CASP 2

A networking administrator was recently promoted to security administrator in an organization that handles highly sensitive data. The CISO has just asked for all IT security personnel to review a zero-day vulnerability and exploit for specific application servers to help mitigate the organization's exposure to that risk. Which of the following should the new security administrator review to gain more information? (Select THREE)

CVE databse Security vendor pages Verified security forums

A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs. The program has highlighted the following requirements: 1. Long-lived sessions are required, as users do not log in very often. 2. The solution as multiple SPs, which include mobile and web applications. 3. A centralized IdP is utilized for all customer digital channels. 4. The applications provide different functionality types such as forums and customer portals. 5. The user experience needs to be the same across both mobile and web-based applications. Which of the following would BEST improve security while meeting these requirements?

Certificate-based authentication to IdP securely store access token, and implement secure push notification.

Users have been reporting unusual automated phone calls, including names and phone numbers, that appear to come from devices internal to the company. Which of the following should the systems administrator do to BEST address this problem?

Change the settings on the phone system to use SIP-TLS

In support of activities performed as part of an organization's compliance committee, the CISO is reviewing organizational policies. During the review, the CISO notices changes may be required based on information gathered during the CISO's recent participation in industry events, conferences, and vendor webinars. Based on the current assignment, which of the following are the MOST likely drivers for changes in policies by the CISO?

Changes to the industry climate and new threat models

An organization wants to arm its cybersecurity defensive suite automatically with intelligence on zero-day threats shortly after they emerge. Acquiring tools and services that support which of the following data standards would BEST enable the organization to meet this objective?

CVE

A security technician receives a copy of a report that was originally sent to the board of directors by the Chief Information Security Officer (CISO). The report outlines the following KPI/KRI data for the last 12 months. Which of the following BEST describes what could be interpreted from the above data?

1. AV coverage across the fleet improved. 2. There is no correlation between infected systems and AV coverage 3. There is no correlation between detected phishing attempts and infected systems. 4. A correlation between threat landscape rating and infected systems appears to exist 5. Effectiveness and performance of the security team appears to be degrading

Which of the following tools should the organization implement to reduce the highest risk identified in this log?

DLP

In recent years, a company has gone through multiple vendors to refresh departmental computer assets. A recent security update requires all digital assets to have updated inventory information with parameters, such as OS type, IP addresses, and certain system configuration attributes. Which of the following assessments would MOST likely be used to help gather this information?

Fingerprinting

During a criminal investigation, the prosecutor submitted the original hard drive from the suspect's computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected. Which of the following practices should the prosecutor's forensics team have used to ensure the suspect's data would be admissable as evidence (Select TWO)

Follow chain of custody best practices Create an identical image of the original hard drive, store the original securely, and then perform forensics only on the imaged drive

A company's chief cybersecurity architect wants to configure mutual authentication to access an internal payroll website. The architect has asked the administration team to determine the configuration that would provide the best defense against MITM attacks. Which of the following implementation approaches would BEST support the architect's goals?

Implement TLS and require the client to use its own certificate during handshake

A network printer needs Internet access to function. Corporate policy states all devices allowed on the network must be authenticated. Which of the following is the MOST secure method to allow the printer on the network without violating policy?

Issue a certificate to the printer and use certificate-based authentication

A technician is configuring security options on the mobile device manager for users who often utilize public Internet connections while traveling. After ensuring that full disk encryption is enabled, which of the following security measures should the technician take? (Select TWO)

Issue a remote wipe of corporate and personal partitions. Implement an always on VPN

A bank is initiating the process of acquiring another smaller bank. Before negotiations happen between the organizations, which of the following business documents would be used as the FIRST step in the process?

NDA

An organization's Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the CISO to increase awareness of what attacks may look like. An unexpected email arrives in the CFO's inbox from a familiar name with an attachment. Which of the following should be CISO task a security analyst with to determine whether or not the attachment is safe?

Place it in a malware sandbox

A cybersecurity consulting company supports a diverse customer base. Which of the following types of constraints is MOST important for the consultancy to consider when advising a regional healthcare provider versus a global conglomerate?

Regulatory standards

Following a recent and very large corporate merger, the number of log files an SOC needs to review has approximately tripled. The CISO has not been allowed to hire any more staff for the SOC, but is looking for other ways to automate the log review process so the SOC receives less noise. Which of the following would BEST reduce log noise for the SOC?

