analyst is reviewing a new IOC in which data is injected into an online process. The IOC shows the data injection could happen in the following ways:

• Five numerical digits followed by a dash, followed by four numerical digits; or

• Five numerical digits

When one of these IOCs is identified, the online process stops working. Which of the following regular expressions should be implemented in the NIPS?

Options:

A.

^\d{4}(-\d{5})?$

B.

^\d{5}(-\d{4})?$

C.

^\d{5-4}$

D.

^\d{9}$

Buy Now
Questions 34

In order to authenticate employees who, call in remotely, a company's help desk staff must be able to view partial Information about employees because the full information may be considered sensitive. Which of the following solutions should be implemented to authenticate employees?

Options:

A.

Data scrubbing

B.

Field masking

C.

Encryption in transit

D.

Metadata

Buy Now
Questions 35

An organization is moving its intellectual property data from on premises to a CSP and wants to secure the data from theft. Which of the following can be used to mitigate this risk?

Options:

A.

An additional layer of encryption

B.

A third-party data integrity monitoring solution

C.

A complete backup that is created before moving the data

D.

Additional application firewall rules specific to the migration

Buy Now
Questions 36

A security manager wants to transition the organization to a zero trust architecture. To meet this requirement, the security manager has instructed administrators to remove trusted zones, role-based access, and one-time authentication. Which of the following will need to be implemented to achieve this objective? (Select THREE).

Options:

A.

Least privilege

B.

VPN

C.

Policy automation

D.

PKI

E.

Firewall

F.

Continuous validation

G.

Continuous integration

Buy Now
Questions 37

An IT department is currently working to implement an enterprise DLP solution. Due diligence and best practices must be followed in regard to mitigating risk. Which of the following ensures that authorized modifications are well planned and executed?

Options:

A.

Risk management

B.

Network management

C.

Configuration management

D.

Change management

Buy Now
Questions 38

A senior security analyst is helping the development team improve the security of an application that is being developed. The developers use third-party libraries and applications. The software in development used old, third-party packages that were not replaced before market distribution. Which of the following should be implemented into the SDLC to resolve the issue?

Options:

A.

Software composition analysis

B.

A SCAP scanner

C.

ASAST

D.

A DAST

Buy Now
Questions 39

The general counsel at an organization has received written notice of upcoming litigation. The general counsel has issued a legal records hold. Which of the following actions should the organization take to comply with the request?

Options:

A.

Preserve all communication matching the requested search terms

B.

Block communication with the customer while litigation is ongoing

C.

Require employees to be trained on legal record holds

D.

Request that all users do not delete any files

Buy Now
Questions 40

During a network defense engagement, a red team is able to edit the following registry key:

Which of the following tools is the red team using to perform this action?

Options:

A.

PowerShell

B.

SCAP scanner

C.

Network vulnerability scanner

D.

Fuzzer

Buy Now
Questions 41

An employee's device was missing for 96 hours before being reported. The employee called the help desk to ask for another device Which of the following phases of the incident response cycle needs improvement?

Options:

A.

Containment

B.

Preparation

C.

Resolution

D.

Investigation

Buy Now
Questions 42

A software development company wants to ensure that users can confirm the software is legitimate when installing it. Which of the following is the best way for the company to achieve this security objective?

Options:

A.

Code signing

B.

Non-repudiation

C.

Key escrow

D.

Private keys

Buy Now
Questions 43

A security architect is implementing a SOAR solution in an organization's cloud production environment to support detection capabilities. Which of the following will be the most likely benefit?

Options:

A.

Improved security operations center performance

B.

Automated firewall log collection tasks

C.

Optimized cloud resource utilization

D.

Increased risk visibility

Buy Now
Questions 44

Signed applications reduce risks by:

Options:

A.

encrypting the application's data on the device.

B.

requiring the developer to use code-level hardening techniques.

C.

providing assurance that the application is using unmodified source code.

D.

costing the developer money to publish, which reduces the likelihood of malicious intent.

Buy Now
Questions 45

A security engineer is trying to identify instances of a vulnerability in an internally developed line of business software. The software is hosted at the company's internal data center. Although a standard vulnerability definition does not exist, the identification and remediation results should be tracked in the company's vulnerability management system. Which of the following should the engineer use to identify this vulnerability?

Options:

A.

