CASP+ Chapter 1 Security Architecture

1. A hospital database is hosting PHI data with high volatility. Data changes constantly and is used by doctors, nurses, and surgeons, as well as the finance department for billing, The data base is located in a secure air-gapped network where there is limited access. What is the most likely threat? a. Internal user fraud b. Manipulated key-value pairs. c. Compliance d. Inappropriate admin access

1. A network engineer must configure a router on the network remotely. What protocol should be used to ensure a secure connection? a. Telnet b. FTP c. HTTP d. SSH

1. A security audit was conducted for your organization. It found that a computer plugged into any Ethernet port in its shipping facility was able to access network resources without authentication. You are directed to fix this security issue. Which standard, if implemented, could resolve this issue? a. 802.1x b. 802.3 c. 802.1q d. 802.11

1. A security engineer is concerned that logs may be lost on their hybrid SDN network if the devices should fail or become compromised by a hacker. What solution ensures that logs are not lost on these devices? a. Configuring a firewall on the local machine b. Archiving the logs on the local machine c. Sending the logs to a syslog d. Installing a NIPS

1. Aaron's end users are having difficulty signing into the network. The investigation of the situation leads him to believe it is which type of attack? a. Port scanning b. DDoS c. Pass-the-hash d. Trojan

1. One of the biggest issues your CISO has with migrating to more cloud environments is the process of acquiring and releasing resources. Technical as well as operational issues are associated with these processes. What type of procedure documentation should you create to help with this? a. How to authenticate and authorize b. How to dynamically provision and deprovision c. How to use SaaS, IaaS, and PaaS. d. How to build a Type 2 hypervisor

1. One of your managers asked you to research data loss prevention techniques to protect data so that cyber attackers cannot monetize the stolen data. What DLP do you recommend? a. Encryption and tokenization b. HIPPA and PCI c. I&AM management d. NIST frameworks

One of your network administrators reports that they cannot connect to a device on the local network using its IP address. The device is up and running with an IP address of 10.0.0.1, and your local IP address is 10.0.0.3. What is the best type of scan to run to find the MAC of the offending machine? a. ARP b. NAT gateway c. IPConfig d. IFConfig

1. One of your network administrators reports that they cannot connect to a device on the local network using its IP address. The device is up and running with an IP address of 10.0.0.1, and your local IP address is 10.0.0.3. What is the best type of scan to run to find the MAC of the offending machine? a. ARP b. NAT gateway c. IPConfig d. IFConfig

Paul's company has discovered that some of his organization's employees are using personal device's, including cell phones, within highly secure areas. The CISO wants to know which employees are violating this policy. Which of the following devices can inform the CISO who is violating this policy? a. DLP b. WIDS c. NIPS d. Firewall

1. Paul's company has discovered that some of his organization's employees are using personal device's, including cell phones, within highly secure areas. The CISO wants to know which employees are violating this policy. Which of the following devices can inform the CISO who is violating this policy? a. DLP b. WIDS c. NIPS d. Firewall

1. Peyton is an IT administrator needing visibility into his staging network. He believes he has all the tools and controls in place, but he has no way to look for attackers who are currently exploiting the network. What tool can Peyton choose to help with seeing the dark spots in his environment? a. Fuzzer b. HTTP interceptor c. Port scanner d. SIEM

1. Phillip's financial company experienced a natural disaster, used a hot site for three months, and now is returning to the primary site. What processes should b restored first at the primary site? a. Financial department b. External communication c. Mission critical d. Least business critical

1. Randolf is a newly hired CISO, and he is evaluating controls for the confidentiality portion of the CIA triad. Which set of controls should he choose to concentrate on for confidentiality? a. RAIS 1 classification of data, and load balancing. b. Digital signatures, encryption and hashes. c. Steganography, ACL, and vulnerability management d. Checksum, DOS attacks, and RAID 0

1. Roanld has architected his network to hide the source of a network connection. What device has he probably used? a. Proxy firewall b. Internet gateway c. Layer 3 switch d. Bastion host

1. Robert's employees complain that when they connect to the network through the VPN, they cannot view their social media posts and pictures. What mostly likely has been implemented? a. Split tunnels b. DNS tunneling c. ARP cache d. Full tunnels

1. Ross is a security manager looking to improve security and performance of his unified communications (UC) server. Which of the following options might help with decreasing the attack surface? a. Adding more users b. Adding more devices c. Turning off unused services d. Ease of setup.