SIEM filtering

Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in a secure environment?

SLA

A CISO is reviewing the controls in place to support the organizations's vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization siloed and is not maintaining awareness of new risks to the organization. The CISO determines systems adminstrators need to participate in industry security events. Which of the following is the CISO looking to improve.

Threat awareness

A security architect is reviewing the code for a company's financial website. The architect suggests adding the following HTML element, along with server-side function to generate a random number on the page used to initiate a funds transfer: <input type="hidden" name="token" value-generateRandomNumber()> Which of the following attacks is the security architect attempting to prevent?

XSRF

A penetration tester is trying to gain access to a remote system. The tester is able to see the secure login page an dknokws one user account and employee address, but has not yet discovered password. Which of the following would be the EASIEST method of obtaining a password for the knows account?

Social engineering

Large company with a very complex IT environment is considering a move from an on-premises, internally managed proxy to a cloud solution managed by an external vendor. The current proxy provides caching, content filtering, malware analysis, and URL categorization connected behind the proxy. Staff members connect directly to the Internet outside of the corporate network. The cloud-based version would provide content filtering, TLS decryption, malware analysis, and URL categorization. After migrating to the cloud solution, all internal proxy servers would be decommissioned. Which of the following would MOST likely change the company's risk profile?

1. The external vendor would have access to inbound and outbound gateway traffic. 2. The service would provide some level of protection for staff working from home 3. Outages would be likely to occur for systems or applications with hard-coded proxy information

An organization's network security administrator has been using an SSH connection to manage switches and routers for several years. After attempting to connect to a router, an alert appears on the terminal emulation software, warning that the SSH key has changed. After confirming the administrator is using the typical workstation and the router has not been replaced, which of the following are the MOST likely explanations for the warning message? (Select TWO)

A MITM attack is being performed by an API A key rotation has occurred as a result of an incident

A government contractor was the victim of a malicious attack that resulted in the theft of sensitive information. An analyst's subsequent investigation on sensitive systems led to the following discoveries: o There was no indication of the data owner's or user's accounts being compromised o No database activity outside of previous baselines was discovered o All workstations and servers were fully patched for all known vulnerabilities at the time of the attack o It was likely not an insider threat, as all employees passed polygraph tests Given this scenario, which of the following is the MOST likely attack that occurred?

After successfully using a watering hole attack to deliver an exploit to a machine, which belongs to an employee of the contractor, an attacker gained access to a corporate laptop. With this access, the attacker then established a remote session over a remote session over a VPN connection with the server hosting the database of sensitive information.

A core router was manipulated by a credentialed bypass to send all network traffic through a secondary router under the control of an unauthorized user connected to the network by WiFi. Which of the following would BEST reduce the risk of this attack type occurring?

Allow access to the core router management interface only through an out-of-band channel

While investigating suspicious activity on a server, a security administrator runs the following report: File system integrity check report Total number of files: 3321 Added files: 12 Removed files: 0 Changed files: 1 Change files: Changed: /etc/passwd - - - - - - - - - - - - - - - - Detailed information about changes: File: /etc/passwd Hash: In addition, the administrator notices changes to the /etc/shadow file that were not listed in the report. Which of the following BEST describe the scenario? (Select TWO)

An attacker compromised the server and may have also compromised the file integrity database to hide the changes to the /etc/shadow file An attacker compromised the server and may have installed a rootkit to always generate valid MD5 hashes to hide the changes to the /etc/shadow file

An internal penetration tester was assessing a recruiting page for potential issues before it was pushed to the production website. The penetration tester discovers an issue that must be corrected before the page goes live. The web host administrator collects the log files and gives them to the development team so improvements can be made to the security design of the website. Which of the following types of attack vectors did the penetration tester use?

CSRF

A CISO requests the following external hosted services to be scanned for malware, unsecured PII, and healthcare data. - Corporate intranet site - Online storage application - Email and collaboration suite Security policy also is updated to allow the security team to scan and detect any bulk downloads of corporate data from the company's intranet and online storage site. Which of the following is needed to comply with the corporate security policy and the CISO's request?

CASB

During the deployment of a new system, the implementation team determines that APIs used to integrate the new system with a legacy system are not functioning properly. Further investigation shows there is a misconfigured encryption algorithm used to secure data transfers between systems. Which of the following should the project manager use to determine the source of the defined algorithm in use?

