CASP 003
22. Given the following output from a local PC: (image) Which of the following ACLs on a stateful host-based firewall would allow the PC to serve an intranet website?
B. Allow 172.30.0.28:80 -> 172.30.0.0/16
15. An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions. Which of the following types of information could be drawn from such participation? A. Threat modeling B. Risk assessment C. Vulnerability data D. Threat intelligence E. Risk metrics F. Exploit frameworks
F. Exploit frameworks
16. Following a recent and very large corporate merger, the number of log files an SOC needs to review has approximately tripled. The Chief Information Security Officer (CISO) has not been allowed to hire any more staff for the SOC, but is looking for other ways to automate the log review process so the SOC receives less noise. Which of the following would BEST reduce log noise for the SOC? A. SIEM filtering B. Machine learning C. Outsourcing D. Centralized IPS
SIEM Filtering
2. A legacy web application, which is being used by a hospital, cannot be upgraded for 12 months. A new vulnerability is found in the legacy application, and the networking team is tasked with mitigation. Middleware for mitigation will cost $100,000 per year. Which of the following must be calculated to determine ROI? (Choose two.) A. ALE B. RTO C. MTBF D. ARO E. RPO
A. ALE, D. ARO
82. A security administrator is troubleshooting RADIUS authentication issues from a newly implemented controller-based wireless deployment. The RADIUS server contains the following information in its logs: Based on this information, the administrator reconfigures the RADIUS server, which results in the following log data: To correct this error message, the administrator makes an additional change to the RADIUS server. Which of the following did the administrator reconfigure on the RADIUS server? (Select TWO) A. Added the controller address as an authorized client B. Registered the RADIUS server to the wireless controller C. Corrected a mismatched shared secret D. Renewed the expired client certificate E. Reassigned the RADIUS policy to the controller F. Modified the client authentication method
A. Added the controller address as an authorized client C. Corrected a mismatched shared secret
6. A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable. Which of the following solutions BEST meets all of the architect's objectives? A. An internal key infrastructure that allows users to digitally sign transaction logs B. An agreement with an entropy-as-a-service provider to increase the amount of randomness in generated keys. C. A publicly verified hashing algorithm that allows revalidation of message integrity at a future date. D. An open distributed transaction ledger that requires proof of work to append entries.
A. An internal key infrastructure that allows users to digitally sign transaction logs
75. A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After invest the new vulnerability, it was determined that the web services providing are being impacted by this new threat. Which of the following data types a MOST likely at risk of exposure based on this new threat? (Select TWO) A. Cardholder data B. intellectual property C. Personal health information D. Employee records E. Corporate financial data
A. Cardholder data C. Personal health information
37. A security administrator wants to implement an MDM solution to secure access to company email and files in a BYOD environment. The solution must support the following requirements: * Company administrators should not have access to employees' personal information. * A rooted or jailbroken device should not have access to company sensitive information. Which of the following BEST addresses the associated risks? A. Code signing B. VPN C. FDE D. Containerization
A. Code signing
30. A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company's website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company? A. Community cloud service model B. Multinency SaaS C. Single-tenancy SaaS D. On-premises cloud service model
A. Community cloud service model
59. A security analyst is classifying data based on input from data owners and other stakeholders. The analyst has identified three data types: Financially sensitive data Project data Sensitive project data The analyst proposes that the data be protected in two major groups, with further access control separating the financially sensitive data from the sensitive project data. The normal project data will be stored in a separate, less secure location. Some stakeholders are concerned about the recommended approach and insist that commingling data from different sensitive projects would leave them vulnerable to industrial espionage. Which of the following is the BEST course of action for the analyst to recommend? A. Conduct a quantitative evaluation of the risks associated with commingling the data and reject or accept the concerns raised by the stakeholders. B. Meet with the affected stakeholders and determine which security controls would be sufficient to address the newly raised risks. C. Use qualitative methods to determine aggregate risk scores for each project and use the derived scores to more finely segregate the data. D. Increase the number of available data storage devices to provide enough capacity for physical separation of non-sensitive project data.
A. Conduct a quantitative evaluation of the risks associated with commingling the data and reject or accept the concerns raised by the stakeholders.
44. The legal department has required that all traffic to and from a company's cloud-based word processing and email system is logged. To meet this requirement, the Chief Information Security Officer (CISO) has implemented a next-generation firewall to perform inspection of the secure traffic and has decided to use a cloud-based log aggregation solution for all traffic that is logged. Which of the following presents a long-term risk to user privacy in this scenario? A. Confidential or sensitive documents are inspected by the firewall before being logged. B. Latency when viewing videos and other online content may increase. C. Reports generated from the firewall will take longer to produce due to more information from inspected traffic. D. Stored logs may contain non-encrypted usernames and passwords for personal websites.
A. Confidential or sensitive documents are inspected by the firewall before being logged.
104. A PaaS provider deployed a new product using a DevOps methodology Because DevOps is used to support both development and production assets inherent separation of duties is limited To ensure compliance with security frameworks that require a specific set of controls relating to separation of duties the organization must design and implement an appropriate compensating control Which of the following would be MOST suitable in this scenario? A. Configuration of increased levels of logging, monitoring and alerting on production access B. Configuration of MFA and context-based login restrictions for all DevOps personnel C. Development of standard code libraries and usage of the WS-security module on all web servers D. Implementation of peer review, static code analysis and web application penetration testing against the staging environment
A. Configuration of increased levels of logging, monitoring and alerting on production access
5. After analyzing code, two developers al a company bring these samples to the security operations manager. (Image) Which of the following would BEST solve these coding problems? A. Use a privileged access management system B. Prompt the administrator for the password . C. Use salted hashes with PBKDF2. D. Increase the complexity and length of the password
A. Use a privileged access management system
111. A security is assisting the marketing department with ensuring the security of the organization's social media platforms. The two main concerns are: The Chief marketing officer (CMO) email is being used department wide as the username The password has been shared within the department Which of the following controls would be BEST for the analyst to recommend? A. Configure MFA for all users to decrease their reliance on other authentication. B. Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform. C. Create multiple social media accounts for all marketing user to separate their actions. D. Ensue the password being shared is sufficiently and not written down anywhere.