1. Sally needs to implement a network security device at the border of her corporate network and the Internet. This device filters network traffic based on source and destination IP addresses, source and destination port numbers, and protocols. Which network security device best suits her needs? a. Packet filter firewall b. Proxy server c. HSM d. DMZ

Sally's CISO asked her to recommend an intrusion system to recognize intrusions traversing the network and send email alerts to the IT staff when one is detected. What type of intrusion system does the CISO want? a. HIDS b. NIDS c. HIPS d. NIPS

1. Sally's CISO asked her to recommend an intrusion system to recognize intrusions traversing the network and send email alerts to the IT staff when one is detected. What type of intrusion system does the CISO want? a. HIDS b. NIDS c. HIPS d. NIPS

1. After analyzing traffic flows on the network, your department noticed that many internal users access the same resources on the Internet. This activity utilizes a lot of Internet bandwidth. Your department decides to implement a solution that can cache this type of traffic the first time it is requested and serve it to the internal users as requested, thereby reducing the Internet bandwidth used for accessing this traffic. Which solution best accomplishes this task? a. Proxy b. Packet filter firewall c. WAF d. IPS

1. Bobby is a security risk manager with a global organization. The organization recently evaluated the risk of flash floods on its operations in several regions and determined that the cost of responding is expensive. The organization chooses to take no action currently. What was the risk management strategy deployed? a. Risk mitigation. b. Risk acceptance. c. Risk avoidance. d. Risk transference.

1. Brain's new insurance company is working with an ISP, and he wants to find out technical details, such as system numbers, port numbers, IP addressing, and protocols used. What document will he find this information in? a. Memorandum of understanding b. Disclosure of assets. c. Operation level agreement d. Interconnection security agreement

Brett is a new CISO, and he is evaluating different controls for availability. Which set of controls should he choose? a. RAID 1, classification of data, and load balancing b. Digital signatures, encryption, and hashes c. Steganography, ACLS, and vulnerability management d. Checksums, DOS attacks, and RAID 0

1. Brett is a new CISO, and he is evaluating different controls for availability. Which set of controls should he choose? a. RAID 1, classification of data, and load balancing b. Digital signatures, encryption, and hashes c. Steganography, ACLS, and vulnerability management d. Checksums, DOS attacks, and RAID 0

1. Cameron is a newly promoted network security administrator. His manager told him to start building his physical and SDN topology map with a concentration on finding out what ports are open on which assets across the entire enterprise. What tool will accomplish this task? a. Netcat b. Nmap (Network Mapper) c. Burp Suite d. IPConfig

Charles has received final documentation from a compliance audit. The report suggested his organization should implement a complementary security tool to work with the firewall to detect any attempt at scanning. Which device does Charles choose? a. RAS b. PBX c. IDS d. DDT

1. Charles has received final documentation from a compliance audit. The report suggested his organization should implement a complementary security tool to work with the firewall to detect any attempt at scanning. Which device does Charles choose? a. RAS b. PBX c. IDS d. DDT

1. Cody configured the application programming interface (API) connection between your web application that manages retail transactions and your bank. This connection must be as secure as possible. Because the API connection will handle financial transactions, what is the best choice for securing the API if it is well designed? a. SOAP b. HTTPS c. REST d. XML

1. Jonathan is a senior architect who has submitted budget requests to the CISO to upgrade their security landscape. One item to purchase in the new year is a security information and event management (SIEM) system. What is the primary function of a SIEM tools? a. Blocking malicious users and traffic b. Monitoring the network c. Automating DNS server. d. Monitoring servers.

Kenneth is the CISO of an engineering organization. He asked the security department to recommend a system to be placed on business-critical servers to detect and stop intrusions. Which of the following will meet the CISO's requirement? a. HIPS b. NIDS c. HIDS d. NIPS

1. Kenneth is the CISO of an engineering organization. He asked the security department to recommend a system to be placed on business-critical servers to detect and stop intrusions. Which of the following will meet the CISO's requirement? a. HIPS b. NIDS c. HIDS d. NIPS

1. One of Robert' objectives and key results (OKRs) for the upcoming year is to modernize the IT strategy by adopting a virtual cloud and taking advantage of new features and storage. He understands that once intellectual property is in the cloud, he could have less visibility and control as a consumer. What else is a major security concern for important data stored in the public cloud versus a private cloud? a. Cost effectiveness b. Elastic use. c. Being on demand d. Data remnants