Code repositories

Following a recent data breach, a company has hired a new CISO. The CISO is very concerned about the response time to the previous breach and wishes to know how the security team expects to react to a future attack. Which of the following is the BEST method to achieve this goal while minimizing disruption?

Conduct a tabletop exercise

A security analyst has been asked to created a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The CISO will then present this list to the board to request funding for controls in areas that have insufficient coverage. Which of the following exercise types should the analyst perform?

Conduct a threat modeling exercise

An organization has recently deployed an EDR solultion across its laptops, desktops, and server infrastructure. The organization's server infrastructure is deployed in an IaaS environment. A database within the non-production environment has been misconfigured with a routable IP and is communicating with a command and control server. Which of the following procedures should the security responder apply to the situation? (Select TWO)

Contain the server Perform an IOC sweep to determine the impact

After several industry competitors suffered data loss as a result of cyberattacks, the COO of a company reached out to the information security manager to review the organization's security stance. As a result of the discussion, the COO wants the organization to meet the following criteria: - Blocking of suspicious websites - Prevention of attacks based on threat intelligence - Reduction in spam - Identity-based reporting to meet regulatory compliance - Prevention of viruses based on signature - Protect applications from web-based threats Which of the following would be the BEST recommendation the information security manager could make?

Deploy a UTM solution

A project manager is working with a software development group to collect and evaluate user stories related to the organization's internally designed CRM tool. After defining requirements, the project manager would like to validate the developer's interpretation and understanding of the user's request. Which of the following would BEST support this objective?

Design review

An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes. The machine is running a very recent release of the Linux OS. Which of the following technical approaches would be the MOST feasible way to accomplish this capture?

Employ a stand-alone utility, such as FTK imager

When reviewing KRIs of the email security appliance with the CISO of an insurance company, the security engineer notices the following: Month Encrypted Email Unencrypted Email Contains PII (data) Which of the following measures should the security engineer take to ensure PII is not intercepted in transit while also preventing interruption to business?

Enable transport layer security on all outbound email communications and attachments

A security administrator is updating a company's SCADA authentication system with a new application. To ensure interoperability between the legacy system and the new application, which of the following stakeholders should be involved in the configuration process before deployment? (Select TWO)

Facilities manager Compliance manager

A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline. Which of the following tools should be implemented to detect similar attack.

File integrity monitor

A security engineer is attempting to convey the importance of including job rotation in a company's standard security policies. Which of the following would be the BEST justification?

Forcing different people to perform the same job minimizes the amount of time malicious actions go undetected by forcing malicious actors to attempt collusion between two or more people.

An administrator has noticed mobile devices from an adjacent company on the corporate wireless network. Malicious activity is being reported from those devices. To add another layer of security in an enterprise environment, an administrator wants to add contextual authentication to allow users to access enterprise resources only while present in corporate buildings. Which of the following technologies would accomplish this?

GPS

A penetration testing manager is contributing to an RFP for the purchase of a new testing platform. The manager has provided the following requirements: - Must be able to MITM web-based protocols - Must be able to find common misconfigurations and security holes Which of the following types of testing tools should be included in the testing platform? (Select TWO)

HTTP intercepting proxy Vulnerability scanner

A developer emails the following output to a security administrator for review: Curl -X TRACE host1 User-Agent: curl/7.25.0 Host: host1 Accept: */* Cookie: user=badguy; path=/; HttpOnly Which of the following tools might the security administrator use to perform further security assessment of this issue?

HTTP interceptor

A CISO of a large financial institution undergoing an IT transformation program wants to embed security across the business rapidly and across as many layers of the business as possible to achieve quick wins and reduce risk to the organization. Which of the following business should the CISO target FIRST to best meet the objective?

Human resources should be targeted to ensure all new employees undertake security awareness and compliance training to reduce the impact of phishing and ransomware attacks

A security analyst is reviewing the following packet capture of communication between a host and a company's router: 1 192.168.1.10 -> 10.5.10.1 icmp echo request 33 bytes sent ABCD...... 2 10.5.10.1 -> 192.168.1.10 icmp echo reply 34 bytes sent ABCD......A5MD... Which of the following actions should the security analyst take to remove this vulnerability?