A. Configure MFA for all users to decrease their reliance on other authentication.
98. An organization is currently working with a client to migrate data between a legacy ERP system and a cloud-based ERP tool using a global PaaS provider. As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements. Which of the following is the MOST likely reason for the need to sanitize the client data? A. Data aggregation B. Data sovereignty C. Data isolation D. Data volume E. Data analytics
A. Data aggregation
90. While conducting a BIA for a proposed acquisition, the IT integration team found that both companies outsource CRM services to competing and incompatible third-party cloud services. The decision has been made to bring the CRM service in-house, and the IT team has chosen a future solution. With which of the following should the Chief Information Security Officer (CISO) be MOST concerned? (Choose two.) A. Data remnants B. Sovereignty C. Compatible services D. Storage encryption E. Data migration F. Chain of custody
A. Data remnants E. Data migration
76. A security engineer is helping the web developers assess a new corporate web application The application will be Internet facing so the engineer makes the following recommendation: In an htaccess file or the site config add: or add to the location block: Which of the following is the security engineer trying to accomplish via cookies? (Select TWO) A. Ensure session IDs are generated dynamically with each cookie request B. Prevent cookies from being transmitted to other domain names C. Create a temporary space on the user's drive root for ephemeral cookie storage D. Enforce the use of plain text HTTP transmission with secure local cookie storage E. Add a sequence ID to the cookie session ID while in transit to prevent CSRF. F. Allow cookie creation or updates only over TLS connections
A. Ensure session IDs are generated dynamically with each cookie request D. Enforce the use of plain text HTTP transmission with secure local cookie storage
57. A company uses AD and RADIUS to authenticate VPN and WiFi connections The Chief Information Security Officer (CISO) initiates a project to extend a third-party MFA solution to VPN. During the pilot phase, VPN users successfully get an MFA challenge, however they also get the challenge when connecting to WiFi. which is not desirable Which of the following BEST explains why users are getting the MFA challenge when using WiFi? A. In the RADIUS server, the proxy rule has not specified the NAS-Port-Type attribute that should be matched B. In the firewall, in the AAA configuration the IP address of the third-party MFA solution needs to be set as a secondary RADIUS server C. In the third-party MFA solution authentication properties need to be configured to recognize WiFi authentication requests D. In the WiFi configuration authentication needs to be changed to WPA2 Enterprise using EAP-TLS to support the configuration
A. In the RADIUS server, the proxy rule has not specified the NAS-Port-Type attribute that should be matched
50. After significant vulnerabilities and misconfigurations were found in numerous production web applications, a security manager identified the need to implement better development controls. Which of the following controls should be verified? (Select two). A. Input validation routines are enforced on the server side. B. Operating systems do not permit null sessions. C. Systems administrators receive application security training. D. VPN connections are terminated after a defined period of time. E. Error-handling logic fails securely. F. OCSP calls are handled effectively.
A. Input validation routines are enforced on the server side. E. Error-handling logic fails securely.
27. A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT? A. Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2. B. Take an MD5 hash of the server. C. Delete all PHI from the network until the legal department is consulted. D. Consult the legal department to determine the legal requirements.
A. Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2.
41. Within change management, winch of the following ensures functions are earned out by multiple employees? A. Least privilege B. Mandatory vacation C. Separator of duties D. Job rotation
A. Least privilege
4. A security researcher is gathering information about a recent spoke in the number of targeted attacks against multinational banks. The spike is on top of already sustained attacks against the banks. Some of the previous attacks have resulted in the loss of sensitive data, but as of yet the attackers have not successfully stolen any funds. Based on the information available to the researcher, which of the following is the MOST likely threat profile? A. Nation-state-sponsored attackers conducting espionage for strategic gain. B. Insiders seeking to gain access to funds for illicit purposes. C. Opportunists seeking notoriety and fame for personal gain. D. Hacktivists seeking to make a political statement because of socio-economic factors.
A. Nation-state-sponsored attackers conducting espionage for strategic gain.
36. A new corporate policy requires that all employees have access to corporate resources on personal mobile devices The information assurance manager is concerned about the potential for inadvertent and malicious data disclosure if a device is lost, while users are concerned about corporate overreach. Which of the following controls would address these concerns and should be reflected in the company's mobile device policy? A. Place corporate applications in a container B. Enable geolocation on all devices C. install remote wiping capabilities D. Ensure all company communications use a VPN
A. Place corporate applications in a container
112. An organization's Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer (CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO's inbox from a familiar name with an attachment. Which of the following should the CISO task a security analyst with to determine whether or not the attachment is safe? A. Place it in a malware sandbox. B. Perform a code review of the attachment. C. Conduct a memory dump of the CFO's PC. D. Run a vulnerability scan on the email server.
A. Place it in a malware sandbox.
99. An enterprise solution requires a central monitoring platform to address the growing networks of various departments and agencies that connect to the network. The current vendor products are not adequate due to the growing number of heterogeneous devices. Which of the following is the primary concern? A. Scalability B. Usability C. Accountability D. Performance
A. Scalability
14. While the code is still in the development environment, a security architect is testing the code stored in the code repository to ensure the top ten OWASP secure coding practices are being followed. Which of the following code analyzers will produce the desired results? A. Static B. Dynamic C. Fuzzer D. Peer review
A. Static
23. A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee' PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the following is MOST likely the problem? A. The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group. B. The DHCP server has a reservation for the PC's MAC address for the wired interface. C. The WiFi network is using WPA2 Enterprise, and the computer certificate has the wrong IP address in the SAN field. D. The DHCP server is unavailable, so no IP address is being sent back to the PC.
A. The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.
94. A small firm's newly created website has several design flaws The developer created the website to be fully compatible with ActiveX scripts in order to use various digital certificates and trusting certificate authorities. However, vulnerability testing indicates sandboxes were enabled, which restricts the code's access to resources within the user's computer. Which of the following is the MOST likely cause of the error"? A. The developer inadvertently used Java applets. B. The developer established a corporate account with a non-reputable certification authority. C. The developer used fuzzy logic to determine how the web browser would respond once ports 80 and 443 were both open D. The developer did not consider that mobile code would be transmitted across the network.