SIEM

B.

CASB

C.

SCAP

D.

OVAL

Buy Now
Questions 46

A network security engineer is designing a three-tier web architecture that will allow a third-party vendor to perform the following audit functions within the organization's cloud environment

• Review communication between all infrastructure endpoints

• Identify unauthorized and malicious data patterns

• Perform automated, risk-mitigating configuration changes

Which of the following should the network security engineer include in the design to address these requirements?

Options:

A.

Network edge NIPS

B.

Centralized syslog

C.

Traffic mirroring

D.

Network flow

Buy Now
Questions 47

A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier in the development process in order to reduce the average time to identify serverless application vulnerabilities and the costs associated with remediation The startup began its early security testing efforts with DAST to cover public-facing application components and recently implemented a bug bounty program Which of the following will BEST accomplish the company's objectives?

Options:

A.

RASP

B.

SAST

C.

WAF

D.

CMS

Buy Now
Questions 48

A large organization is planning to migrate from on premises to the cloud. The Chief Information Security Officer (CISO) is concerned about security responsibilities. If the company decides to migrate to the cloud, which of the following describes who is responsible for the security of the new physical datacenter?

Options:

A.

Third-party assessor

B.

CSP

C.

Organization

D.

Shared responsibility

Buy Now
Questions 49

A company with customers in the United States and Europe wants to ensure its content is delivered to end users with low latency. Content includes both sensitive and public information. The company's data centers are located on the West Coast of the United States. Users on the East Coast of the United States and users in Europe are experiencing slow application response. Which of the following would allow the company to improve application response quickly?

Options:

A.

Installing reverse caching proxies in both data centers and implementing proxy auto scaling

B.

Using HTTPS to serve sensitive content and HTTP for public content

C.

Using colocation services in regions where the application response is slow

D.

Implementing a CDN and forcing all traffic through the CDN

Buy Now
Questions 50

A company is experiencing a large number of attempted network-based attacks against its online store. To determine the best course of action, a security analyst reviews the following logs.

Which of the following should the company do next to mitigate the risk of a compromise from these attacks?

Options:

A.

Restrict HTTP methods.

B.

Perform parameterized queries.

C.

Implement input sanitization.

D.

Validate content types.

Buy Now
Questions 51

A forensics investigator is analyzing an executable file extracted from storage media that was submitted (or evidence The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file Which of the following should the investigator use while preserving evidence integrity?

Options:

A.

idd

B.

bcrypt

C.

SHA-3

D.

ssdeep

E.

dcfldd

Buy Now
Questions 52

In order to save money, a company has moved its data to the cloud with a low-cost provider. The company did not perform a security review prior to the move; however, the company requires all of its data to be stored within the country where the headquarters is located. A new employee on the security team has been asked to evaluate the current provider against the most important requirements. The current cloud provider that the company is using offers:

• Only multitenant cloud hosting

• Minimal physical security

• Few access controls

• No access to the data center

The following information has been uncovered:

• The company is located in a known floodplain, which flooded last year.

• Government regulations require data to be stored within the country.

Which of the following should be addressed first?

Options:

A.

Update the disaster recovery plan to account for natural disasters.

B.

Establish a new memorandum of understanding with the cloud provider.

C.

Establish a new service-level agreement with the cloud provider.

D.

Provision services according to the appropriate legal requirements.

Buy Now
Questions 53

A security engineer is working for a service provider and analyzing logs and reports from a new EDR solution, which is installed on a small group of workstations. Later that day, another security engineer receives an email from two developers reporting the software being used for development activities is now blocked. The developers have not made any changes to the software being used. Which of the following is the EDR reporting?

Options:

A.

True positive

B.

False negative

C.

False positive

D.

True negative

Buy Now
Questions 54

After the latest risk assessment, the Chief Information Security Officer (CISO) decides to meet with the development and security teams to find a way to reduce the security task workload The CISO would like to:

* Have a solution that uses API to communicate with other security tools

* Use the latest technology possible

* Have the highest controls possible on the solution

Which of following is the best option to meet these requirements?

Options:

A.

EDR

B.

CSP

C.

SOAR

D.

CASB

Buy Now
Questions 55

A PKI engineer is defining certificate templates for an organization's CA and would like to ensure at least two of the possible SAN certificate extension fields populate for documentation purposes. Which of the following are explicit options within this extension? (Select two).