Implement a router ACL

A penetration test is being scoped for a set of web services with API endpoints. The APIs will be hosted on existing web application servers. Some of the new APIs will be available to unauthenticated users but some will only be available to authenticated users. Which of the following tools or activities would the penetration tester MOST likely use or do during the engagement? (Select TWO)

Intercepting proxy Port scanner

A CISO is reviewing the organization's incident response report from a recent incident. The details of the event indicate: 1. A user received a phishing email that appeared to be a report from the organization's CRM tool 2. The user attempted to access the CRM tool via a fraudulent web page, but was unable to access the tool 3. The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials. 4. Several weeks later, the user reported anomalous activity within the CRM tool 5. Following an investigation, it was determined the account was compromised and an attacker in another country had gained access to the CRM tool 6. Following identification of corrupted data and successful recovery from the incident, a lessons learned activity was to be led by the CSO. Which of the following would MOST likely have allowed the user to more quickly identify the unauthorized use of credentials by the attacker?

Last login verification

A security administrator is advocating for enforcement of a new policy that would require employees with privileged access accounts to undergo periodic inspections and review of certain job performance data. To which of the following policies is the security administrator MOST likely referring?

Least privilege

With which of the following departments should an engineer for a consulting firm coordinate when determining the control and reporting requirements for storage of sensitive, proprietary customer information?

Legal counsel

An administrator is working with management to develop policies related to the use of cloud-based resources that contain corporate data. Management plans to require some control over organizationial data stored on personal devices, such as tablets. Which of the following controls would BEST support management's policy?

MDM

Following a recent outage, a systems administrator is conducting a study to determine a suitable bench stock of server hard drives. Which of the following metrics is MOST valuable to the administrator in determining how many hard drives to keep on hand?

MTBF

The CISO suspects that a database administrator has been tampering with financial data to the administrator's advantage. Which of the following would allow a third-party consultant to conduct an on-site review of the administrator's activity?

Mandatory vacation

A security consultant is improving the physical security of a sensitive site and takes pictures of the unbranded building to include in the report. Two weeks later, the security consultant misplaces the phone, which only has one hour of charge left on it. The person who finds the phone removes the MicroSD card in an attempt to discover the owner to return it. The person extracts the following data from the phone and EXIF data from some files. DCIM Images folder Audio books folder Torrentz My TAX.xls Consultancy HR Manual.doc Camera SM-G940F Exposure time: 1/60 s Location: 3500 Lacey Road USA Which of the following BEST describes the security problem?

MicroSD is not encrypted and contains geotagging information

The finance department has started to use a new payment system that requires strict PII security restrictions on various network devices. The company decides to enforce the restrictions and configure all devices appropriately. Which of the following risk response strategies is being used?

Mitigate

A company relies on an ICS to perform equipment monitoring functions that are federally mandated for operation of the facility. Fines for noncompliance could be costly. The ICS has known vulnerabilities and can no longer be patched or updated. Cyber-liability insurance cannot be obtained because insurance companies will not insure this equipment. Which of the following would be the BEST option to manage this risk to the company's production environment?

Mitigate the risk by restricting access to the ICS

A request has been approved for a vendor to access a new internal server using only HTTPS and SSH to manage the back-end system for the portal. Internal users just need HTTP and HTTPS access to all internal web servers. All other external access to the new server and its subnet is not allowed. The security manager must ensure proper access is configured. New internal server IP Vendor IP External development subnet Internal subnet Web team subnet Web server subnet snippet from firewall Which of the following lines should be configured to allow the proper access? (Select TWO)

Move line 3 below line 4 and add port 443 to line Add port 443 to line 2

A CISO is reviewing technical documentation from various regional offices and notices some key differences between these groups. The CISO has not discovered any governance documentation. The CISO creates the following chart to visualize the differences among the networking used. (table) 802.1q ISL 802.1q 802.1q Which of the following would be the CISO's MOST immediate concern?

Network engineers are not following SOPs

The CFO of a major hospital system has received a ransom letter that demands a large sum of cryptocurrency be transferred to an anonymous account. If the transfer does not take place within ten hours, the letter states that patient information will be released on the dark web. A listing of recent patients is included in the letter This is the first indication that a breach took place. Which of the following steps should be done first?

Notify the appropriate legal authorities and legal counsel

A product manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor's cloud infrastructure. The organization will maintain responsibility for the software but will not manage the underlying server applications. Which of the following does the organization plan to leverage?