A. The developer inadvertently used Java applets.
17. A newly hired security analyst has joined an established SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concerned about it. Which of the following is the MOST likely reason for the team lead's position? A. The organization has accepted the risks associated with web-based threats. B. The attack type does not meet the organization's threat model. C. Web-based applications are on isolated network segments. D. Corporate policy states that NIPS signatures must be updated every hour.
A. The organization has accepted the risks associated with web-based threats.
80. A security analyst is inspecting pseudocode of the following multithreaded application: * 1. perform daily ETL of data * 1.1 validate that yesterday's data model file exists * 1.2 validate that today's data model file does not exist * 1.2 extract yesterday's data model * 1.3 transform the format * 1.4 load the transformed data into today's data model file * 1.5 exit Which of the following security concerns is evident in the above pseudocode? A. Time of check/time of use B. Resource exhaustion C. Improper storage of sensitive data D. Privilege escalation
A. Time of check/time of use
34. A security analyst is reviewing an endpoint that was found to have a rookit installed. The rootkit survived multiple attempts to clean the endpoints, as well as an attempt to reinstall the QS. The security analyst needs to implement a method to prevent other endpoint from having similar issues. Which of the following would BEST accomplish this objective? A. Utilize measured boot attestation. B. Enforce the secure boot process. C. Reset the motherboard's TPM chip. D. Reinstall the OS with known-good media. E. Configure custom anti-malware rules.
A. Utilize measured boot attestation.
11. A software company is releasing a new mobile application to a broad set of external customers. Because the software company is rapidly releasing new features, it has built in an over-the-air software update process that can automatically update the application at launch time. Which of the following security controls should be recommended by the company's security architect to protect the integrity of the update process? (Choose two.) A. Validate cryptographic signatures applied to software updates B. Perform certificate pinning of the associated code signing key C. Require HTTPS connections for downloads of software updates D. Ensure there are multiple download mirrors for availability E. Enforce a click-through process with user opt-in for new features
A. Validate cryptographic signatures applied to software updates B. Perform certificate pinning of the associated code signing key
38. An organization is integrating an ICS and wants to ensure the system is cyber resilient. Unfortunately, many of the specialized components are legacy systems that cannot be patched. The existing enterprise consists of mission-critical systems that require 99.9% uptime. To assist in the appropriate design of the system given the constraints, which of the following MUST be assumed? A. Vulnerable components B. Operational impact due to attack C. Time criticality of systems D. Presence of open-source software
A. Vulnerable components
42. A consultant is hired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessment will be considered successful if the consultant can discover the name of one of the IT administrators. Which of the following is MOST likely to produce the needed information? A. Whois B. DNS enumeration C. Vulnerability scanner D. Fingerprinting
A. Whois
21. A security analyst is attempting to break into a client's secure network. The analyst was not given prior information about the client, except for a block of public IP addresses that are currently in use. After network enumeration, the analyst's NEXT step is to perform: A. a gray-box penetration test B. a risk analysis C. a vulnerability assessment D. an external security audit E. a red team exercise
A. a gray-box penetration test
51. Following a recent security incident on a web server the security analyst takes HTTP traffic captures for further investigation The analyst suspects certain jpg files have important data hidden within them. Which of the following tools will help get all the pictures from within the HTTP traffic captured to a specified folder? A. tshark B. memdump C. nbtstat D. dd
A. tshark
69. An administrator is working with management to develop policies related to the use of the cloud-based resources that contain corporate data. Management plans to require some control over organizational data stored on personal devices, such as tablets. Which of the following controls would BEST support management's policy? A. MDM B. Sandboxing C. Mobile tokenization D. FDE E. MFA
B. Sandboxing
77. Several days after deploying an MDM for smartphone control, an organization began noticing anomalous behavior across the enterprise Security analysts observed the following: • Unauthorized certificate issuance • Access to mutually authenticated resources utilizing valid but unauthorized certificates • Granted access to internal resources via the SSL VPN To address the immediate problem security analysts revoked the erroneous certificates. Which of the following describes the MOST likely root cause of the problem and offers a solution? A. The VPN and web resources are configured with too weak a cipher suite and should be rekeyed to support AES 256 in GCM and ECC for digital signatures and key exchange B. A managed mobile device is rooted, exposing its keystore and the MDM should be reconfigured to wipe these devices and disallow access to corporate resources C. SCEP is configured insecurely which should be enabled for device onboarding against a PKI for mobile-exclusive use D. The CA is configured to sign any received CSR from mobile users and should be reconfigured to permit CSR signings only from domain administrators.
B. A managed mobile device is rooted, exposing its keystore and the MDM should be reconfigured to wipe these devices and disallow access to corporate resources
54. A company is purchasing an application that will be used to manage all IT assets as well as provide an incident and problem management solution for IT activity The company narrows the search to two products. Application A and Application B; which meet all of its requirements. Application A is the most cost-effective product, but it is also the riskiest so the company purchases Application B. Which of the following types of strategies did the company use when determining risk appetite? A. Mitigation B. Acceptance C. Avoidance D. Transfer
B. Acceptance
43. A cybersecurity analyst is hired to review the security the posture of a company. The cybersecurity analyst notice a very high network bandwidth consumption due to SYN floods from a small number of IP addresses. Which of the following would be the BEST action to take to support incident response? A. Increase the company's bandwidth. B. Apply ingress filters at the routers. C. Install a packet capturing tool. D. Block all SYN packets.
B. Apply ingress filters at the routers.
18. Users have been reporting unusual automated phone calls, including names and phone numbers, that appear to come from devices internal to the company. Which of the following should the systems administrator do to BEST address this problem? A. Add an ACL to the firewall to block VoIP. B. Change the settings on the phone system to use SIP-TLS. C. Have the phones download new configurations over TFTP. D. Enable QoS configuration on the phone VLAN.
