DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Achieve Remarkable Results in the CompTIA CASP+ Exam with Reliable CAS-003 Study Materials

Looking to conquer the CompTIA Advanced Security Practitioner (CASP+) CAS-003 exam? You're in the right place! Our collection of 100% real exam questions and answers is tailored to boost your chances of success. Our test questions cover a wide array of topics crucial for CASP+ certification, including risk management, enterprise security architecture, incident response, and more. Each question mirrors the format and complexity of the actual exam, ensuring you're well-prepared for what's ahead. In addition to our comprehensive exam questions, we offer valuable exam preparation resources such as study materials and exam guides. These resources are designed to enhance your understanding of key concepts and optimize your exam readiness. To further solidify your preparation, take advantage of our mock exams. These practice tests simulate the exam environment, allowing you to assess your knowledge and identify areas for improvement. With our help, you'll be equipped to pass the CompTIA CASP+ CAS-003 exam with confidence and earn your CompTIA Advanced Security Practitioner certification.

Take other online exams
Question #1
Given the following information about a company’s internal network:User IP space: 192.168.1.0/24 Server IP space: 192.168.192.0/25A security engineer has been told that there are rogue websites hosted outside of the proper server space, and those websites need to be identified.Which of the following should the engineer do?
A. se a protocol analyzer on 192
B. se a port scanner on 192
C. se an HTTP interceptor on 192
D. se a port scanner on 192
E. se a protocol analyzer on 192
View answer
Correct Answer: B
Question #2
A newly hired security analyst has joined an established SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concerned about it.Which of the following is the MOST likely reason for the team lead’s position?
A. he organization has accepted the risks associated with web-based threats
B. he attack type does not meet the organization’s threat model
C. eb-based applications are on isolated network segments
D. orporate policy states that NIPS signatures must be updated every hour
View answer
Correct Answer: A
Question #3
A company wants to confirm sufficient executable space protection is in place for scenarios in which malware may be attempting buffer overflow attacks. Which of the following should the security engineer check?
A. X/XN
B. SLR
C. trcpy
D. CC
View answer
Correct Answer: A
Question #4
A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet:Which of the following should the penetration tester conclude about the command output?
A. he public/private views on the Comptia
B. omptia
C. he DNS SPF records have not been updated for Comptia
D. 92
View answer
Correct Answer: B
Question #5
A security analyst, who is working in a Windows environment, has noticed a significant amount of IPv6 traffic originating from a client, even though IPv6 is not currently in use. The client is a stand-alone device, not connected to the AD that manages a series of SCADA devices used for manufacturing. Which of the following is the appropriate command to disable the client’s IPv6 stack?
A. uarantine emails sent to external domains containing PII and release after inspection
B. revent PII from being sent to domains that allow users to sign up for free webmail
C. nable transport layer security on all outbound email communications and attachments
D. rovide security awareness training regarding transmission of PII
View answer
Correct Answer: C
Question #6
An infrastructure team within an energy organization is at the end of a procurement process and has selected a vendor’s SaaS platform to deliver services. As part of the legal negotiation, there are a number of outstanding risks, including:1. There are clauses that confirm a data retention period in line with what is in the energy organization’s security policy.2. The data will be hosted and managed outside of the energy organization’s geographical location.The number of users accessing the system will be s
A. evelop a security exemption, as the solution does not meet the security policies of the energy organization
B. equire a solution owner within the energy organization to accept the identified risks and consequences
C. ititgate the risks by asking the vendor to accept the in-country privacy principles and modify the retention period
D. eview the procurement process to determine the lessons learned in relation to discovering risks toward the end of the process
View answer
Correct Answer: B
Question #7
A medical device company is implementing a new COTS antivirus solution in its manufacturing plant. All validated machines and instruments must be retested for interoperability with the new software.Which of the following would BEST ensure the software and instruments are working as designed?
A. ystem design documentation
B. ser acceptance testing
C. eer review
D. tatic code analysis testing
E. hange control documentation
View answer
Correct Answer: B
Question #8
A networking administrator was recently promoted to security administrator in an organization that handles highly sensitive data. The Chief Information Security Officer (CISO) has just asked for all IT security personnel to review a zero-day vulnerability and exploit for specific application servers to help mitigate the organization’s exposure to that risk. Which of the following should the new security administrator review to gain more information? (Choose three.)
A. IEM
B. DS/IPS
C. roxy server
D. irewall
E. outer
View answer
Correct Answer: ACG
Question #9
Following a recent data breach, a company has hired a new Chief Information Security Officer (CISO). The CISO is very concerned about the response time to the previous breach and wishes to know how the security team expects to react to a future attack. Which of the following is the BEST method to achieve this goal while minimizing disruption?
A. IEM server
B. DS appliance
C. CAP scanner
D. TTP interceptor
View answer
Correct Answer: C
Question #10
A recent penetration test identified that a web server has a major vulnerability. The web server hosts a critical shipping application for the company and requires 99.99% availability. Attempts to fix the vulnerability would likely break the application. The shipping application is due to be replaced in the next three months. Which of the following would BEST secure the web server until the replacement web server is ready?
A. atch management
B. ntivirus
C. pplication firewall
D. pam filters
E. IDS
View answer
Correct Answer: E
Question #11
A security engineer must establish a method to assess compliance with company security policies as they apply to the unique configuration of individual endpoints, as well as to the shared configuration policies of common devices. Which of the following tools is the security engineer using to produce the above output?
A. ulnerability scanner
B. IEM
C. ort scanner
D. CAP scanner
View answer
Correct Answer: B
Question #12
A security administrator wants to implement two-factor authentication for network switches and routers. The solution should integrate with the company’s RADIUS server, which is used for authentication to the network infrastructure devices. The security administrator implements the following:-An HOTP service is installed on the RADIUS server.-The RADIUS server is configured to require the HOTP service for authentication.The configuration is successfully tested using a software supplicant and enforced across
A. endor C for small remote sites, and Vendor B for large sites
B. endor B for all remote sites
C. endor C for all remote sites
D. endor A for all remote sites
E. endor D for all remote sites
View answer
Correct Answer: B
Question #13
The marketing department has developed a new marketing campaign involving significant social media outreach. The campaign includes allowing employees and customers to submit blog posts and pictures of their day-to-day experiences at the company. The information security manager has been asked to provide an informative letter to all participants regarding the security risks and how to avoid privacy and operational security issues.Which of the following is the MOST important information to reference in the le
A. fter-action reports from prior incidents
B. ocial engineering techniques
C. ompany policies and employee NDAs
D. ata classification processes
View answer
Correct Answer: C
Question #14
A Chief Information Security Officer (CISO) is working with a consultant to perform a gap assessment prior to an upcoming audit. It is determined during the assessment that the organization lacks controls to effectively assess regulatory compliance by third-party service providers. Which of the following should be revised to address this gap?
A. rivacy policy
B. ork breakdown structure
C. nterconnection security agreement
D. endor management plan
E. udit report
View answer
Correct Answer: D
Question #15
A deployment manager is working with a software development group to assess the security of a new version of the organization?€?s internally developed ERP tool.The organization prefers to not perform assessment activities following deployment, instead focusing on assessing security throughout the life cycle. Which of the following methods would BEST assess the security of the product?
A. Static code analysis in the IDE environment
B. Penetration testing of the UAT environment
C. Vulnerability scanning of the production environment
D. Penetration testing of the production environment
E. Peer review prior to unit testing
View answer
Correct Answer: C
Question #16
A security administrator is concerned about the increasing number of users who click on malicious links contained within phishing emails. Although the company has implemented a process to block these links at the network perimeter, many accounts are still becoming compromised. Which of the following should be implemented for further reduce the number of account compromises caused by remote users who click these links?