Options:

A.

Type

B.

Email

C.

OCSP responder

D.

Registration authority

E.

Common Name

F.

DNS name

Buy Now
Questions 56

An organization does not have visibility into when company-owned assets are off network or not connected via a VPN. The lack of visibility prevents the organization from meeting security and operational objectives. Which of the following cloud-hosted solutions should the organization implement to help mitigate the risk?

Options:

A.

Antivirus

B.

UEBA

C.

EDR

D.

HIDS

Buy Now
Questions 57

A user forwarded a suspicious email to a security analyst for review. The analyst examined the email and found that neither the URL nor the attachment showed any indication of malicious activities. Which of the following intelligence collection methods should the analyst use to confirm the legitimacy of the email?

Options:

A.

HUMINT

B.

UEBA

C.

OSINT

D.

RACE

Buy Now
Questions 58

A forensic investigator started the process of gathering evidence on a laptop in response to an incident The investigator took a snapshof of the hard drive, copied relevant log files and then performed a memory dump Which of the following steps in the process should have occurred first?

Options:

A.

Preserve secure storage

B.

Clone the disk.

C.

Collect the most volatile data

D.

Copy the relevant log files

Buy Now
Questions 59

An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?

Options:

A.

Use over-the-air updates to replace the private key

B.

Manufacture a new loT device with a redesigned SoC

C.

Replace the public portion of the loT key on its servers

D.

Release a patch for the SoC software

Buy Now
Questions 60

A network administrator who manages a Linux web server notices the following traffic:

http://corr.ptia.org/.../.../.../... /etc./shadow

Which of the following Is the BEST action for the network administrator to take to defend against this type of web attack?

Options:

A.

Validate the server certificate and trust chain.

B.

Validate the server input and append the input to the base directory path.

C.

Validate that the server is not deployed with default account credentials.

D.

Validate that multifactor authentication is enabled on the server for all user accounts.

Buy Now
Questions 61

A security engineer needs to select the architecture for a cloud database that will protect an organization's sensitive data. The engineer has a choice between a single-tenant or a multitenant database architecture offered by a cloud vendor. Which of the following best describes the security benefits of the single-tenant option? (Select two).

Options:

A.

Most cost-effective

B.

Ease of backup and restoration

C.

High degree of privacy

D.

Low resilience to side-channel attacks

E.

Full control and ability to customize

F.

Increased geographic diversity

Buy Now
Questions 62

An multinational organization was hacked, and the incident response team's timely action prevented a major disaster Following the event, the team created an after action report. Which of the following is the primary goal of an after action review?

Options:

A.

To gather evidence for subsequent legal action

B.

To determine the identity of the attacker

C.

To identify ways to improve the response process

D.

To create a plan of action and milestones

Buy Now
Questions 63

A client is adding scope to a project. Which of the following processes should be used when requesting updates or corrections to the client's systems?

Options:

A.

The implementation engineer requests direct approval from the systems engineer and the Chief Information Security Officer.

B.

The change control board must review and approve a submission.

C.

The information system security officer provides the systems engineer with the system updates.

D.

The security engineer asks the project manager to review the updates for the client's system.

Buy Now
Questions 64

An organization is looking to establish more robust security measures by implementing PKI. Which of the following should the security analyst implement when considering mutual authentication?

Options:

A.

Perfect forward secrecy on both endpoints

B.

Shared secret for both endpoints

C.

Public keys on both endpoints

D.

A common public key on each endpoint

E.

A common private key on each endpoint

Buy Now
Questions 65

A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in

the service being unavailable. V•Vh1ch of the following would BEST prevent this scenario from happening again?

Options:

A.

Performing routine tabletop exercises

B.

Implementing scheduled, full interruption tests

C.

Backing up system log reviews

D.

Performing department disaster recovery walk-throughs

Buy Now
Questions 66

A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Select THREE).

Options:

A.

Temporal

B.

Availability

C.

Integrity

D.

Confidentiality

E.

Base

F.

Environmental

G.

Impact

Buy Now
Questions 67

A CSP, which wants to compete in the market, has been approaching companies in an attempt to gain business. The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following would be the MOST significant business risk to a company that signs a contract with this CSP?

Options:

A.

Resource exhaustion

B.