B. Change the settings on the phone system to use SIP-TLS.
53. A security administrator wants to implement two-factor authentication for network switches and routers. The solution should integrate with the company's RADIUS server, which is used for authentication to the network infrastructure devices. The security administrator implements the following: An HOTP service is installed on the RADIUS server. The RADIUS server is configured to require the HOTP service for authentication. The configuration is successfully tested using a software supplicant and enforced across all network devices. Network administrators report they are unable to log onto the network devices because they are not being prompted for the second factor. Which of the following should be implemented to BEST resolve the issue? A. Replace the password requirement with the second factor. Network administrators will enter their username and then enter the token in place of their password in the password field. B. Configure the RADIUS server to accept the second factor appended to the password. Network administrators will enter a password followed by their token in the password field. C. Reconfigure network devices to prompt for username, password, and a token. Network administrators will enter their username and password, and then they will enter the token. D. Install a TOTP service on the RADIUS server in addition to the HOTP service. Use the HOTP on older devices that do not support two-factor authentication. Network administrators will use a web portal to log onto these devices.
B. Configure the RADIUS server to accept the second factor appended to the password. Network administrators will enter a password followed by their token in the password field.
103. An engineer maintains a corporate-owned mobility infrastructure, and the organization requires that all web browsing using corporate-owned resources be monitored. Which of the following would allow the organization to meet its requirement? (Choose two.) A. Exempt mobile devices from the requirement, as this will lead to privacy violations B. Configure the devices to use an always-on IPSec VPN C. Configure all management traffic to be tunneled into the enterprise via TLS D. Implement a VDI solution and deploy supporting client apps to devices E. Restrict application permissions to establish only HTTPS connections outside of the enterprise boundary
B. Configure the devices to use an always-on IPSec VPN E. Restrict application permissions to establish only HTTPS connections outside of the enterprise boundary
106. A creative services firm has a limited security budget and staff. Due to its business model, the company sends and receives a high volume of files every day through the preferred method defined by its customers. These include email, secure file transfers, and various cloud service providers. Which of the following would BEST reduce the risk of malware infection while meeting the company's resource requirements and maintaining its current workflow? A. Configure a network-based intrusion prevention system B. Contract a cloud-based sandbox security service. C. Enable customers to send and receive files via SFTP D. Implement appropriate DLP systems with strict policies.
B. Contract a cloud-based sandbox security service.
110. A security analyst has received the following requirements for the implementation of enterprise credential management software. • The software must have traceability back to an individual • Credentials must remain unknown to the vendor at all times • There must be forced credential changes upon ID checkout • Complexity requirements must be enforced. • The software must be quickly and easily scalable with max mum availability Which of the following vendor configurations would BEST meet these requirements? A. Credentials encrypted in transit and then stored, hashed and salted in a vendor's cloud, where the vendor handles key management B. Credentials stored, hashed, and salted on each local machine C. Credentials encrypted in transit and stored in a vendor's cloud, where the enterprise retains the keys D. Credentials encrypted in transit and stored on an internal network server with backups that are taken on a weekly basis
B. Credentials stored, hashed, and salted on each local machine
101. An organization is currently working with a client to migrate data between a legacy ERP system and a cloud-based ERP tool using a global PaaS provider. As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements. Which of the following is the MOST likely reason for the need to sanitize the client data? (Choose two.) A. Data aggregation B. Data sovereignty C. Data isolation D. Data volume E. Data analytics F. Data precision
B. Data sovereignty F. Data precision
13. After an employee was terminated, the company discovered the employee still had access to emails and attached content that should have been destroyed during the off-boarding. The employee's laptop and cell phone were confiscated and accounts were disabled promptly. Forensic investigation suggests the company's DLP was effective, and the content in question was not sent outside of work or transferred to removable media. Personality owned devices are not permitted to access company systems or information. Which of the following would be the MOST efficient control to prevent this from occurring in the future? A. Install application whitelist on mobile devices. B. Disallow side loading of applications on mobile devices. C. Restrict access to company systems to expected times of day and geographic locations. D. Prevent backup of mobile devices to personally owned computers. E. Perform unannounced insider threat testing on high-risk employees.
B. Disallow side loading of applications on mobile devices.
89. The Chief Information Security Officer (CISO) for an organization wants to develop custom IDS rulesets faster, prior to new rules being released by IDS vendors. Which of the following BEST meets this objective? A. Identify a third-party source for IDS rules and change the configuration on the applicable IDSs to pull in the new rulesets B. Encourage cybersecurity analysts to review open-source intelligence products and threat database to generate new IDS rules based on those sources C. Leverage the latest TCP- and UDP-related RFCs to arm sensors and IDSs with appropriate heuristics for anomaly detection D. Use annual hacking conventions to document the latest attacks and threats, and then develop IDS rules to counter those threats
B. Encourage cybersecurity analysts to review open-source intelligence products and threat database to generate new IDS rules based on those sources