1. Simon's organization has endpoints that are considered low-priority systems. Even though they are considered low priority, they still must be protected from malicious code capable of destroying data and corrupting systems. Malicious code is capable of infecting files but generally needs help moving from one system to another. What type of security product protects systems from this type of malicious code only? a. Antimalware b. Antispyware c. Antivirus d. Anti-adware

1. While investigating threats specific to your industry, you found information collected and analyzed by several companies with substantive expertise and access to source information. Which of these is the least beneficial item to your organization after subscribing to threat intelligence information? a. Determining acceptable business risks. b. Developing controls and budgets c. Making equipment and staffing decisions d. Creating a marketing plan for your product.

1. While performing unit testing on software requested by your department, you found that privilege escalation is possible. Privilege escalation means that an attacker can elevate their privilege on a system from a lower level to an administrator level. What two performance unit testing techniques do you need to use? a. Vertical and horizontal b. Left and right. c. North and south d. Ring 1 to 3.

1. You are a network security administrator for SOHO. Your staff tends to work from coffee shops without understanding the need for a VPN. You must show the why this can be dangerous. What network traffic packets are commonly captured and used in a replay attack? a. Packey headers. b. Authentication c. FTP d. DNS

1. You are a security analyst with an enterprise global financial organization. The company just experienced an advanced persistent threat (APT) type of attack that was traced to ransomware delivered to end users via a phishing campaign. One of your IT analysts forwarded the email to the [email protected] address. You want to rip open the ransomware to see what it does and what it touches. What do you build? a. Cloud sandbox b. A container c. SLA d. A hypervisor

1. You are configuring SNMP on a Windows server. You have found that you are currently running SNMPv2c. Why would you want to upgrade to SNMPv3? a. Cryptographic security system b. Party-based security system. c. Easier to set up. d. Supports UDP

1. You are investigation a new tool that helps identify, analyze and report on threats in real time based mostly on logs. What is the best solution? a. SOAR b. Antivirus c. XSS d. Port scanner

1. You are tasked with deploying a system so that it operates at a single classification level. All the users who access this system have the same clearance, classification, and need to know. What is this operating mode? a. High mode b. Dedicated a. Peer to peer. b. Multilevel

1. You conduct a security assessment and find legacy systems with vital business processes using standard Telnet protocols. What should you do to mitigate the risk? a. Migrate from IPv4 to IPv6 b. Install PuTTY c. Move the system to a secure VLAN d. Unplug the system until a replacement can be ordered.

1. You have received an RFQ response from a software company, which makes a tool that will allow you to record all changes in a single change management tool. This tool will track scheduling change, implementing change, the cost of change, and reporting. What type of software is this called? a. Vulnerability management. b. Change control. c. Security information and event management d. Automation

1. You want to replace an access point's removable antenna with a better one based on the results gathered by a wireless site survey. You want to be able to focus more energy in one direction and less in another to better distinguish between networks. What type of antenna should you purchase? a. Directional b. Omnidirectional c. Parabolic dish d. Radio

1. You were asked to recommend a solution to intercept and mirror network traffic and analyze its content for malicious activity while not interacting with the host computer. Of the following, which is the best solution? a. System scanner b. Application scanner c. Active vulnerability scanner d. Passive vulnerability scanner

1. You were asked to recommend a technology that will lessen the impact of a DDoS attack on your CDN. Which of the following is the best technology? a. HIDS b. Packet filter firewall c. Proxy (CDN) d. Load balancing.

1. You work as an independent security consultant for a small town in the Midwest that was just breached by a foreign country. When it came time for payment to a town vendor, someone changed the transfer of monies from a physical check to an electronic payment. In response, what is the first security practice suggestion that you make to prevent this from occurring. a. Incorporation b. Investigation c. Zero trust d. Data diddling

1. You work in a law enforcement supporting network with HA. High availability is mandatory, as you also support emergency 911 services. Which of the following would hinder your HA ecosystem? a. Clustered servers b. Primary firewall c. Switched networks. d. Redundant communication links

Your organization experiences a security event that led to the loss and disruption of services/ You were chosen to investigate the disruption to prevent the risk of it happening again. What is the process called? a. Incident management b. Forensic tasks c. Mandatory vacation d. Job rotation