PaaS

Following a recent audit, an in-house software solution is found to have multiple security holes and vulnerabilities. The application is hosted on a public facing legacy server that has access to an internal database containing sensitive information. The security manager must find a secure solution to protect the data without outsourcing the application. External access is still required for this application. The following was fully implemented recently within the enterprise network o NGFW on the perimeter network o Internal VM environment within the datacenter o New storage solution o SSO integration for all new applications Which of the following would BEST protect the data?

Place the server in a DMZ and configure appropriate NAT and security rules

A corporate forensic investigator has been asked to acquire five forensic images of an employee database application. There are three images captured in the United States, one in the United Kingdom, and one in Germany. Upon completing the work, the forensics investigator saves this to a local workstation. Which of the following types of concerns should the forensic investigator have about this work assignment?

Privacy

A company's security policy states any remote connections must be validated using two forms of network-based authentication. It also states local administrative accounts should not be used for any remote access. PKI currently is not configured within the network. RSA tokens have been provided to all employees, as well as a mobile application that can be used for 2FA authentication. A new NGFW has been installed within the network to provide security for external connections, and the company has decided to use it for VPN connections as well. Which of the following should be configured? (Select TWO)

RADIUS LDAP

During a sprint, developers are responsible for ensuring the expected outcome of a change is thoroughly evaluated for any security impacts. Any impacts must be reported to the team lead. Before changes are made to the source code, which of the following MUST be performed to provide the required information to the team lead?

Regression testing

The CEO of a small startup company has an urgent need for a security policy and assessment to address governance, risk management, and compliance. The company has a resource-constrained IT department, but has no information security staff. The CEO has asked for this to be completed in three months. Which of the following would be the MOST cost-effective solution to meet the company's needs?

Release an RFP to consultancy firms, and then select the most appropriate consultant who can fulfill the requirements

A system owner has requested support from data owners to evaluate options for the disposal of equipment containing sensitive data. Regulatory requirements state the data must be rendered unrecoverable via logical means or physically destroyed. Which of the following factors is the regulation intended to address?

Remanence

A security engineer is assisting a developer with input validation, they are studying the following code block: String account IdRegexp = "TODO, help!" Private static final Pattern account The security engineer wants to ensure strong input validation is in place for customer provided account identifiers. These identifiers are tendigit numbers. The developer wants to ensure input validation is fast because a large number of people use the system. Which of the following would be the BEST advice for the security engineer to give to the developer?

Replace code with Java-based type checks

An infrastructure team within an energy organization is at the end of a procurement process and has selected a vendors SaaS platform to deliver services. As part of the legal negotiation, there are a number of outstanding risks, including: 1. There are clauses that confirm a data retention period in line with what is in the energy organization's security policy 2. The data will be hosted and managed outside of the energy organization's geographical location. The number of users accessing the system will be small, and no sensitive data will be hosted in the SaaS platform. Which of the following should the project's security consultant recommend as the NEXT step?

Require a solution owner within the energy organization to accept the identified risks and consequence

A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place, as well as allow for the upload of commands from a centralized command and control server. The total cost of the device must be kept to a minimum in case the device is discovered during an assessment. Which of the following tools should the engineer load onto the device being designed?

Reverse shell endpoint listener

An engineer is reviewing the security architecture for an enterprise network. During the review, the engineer notices an undocumented node on the network. Which of the following approaches can be utilized to determine how this node operates? (Select TWO)

Review network and traffic logs Use a penetration testing framework to analyze the node

An organization is reviewing endpoint security solutions. In evaluating products, the organization has the following requirements: 1. Support server, laptop, and desktop infrastructure 2. Due to limited security resources, implement active protection capabilities 3. Provide users with the ability to self-service classify information and apply policies 4. Protect data-at-rest and data-in-use Which of the following endpoint capabilities would BEST meet the above requirements? (Select TWO)

Rights management Antivirus

A technician is validating compliance with organizational policies. The user and machine accounts in the AD are not set to expire, which is noncompliant. Which of the following network tools would provide this type of information?