Geographic location

C.

Control plane breach

D.

Vendor lock-in

Buy Now
Questions 68

A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires:

• All remote devices to have up-to-date antivirus

• An up-to-date and patched OS

Which of the following technologies should the company deploy to meet its security objectives? (Select TWO)_

Options:

A.

NAC

B.

WAF

C.

NIDS

D.

Reverse proxy

E.

NGFW

F.

Bastion host

Buy Now
Questions 69

A systems administrator was given the following IOC to detect the presence of a malicious piece of software communicating with its command-and-control server:

post /malicious. php

User-Agent: Malicious Tool V 1.0

Host: www.rcalicious.com

The IOC documentation suggests the URL is the only part that could change. Which of the following regular expressions would allow the systems administrator to determine if any of the company hosts are compromised, while reducing false positives?

Options:

A.

User-Agent: Malicious Tool. *

B.

www\. malicious\. com\/malicious. php

C.

POST /malicious\. php

D.

Hose: [a-2] *\.malicious\.com

E.

malicious. *

Buy Now
Questions 70

In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:

Options:

A.

cloud-native applications.

B.

containerization.

C.

serverless configurations.

D.

software-defined netWorking.

E.

secure access service edge.

Buy Now
Questions 71

A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:

Unauthorized insertions into application development environments

Authorized insiders making unauthorized changes to environment configurations

Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

Options:

A.

Perform static code analysis of committed code and generate summary reports.

B.

Implement an XML gateway and monitor for policy violations.

C.

Monitor dependency management tools and report on susceptible third-party libraries.

D.

Install an IDS on the development subnet and passively monitor for vulnerable services.

E.

Model user behavior and monitor for deviations from normal.

F.

Continuously monitor code commits to repositories and generate summary logs.

Buy Now
Questions 72

In preparation for the holiday season, a company redesigned the system that manages retail sales and moved it to a cloud service provider. The new infrastructure did not meet the company’s availability requirements. During a postmortem analysis, the following issues were highlighted:

1. International users reported latency when images on the web page were initially loading.

2. During times of report processing, users reported issues with inventory when attempting to place orders.

3. Despite the fact that ten new API servers were added, the load across servers was heavy at peak times.

Which of the following infrastructure design changes would be BEST for the organization to implement to avoid these issues in the future?

Options:

A.

Serve static content via distributed CDNs, create a read replica of the central database and pull reports from there, and auto-scale API servers based on performance.

B.

Increase the bandwidth for the server that delivers images, use a CDN, change the database to a non-relational database, and split the ten API servers across two load balancers.

C.

Serve images from an object storage bucket with infrequent read times, replicate the database across different regions, and dynamically create API servers based on load.

D.

Serve static-content object storage across different regions, increase the instance size on the managed relational database, and distribute the ten API servers across multiple regions.

Buy Now
Questions 73

An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:

Unstructured data being exfiltrated after an employee leaves the organization

Data being exfiltrated as a result of compromised credentials

Sensitive information in emails being exfiltrated

Which of the following solutions should the security team implement to mitigate the risk of data loss?

Options:

A.

Mobile device management, remote wipe, and data loss detection

B.

Conditional access, DoH, and full disk encryption

C.

Mobile application management, MFA, and DRM

D.

Certificates, DLP, and geofencing

Buy Now
Questions 74

A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.

Which of the following actions would BEST address the potential risks by the activity in the logs?

Options:

A.

Alerting the misconfigured service account password

B.

Modifying the AllowUsers configuration directive

C.

Restricting external port 22 access

D.

Implementing host-key preferences

Buy Now
Questions 75

A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks.

Which of the following would be the BEST solution against this type of attack?

Options:

A.

Cookies

B.

Wildcard certificates

C.

HSTS

D.

Certificate pinning

Buy Now
Questions 76

A security analyst discovered that the company’s WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:

Which of the following would BEST mitigate this vulnerability?

Options:

A.

CAPTCHA

B.

Input validation

C.

Data encoding

D.

Network intrusion prevention

Buy Now
Questions 77

A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.

Which of the following is the BEST solution to meet these objectives?

Options:

A.

Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.

B.

Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.

C.

Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.

D.

Implement EDR, keep users in the local administrators group, and enable user behavior analytics.

Buy Now
Questions 78

A company’s SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign.