1. Your CEO purchased the latest and greatest mobile device (BYOD) and now wants you to connect it to the company's intranet. You have been told to research this process according to change management and security policy. What best security recommendation do you recommend making the biggest impact on risk? a. Making this a new corporate policy available for everyone b. Adding a PIN to access the device. c. Encrypting d. Auditing requirements

1. Your CISO asked you to implement a solution on the jump servers in your DMZ that can detect and stop malicious activity. Which solution accomplishes this task? a. HIDS b. NIDS c. HIPS d. NIPS

1. Your CISO asks you to develop solutions for internally developed software that offers the best customization as well as control over the product. Cost is not an issue. What is the best solution for you to choose? a. Hosted deployment solution in with a lower up-front cost but that requires maintaining the hardware on which the software is residing. b. Cloud-based deployment solutions that require a monthly fee only. c. Elastic virtual hosting on need d. An on-premises traditional deployment solution.

1. Your CISO is concerned with unauthorized network access to the corporate wireless network. You want to set a mechanism in place that not only authenticates the wireless devices but also requires them to meet a predefined corporate policy before allowing them on the network. What technology best performs this function? a. HIDS b. NAC c. Software agent d. NIP

1. Your CISO watched the news about the latest supply chain breach and is genuinely concerned about this type of attacks affecting major organizations. He asked you, as a security analyst, to gather information about controls to put into place on your SDN network to stop these attacks from affecting your organization. How do you begin this process? a. Get the latest IOCs from OSINT sources. b. Research best practices. c. Use AI and SIEM d. Perform a sweep of your network using threat modeling.

1. Which of the following is a protocol that provides a graphical interface to Windows system over the network? a. RDP b. VNC c. VDI d. DLP

1. After merging with a newly acquired company, Gavin comes to work Monday morning to find a metamorphic worm from the newly acquired network spreading through the parent organization. The security administrator isolated the worm using a network traffic access point (TAP) mirroring all the new network traffic and found it spreading on TCP port 445. What does Gavin advise the administrator to do immediately to minimize the attacks? a. Run Wireshark to watch for traffic on CP port 445. b. Update antivirus software and scan the entire enterprise. c. Check the SIEM for alerts for any asset with TCP port 445 open. d. Deploy an ACL to HIPS: DENY-ANY-ANY-445

1. Alice and Bob are discussing federated identity and the differences between 2FA and MFA. Bob says it is the same thing, and Alice is explaining to him that it isn't. Which is the best statement that describes the difference? a. Multifactor authentication (MFA) requires users to verify their identity by providing multiple pieces of evidence that can include something they know, something they have, and something they are. Two-factor authentication (2FA) is a user providing two authentication methods like a password and fingerprint. b. 2FA and MFA have the same process and the caveat that 2FA must be two separate types of authentication methods. MFA could be two or more of the same methods. c. 2FA is safer and easier for end users than MFA. d. Multifactor authentication (MFA) requires users to verify their identity by providing at least two pieces of evidence that can include something they know, something they have

1. Alice and Bob are discussing federated identity and the differences between 2FA and MFA. Bob says it is the same thing, and Alice is explaining to him that it isn't. Which is the best statement that describes the difference? a. Multifactor authentication (MFA) requires users to verify their identity by providing multiple pieces of evidence that can include something they know, something they have, and something they are. Two-factor authentication (2FA) is a user providing two authentication methods like a password and fingerprint. b. 2FA and MFA have the same process and the caveat that 2FA must be two separate types of authentication methods. MFA could be two or more of the same methods. c. 2FA is safer and easier for end users than MFA. d. Multifactor authentication (MFA) requires users to verify their identity by providing at least two pieces of evidence that can include something they know, something they have, and something they are. Two-factor authentication (2FA) is a user providing two or more authentication methods like a password and fingerprint.

1. An attacker scanned your network and discovered a host system running a vulnerable version of VNC. Which of the following can an attacker perform if they can access VNC on the host? a. Remotely access the BIOS of the host system. b. Remotely view and control the desktop of the host system. c. Remotely view critical failures, causing a stop error or the blue screen of death on the host system. d. All the above.

1. An employee downloads a video of someone stealing a package off their porch from their smart doorbell. How do you mitigate the risk of storing this type of data on your business network? a. Implementing a security policy and awareness b. Preforming audits c. Monitoring networks for certain file types d. Using third-party threat intelligence reports.