SCAP scanner

While conducting a BIA for a proposed acquisition, the IT integration team found that both companies outsource CRM services to competing and incompatible third-party cloud services. The decision has been made to bring the CRM service in-house, and the IT team has chosen a future solution. With which of the following should the CISO be MOST concerned? (Select TWO)

Storage encryption Data migration

A security appliance vendor is reviewing an RFP that is requesting solutions for the defense of a set of web-based applications. This RFP is from a financial institution with very strict performance requirements. The vendor would like to respond with its solutions. Before responding, which of the following factors is MOST likely to have an adverse effect on the vendor's qualifications?

The RFP is issued by a financial is headquartered outside of the vendor's own country

A financial institution's information security officer is working with the risk management officer to determine what to do with the institution's residual risk after all security controls have been implemented. Considering the institution's very low risk tolerance, which of the following strategies would be BEST?

Transfer the risk

A customer reports a security flaw to a SaaS provider, claiming a response to a web request included data from another customer. A security engineer investigates the report and analyzes the code base. The engineer discovers that, under very specific and uncommon circumstances, there is a missing authorization check. Which of the following should the security engineer recommend to MOST effectively detect these types of flaws in the future?

Unit testing with security test cases and measurement of code coverage

The CEOs from two different companies are discussing the highly sensitive prospect of merging their respective companies together. Both have invited their CIOs to discern how they can securely and digitally communicate, and the following criteria are collectively determined: - Must be encrypted on the email servers and clients - Must be OK to transmit over unsecure Internet connectors Which of the following communication methods would be BEST recommend?

Use PGP-encrypted emails.

An organization which handles large volumes of PII, allows mobile devices that can process, store, and transmit PII and other sensitive data to be issued to employees. Security assessors can demonstrate recovery and decryption of remnant sensitive data from device storage after MDM issues a successful wipe command. Assuming availability of the controls, which of the following would BEST protect against the loss of sensitive data in the future?

Use encryption keys for sensitive data stored in an eFuse-backed memory space that is blown during remote wipe

A security analyst is classifying data based on input from the data owners and other stakeholders. The analyst has identified three data types: 1. Financially sensitive data 2. Project data 3. Sensitive project data The analyst proposes that the data be protected in two major groups, with further access control separating the financially sensitive data from the sensitive project data. The normal project data will be stored in separate, less secure location. Some stakeholders are concerned about the recommended approach and insist that co-mingling data from different sensitive projects would leave them vulnerable to industrial espionage. Which of the following is the BEST course of action for the analyst to recommend?

Use qualitative methods to determine aggregate risk scores for each project and use the derived scores to more finely segregate the data.

A company's COO is concerned about the potential for competitors to infer proprietary information gathered from employees' social media accounts. Which of the following methods should the company use to gauge its own social media threat level without targeting individual employees?

Utilize insider threat consultants to provide expertise.

An engineer needs to provide access to company resources for several offshore contractors. The contractors require - Access to a number of applications, including internal websites - Access to database data and the ability to manipulate it - The ability to log into Linux and Windows servers remotely Which of the following remote access technologies are the BEST choices to provide all of this access securely? (Select TWO)

VDI VPN

As part of the development process for a new system, the organization plans to perform requirements analysis and risk assessment. The new system will replace a legacy system, which the organization has used to perform data analytics. Which of the following is MOST likely to be part of the activities conducted by management during this phase of the project?

Validation of expectations relating to system performance and security

A CISO is working with a consultant to perform a gap assessment prior to an upcoming audit. It is determined during the assessment that the organization lacks controls to effectively assess regulatory compliance by third-party service providers. Which of the following should be revised to address this gap?

Vendor management plan

A newly hired CISO wants to understand how the organization's CIRT handles issues brought to their attention, but needs to be very cautious about impacting any systems. The MOST appropriate method to use would be:

a guided tabletop exercise

A security consultant is performing a penetration test on www.comptia.org and wants to discover the DNS administrator's email address to use in a later social engineering attack. The information listed with the DNS registrar is private. Which of the following commands will also disclose the email address?

nslookup -type=SOA comptia.org

As part of the incident response, a technician is taking an image of a compromised system and copying the image to a remote image server (192.168.45.82). The system drive is very large but does not contain sensitive data. The technician has limited time to complete this task. Which of the following is the BEST command for the technician to run?

tar cvf - / | ssh 192.168.45..82 "cat - > /images/image.tar"

A security engineer is employed by a hospital that was recently purchased by a corporation. Throughout the acquisition process, all data on the virtualized file servers must be shared by departments within both organizations. The security engineer considers data ownership to determine

which users will have access to which data