45. The government is concerned with remote military missions being negatively being impacted by the use of technology that may fail to protect operational security. To remediate this concern, a number of solutions have been implemented, including the following: End-to-end encryption of all inbound and outbound communication, including personal email and chat sessions that allow soldiers to securely communicate with families. Layer 7 inspection and TCP/UDP port restriction, including firewall rules to only allow TCP port 80 and 443 and approved applications A host-based whitelist of approved websites and applications that only allow mission-related tools and sites The use of satellite communication to include multiple proxy servers to scramble the source IP address Which of the following is of MOST concern in this scenario? A. Malicious actors intercepting inbound and outbound communication to determine the scope of the mission B. Family members posting geotagged images on social media that were received via email from soldiers C. The effect of communication latency that may negatively impact real-time communication with mission control D. The use of centrally managed military network and computers by soldiers when communicating with external parties
B. Family members posting geotagged images on social media that were received via email from soldiers
1. An organization is preparing to develop a business continuity plan. The organization is required to meet regulatory requirements relating to confidentiality and availability, which are well-defined. Management has expressed concern following initial meetings that the organization is not fully aware of the requirements associated with the regulations. Which of the following would be MOST appropriate for the project manager to solicit additional resources for during this phase of the project? A. After-action reports B. Gap assessment C. Security requirements traceability matrix D. Business impact assessment E. Risk analysis
B. Gap Assessment
73. Staff members are reporting an unusual number of device thefts associated with time out of the office. Thefts increased soon after the company deployed a new social networking app. Which of the following should the Chief Information Security Officer (CISO) recommend implementing? A. Automatic location check-ins B. Geolocated presence privacy C. Integrity controls D. NAC checks to quarantine devices
B. Geolocated presence privacy
93. Following the most recent patch deployment, a security engineer receives reports that the ERP application is no longer accessible. The security engineer reviews the situation and determines a critical security patch that was applied to the ERP server is the cause. The patch is subsequently backed out Which of the following security controls would be BEST to implement to mitigate the threat caused by the missing patch? A. Anti-malware B. Patch testing C. HIPS D. Vulnerability scanner
B. Patch testing
26. Joe an application security engineer is performing an audit of an environmental control application He has implemented a robust SDLC process and is reviewing API calls available to the application During the review. Joe finds the following in a log file. (Image) Which of the following would BEST mitigate the issue Joe has found? A. Ensure the API uses SNMPv1. B. Perform authentication via a secure channel C. Verify the API uses HTTP GET instead of POST D. Deploy a WAF in front of the API and implement rate limiting
B. Perform authentication via a secure channel
48. A corporate forensic investigator has been asked to acquire five forensic images of an employee database application. There are three images to capture in the United States, one in the United Kingdom, and one in Germany. Upon completing the work, the forensics investigator saves the images to a local workstation. Which of the following types of concerns should the forensic investigator have about this work assignment? A. Environmental B. Privacy C. Ethical D. Criminal
B. Privacy
33. The director of sales asked the development team for some small changes to increase the usability of an application used by the sales team. Prior security reviews of the code showed no significant vulnerabilities, and since the changes were small, they were given a peer review and then pushed to the live environment. Subsequent vulnerability scans now show numerous flaws that were not present in the previous versions of the code. Which of the following is an SDLC best practice that should have been followed? A. Versioning B. Regression testing C. Continuous integration D. Integration testing
B. Regression testing
56. A security analyst for a bank received an anonymous tip on the external banking website showing the following: Protocols supported TLS 1.0 SSL 3 SSL 2 Cipher suites supported TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA-ECDH p256r1 TLS_DHE_RSA_WITH_AES_256_CBC_SHA-DH 1024bit TLS_RSA_WITH_RC4_128_SHA TLS_FALLBACK_SCSV non supported POODLE Weak PFS OCSP stapling supported Which of the following should the analyst use to reproduce these findings comprehensively? A. Query the OCSP responder and review revocation information for the user certificates. B. Review CA-supported ciphers and inspect the connection through an HTTP proxy. C. Perform a POODLE (SSLv3) attack using an exploitations framework and inspect the output. D. Inspect the server certificate and simulate SSL/TLS handshakes for enumeration.
B. Review CA-supported ciphers and inspect the connection through an HTTP proxy.
55. A security administrator is concerned about the increasing number of users who click on malicious links contained within phishing emails. Although the company has implemented a process to block these links at the network perimeter, many accounts are still becoming compromised. Which of the following should be implemented for further reduce the number of account compromises caused by remote users who click these links? A. Anti-spam gateways B. Security awareness training C. URL rewriting D. Internal phishing campaign
B. Security awareness training
67. A forensic analyst suspects that a buffer overflow exists in a kernel module. The analyst executes the following command: dd if=/dev/ram of=/tmp/mem/dmp The analyst then reviews the associated output: ^34^#AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/bin/bash^21^03#45 However, the analyst is unable to find any evidence of the running shell. Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell? A. The NX bit is enabled B. The system uses ASLR C. The shell is obfuscated D. The code uses dynamic libraries
B. The system uses ASLR
96. Ann, a member of the finance department at a large corporation, has submitted a suspicious email she received to the information security team. The team was not expecting an email from Ann, and it contains a PDF file inside a ZIP compressed archive. The information security learn is not sure which files were opened. A security team member uses an air-gapped PC to open the ZIP and PDF, and it appears to be a social engineering attempt to deliver an exploit. Which of the following would provide greater insight on the potential impact of this attempted attack? A. Run an antivirus scan on the finance PC. B. Use a protocol analyzer on the air-gapped PC. C. Perform reverse engineering on the document. D. Analyze network logs for unusual traffic. E. Run a baseline analyzer against the user's computer.