1. Andrew has evaluated several unified communications (UC) vendors. He has a need for one with their own data center facility hosting their own instance of the platform with built-in redundant power, remote backup, and secured entry as well as 24/7 staffing. Why should a UC vendor have minimal data center security? a. Cost savings b. Compliance requirements c. Ease of setup and use d. Perfect forward security

1. Aniket is looking for a web server to process requests sent by XML. What is the best technology to use for this? a. REST b. SOAP c. Ajax d. XML

1. As a leader in your organization in DevOps, you want to convince your CISO to move toward containerization. Which of these is not an advantage to using containers over VMs? a. Reduced and simplified security updates b. Less code to transfer, migrate, and upload. c. Quicker spinning up applications d. Large file size of snapshots.

1. At the latest department meeting, a discussion on the best virtual methodology centered around using VMs versus containers. Which of these statements best aligns with those two models? a. VMs are better for lightweight native performance, whereas containers are better for heavyweight limited performance. b. VMs are for running applications that need all the OS has to offer, whereas containers are better when maximizing number of applications on minimal resources. c. VMs share the host OS, whereas containers run on their own OS. d. Containers are fully isolated and more secure, whereas VMs process-level isolation.

1. Damien is a security architect for a large enterprise bank that recently merged with a smaller local bank. The acquired bank has a legacy virtual cluster, and all these virtual machines use the same NIC to connect to the LAN. Some of the VMs are used for hosting databases for HR, and some are used to process mortgage applications. What is the biggest security risk? a. Shared NICs negatively impacting the integrity of packets. b. Bridging of networks impacting availability. c. Availability between VMs impacting integrity. d. Visibility between VMs impacting confidentiality.

1. David's security team is implementing NAC for authentication as well as corporate policy enforcement. The team wants to install software on the devices to perform these tasks. In the context of NAC, what is the software called? a. Program b. Process c. Agent d. Threat

1. Eddie is looking for an antivirus detection tool that uses a rule or weight-based system to determine how much danger a program function could be. What type of antivirus does he need? a. Behavioral b. Signature based. c. Heuristic d. Automated

1. Fletcher is a security engineer for a government agency attempting to determine the control of highly classified customer information. Who should advise him on coordinating control of this sensitive data? a. Sales b. HR c. Borad of Directors d. Legal Counsel

1. For security reasons, Ted is moving from LDAP to LDAPS for standards-based specification for interacting with directory data. LDAPS provides for security using which of the following: a. SSL (SSL encryption is added.) b. SSH c. PGP d. AES

1. Grace is investigating the encryption of data at rest and data in transit and trying to determine which algorithm is best in each situation. Which of the following is the best tool? a. Split tunnels b. DNS tunneling c. ARP cache d. Full tunnels

1. Ian has joined a company that licenses a third party's software and email service that is delivered to end users through a browser. What type of organization doe Ian work for? a. IaaS b. SaaS c. PaaS d. BaaS

1. Janet has critical f8ilesand intellectual property on several filesystems and needs to be alerted if these files are altered by either trusted insiders abusing their privilege or malware. What should she implement? a. FIM b. PCI c. DNS d. TCP

1. Jason's organization recently deployed some standard Linux systems in its network. The system admin for these Linux systems wants to secure these systems by using SELinux, which is required by their security policy. Which of the following is a benefit to using SELinux? a. Moves from a discretionary access control system to a system where the file creator controls the permissions of the file. b. Moves from a discretionary access control system to a mandatory access control system. c. Moves from a mandatory access control system where the file creator controls the permissions of the file. d. Moves from a mandatory access control system to a discretionary access control system.

1. Jeremiah works for a global construction company and has found cloud computing meets 90 percent of his IT needs. Which of these is of least importance when considering cloud computing? a. Data classification b. Encryption methodology c. Incident response and disaster recovery. d. Physical location of the data center

1. Levi's corporate public cloud network is configured such that all network devices reach each other without going through a routing device. The CISO wants the network reconfigured so that the network is segmented based on geography. In addition, the servers must be on their own subnetwork. What is a benefit of subdividing the network in this way? a. No benefit at all b. By subdividing the network, the port numbers can be better distributed among assets. c. By subdividing the network, rules can be placed to control the flow of traffic from one subnet to another. d. Ease of deployment.