A. nti-spam gateways
B. ecurity awareness training
C. RL rewriting
D. nternal phishing campaign
View answer
Correct Answer: B
Question #17
An agency has implemented a data retention policy that requires tagging data according to type before storing it in the data repository. The policy requires all business emails be automatically deleted after two years. During an open records investigation, information was found on an employee’s work computer concerning a conversation that occurred three years prior and proved damaging to the agency’s reputation. Which of the following MOST likely caused the data leak?
A. he employee manually changed the email client retention settings to prevent deletion of emails
B. he file that contained the damaging information was mistagged and retained on the server for longer than it should have been
C. he email was encrypted and an exception was put in place via the data classification application
D. he employee saved a file on the computer’s hard drive that contained archives of emails, which were more than two years old
View answer
Correct Answer: D
Question #18
To prepare for an upcoming audit, the Chief Information Security Officer (CISO) asks for all 1200 vulnerabilities on production servers to be remediated. The security engineer must determine which vulnerabilities represent real threats that can be exploited so resources can be prioritized to migrate the most dangerous risks. The CISO wants the security engineer to act in the same manner as would an external threat, while using vulnerability scan results to prioritize any actions. Which of the following appr
A. lue team
B. ed team
C. lack box
D. hite team
View answer
Correct Answer: C
Question #19
The government is concerned with remote military missions being negatively impacted by the use of technology that may fail to protect operational security. To remediate this concern, a number of solutions have been implemented, including the following:-End-to-end encryption of all inbound and outbound communication, including personal email and chat sessions that allow soldiers to securely communicate with families. -Layer 7 inspection and TCP/UDP port restriction, including firewall rules to only allow TCP
A. alicious actors intercepting inbound and outbound communication to determine the scope of the mission
B. amily members posting geotagged images on social media that were received via email from soldiers
C. he effect of communication latency that may negatively impact real-time communication with mission control
D. he use of centrally managed military network and computers by soldiers when communicating with external parties
View answer
Correct Answer: B
Question #20
A systems administrator has installed a disk wiping utility on all computers across the organization and configured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. The company has also instituted a policy that requires users to erase files containing sensitive information when they are no longer needed.To ensure the process provides the intended results, an auditor reviews the following content from a randomly selected decommissioned hard disk: Which of the following
A. he hard disk contains bad sectors
B. he disk has been degaussed
C. he data represents part of the disk BIOS
D. ensitive data might still be present on the hard drives
View answer
Correct Answer: A
Question #21
Developers are working on a new feature to add to a social media platform. The new feature involves users uploading pictures of what they are currently doing. The data privacy officer (DPO) is concerned about various types of abuse that might occur due to this new feature. The DPO states the new feature cannot be released without addressing the physical safety concerns of the platform’s users.Which of the following controls would BEST address the DPO’s concerns?
A. ncreasing blocking options available to the uploader
B. dding a one-hour delay of all uploaded photos
C. emoving all metadata in the uploaded photo file
D. ot displaying to the public who uploaded the photo
E. orcing TLS for all connections on the platform
View answer
Correct Answer: C
Question #22
A web developer has implemented HTML5 optimizations into a legacy web application. One of the modifications the web developer made was the following client side optimization: localStorage.setItem(?€session-cookie?€, document.cookie);Which of the following should the security engineer recommend?
A. SessionStorage should be used so authorized cookies expire after the session ends
B. Cookies should be marked as ?€secure?€ and ?€HttpOnly?€
C. Cookies should be scoped to a relevant domain/path
D. Client-side cookies should be replaced by server-side mechanisms
View answer
Correct Answer: C
Question #23
A security engineer is attempting to convey the importance of including job rotation in a company’s standard security policies. Which of the following would be the BEST justification?
A. aking employees rotate through jobs ensures succession plans can be implemented and prevents single points of failure
B. orcing different people to perform the same job minimizes the amount of time malicious actions go undetected by forcing malicious actors to attempt collusion between two or more people
C. dministrators and engineers who perform multiple job functions throughout the day benefit from being cross-trained in new job areas
D. t eliminates the need to share administrative account passwords because employees gain administrative rights as they rotate into a new job area
View answer
Correct Answer: B
Question #24
A company relies on an ICS to perform equipment monitoring functions that are federally mandated for operation of the facility. Fines for non-compliance could be costly. The ICS has known vulnerabilities and can no longer be patched or updated. Cyber-liability insurance cannot be obtained because insurance companies will not insure this equipment.Which of the following would be the BEST option to manage this risk to the company's production environment?
A. void the risk by removing the ICS from production
B. ransfer the risk associated with the ICS vulnerabilities
C. itigate the risk by restricting access to the ICS
D. ccept the risk and upgrade the ICS when possible
View answer
Correct Answer: B
Question #25
A security researcher is gathering information about a recent spoke in the number of targeted attacks against multinational banks. The spike is on top of already sustained attacks against the banks. Some of the previous attacks have resulted in the loss of sensitive data, but as of yet the attackers have not successfully stolen any funds.Based on the information available to the researcher, which of the following is the MOST likely threat profile?
A. ation-state-sponsored attackers conducting espionage for strategic gain
B. nsiders seeking to gain access to funds for illicit purposes
C. pportunists seeking notoriety and fame for personal gain
D. acktivists seeking to make a political statement because of socio-economic factors
View answer
Correct Answer: D
Question #26
An internal staff member logs into an ERP platform and clicks on a record. The browser URL changes to:URL: http://192.168.0.100/ERP/accountId=5&action=SELECT Which of the following is the MOST likely vulnerability in this ERP platform?
A. rute forcing of account credentials
B. lain-text credentials transmitted over the Internet
C. nsecure direct object reference
D. QL injection of ERP back end
View answer
Correct Answer: C
Question #27
A security consultant is attempting to discover if the company is utilizing databases on client machines to store the customer data. The consultant reviews the following information: Which of the following commands would have provided this output?
A. rp -s
B. etstat -a
C. fconfig -arp
D. qlmap -w
View answer
Correct Answer: B
Question #28
A security appliance vendor is reviewing an RFP that is requesting solutions for the defense of a set of web- based applications. This RFP is from a financial institution with very strict performance requirements. The vendor would like to respond with its solutions. Before responding, which of the following factors is MOST likely to have an adverse effect on the vendor’s qualifications?
A. he solution employs threat information-sharing capabilities using a proprietary data model
B. he RFP is issued by a financial institution that is headquartered outside of the vendor’s own country
C. he overall solution proposed by the vendor comes in less that the TCO parameter in the RFP
D. he vendor’s proposed solution operates below the KPPs indicated in the RFP
View answer
Correct Answer: D
Question #29
A company wants to extend its help desk availability beyond business hours. The Chief Information Officer (CIO) decides to augment the help desk with a third- party service that will answer calls and provide Tier 1 problem resolution, such as password resets and remote assistance. The security administrator implements the following firewall change:
A. LDAP
B. WAYF
C. OpenID
D. RADIUS
E. SAML
View answer
Correct Answer: D
Question #30
After several industry competitors suffered data loss as a result of cyberattacks, the Chief Operating Officer (COO) of a company reached out to the information security manager to review the organization’s security stance. As a result of the discussion, the COO wants the organization to meet the following criteria:-Blocking of suspicious websites-Prevention of attacks based on threat intelligence-Reduction in spam-Identity-based reporting to meet regulatory compliance-Prevention of viruses based on signatu
A. econfigure existing IPS resources
B. mplement a WAF
C. eploy a SIEM solution
D. eploy a UTM solution
E. mplement an EDR platform
View answer
Correct Answer: D
Question #31
Which of the following is the GREATEST security concern with respect to BYOD?