B. Use a protocol analyzer on the air-gapped PC.
19. A company contracts a security consultant to perform a remote white-box penetration test. The company wants the consultant to focus on Internet-facing services without negatively impacting production services Which of the following is the consultant MOST likely to use to identify the company's attack surface? (Select TWO) A. Web crawler B. WHOIS registry C. DNS records D. Company's firewall ACL E. Internal routing tables F. Directory service queries
B. WHOIS registry C. DNS records
3. A hospital is deploying new imaging softwares that requires a web server for access to image for both local and remote users. The web server allows user authentication via secure LDAP. The information security officer wants to ensure the server does not allow unencrypted access to the imaging server by using Nmap to gather additional information. Given the following. * The imaging server IP is 192.168.101.24 * The domain controller IP is 192.168.100.1 * The client machine IP is 192.168.200.37 Which of the following should be used to confirm this is the only open post on the web server? A. nmap "p 80,443 192.168.101.24 B. nmap "p 80,443,389,636 192.168.100.1 C. nmap "p 80,389 192.168.200.37 D. nmap "p" 192.168.101.24
B. nmap "p 80,443,389,636 192.168.100.1
83. The Chief Information Security Officer (CISO) has asked the security team to determine whether the organization is susceptible to a zero-day exploit utilized in the banking industry and whether attribution is possible. The CISO has asked what process would be utilized to gather the information, and then wants to apply signatureless controls to stop these kinds of attacks in the future. Which of the following are the MOST appropriate ordered steps to take to meet the CISO's request? A. 1. Perform the ongoing research of the best practices2. Determine current vulnerabilities and threats3. Apply Big Data techniques4. Use antivirus control B. 1. Apply artificial intelligence algorithms for detection2. Inform the CERT team3. Research threat intelligence and potential adversaries4. Utilize threat intelligence to apply Big Data techniques C. 1. Obtain the latest IOCs from the open source repositories2. Perform a sweep across the network to identify positive matches3. Sandbox any suspicious files4. Notify the CERT team to apply a future proof threat model D. 1. Analyze the current threat intelligence2. Utilize information sharing to obtain the latest industry IOCs3. Perform a sweep across the network to identify positive matches4. Apply machine learning algorithms
C. 1. Obtain the latest IOCs from the open source repositories2. Perform a sweep across the network to identify positive matches3. Sandbox any suspicious files4. Notify the CERT team to apply a future proof threat model
71. A government contractor was the victim of a malicious attack that resulted in the theft of sensitive information. An analyst's subsequent investigation of sensitive systems led to the following discoveries: There was no indication of the data owner's or user's accounts being compromised. No database activity outside of previous baselines was discovered. All workstations and servers were fully patched for all known vulnerabilities at the time of the attack. It was likely not an insider threat, as all employees passed polygraph tests. Given this scenario, which of the following is the MOST likely attack that occurred? A. The attacker harvested the hashed credentials of an account within the database administrators group after dumping the memory of a compromised machine. With these credentials, the attacker was able to access the database containing sensitive information directly. B. An account, which belongs to an administrator of virtualization infrastructure, was compromised with a successful phishing attack. The attacker used these credentials to access the virtual machine manager and made a copy of the target virtual machine image. The attacker later accessed the image offline to obtain sensitive information. C. A shared workstation was physically accessible in a common area of the contractor's office space and was compromised by an attacker using a USB exploit, which resulted in gaining a local administrator account. Using the local administrator credentials, the attacker was able to move laterally to the server hosting the database with sensitive information. D. After successfully using a watering hole attack to deliver an exploit to a machine, which belongs to an employee of the contractor, an attacker gained access to a corporate laptop. With this access, the attacker then established a remote session over a VPN connection with the server hosting the database of sensitive information.
C. A shared workstation was physically accessible in a common area of the contractor's office space and was compromised by an attacker using a USB exploit, which resulted in gaining a local administrator account. Using the local administrator credentials, the attacker was able to move laterally to the server hosting the database with sensitive information.
109. As part of the asset management life cycle, a company engages a certified equipment disposal vendor to appropriately recycle and destroy company assets that are no longer in use. As part of the company's vendor due diligence, which of the following would be MOST important to obtain from the vendor? A. A copy of the vendor's information security policies. B. A copy of the current audit reports and certifications held by the vendor. C. A signed NDA that covers all the data contained on the corporate systems. D. A copy of the procedures used to demonstrate compliance with certification requirements.
C. A signed NDA that covers all the data contained on the corporate systems.
91. A company has completed the implementation of technical and management controls as required by its adopted security, ponies and standards. The implementation took two years and consumed s the budget approved to security projects. The board has denied any further requests for additional budget. Which of the following should the company do to address the residual risk? A. Transfer the risk B. Baseline the risk. C. Accept the risk D. Remove the risk
C. Accept the risk
9. A security analyst is reviewing the following company requirements prior to selecting the appropriate technical control configuration and parameter: RTO:2 days RPO:36 hours MTTR:24 hours MTBF:60 days Which of the following solutions will address the RPO requirements? A. Remote Syslog facility collecting real-time events B. Server farm behind a load balancer delivering five-nines uptime C. Backup solution that implements daily snapshots D. Cloud environment distributed across geographic regions
C. Backup solution that implements daily snapshots
58. A web developer has implemented HTML5 optimizations into a legacy web application. One of the modifications the web developer made was the following client side optimization: localStorage.setItem("session-cookie", document.cookie); Which of the following should the security engineer recommend? A. SessionStorage should be used so authorized cookies expire after the session ends B. Cookies should be marked as "secure" and "HttpOnly" C. Cookies should be scoped to a relevant domain/path D. Client-side cookies should be replaced by server-side mechanisms
C. Cookies should be scoped to a relevant domain/path
35. A secure facility has a server room that currently is controlled by a simple lock and key. and several administrators have copies of the key. To maintain regulatory compliance, a second lock, which is controlled by an application on the administrators' smartphones, is purchased and installed. The application has various authentication methods that can be used. The criteria for choosing the most appropriate method are: • It cannot be invasive to the end user • It must be utilized as a second factor. • Information sharing must be avoided • It must have a low false acceptance rate Which of the following BEST meets the criteria? A. Facial recognition B. Swipe pattern C. Fingerprint scanning D. Complex passcode E. Token card
C. Fingerprint scanning
12. Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem. Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort? A. Compile a list of firewall requests and compare than against interesting cloud services. B. Implement a CASB solution and track cloud service use cases for greater visibility. C. Implement a user-behavior system to associate user events and cloud service creation events. D. Capture all log and feed then to a SIEM and then for cloud service events
C. Implement a user-behavior system to associate user events and cloud service creation events.
92. An attacker has been compromising banking institution targets across a regional area. The Chief Information Security Officer (CISO) at a local bank wants to detect and prevent an attack before the bank becomes a victim. Which of the following actions should the CISO take? A. Utilize cloud-based threat analytics to identify anomalous behavior in the company's B2B and vendor traffic B. Purchase a CASB solution to identify and control access to cloud-based applications and services and integrate them with on-premises legacy security monitoring C. Instruct a security engineer to configure the IDS to consume threat intelligence feeds from an information-sharing association in the banking sector D. Attend and present at the regional banking association lobbying group meetings each month and facilitate a discussion on the topic.