Which of the following should the company use to make this determination?

Options:

A.

Threat hunting

B.

A system penetration test

C.

Log analysis within the SIEM tool

D.

The Cyber Kill Chain

Buy Now
Questions 79

A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer’s laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.

Which of the following solutions should the security architect recommend?

Options:

A.

Replace the current antivirus with an EDR solution.

B.

Remove the web proxy and install a UTM appliance.

C.

Implement a deny list feature on the endpoints.

D.

Add a firewall module on the current antivirus solution.

Buy Now
Questions 80

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.

Which of the following is the BEST solution?

Options:

A.

Deploy an RA on each branch office.

B.

Use Delta CRLs at the branches.

C.

Configure clients to use OCSP.

D.

Send the new CRLs by using GPO.

Buy Now
Questions 81

Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.

Based on RPO requirements, which of the following recommendations should the management team make?

Options:

A.

Leave the current backup schedule intact and pay the ransom to decrypt the data.

B.

Leave the current backup schedule intact and make the human resources fileshare read-only.

C.

Increase the frequency of backups and create SIEM alerts for IOCs.

D.

Decrease the frequency of backups and pay the ransom to decrypt the data.

Buy Now
Questions 82

During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.

Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

Options:

A.

Spawn a shell using sudo and an escape string such as sudo vim -c ‘!sh’.

B.

Perform ASIC password cracking on the host.

C.

Read the /etc/passwd file to extract the usernames.

D.

Initiate unquoted service path exploits.

E.

Use the UNION operator to extract the database schema.

Buy Now
Questions 83

Device event logs sources from MDM software as follows:

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

Options:

A.

Malicious installation of an application; change the MDM configuration to remove application ID 1220.

B.

Resource leak; recover the device for analysis and clean up the local storage.

C.

Impossible travel; disable the device’s account and access while investigating.

D.

Falsified status reporting; remotely wipe the device.

Buy Now
Questions 84

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.

Which of the following would BEST secure the company’s CI/CD pipeline?

Options:

A.

Utilizing a trusted secrets manager

B.

Performing DAST on a weekly basis

C.

Introducing the use of container orchestration

D.

Deploying instance tagging

Buy Now
Questions 85

Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.

Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?

Options:

A.

Implement rate limiting on the API.

B.

Implement geoblocking on the WAF.

C.

Implement OAuth 2.0 on the API.

D.

Implement input validation on the API.

Buy Now
Questions 86

A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application.

Which of the following is the MOST likely cause?

Options:

A.

The user agent client is not compatible with the WAF.

B.

A certificate on the WAF is expired.

C.

HTTP traffic is not forwarding to HTTPS to decrypt.

D.

Old, vulnerable cipher suites are still being used.

Buy Now
Questions 87

During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.

Which of the following processes would BEST satisfy this requirement?

Options:

A.

Monitor camera footage corresponding to a valid access request.

B.

Require both security and management to open the door.

C.

Require department managers to review denied-access requests.

D.

Issue new entry badges on a weekly basis.

Buy Now
Questions 88

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.

Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

Options:

A.

Execute never

B.

No-execute

C.

Total memory encryption

D.

Virtual memory encryption

Buy Now
Questions 89

A security engineer was auditing an organization’s current software development practice and discovered that multiple open-source libraries were Integrated into the organization’s software. The organization currently performs SAST and DAST on the software it develops.

Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

Options:

A.

Perform additional SAST/DAST on the open-source libraries.

B.

Implement the SDLC security guidelines.

C.

Track the library versions and monitor the CVE website for related vulnerabilities.

D.

Perform unit testing of the open-source libraries.

Buy Now
Questions 90

A security analyst is reviewing the following output:

Which of the following would BEST mitigate this type of attack?

Options:

A.

Installing a network firewall

B.

Placing a WAF inline

C.

Implementing an IDS

D.

Deploying a honeypot

Buy Now
Questions 91

A company publishes several APIs for customers and is required to use keys to segregate customer data sets.

Which of the following would be BEST to use to store customer keys?

Options:

A.

A trusted platform module

B.

A hardware security module

C.

A localized key store

D.

A public key infrastructure

Buy Now
Questions 92

A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.

Which of the following would be BEST to proceed with the transformation?

Options:

A.

An on-premises solution as a backup

B.

A load balancer with a round-robin configuration

C.