A. he filtering of sensitive data out of data flows at geographic boundaries
B. emoving potential bottlenecks in data transmission paths
C. he transfer of corporate data onto mobile corporate devices
D. he migration of data into and out of the network in an uncontrolled manner
View answer
Correct Answer: D
Question #32
A security analyst who is concerned about sensitive data exfiltration reviews the following:Which of the following tools would allow the analyst to confirm if data exfiltration is occuring?
A. ort scanner
B. CAP tool
C. ile integrity monitor
D. rotocol analyzer
View answer
Correct Answer: D
Question #33
A security engineer is investigating a compromise that occurred between two internal computers. The engineer has determined during the investigation that one computer infected another. While reviewing the IDS logs, the engineer can view the outbound callback traffic, but sees no traffic between the two computers. Which of the following would BEST address the IDS visibility gap?
A. ar cvf - / | ssh 192
B. d if=/dev/mem | scp - 192
C. emdump /dev/sda1 | nc 192
D. d if=/dev/sda | nc 192
View answer
Correct Answer: C
Question #34
A Chief Information Security Officer (CISO) is reviewing the results of a gap analysis with an outside cybersecurity consultant. The gap analysis reviewed all procedural and technical controls and found the following:-High-impact controls implemented: 6 out of 10 -Medium-impact controls implemented: 409 out of 472 -Low-impact controls implemented: 97 out of 1000The report includes a cost-benefit analysis for each control gap. The analysis yielded the following information: -Average high-impact control imple
A. oo much emphasis has been placed on eliminating low-risk vulnerabilities in the past
B. he enterprise security team has focused exclusively on mitigating high-level risks
C. ecause of the significant ALE for each high-risk vulnerability, efforts should be focused on those controls
D. he cybersecurity team has balanced residual risk for both high and medium controls
View answer
Correct Answer: C
Question #35
A consultant is hired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessment will be considered successful if the consultant can discover the name of one of the IT administrators.Which of the following is MOST likely to produce the needed information?
A. hois
B. NS enumeration
C. ulnerability scanner
D. ingerprinting
View answer
Correct Answer: A
Question #36
The Chief Information Security Officer (CISO) for an organization wants to develop custom IDS rulesets faster, prior to new rules being released by IDS vendors. Which of the following BEST meets this objective?
A. dentify a third-party source for IDS rules and change the configuration on the applicable IDSs to pull in the new rulesets
B. ncourage cybersecurity analysts to review open-source intelligence products and threat database to generate new IDS rules based on those sources
C. everage the latest TCP- and UDP-related RFCs to arm sensors and IDSs with appropriate heuristics for anomaly detection
D. se annual hacking conventions to document the latest attacks and threats, and then develop IDS rules to counter those threats
View answer
Correct Answer: B
Question #37
Ann, a terminated employee, left personal photos on a company-issued laptop and no longer has access to them. Ann emails her previous manager and asks to get her personal photos back.Which of the following BEST describes how the manager should respond?
A. etermine if the data still exists by inspecting to ascertain if the laptop has already been wiped and if the storage team has recent backups
B. nform Ann that the laptop was for company data only and she should not have stored personal photos on a company asset
C. eport the email because it may have been a spoofed request coming from an attacker who is trying to exfiltrate data from the company laptop
D. onsult with the legal and/or human resources department and check company policies around employment and termination procedures
View answer
Correct Answer: D
Question #38
A software development company lost customers recently because of a large number of software issues. These issues were related to integrity and availability defects, including buffer overflows, pointer dereferences, and others. Which of the following should the company implement to improve code quality? (Choose two.)
A. sing an SSO application that supports mutlifactor authentication
B. nabling the web application to support LDAP integration
C. orcing higher-complexity passwords and frequent changes
D. eploying Shibboleth to all web-based applications in the enterprise
View answer
Correct Answer: DF
Question #39
Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in a secure environment?
A. DA
B. OU
C. IA
D. LA
View answer
Correct Answer: D
Question #40
An organization’s network security administrator has been using an SSH connection to manage switches and routers for several years. After attempting to connect to a router, an alert appears on the terminal emulation software, warning that the SSH key has changed.After confirming the administrator is using the typical workstation and the router has not been replaced, which of the following are the MOST likely explanations for the warning message? (Choose two.)
A. TR
B. LE
C. TBF
D. LE
E. PO
View answer
Correct Answer: BE
Question #41
An organization is currently working with a client to migrate data between a legacy ERP system and a cloud- based ERP tool using a global PaaS provider. As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements. Which of the following is the MOST likely reason for the need to sanitize the client data? (Choose two.)
A. iometric authentication
B. loud storage encryption
C. pplication containerization
D. ardware anti-tamper
View answer
Correct Answer: BF
Question #42
To meet an SLA, which of the following document should be drafted, defining the company’s internal interdependent unit responsibilities and delivery timelines.
A. PA
B. LA
C. SA
D. OU
View answer
Correct Answer: B
Question #43
A government contractor was the victim of a malicious attack that resulted in the theft of sensitive information. An analyst’s subsequent investigation of sensitive systems led to the following discoveries:-There was no indication of the data owner’s or user’s accounts being compromised. -No database activity outside of previous baselines was discovered.-All workstations and servers were fully patched for all known vulnerabilities at the time of the attack. -It was likely not an insider threat, as all emplo
A. he attacker harvested the hashed credentials of an account within the database administrators group after dumping the memory of a compromised machine
B. n account, which belongs to an administrator of virtualization infrastructure, was compromised with a successful phishing attack
C. shared workstation was physically accessible in a common area of the contractor’s office space and was compromised by an attacker using a USB exploit, which resulted in gaining a local administrator account
D. fter successfully using a watering hole attack to deliver an exploit to a machine, which belongs to an employee of the contractor, an attacker gained access to a corporate laptop
View answer
Correct Answer: B
Question #44
As part of incident response, a technician is taking an image of a compromised system and copying the image to a remote image server (192.168.45.82). The system drive is very large but does not contain the sensitive data. The technician has limited time to complete this task. Which of the following is the BEST command for the technician to run?
A. se the route protection offered by the ISP to accept only BGP routes from trusted hosts on the Internet, which will discard traffic from attacking hosts
B. ork with the ISP and subscribe to an IPS filter that can recognize the attack patterns of the attacking hosts, and block those hosts at the local IPS device
C. dvertise a /32 route to the ISP to initiate a remotely triggered black hole, which will discard traffic destined to the problem server at the upstream provider
D. dd a redundant connection to a second local ISP, so a redundant connection is available for use if the server is being attacked on one connection
View answer
Correct Answer: D
Question #45
A security engineer is designing a system in which offshore, outsourced staff can push code from the development environment to the production environment securely. The security engineer is concerned with data loss, while the business does not want to slow down its development process. Which of the following solutions BEST balances security requirements with business need?
A. et up a VDI environment that prevents copying and pasting to the local workstations of outsourced staff members
B. nstall a client-side VPN on the staff laptops and limit access to the development network
C. reate an IPSec VPN tunnel from the development network to the office of the outsourced staff
D. se online collaboration tools to initiate workstation-sharing sessions with local staff who have access to the development network
View answer
Correct Answer: D
Question #46
A breach was caused by an insider threat in which customer PII was compromised. Following the breach, a lead security analyst is asked to determine which vulnerabilities the attacker used to access company resources.Which of the following should the analyst use to remediate the vulnerabilities?