C. Instruct a security engineer to configure the IDS to consume threat intelligence feeds from an information-sharing association in the banking sector
49. The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would BEST to improve the incident response process? A. Updating the playbook with better decision points B. Dividing the network into trusted and untrusted zones C. Providing additional end-user training on acceptable use D. Implementing manual quarantining of infected hosts
C. Providing additional end-user training on acceptable use
95. Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatment strategies. As part of the CISO's evaluation, a judgment of potential impact based on the identified risk is performed. To prioritize response actions, the CISO uses past experience to take into account the exposure factor as well as the external accessibility of the weakness identified. Which of the following is the CISO performing? A. Documentation of lessons learned B. Quantitative risk assessment C. Qualitative assessment of risk D. Business impact scoring E. Threat modeling
C. Qualitative assessment of risk
63. A project manager is working with a software development group to collect and evaluate user stories related to the organization's internally designed CRM tool. After defining requirements, the project manager would like to validate the developer's interpretation and understanding of the user's request. Which of the following would BEST support this objective? A. Peer review B. Design review C. Scrum D. User acceptance testing E. Unit testing
C. SCRUM
7. A company contracts a security engineer to perform a penetration test of its client-facing web portal. Which of the following activities would be MOST appropriate? A. Use a protocol analyzer against the site to see if data input can be replayed from the browser B. Scan the website through an interception proxy and identify areas for the code injection C. Scan the site with a port scanner to identify vulnerable services running on the web server D. Use network enumeration tools to identify if the server is running behind a load balancer
C. Scan the site with a port scanner to identify vulnerable services running on the web server
31. A team is at the beginning stages of designing a new enterprise-wide application. The new application will have a large database and require a capital investment in hardware. The Chief Information Officer (IO) has directed the team to save money and reduce the reliance on the datacenter, and the vendor must specialize in hosting large databases in the cloud. Which of the following cloud-hosting options would BEST meet these needs? A. Multi-tenancy SaaS B. Hybrid IaaS C. Single-tenancy PaaS D. Community IaaS
C. Single-tenancy PaaS
68. A penetration tester is trying to gain access to a remote system. The tester is able to see the secure login page and knows one user account and email address, but has not yet discovered a password. Which of the following would be the EASIEST method of obtaining a password for the known account? A. Man-in-the-middle B. Reverse engineering C. Social engineering D. Hash cracking
C. Social engineering
100. A security consultant is conducting a penetration test against a customer enterprise local comprises local hosts and cloud-based servers The hosting service employs a multitenancy model with elastic provisioning to meet customer demand The customer runs multiple virtualized servers on each provisioned cloud host. The security consultant is able to obtain multiple sets of administrator credentials without penetrating the customer network. Which of the following is the MOST likely risk the tester exploited? A. Data-at-rest encryption misconfiguration and repeated key usage B. Offline attacks against the cloud security broker service C. The ability to scrape data remnants in a multitenancy environment D. VM escape attacks against the customer network hypervisors
C. The ability to scrape data remnants in a multitenancy environment
88. An e-commerce company that provides payment gateways is concerned about the growing expense and time associated with PCI audits of its payment gateways and external audits by customers for their own compliance reasons The Chief Information Officer (CIO) asks the security team to provide a list of options that will: * 1. Reduce the overall cost of these audits * 2. Leverage existing infrastructure where possible * 3. Keep infrastructure costs to a minimum * 4. Provide some level of attestation of compliance Which of the following will BEST address the CIO"s concerns? (Select TWO) A. Invest in new UBA to detect report, and remediate attacks faster B. Segment the network to reduce and limit the audit scope C. Undertake ISO certification for all core infrastructure including datacenters. D. Implement a GRC system to track and monitor controls E. Implement DLP controls on HTTP'HTTPS and email F. Install EDR agents on all corporate endpoints
C. Undertake ISO certification for all core infrastructure including datacenters. E. Implement DLP controls on HTTP'HTTPS and email
66. A deployment manager is working with a software development group to assess the security of a new version of the organization's internally developed ERP tool. The organization prefers to not perform assessment activities following deployment, instead focusing on assessing security throughout the life cycle. Which of the following methods would BEST assess the security of the product? A. Static code analysis in the IDE environment B. Penetration testing of the UAT environment C. Vulnerability scanning of the production environment D. Penetration testing of the production environment E. Peer review prior to unit testing
C. Vulnerability scanning of the production environment
52. A security consultant is performing a penetration test on www.comptia.org and wants to discover the DNS administrator's email address to use in a later social engineering attack. The information listed with the DNS registrar is private. Which of the following commands will also disclose the email address? A. dig -h comptia.org B. whois -f comptia.org C. nslookup -type=SOA comptia.org D. dnsrecon -i comptia.org -t hostmaster
C. nslookup -type=SOA comptia.org
108. A security engineer is employed by a hospital that was recently purchased by a corporation. Throughout the acquisition process, all data on the virtualized file servers must be shared by departments within both organizations. The security engineer considers data ownership to determine: A. the amount of data to be moved. B. the frequency of data backups. C. which users will have access to which data D. when the file server will be decommissioned
C. which users will have access to which data
24. The finance department has started to use a new payment system that requires strict PII security restrictions on various network devices. The company decides to enforce the restrictions and configure all devices appropriately. Which of the following risk response strategies is being used? A. Avoid B. Mitigate C. Transfer D. Accept
D. Accept
87. Ann, a terminated employee, left personal photos on a company-issued laptop and no longer has access to them. Ann emails her previous manager and asks to get her personal photos back. Which of the following BEST describes how the manager should respond? A. Determine if the data still exists by inspecting to ascertain if the laptop has already been wiped and if the storage team has recent backups. B. Inform Ann that the laptop was for company data only and she should not have stored personal photos on a company asset. C. Report the email because it may have been a spoofed request coming from an attacker who is trying to exfiltrate data from the company laptop. D. Consult with the legal and/or human resources department and check company policies around employment and termination procedures.
D. Consult with the legal and/or human resources department and check company policies around employment and termination procedures.