A multicloud provider solution

D.

An active-active solution within the same tenant

Buy Now
Questions 93

While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.

Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

Options:

A.

Pay the ransom within 48 hours.

B.

Isolate the servers to prevent the spread.

C.

Notify law enforcement.

D.

Request that the affected servers be restored immediately.

Buy Now
Questions 94

A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.

Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

Options:

A.

Scan the code with a static code analyzer, change privileged user passwords, and provide security training.

B.

Change privileged usernames, review the OS logs, and deploy hardware tokens.

C.

Implement MFA, review the application logs, and deploy a WAF.

D.

Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.

Buy Now
Questions 95

An organization is implementing a new identity and access management architecture with the following objectives:

Supporting MFA against on-premises infrastructure

Improving the user experience by integrating with SaaS applications

Applying risk-based policies based on location

Performing just-in-time provisioning

Which of the following authentication protocols should the organization implement to support these requirements?

Options:

A.

Kerberos and TACACS

B.

SAML and RADIUS

C.

OAuth and OpenID

D.

OTP and 802.1X

Buy Now
Questions 96

A company is preparing to deploy a global service.

Which of the following must the company do to ensure GDPR compliance? (Choose two.)

Options:

A.

Inform users regarding what data is stored.

B.

Provide opt-in/out for marketing messages.

C.

Provide data deletion capabilities.

D.

Provide optional data encryption.

E.

Grant data access to third parties.

F.

Provide alternative authentication techniques.

Buy Now
Questions 97

A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.

Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

Options:

A.

Union filesystem overlay

B.

Cgroups

C.

Linux namespaces

D.

Device mapper

Buy Now
Questions 98

An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information.

Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?

Options:

A.

NIST

B.

GDPR

C.

PCI DSS

D.

ISO

Buy Now
Questions 99

A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line.

Which of the following commands would be the BEST to run to view only active Internet connections?

Options:

A.

sudo netstat -antu | grep “LISTEN” | awk ‘{print$5}’

B.

sudo netstat -nlt -p | grep “ESTABLISHED”

C.

sudo netstat -plntu | grep -v “Foreign Address”

D.

sudo netstat -pnut -w | column -t -s $’\w’

E.

sudo netstat -pnut | grep -P ^tcp

Buy Now
Questions 100

A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.

Which of the following techniques would BEST support this?

Options:

A.

Configuring systemd services to run automatically at startup

B.

Creating a backdoor

C.

Exploiting an arbitrary code execution exploit

D.

Moving laterally to a more authoritative server/service

Buy Now
Questions 101

The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank’s risk committee is to ensure:

Options:

A.

Budgeting for cybersecurity increases year over year.

B.

The committee knows how much work is being done.

C.

Business units are responsible for their own mitigation.

D.

The bank is aware of the status of cybersecurity risks

Buy Now
Questions 102

An administrator at a software development company would like to protect the integrity Of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the signature failing?

Options:

A.

The NTP server is set incorrectly for the developers.

B.

The CA has included the certificate in its CRL_

C.

The certificate is set for the wrong key usage.

D.

Each application is missing a SAN or wildcard entry on the certificate.

Buy Now
Questions 103

A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.

Which of the following is t he NEXT step of the incident response plan?

Options:

A.

Remediation

B.

Containment

C.

Response

D.

Recovery

Buy Now
Questions 104

A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines:

Must have a minimum of 15 characters

Must use one number

Must use one capital letter

Must not be one of the last 12 passwords used

Which of the following policies should be added to provide additional security?

Options:

A.

Shared accounts

B.

Password complexity

C.

Account lockout

D.

Password history

E.

Time-based logins

Buy Now
Questions 105

The Chief information Officer (CIO) wants to establish a non-banding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a format partnership. Which of the follow would MOST likely be used?

Options:

A.

MOU

B.

OLA

C.

NDA

D.

SLA

Buy Now
Questions 106

A developer wants to develop a secure external-facing web application. The developer is looking for an online community that produces tools, methodologies, articles, and documentation in the field of

web-application security Which of the following is the BEST option?

Options:

A.

ICANN

B.

PCI DSS

C.

OWASP

D.

CSA

E.

NIST

Buy Now
Questions 107

Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?

Options:

A.

laaS

B.

SaaS

C.

FaaS

D.