A. rotocol analyzer
B. oot cause analysis
C. ehavioral analytics
D. ata leak prevention
View answer
Correct Answer: D
Question #47
While attending a meeting with the human resources department, an organization’s information security officer sees an employee using a username and password written on a memo pad to log into a specific service. When the information security officer inquires further as to why passwords are being written down, the response is that there are too many passwords to remember for all the different services the human resources department is required to use.Additionally, each password has specific complexity require
A. tilizing MFA
B. mplementing SSO
C. eploying 802
D. ushing SAML adoption
E. mplementing TACACS
View answer
Correct Answer: B
Question #48
A SaaS-based email service provider often receives reports from legitimate customers that their IP netblocks are on blacklists and they cannot send email. The SaaS has confirmed that affected customers typically have IP addresses within broader network ranges and some abusive customers within the same IP ranges may have performed spam campaigns. Which of the following actions should the SaaS provider perform to minimize legitimate customer impact?
A. nform the customer that the service provider does not have any control over third-party blacklist entries
B. erform a takedown of any customer accounts that have entries on email blacklists because this is a strong indicator of hostile behavior
C. ork with the legal department and threaten legal action against the blacklist operator if the netblocks are not removed because this is affecting legitimate traffic
D. stablish relationship with a blacklist operators so broad entries can be replaced with more granular entries and incorrect entries can be quickly pruned
View answer
Correct Answer: D
Question #49
A company’s chief cybersecurity architect wants to configure mutual authentication to access an internal payroll website. The architect has asked the administration team to determine the configuration that would provide the best defense against MITM attacks. Which of the following implementation approaches would BEST support the architect’s goals?
A. tilize a challenge-response prompt as required input at username/password entry
B. mplement TLS and require the client to use its own certificate during handshake
C. onfigure a web application proxy and institute monitoring of HTTPS transactions
D. nstall a reverse proxy in the corporate DMZ configured to decrypt TLS sessions
View answer
Correct Answer: B
Question #50
A hospital?€?s security team recently determined its network was breached and patient data was accessed by an external entity. The Chief Information SecurityOfficer (CISO) of the hospital approaches the executive management team with this information, reports the vulnerability that led to the breach has already been remediated, and explains the team is continuing to follow the appropriate incident response plan. The executive team is concerned about the hospital?€?s brand reputation and asks the CISO when t
A. When it is mandated by their legal and regulatory requirements
B. As soon as possible in the interest of the patients
C. As soon as the public relations department is ready to be interviewed
D. When all steps related to the incident response plan are completed
E. Upon the approval of the Chief Executive Officer (CEO) to release information to the public
View answer
Correct Answer: A
Question #51
A security administrator wants to allow external organizations to cryptographically validate the company’s domain name in email messages sent by employees. Which of the following should the security administrator implement?
A. PF
B. /MIME
C. LS
D. KIM
View answer
Correct Answer: D
Question #52
A security architect is reviewing the code for a company’s financial website. The architect suggests adding the following HTML element, along with a server-side function, to generate a random number on the page used to initiate a funds transfer:Which of the following attacks is the security architect attempting to prevent?
A. QL injection
B. SRF
C. SS
D. lickjacking
View answer
Correct Answer: B
Question #53
A software development team has spent the last 18 months developing a new web-based front-end that will allow clients to check the status of their orders as they proceed through manufacturing. The marketing team schedules a launch party to present the new application to the client base in two weeks. Before the launch, the security team discovers numerous flaws that may introduce dangerous vulnerabilities, allowing direct access to a database used by manufacturing. The development team did not plan to remedi
A. mplementing regression testing
B. ompleting user acceptance testing
C. erifying system design documentation
D. sing a SRTM
View answer
Correct Answer: D
Question #54
Providers at a healthcare system with many geographically dispersed clinics have been fined five times this year after an auditor received notice of the following SMS messages:Which of the following represents the BEST solution for preventing future fines?
A. mplement a secure text-messaging application for mobile devices and workstations
B. rite a policy requiring this information to be given over the phone only
C. rovide a courier service to deliver sealed documents containing public health informatics
D. mplement FTP services between clinics to transmit text documents with the information
E. mplement a system that will tokenize patient numbers
View answer
Correct Answer: A
Question #55
A security engineer has been hired to design a device that will enable the exfiltration of data from within a well- defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place, as well as allow for the upload of commands from a centralized command and control server. The total cost of the device must be kept to a minimum in case the device is discovered during an assessment.Which of the following tools should the engineer load onto the device being designed?
A. ustom firmware with rotating key generation
B. utomatic MITM proxy
C. CP beacon broadcast software
D. everse shell endpoint listener
View answer
Correct Answer: B
Question #56
A network engineer is attempting to design-in resiliency characteristics for an enterprise network’s VPN services.If the engineer wants to help ensure some resilience against zero-day vulnerabilities exploited against the VPN implementation, which of the following decisions would BEST support this objective?
A. mplement a reverse proxy for VPN traffic that is defended and monitored by the organization’s SOC with near-real-time alerting to administrators
B. ubscribe to a managed service provider capable of supporting the mitigation of advanced DDoS attacks on the enterprise’s pool of VPN concentrators
C. istribute the VPN concentrators across multiple systems at different physical sites to ensure some backup services are available in the event of primary site loss
D. mploy a second VPN layer concurrently where the other layer’s cryptographic implementation is sourced from a different vendor
View answer
Correct Answer: D
Question #57
A security analyst is inspecting pseudocode of the following multithreaded application: Which of the following security concerns is evident in the above pseudocode?
A. ime of check/time of use
B. esource exhaustion
C. mproper storage of sensitive data
D. rivilege escalation
View answer
Correct Answer: A
Question #58
A company is developing requirements for a customized OS build that will be used in an embedded environment. The company procured hardware that is capable of reducing the likelihood of successful buffer overruns while executables are processing. Which of the following capabilities must be included for the OS to take advantage of this critical hardware-based countermeasure?
A. Application whitelisting
B. NX/XN bit
C. ASLR
D. TrustZone
E. SCP
View answer
Correct Answer: B
Question #59
A security engineer is embedded with a development team to ensure security is built into products being developed. The security engineer wants to ensure developers are not blocked by a large number of security requirements applied at specific schedule points.Which of the following solutions BEST meets the engineer’s goal?
A. series of ad-hoc tests that each verify security control functionality of the entire system at once
B. series of discrete tasks that, when viewed in total, can be used to verify and document each individual constraint from the SRTM
C. set of formal methods that apply to one or more of the programing languages used on the development project
D. methodology to verify each security control in each unit of developed code prior to committing the code
View answer
Correct Answer: C
Question #60
An organization is deploying IoT locks, sensors, and cameras, which operate over 802.11, to replace legacy building access control systems. These devices are capable of triggering physical access changes, including locking and unlocking doors and gates. Unfortunately, the devices have known vulnerabilities for which the vendor has yet to provide firmware updates.Which of the following would BEST mitigate this risk?
A. irect wire the IoT devices into physical switches and place them on an exclusive VLAN
B. equire sensors to sign all transmitted unlock control messages digitally
C. ssociate the devices with an isolated wireless network configured for WPA2 and EAP-TLS
D. mplement an out-of-band monitoring solution to detect message injections and attempts
View answer
Correct Answer: C
Question #61
A systems administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?
A. solate all of the PHI on its own VLAN and keep it segregated at Layer 2
B. mmediately encrypt all PHI with AES-256
C. elete all PHI from the network until the legal department is consulted
D. onsult the legal department to determine legal requirements
View answer
Correct Answer: B
Question #62
A security engineer is assessing a new IoT product. The product interfaces with the ODBII port of a vehicle and uses a Bluetooth connection to relay data to an onboard data logger located in the vehicle. The data logger can only transfer data over a custom USB cable. The engineer suspects a relay attack is possible against the cryptographic implementation used to secure messages between segments of the system. Which of the following tools should the engineer use to confirm the analysis?