10. A breach was caused by an insider threat in which customer PII was compromised. Following the breach, a lead security analyst is asked to determine which vulnerabilities the attacker used to access company resources. Which of the following should the analyst use to remediate the vulnerabilities? A. Protocol analyzer B. Root cause analysis C. Behavioral analytics D. Data leak prevention
D. Data leak prevention
8. A database administrator is required to adhere to and implement privacy principles when executing daily tasks. A manager directs the administrator to reduce the number of unique instances of PII stored within an organization's systems to the greatest extent possible. Which of the following principles is being demonstrated? A. Administrator accountability B. PII security C. Record transparency D. Data minimization
D. Data minimization
28. After several industry comnpetitors suffered data loss as a result of cyebrattacks, the Chief Operating Officer (COO) of a company reached out to the information security manager to review the organization's security stance. As a result of the discussion, the COO wants the organization to meet the following criteria: Blocking of suspicious websites Prevention of attacks based on threat intelligence Reduction in spam Identity-based reporting to meet regulatory compliance Prevention of viruses based on signature Protect applications from web-based threats Which of the following would be the BEST recommendation the information security manager could make? A. Reconfigure existing IPS resources B. Implement a WAF C. Deploy a SIEM solution D. Deploy a UTM solution E. Implement an EDR platform
D. Deploy a UTM solution
61. An application development company implements object reuse to reduce life-cycle costs for the company and its clients Despite the overall cost savings, which of the following BEST describes a security risk to customers inherent within this model? A. Configurations of applications will affect multiple products. B. Reverse engineering of applications will lead to intellectual property loss C. Software patch deployment will occur less often D. Homogeneous vulnerabilities will occur across multiple products
D. Homogeneous vulnerabilities will occur across multiple products
25. A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production code on the project. Which of the following methods could be used in addition to an integrated development environment to reduce the severity of the issue? A. Conduct a penetration test on each function as it is developed B. Develop a set of basic checks for common coding errors C. Adopt a waterfall method of software development D. Implement unit tests that incorporate static code analyzers
D. Implement unit tests that incorporate static code analyzers
39. An organization just merged with an organization in another legal jurisdiction and must improve its network security posture in ways that do not require additional resources to implement data isolation. One recommendation is to block communication between endpoint PCs. Which of the following would be the BEST solution? A. Installing HIDS B. Configuring a host-based firewall C. Configuring EDR D. Implementing network assess control
D. Implementing network assess control
40. A security administrator is updating a company's SCADA authentication system with a new application. To ensure interoperability between the legacy system and the new application, which of the following stakeholders should be involved in the configuration process before deployment? (Choose two.) A. Network engineer B. Service desk personnel C. Human resources administrator D. Incident response coordinator E. Facilities manager F. Compliance manager
D. Incident response coordinator F. Compliance manager
60. A network printer needs Internet access to function. Corporate policy states all devices allowed on the network must be authenticated. Which of the following is the MOST secure method to allow the printer on the network without violating policy? A. Request an exception to the corporate policy from the risk management committee B. Require anyone trying to use the printer to enter their username and password C. Have a help desk employee sign in to the printer every morning D. Issue a certificate to the printer and use certificate-based authentication
D. Issue a certificate to the printer and use certificate-based authentication
72. A bank is initiating the process of acquiring another smaller bank. Before negotiations happen between the organizations, which of the following business documents would be used as the FIRST step in the process? A. MOU B. OLA C. BPA D. NDA
D. NDA
86. A company's Chief Operating Officer (COO) is concerned about the potential for competitors to infer proprietary information gathered from employees' social media accounts. Which of the following methods should the company use to gauge its social media threat level without targeting individual employees? A. Utilize insider threat consultants to provide expertise. B. Require that employees divulge social media accounts. C. Leverage Big Data analytical algorithms. D. Perform social engineering tests to evaluate employee awareness.
D. Perform social engineering tests to evaluate employee awareness.
62. A company makes consumer health devices and needs to maintain strict confidentiality of unreleased product designs Recently unauthorized photos of products still in development have been for sale on the dark web. The Chief Information Security Officer (CISO) suspects an insider threat, but the team that uses the secret outdoor testing area has been vetted many times and nothing suspicious has been found Which of the following is the MOST likely cause of the unauthorized photos? A. The location of the testing facility was discovered by analyzing fitness device information the test engineers posted on a website B. One of the test engineers is working for a competitor and covertly installed a RAT on the marketing department's servers C. The company failed to implement least privilege on network devices, and a hacktivist published stolen public relations photos D. Pre-release marketing materials for a single device were accidentally left in a public location
D. Pre-release marketing materials for a single device were accidentally left in a public location
81. A project manager is working with a software development group to collect and evaluate user scenarios related to the organization's internally designed data analytics tool. While reviewing stakeholder input, the project manager would like to formally document the needs of the various stakeholders and the associated organizational compliance objectives supported by the project. Which of the following would be MOST appropriate to use? A. Roles matrix B. Peer review C. BIA D. SRTM
D. SRTM
64. A software development team has spent the last 18 months developing a new web-based front-end that will allow clients to check the status of their orders as they proceed through manufacturing. The marketing team schedules a launch party to present the new application to the client base in two weeks. Before the launch, the security team discovers numerous flaws that may introduce dangerous vulnerabilities, allowing direct access to a database used by manufacturing. The development team did not plan to remediate these vulnerabilities during development. Which of the following SDLC best practices should the development team have followed? A. Implementing regression testing B. Completing user acceptance testing C. Verifying system design documentation D. Using a SRTM
D. Using a SRTM
47. An engineer needs to provide access to company resources for several offshore contractors. The contractors require: Access to a number of applications, including internal websites Access to database data and the ability to manipulate it The ability to log into Linux and Windows servers remotely Which of the following remote access technologies are the BEST choices to provide all of this access securely? (Choose two.) A. VTC B. VRRP C. VLAN D. VDI E. VPN F. Telnet
D. VDI E. VPN
65. As part of incident response, a technician is taking an image of a compromised system and copying the image to a remote image server (192.168.45.82). The system drive is very large but does not contain the sensitive data. The technician has limited time to complete this task. Which of the following is the BEST command for the technician to run? A. tar cvf - / | ssh 192.168.45.82 "cat - > /images/image.tar" B. dd if=/dev/mem | scp - 192.168.45.82:/images/image.dd C. memdump /dev/sda1 | nc 192.168.45.82 3000 D. dd if=/dev/sda | nc 192.168.45.82 3000
D. dd if=/dev/sda | nc 192.168.45.82 3000
46. A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization's vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to the organization. The CISO determines systems administrators need to participate in industry security events. Which of the following is the CISO looking to improve? A. Vendor diversification B. System hardening standards C. Bounty programs D. Threat awareness E. Vulnerability signatures
E. Vulnerability signatures