PaaS

Buy Now
Questions 108

A software development company is building a new mobile application for its social media platform. The company wants to gain its Users' rust by reducing the risk of on-path attacks between the mobile client and its servers and

by implementing stronger digital trust. To support users’ trust, the company has released the following internal guidelines:

* Mobile clients should verify the identity of all social media servers locally.

* Social media servers should improve TLS performance of their certificate status.

* Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Options:

A.

Quick UDP internet connection

B.

OCSP stapling

C.

Private CA

D.

DNSSEC

E.

CRL

F.

HSTS

G.

Distributed object model

Buy Now
Questions 109

An organization’s assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the business via an API.

Given this information, which of the following is a noted risk?

Options:

A.

Feature delay due to extended software development cycles

B.

Financial liability from a vendor data breach

C.

Technical impact to the API configuration

D.

The possibility of the vendor’s business ceasing operations

Buy Now
Questions 110

A recent data breach stemmed from unauthorized access to an employee’s company account with a cloud-based productivity suite. The attacker exploited excessive permissions granted to a third-party OAuth application to collect sensitive information.

Which of the following BEST mitigates inappropriate access and permissions issues?

Options:

A.

SIEM

B.

CASB

C.

WAF

D.

SOAR

Buy Now
Questions 111

A cybersecurity analyst receives a ticket that indicates a potential incident is occurring. There has been a large in log files generated by a generated by a website containing a ‘’Contact US’’ form. The analyst must determine if the increase in website traffic is due to a recent marketing campaign of if this is a potential incident. Which of the following would BEST assist the analyst?

Options:

A.

Ensuring proper input validation is configured on the ‘’Contact US’’ form

B.

Deploy a WAF in front of the public website

C.

Checking for new rules from the inbound network IPS vendor

D.

Running the website log files through a log reduction and analysis tool

Buy Now
Questions 112

A bank is working with a security architect to find the BEST solution to detect database management system compromises. The solution should meet the following requirements:

♦ Work at the application layer

♦ Send alerts on attacks from both privileged and malicious users

♦ Have a very low false positive

Which of the following should the architect recommend?

Options:

A.

FIM

B.

WAF

C.

NIPS

D.

DAM

E.

UTM

Buy Now
Questions 113

A security analyst is validating the MAC policy on a set of Android devices. The policy was written to ensure non-critical applications are unable to access certain resources. When reviewing dmesg, the analyst notes many entries such as:

Despite the deny message, this action was still permit following is the MOST likely fix for this issue?

Options:

A.

Add the objects of concern to the default context.

B.

Set the devices to enforcing

C.

Create separate domain and context files for irc.

D.

Rebuild the policy, reinstall, and test.

Buy Now
Questions 114

A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:

As part of the image process, which of the following is the FIRST step the analyst should take?

Options:

A.

Block the email address carl b@comptia1 com, as it is sending spam to subject matter experts

B.

Validate the final "Received" header against the DNS entry of the domain.

C.

Compare the 'Return-Path" and "Received" fields.

D.

Ignore the emails, as SPF validation is successful, and it is a false positive

Buy Now
Questions 115

The Chief information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices. Which of the following should the CIO implement to achieve this goal?

Options:

A.

BYOO

B.

CYOD

C.

COPE

D.

MDM

Buy Now
Questions 116

A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders. Which of the following techniques would the company use to evaluate data confidentiality controls?

Options:

A.

Eavesdropping

B.

On-path

C.

Cryptanalysis

D.

Code signing

E.

RF sidelobe sniffing

Buy Now
Questions 117

A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup. Which of the following solutions will BEST meet this requirement?

Options:

A.

Mirror the blobs at a local data center.

B.

Enable fast recovery on the storage account.

C.

Implement soft delete for blobs.

D.

Make the blob immutable.

Buy Now
Questions 118

Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?

Options:

A.

E-discovery

B.

Review analysis

C.

Information governance

D.

Chain of custody

Buy Now
Questions 119

A security architect is designing a solution for a new customer who requires significant security capabilities in its environment. The customer has provided the architect with the following set of requirements:

* Capable of early detection of advanced persistent threats.

* Must be transparent to users and cause no performance degradation.

+ Allow integration with production and development networks seamlessly.

+ Enable the security team to hunt and investigate live exploitation techniques.