A. inary decompiler
B. ireless protocol analyzer
C. og analysis and reduction tools
D. etwork-based fuzzer
View answer
Correct Answer: B
Question #63
A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization’s vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to the organization. The CISO determines systems administrators need to participate in industry security events. Which of the following is the CISO looking to improve?
A. endor diversification
B. ystem hardening standards
C. ounty programs
D. hreat awareness
E. ulnerability signatures
View answer
Correct Answer: D
Question #64
A security administrator is advocating for enforcement of a new policy that would require employers with privileged access accounts to undergo periodic inspections and review of certain job performance data. To which of the following policies is the security administrator MOST likely referring?
A. ackground investigation
B. andatory vacation
C. east privilege
D. eparation of duties
View answer
Correct Answer: B
Question #65
A government organization operates and maintains several ICS environments. The categorization of one of the ICS environments led to a moderate baseline. The organization has complied a set of applicable security controls based on this categorization.Given that this is a unique environment, which of the following should the organization do NEXT to determine if other security controls should be considered?
A. heck for any relevant or required overlays
B. eview enhancements within the current control set
C. odify to a high-baseline set of controls
D. erform continuous monitoring
View answer
Correct Answer: C
Question #66
During a security event investigation, a junior analyst fails to create an image of a server’s hard drive before removing the drive and sending it to the forensics analyst. Later, the evidence from the analysis is not usable in the prosecution of the attackers due to the uncertainty of tampering. Which of the following should the junior analyst have followed?
A. ontinuity of operations
B. hain of custody
C. rder of volatility
D. ata recovery
View answer
Correct Answer: C
Question #67
A vulnerability was recently announced that allows a malicious user to gain root privileges on other virtual machines running within the same hardware cluster. Customers of which of the following cloud-based solutions should be MOST concerned about this vulnerability?
A. ingle-tenant private cloud
B. ultitenant SaaS cloud
C. ingle-tenant hybrid cloud
D. ultitenant IaaS cloud
E. ultitenant PaaS cloud
View answer
Correct Answer: D
Question #68
A company recently implemented a new cloud storage solution and installed the required synchronization client on all company devices. A few months later, a breach of sensitive data was discovered. Root cause analysis shows the data breach happened from a lost personal mobile device.Which of the following controls can the organization implement to reduce the risk of similar breaches?
A. obile tokenization
B. xport controls
C. evice containerization
D. rivacy policies
View answer
Correct Answer: A
Question #69
A security administrator is hardening a TrustedSolaris server that processes sensitive data. The data owner has established the following security requirements:-The data is for internal consumption only and shall not be distributed to outside individuals -The systems administrator should not have access to the data processed by the server -The integrity of the kernel image is maintainedWhich of the following host-based security controls BEST enforce the data owner’s requirements? (Choose three.)
A. SA
B. IA
C. LA
D. A
View answer
Correct Answer: CEF
Question #70
A corporate forensic investigator has been asked to acquire five forensic images of an employee database application. There are three images to capture in the United States, one in the United Kingdom, and one in Germany. Upon completing the work, the forensics investigator saves the images to a local workstation. Which of the following types of concerns should the forensic investigator have about this work assignment?
A. nvironmental
B. rivacy
C. thical
D. riminal
View answer
Correct Answer: B
Question #71
A security consultant is considering authentication options for a financial institution. The following authentication options are available. Drag and drop the security mechanism to the appropriate use case. Options may be used once.Select and Place:
A. lease refer to Explanation below for the answer
View answer
Correct Answer: A
Question #72
An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes. The machine is running a very recent release of the Linux OS.Which of the following technical approaches would be the MOST feasible way to accomplish this capture?
A. un the memdump utility with the -k flag
B. se a loadable kernel module capture utility, such as LiME
C. un dd on/dev/mem
D. mploy a stand-alone utility, such as FTK Imager
View answer
Correct Answer: D
Question #73
An organization just merged with an organization in another legal jurisdiction and must improve its network security posture in ways that do not require additional resources to implement data isolation. One recommendation is to block communication between endpoint PCs. Which of the following would be the BEST solution?
A. nstalling HIDS
B. onfiguring a host-based firewall
C. onfiguring EDR
D. mplementing network segmentation
View answer
Correct Answer: D
Question #74
Legal counsel has notified the information security manager of a legal matter that will require the preservation of electronic records for 2000 sales force employees. Source records will be email, PC, network shares, and applications.After all restrictions have been lifted, which of the following should the information manager review?
A. ata retention policy
B. egal hold
C. hain of custody
D. cope statement
View answer
Correct Answer: A
Question #75
Company.org has requested a black-box security assessment be performed on key cyber terrain. One area of concern is the company’s SMTP services. The security assessor wants to run reconnaissance before taking any additional action and wishes to determine which SMTP server is Internet-facing.Which of the following commands should the assessor use to determine this information?
A. nsrecon –d company
B. ig company
C. c –v company
D. hois company
View answer
Correct Answer: A
Question #76
First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss. In a rush to isolate the three hosts that were calling out to the NAS to encrypt whole directories, the hosts were shut down immediately without investigation and then isolated. Which of the following were missed? (Choose two.)
A. disaster recovery plan
B. n incident response plan
C. business continuity plan
D. risk avoidance plan
View answer
Correct Answer: DE
Question #77
A server (10.0.0.2) on the corporate network is experiencing a DoS from a number of marketing desktops that have been compromised and are connected to a separate network segment. The security engineer implements the following configuration on the management router:Which of the following is the engineer implementing?
A. emotely triggered black hole
B. oute protection
C. ort security
D. ransport security
E. ddress space layout randomization
View answer
Correct Answer: B
Question #78
A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities. The analyst inspects the following portions of different configuration files:Configuration file 1:Operator ALL=/sbin/rebootConfiguration file 2:Command=”/sbin/shutdown now”, no-x11-forwarding, no-pty, ssh-dssConfiguration file 3: Operator:x:1000:1000::/home/operator:/bin/bashWhich of the following explains why an intended operator cannot perform the intended a
A. he sudoers file is locked down to an incorrect command
B. SH command shell restrictions are misconfigured
C. he passwd file is misconfigured
D. he SSH command is not allowing a pty session
View answer
Correct Answer: D
Question #79
An online bank has contracted with a consultant to perform a security assessment of the bank’s web portal. The consultant notices the login page is linked from the main page with HTTPS, but when the URL is changed to HTTP, the browser is automatically redirected back to the HTTPS site. Which of the following is a concern for the consultant, and how can it be mitigated?
A. SS could be used to inject code into the login page during the redirect to the HTTPS site
B. he consultant is concerned the site is using an older version of the SSL 3
C. he HTTP traffic is vulnerable to network sniffing, which could disclose usernames and passwords to an attacker
D. successful MITM attack Could intercept the redirect and use sslstrip to decrypt further HTTPS traffic
View answer
Correct Answer: D
Question #80
A team is at the beginning stages of designing a new enterprise-wide application. The new application will have a large database and require a capital investment in hardware. The Chief Information Officer (СIO) has directed the team to save money and reduce the reliance on the datacenter, and the vendor must specialize in hosting large databases in the cloud. Which of the following cloud-hosting options would BEST meet these needs?
A. ulti-tenancy SaaS
B. ybrid IaaS
C. ingle-tenancy PaaS
D. ommunity IaaS
View answer
Correct Answer: C
Question #81
A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline. Which of the following tools should be implemented to detect similar attacks?
A. ulnerability scanner
B. PM
C. ost-based firewall
D. ile integrity monitor
E. IPS
View answer
Correct Answer: D
Question #82
After the departure of a developer under unpleasant circumstances, the company is concerned about the security of the software to which the developer has access. Which of the following is the BEST way to ensure security of the code following the incident?
A. ata custodian
B. ata owner
C. ecurity analyst
D. usiness unit director
E. hief Executive Officer (CEO)
View answer
Correct Answer: A
Question #83
A Chief Information Security Officer (CISO) implemented MFA for all accounts in parallel with the BYOD policy. After the implementation, employees report the increased authentication method is causing increased time to tasks. This applies both to accessing the email client on the workstation and the online collaboration portal.Which of the following should be the CISO implement to address the employees’ concerns?
A. reate an exception for the company’s IPs
B. mplement always-on VPN
C. onfigure the use of employee PKI authentication for email
D. llow the use of SSO
View answer
Correct Answer: D
Question #84
Management is reviewing the results of a recent risk assessment of the organization’s policies and procedures. During the risk assessment it is determined that procedures associated with background checks have not been effectively implemented. In response to this risk, the organization elects to revise policies and procedures related to background checks and use a third-party to perform background checks on all new employees.Which of the following risk management strategies has the organization employed?
A. ransfer
B. itigate
C. ccept
D. void
E. eject
View answer
Correct Answer: B
Question #85
A database administrator is required to adhere to and implement privacy principles when executing daily tasks. A manager directs the administrator to reduce the number of unique instances of PII stored within an organization’s systems to the greatest extent possible.Which of the following principles is being demonstrated?
A. dministrator accountability
B. II security
C. ecord transparency
D. ata minimization
View answer
Correct Answer: D
Question #86
Ann, a member of the finance department at a large corporation, has submitted a suspicious email she received to the information security team. The team was not expecting an email from Ann, and it contains a PDF file inside a ZIP compressed archive. The information security team is not sure which files were opened. A security team member uses an air-gapped PC to open the ZIP and PDF, and it appears to be a social engineering attempt to deliver an exploit.Which of the following would provide greater insight
A. un an antivirus scan on the finance PC
B. se a protocol analyzer on the air-gapped PC
C. erform reverse engineering on the document
D. nalyze network logs for unusual traffic
E. un a baseline analyzer against the user’s computer
View answer
Correct Answer: C
Question #87
A security engineer is deploying an IdP to broker authentication between applications. These applications all utilize SAML 2.0 for authentication. Users log into the IdP with their credentials and are given a list of applications they may access. One of the application’s authentications is not functional when a user initiates an authentication attempt from the IdP. The engineer modifies the configuration so users browse to the application first, which corrects the issue. Which of the following BEST describe
A. he application only supports SP-initiated authentication
B. he IdP only supports SAML 1
C. here is an SSL certificate mismatch between the IdP and the SaaS application
D. he user is not provisioned correctly on the IdP
View answer
Correct Answer: A
Question #88
As part of the development process for a new system, the organization plans to perform requirements analysis and risk assessment. The new system will replace a legacy system, which the organization has used to perform data analytics.Which of the following is MOST likely to be part of the activities conducted by management during this phase of the project?
A. tatic code analysis and peer review of all application code
B. alidation of expectations relating to system performance and security
C. oad testing the system to ensure response times is acceptable to stakeholders
D. esign reviews and user acceptance testing to ensure the system has been deployed properly
E. egression testing to evaluate interoperability with the legacy system during the deployment
View answer
Correct Answer: B
Question #89
A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive analysis attacks.Which of the following is the BEST solution?
A. se an entropy-as-a-service vendor to leverage larger entropy pools
B. oop multiple pseudo-random number generators in a series to produce larger numbers
C. ncrease key length by two orders of magnitude to detect brute forcing
D. hift key generation algorithms to ECC algorithms
View answer
Correct Answer: A
Question #90
A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable.Which of the following solutions BEST meets all of the architect’s objectives?
A. nsure all IoT devices are configured in a geofencing mode so the devices do not work when removed from the home network
B. nstall a firewall capable of cryptographically separating network traffic, require strong authentication to access all IoT devices, and restrict network access for the home assistant based on time-of-day restrictions
C. egment the home network to separate network traffic from users and the IoT devices, ensure security settings on the home assistant support no or limited recording capability, and install firewall rules on the router to restrict traffic to the home assistant as much as possible
D. hange all default passwords on the IoT devices, disable Internet access for the IoT devices and the home assistant, obtain routable IP addresses for all devices, and implement IPv6 and IPSec protections on all network traffic
View answer
Correct Answer: D
Question #91
An organization is currently working with a client to migrate data between a legacy ERP system and a cloud- based ERP tool using a global PaaS provider. As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements. Which of the following is the MOST likely reason for the need to sanitize the client data?
A. ata aggregation
B. ata sovereignty
C. ata isolation
D. ata volume
E. ata analytics
View answer
Correct Answer: B
Question #92
Which of the following is an external pressure that causes companies to hire security assessors and penetration testers?
A. ack of adequate in-house testing skills
B. equirements for geographically based assessments
C. ost reduction measures
D. egulatory insistence on independent reviews
View answer
Correct Answer: D
Question #93
The Chief Financial Officer (CFO) of a major hospital system has received a ransom letter that demands a large sum of cryptocurrency be transferred to an anonymous account. If the transfer does not take place within ten hours, the letter states that patient information will be released on the dark web. A partial listing of recent patients is included in the letter. This is the first indication that a breach took place. Which of the following steps should be done FIRST?
A. eview audit logs to determine the extent of the breach
B. ay the hacker under the condition that all information is destroyed
C. ngage a counter-hacking team to retrieve the data
D. otify the appropriate legal authorities and legal counsel
View answer
Correct Answer: D
Question #94
An organization’s Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer (CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO’s inbox from a familiar name with an attachment. Which of the following should the CISO task a security analyst with to determine whether or not the attachment is safe?
A. lace it in a malware sandbox
B. erform a code review of the attachment
C. onduct a memory dump of the CFO’s P
D. un a vulnerability scan on the email server
View answer
Correct Answer: A
Question #95
An organization’s network engineering team recently deployed a new software encryption solution to ensure the confidentiality of data at rest, which was found to add 300ms of latency to data read-write requests in storage, impacting business operations. Which of the following alternative approaches would BEST address performance requirements while meeting the intended security objective?
A. mploy hardware FDE or SED solutions
B. tilize a more efficient cryptographic hash function
C. eplace HDDs with SSD arrays
D. se a FIFO pipe a multithreaded software solution
View answer
Correct Answer: A
Question #96
A technician is validating compliance with organizational policies. The user and machine accounts in the AD are not set to expire, which is non-compliant. Which of the following network tools would provide this type of information?
A. ecurity awareness training
B. ast login verification
C. og correlation
D. ime-of-check controls
E. ime-of-use controls
View answer
Correct Answer: C
Question #97
During a security assessment, activities were divided into two phases: internal and external exploitation. The security assessment team set a hard time limit on external activities before moving to a compromised box within the enterprise perimeter.Which of the following methods is the assessment team most likely to employ NEXT?
A. ivoting from the compromised, moving laterally through the enterprise, and trying to exfiltrate data and compromise devices
B. onducting a social engineering attack attempt with the goal of accessing the compromised box physically
C. xfiltrating network scans from the compromised box as a precursor to social media reconnaissance
D. pen-source intelligence gathering to identify the network perimeter and scope to enable further system compromises
View answer
Correct Answer: A
Question #98
A security administrator was informed that a server unexpectedly rebooted. The administrator received an export of syslog entries for analysis: Which of the following does the log sample indicate? (Choose two.)