Which of the following technologies BEST meets the customer's requirements for security capabilities?

Options:

A.

Threat Intelligence

B.

Deception software

C.

Centralized logging

D.

Sandbox detonation

Buy Now
Questions 120

A security architect needs to implement a CASB solution for an organization with a highly distributed remote workforce. One Of the requirements for

the implementation includes the capability to discover SaaS applications and block access to those that are unapproved or identified as risky. Which

of the following would BEST achieve this objective?

Options:

A.

Deploy endpoint agents that monitor local web traffic to enforce DLP and encryption policies.

B.

Implement cloud infrastructure to proxy all user web traffic to enforce DI-P and encryption policies.

C.

Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy.

D.

Deploy endpoint agents that monitor local web traffic and control access according to centralized policy.

Buy Now
Questions 121

An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:

* Be based on open-source Android for user familiarity and ease.

* Provide a single application for inventory management of physical assets.

* Permit use of the camera be only the inventory application for the purposes of scanning

* Disallow any and all configuration baseline modifications.

* Restrict all access to any device resource other than those requirement ?

Options:

A.

Set an application wrapping policy, wrap the application, distributes the inventory APK via the MAM tool, and test the application restrictions.

B.

Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode.

C.

Swap out Android Linux kernel version for >2,4,0, but the internet build Android, remove unnecessary functions via MDL, configure to block network access, and perform integration testing

D.

Build and install an Android middleware policy with requirements added, copy the file into/ user/init, and then built the inventory application.

Buy Now
Questions 122

The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

Options:

A.

Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier’s post-contract renewal with a dedicated risk management team.

B.

Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.

C.

Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.

D.

Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier’s rating. Report finding units that rely on the suppliers and the various risk teams.

Buy Now
Questions 123

A security engineer needs 10 implement a CASB to secure employee user web traffic. A Key requirement is mat relevant event data must be collected from existing on-premises infrastructure components and consumed by me CASB to expand traffic visibility. The solution must be nighty resilient to network outages. Which of the following architectural components would BEST meet these requirements?

Options:

A.

Log collection

B.

Reverse proxy

C.

AWAF

D.

API mode

Buy Now
Questions 124

A threat analyst notices the following URL while going through the HTTP logs.

Which of the following attack types is the threat analyst seeing?

Options:

A.

SQL injection

B.

CSRF

C.

Session hijacking

D.

XSS

Buy Now
Questions 125

A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?

Options:

A.

DLP

B.

Mail gateway

C.

Data flow enforcement

D.

UTM

Buy Now
Questions 126

An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

Options:

A.

Password cracker

B.

Port scanner

C.

Account enumerator

D.

Exploitation framework

Buy Now
Questions 127

The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually. Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?

Options:

A.

Black-box testing

B.

Gray-box testing

C.

Red-team hunting

D.

White-box testing

E.

Blue-learn exercises

Buy Now
Questions 128

A company based in the United States holds insurance details of EU citizens. Which of the following must be adhered to when processing EU citizens' personal, private, and confidential data?

Options:

A.

The principle of lawful, fair, and transparent processing

B.

The right to be forgotten principle of personal data erasure requests

C.

The non-repudiation and deniability principle

D.

The principle of encryption, obfuscation, and data masking

Buy Now
Questions 129

A company’s Chief Information Security Officer is concerned that the company’s proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC.

Which of the following compensating controls would be BEST to implement in this situation?

Options:

A.

EDR

B.

SIEM

C.

HIDS

D.

UEBA

Buy Now
Questions 130

Which of the following technologies allows CSPs to add encryption across multiple data storages?

Options:

A.

Symmetric encryption

B.

Homomorphic encryption

C.

Data dispersion

D.

Bit splitting

Buy Now
Questions 131

SIMULATION

You are a security analyst tasked with interpreting an Nmap scan output from company’s privileged network.

The company’s hardening guidelines indicate the following:

There should be one primary server or service per device.

Only default ports should be used.

Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:

The IP address of the device

The primary server or service of the device (Note that each IP should by associated with one service/port only)

The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Exam Code: CAS-004
Exam Name: CompTIA Advanced Security Practitioner (CASP+) Exam
Last Update: Mar 28, 2024
Questions: 439

PDF + Testing Engine

$140

Testing Engine

$105

PDF (Q&A)

$90