A. hreat modeling
B. isk assessment
C. ulnerability data
D. hreat intelligence
E. isk metrics
View answer
Correct Answer: CE
Question #99
Ann, a security administrator, is conducting an assessment on a new firewall, which was placed at the perimeter of a network containing PII. Ann runs the following commands on a server (10.0.1.19) behind the firewall: From her own workstation (192.168.2.45) outside the firewall, Ann then runs a port scan against the server and records the following packet capture of the port scan:Connectivity to the server from outside the firewall worked as expected prior to executing these commands. Which of the following
A. t is correctly dropping all packets destined for the server
B. t is not blocking or filtering any traffic to the server
C. ptables needs to be restarted
D. he IDS functionality of the firewall is currently disabled
View answer
Correct Answer: A
Question #100
A large company with a very complex IT environment is considering a move from an on-premises, internally managed proxy to a cloud-based proxy solution managed by an external vendor. The current proxy provides caching, content filtering, malware analysis, and URL categorization for all staff connected behind the proxy. Staff members connect directly to the Internet outside of the corporate network. The cloud-based version of the solution would provide content filtering, TLS decryption, malware analysis, and
A.
B.
C.
D.
View answer
Correct Answer: B
Question #101
An SQL database is no longer accessible online due to a recent security breach. An investigation reveals that unauthorized access to the database was possible due to an SQL injection vulnerability. To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two.)
A. andomly calling customer employees and posing as a help desk technician requiring user password to resolve issues
B. osing as a copier service technician and indicating the equipment had ?€phoned home?€ to alert the technician for a service call
C. imulating an illness while at a client location for a sales call and then recovering once listening devices are installed
D. btaining fake government credentials and impersonating law enforcement to gain access to a company facility
View answer
Correct Answer: CF
Question #102
After multiple service interruptions caused by an older datacenter design, a company decided to migrate away from its datacenter. The company has successfully completed the migration of all datacenter servers and services to a cloud provider. The migration project includes the following phases:? Selection of a cloud provider? Architectural design? Microservice segmentation? Virtual private cloud? Geographic service redundancy? Service migrationThe Chief Information Security Officer (CISO) is still concerned
A. Multicloud solution
B. Single-tenancy private cloud
C. Hybrid cloud solution
D. Cloud access security broker
View answer
Correct Answer: D
Question #103
A security controls assessor intends to perform a holistic configuration compliance test of networked assets. The assessor has been handed a package of definitions provided in XML format, and many of the files have two common tags within them: ?€?€ and ?€?€. Which of the following tools BEST supports the use of these definitions?
A. HTTP interceptor
B. Static code analyzer
C. SCAP scanner
D. XML fuzzer
View answer
Correct Answer: D
Question #104
A company’s security policy states any remote connections must be validated using two forms of network- based authentication. It also states local administrative accounts should not be used for any remote access. PKI currently is not configured within the network. RSA tokens have been provided to all employees, as well as a mobile application that can be used for 2FA authentication. A new NGFW has been installed within the network to provide security for external connections, and the company has decided to
A. void
B. itigate
C. ransfer
D. ccept
View answer
Correct Answer: DE
Question #105
A security engineer has implemented an internal user access review tool so service teams can baseline user accounts and group memberships. The tool is functional and popular among its initial set of onboarded teams. However, the tool has not been built to cater to a broader set of internal teams yet. The engineer has sought feedback from internal stakeholders, and a list of summarized requirements is as follows:-The tool needs to be responsive so service teams can query it, and then perform an automated res
A.
B.
C.
D.
View answer
Correct Answer: BCE
Question #106
A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior. The company must deploy a host solution to meet the following requirements:-Detect administrative actions -Block unwanted MD5 hashes -Provide alerts-Stop exfiltration of cardholder dataWhich of the following solutions would BEST meet these requirements? (Choose two.)
A. he amount of data to be moved
B. he frequency of data backups
C. hich users will have access to which data
D. hen the file server will be decommissioned
View answer
Correct Answer: BD
Question #107
A Chief Information Security Officer (CISO is reviewing and revising system configuration and hardening guides that were developed internally and have been used several years to secure the organization’s systems. The CISO knows improvements can be made to the guides. Which of the following would be the BEST source of reference during the revision process?
A. VE database
B. nternal security assessment reports
C. ndustry-accepted standards
D. xternal vulnerability scan reports
E. endor-specific implementation guides
View answer
Correct Answer: A
Question #108
A security administrator is updating corporate policies to respond to an incident involving collusion between two systems administrators that went undetected for more than six months.Which of the following policies would have MOST likely uncovered the collusion sooner? (Choose two.)
A. mplement a strong, complex password policy for user accounts that have access to the core router
B. eploy 802
C. dd additional port security settings for the switching environment connected to the core router
D. llow access to the core router management interface only through an out-of-band channel
View answer
Correct Answer: BF
Question #109
A Chief Information Officer (CIO) publicly announces the implementation of a new financial system. As part of a security assessment that includes a social engineering task, which of the following tasks should be conducted to demonstrate the BEST means to gain information to use for a report on social vulnerability details about the financial system?
A. ulnerability assessment
B. isk assessment
C. atch management
D. evice quarantine
E. ncident management
View answer
Correct Answer: D
Question #110
During a security assessment, an organization is advised of inadequate control over network segmentation. The assessor explains that the organization’s reliance on VLANs to segment traffic is insufficient to provide segmentation based on regulatory standards. Which of the following should the organization consider implementing along with VLANs to provide a greater level of segmentation?
A. ir gaps
B. ccess control lists
C. panning tree protocol
D. etwork virtualization
E. lastic load balancing
View answer
Correct Answer: D
Question #111
A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence. The firm’s systems are running modern operating systems and feature UEFI and TPMs. Which of the following technical options would provide the MOST preventive value?
A. pdate and deploy GPOs
B. onfigure and use measured boot
C. trengthen the password complexity requirements
D. pdate the antivirus software and definitions
View answer
Correct Answer: D
Question #112
An analyst is investigating anomalous behavior on a corporate-owned, corporate-managed mobile device with application whitelisting enabled, based on a name string. The employee to whom the device is assigned reports the approved email client is displaying warning messages that can launch browser windows and is adding unrecognized email addresses to the “compose” window.Which of the following would provide the analyst the BEST chance of understanding and characterizing the malicious behavior?
A. everse engineer the application binary
B. erform static code analysis on the source code
C. nalyze the device firmware via the JTAG interface
D. hange to a whitelist that uses cryptographic hashing
E. enetration test the mobile application
View answer
Correct Answer: A
Question #113
During a security event investigation, a junior analyst fails to create an image of a server?€?s hard drive before removing the drive and sending it to the forensics analyst. Later, the evidence from the analysis is not usable in the prosecution of the attackers due to the uncertainty of tampering. Which of the following should the junior analyst have followed?
A. Continuity of operations
B. Chain of custody
C. Order of volatility
D. Data recovery
View answer
Correct Answer: C
Question #114
An organization enables BYOD but wants to allow users to access the corporate email, calendar, and contacts from their devices. The data associated with the user’s accounts is sensitive, and therefore, the organization wants to comply with the following requirements:-Active full-device encryption -Enabled remote-device wipe-Blocking unsigned applications -Containerization of email, calendar, and contactsWhich of the following technical controls would BEST protect the data from attack or loss and meet the ab
A. equire frequent password changes and disable NFC
B. nforce device encryption and activate MAM
C. nstall a mobile antivirus application
D. onfigure and monitor devices with an MDM
View answer
Correct Answer: D
Question #115
Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue. The security team needs to find a technical control mechanism that will meet the following requirements and aid in preventing these outbreaks:-Stop malicious software that does not match a signature-Report on instances of suspicious behavior-Protect from previously unknown threats-Augment existing security capabilitiesWhich of the following tools would BEST meet these requirements?
A. ost-based firewall
B. DR
C. IPS
D. atch management
View answer
Correct Answer: B
Question #116
A firewall specialist has been newly assigned to participate in red team exercises and needs to ensure the skills represent real-world threats.Which of the following would be the BEST choice to help the new team member learn bleeding-edge techniques?
A. alware on one virtual environment could enable pivoting to others by leveraging vulnerabilities in the hypervisor
B. worm on one virtual environment could spread to others by taking advantage of guest OS networking services vulnerabilities
C. ne virtual environment may have one or more application-layer vulnerabilities, which could allow an attacker to escape that environment
D. alware on one virtual user environment could be copied to all others by the attached network storage controller
View answer
Correct Answer: A
Question #117
A project manager is working with system owners to develop maintenance windows for system patching and upgrades in a cloud-based PaaS environment. Management has indicated one maintenance windows will be authorized per month, but clients have stated they require quarterly maintenance windows to meet their obligations. Which of the following documents should the project manager review?
A. OU
B. OW
C. RTM
D. LA
View answer
Correct Answer: D
Question #118
While investigating suspicious activity on a server, a security administrator runs the following report:In addition, the administrator notices changes to the /etc/shadow file that were not listed in the report. Which of the following BEST describe this scenario? (Choose two.)
A. essons learned review
B. oot cause analysis
C. ncident audit
D. orrective action exercise
View answer
Correct Answer: AB
Question #119
An engineer maintains a corporate-owned mobility infrastructure, and the organization requires that all web browsing using corporate-owned resources be monitored. Which of the following would allow the organization to meet its requirement? (Choose two.)
A. Exempt mobile devices from the requirement, as this will lead to privacy violations
B. Configure the devices to use an always-on IPSec VPN
C. Configure all management traffic to be tunneled into the enterprise via TLS
D. Implement a VDI solution and deploy supporting client apps to devices
E. Restrict application permissions to establish only HTTPS connections outside of the enterprise boundary
View answer
Correct Answer: BE
Question #120
Given the following code snippet: Which of the following failure modes would the code exhibit?
A. pen
B. ecure
C. alt
D. xception
View answer
Correct Answer: D
Question #121
Following a recent network intrusion, a company wants to determine the current security awareness of all of its employees. Which of the following is the BEST way to test awareness?
A. onduct a series of security training events with comprehensive tests at the end
B. ire an external company to provide an independent audit of the network security posture
C. eview the social media of all employees to see how much proprietary information is shared
D. end an email from a corporate account, requesting users to log onto a website with their enterprise account
View answer
Correct Answer: D
Question #122
A company has created a policy to allow employees to use their personally owned devices. The Chief Information Security Officer (CISO) is getting reports of company data appearing on unapproved forums and an increase in theft of personal electronic devices.Which of the following security controls would BEST reduce the risk of exposure?
A. isk encryption on the local drive
B. roup policy to enforce failed login lockout
C. ultifactor authentication
D. mplementation of email digital signatures
View answer
Correct Answer: A
Question #123
A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs. The program has highlighted the following requirements:1. Long-lived sessions are required, as users do not log in very often.2. The solution has multiple SPs, which include mobile and web applications.3. A centralized IdP is utilized for all customer digital channels.4. The applications provide different functionality types such as forums and custo
A. ocial login to IdP, securely store the session cookies, and implement one-time passwords sent to the mobile device
B. ertificate-based authentication to IdP, securely store access tokens, and implement secure push notifications
C. sername and password authentication to IdP, securely store refresh tokens, and implement context-aware authentication
D. sername and password authentication to SP, securely store Java web tokens, and implement SMS OTPs
View answer
Correct Answer: A
Question #124
After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees’ devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees’ devices into the network securely?
A. istribute a NAC client and use the client to push the company’s private key to all the new devices
B. istribute the device connection policy and a unique public/private key pair to each new employee’s device
C. nstall a self-signed SSL certificate on the company’s RADIUS server and distribute the certificate’s public key to all new client devices
D. nstall an 802
View answer
Correct Answer: C
Question #125
A Chief Information Security Officer (CISO) requests the following external hosted services be scanned for malware, unsecured PII, and healthcare data:-Corporate intranet site -Online storage application -Email and collaboration suiteSecurity policy also is updated to allow the security team to scan and detect any bulk downloads of corporate data from the company’s intranet and online storage site. Which of the following is needed to comply with the corporate security policy and the CISO’s request?
A. ort scanner
B. ASB
C. LP agent
D. pplication sandbox
E. CAP scanner
View answer
Correct Answer: B
Question #126
As a result of an acquisition, a new development team is being integrated into the company. The development team has BYOD laptops with IDEs installed, build servers, and code repositories that utilize SaaS. To have the team up and running effectively, a separate Internet connection has been procured.A stand up has identified the following additional requirements:1. Reuse of the existing network infrastructure2. Acceptable use policies to be enforced3. Protection of sensitive files4. Access to the corporate
A. n internal key infrastructure that allows users to digitally sign transaction logs
B. n agreement with an entropy-as-a-service provider to increase the amount of randomness in generated keys
C. publicly verified hashing algorithm that allows revalidation of message integrity at a future date
D. n open distributed transaction ledger that requires proof of work to append entries
View answer
Correct Answer: DEF
Question #127
Staff members are reporting an unusual number of device thefts associated with time out of the office. Thefts increased soon after the company deployed a new social networking application. Which of the following should the Chief Information Security Officer (CISO) recommend implementing?
A. utomatic location check-ins
B. eolocated presence privacy
C. ntegrity controls
D. AC checks to quarantine devices
View answer
Correct Answer: B
Question #128
A system owner has requested support from data owners to evaluate options for the disposal of equipment containing sensitive data. Regulatory requirements state the data must be rendered unrecoverable via logical means or physically destroyed.Which of the following factors is the regulation intended to address?
A. overeignty
B. -waste
C. emanence
D. eduplication
View answer
Correct Answer: C
Question #129
The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review.Which of the following BEST meets the needs of the board?
A. RI:- Compliance with regulations - Backlog of unresolved security investigations- Severity of threats and vulnerabilities reported by sensors- Time to patch critical issues on a monthly basis KPI:- Time to resolve open security items- % of suppliers with approved security control frameworks- EDR coverage across the fleet- Threat landscape rating
B. RI:- EDR coverage across the fleet- Backlog of unresolved security investigations- Time to patch critical issues on a monthly basis- Threat landscape rating KPI:- Time to resolve open security items- Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors
C. RI:- EDR coverage across the fleet- % of suppliers with approved security control framework- Backlog of unresolved security investigations- Threat landscape rating KPI:- Time to resolve open security items- Compliance with regulations- Time to patch critical issues on a monthly basis- Severity of threats and vulnerabilities reported by sensors
D. PI:- Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors- Threat landscape rating KRI:- Time to resolve open security items- Backlog of unresolved security investigations- EDR coverage across the fleet- Time to patch critical issues on a monthly basis
View answer
Correct Answer: A
Question #130
A security manager recently categorized an information system. During the categorization effort, the manager determined the loss of integrity of a specific information type would impact business significantly. Based on this, the security manager recommends the implementation of several solutions. Which of the following, when combined, would BEST mitigate this risk? (Choose two.)
A. emote Syslog facility collecting real-time events
B. erver farm behind a load balancer delivering five-nines uptime
C. ackup solution that implements daily snapshots
D. loud environment distributed across geographic regions
View answer
Correct Answer: CD

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.