Lisa is building a network intrusion detection system (NIDS). What can a NIDS do with encrypted network traffic? a. Look for viruses b. Examine contents of email c. Bypass VPN d. Nothing

1. Lisa is building a network intrusion detection system (NIDS). What can a NIDS do with encrypted network traffic? a. Look for viruses b. Examine contents of email c. Bypass VPN d. Nothing

1. Luke's company started upgrading the computers in your organization. As a security professional, you recommend creating a standard image for all computers with a set level of security configured. What is this process called? a. Configuration baselining b. Imaging c. Duplication d. Ghosting

1. Many users within your organization clicked on emails, while looking legitimate are malicious. Malicious code executes once the email is opened, infecting the users system with malware. What could be implemented on the email server to help prevent such emails from reaching the end user? a. Firewall b. Spam filters c. WAF d. Forward Proxy

1. Mark has been tasked with building a computer system that can scale well and that includes built-in logic for interfacing with many types of devices, including SATA, PCI, and USB, as well as GPU, network processors, and AV encoders/decoders. What type of system should be built? a. Matrix b. Heterogenous c. LLC d. Meshed network

1. Matthew's company just learned that an attacker obtained highly classified information by querying the external DNS server. He is told to never let this happen again. Which of the following is the best option? a. Implement a split DNS. Create an internal and external zone to resolve all domain queries. b. Implement a split DNS. Create an internal zone for an internal DNS for resolution and an external zone to be used by the Internet. c. Create DNS parking for round-robin DNSBL. d. Create DNS parking for cloud users.

Nicole is the security administrator for a large agency. She has implemented port security, restricted network traffic, and installed NIDS, firewalls, and spam filters. She thinks the network is secure. Now she wants to focus on endpoint security. What is the most comprehensive plan for her to follow? a. Antimalware/virus/spyware, host-based firewall, and MFA b. Antivirus/spam, host-based IDA, and TFA c. Antimalware/virus, host-based IDS, and biometrics. d. Antivirus, host-based IDS, and SSO.

1. Nicole is the security administrator for a large agency. She has implemented port security, restricted network traffic, and installed NIDS, firewalls, and spam filters. She thinks the network is secure. Now she wants to focus on endpoint security. What is the most comprehensive plan for her to follow? a. Antimalware/virus/spyware, host-based firewall, and MFA b. Antivirus/spam, host-based IDA, and TFA c. Antimalware/virus, host-based IDS, and biometrics. d. Antivirus, host-based IDS, and SSO.

1. Not having complete control over networks and serve4rs is a real concern in your organization, and upper management asks you if the company's data is genuinely secure now that you have migrated to the cloud. They have asked you to present industry research at the next board of directors meeting to answer questions regarding cloud security and your company's cyber-resilience. What research would be of most interest to the board of directors. a. Processor power consumption b. Encryption models c. COCOA d. CACAO

1. Two CISOs brought their IT leadership together to discuss the BIA and DRP for a merger between two automobile manufacturers. Their first priority is to communicate securely using encryption. What is the best recommendation? a. DNSSEC b. TLS on both domains c. Use SMime in select email transmissions. d. Push all communications to the cloud

1. Steve is a software developer for a large retail organization. His CISO returned from a large conference and asked him to clarify exactly what the benefits of a container in software development is over virtual machines. Which of these is the best succinct answer? a. In a VM, hardware is virtualized to run multiple OS instances. Containers virtualize an OS to run multiple workloads on a single OS instance using a container engine. b. In a container, hardware is virtualized to run multiple OS, where a VM can run multiple applications across multiple assets with a single OS. c. A VM is virtualized technology, but a container is not. d. A container is the same this as a virtual machine, just smaller in size.

Suzette's company discovered that some of her organization's employees are copying corporate documents to Microsoft blob cloud drives outside of the company. She has been instructed to stop this practice from occurring. Which of the following can stop this practice from happening? a. DLP b. NIDS c. NIPS Firewall

1. Suzette's company discovered that some of her organization's employees are copying corporate documents to Microsoft blob cloud drives outside of the company. She has been instructed to stop this practice from occurring. Which of the following can stop this practice from happening? a. DLP b. NIDS c. NIPS Firewall

1. The Cisco switch port you are using for traffic analysis and troubleshooting has a dedicated SPAN port that is in an "error-disabled state"; what is the procedure to reenable it after you enter privileged exec mode? a. Issue the no shutdown command on the error-disabled interface. b. Issue the shutdown and then the no shutdown command on the error-disabled interface. c. Issue the no error command on the error-disabled interface. d. Issue the no error-disable command on the error-disabled interface.

1. The IT department decided to implement a security appliance in front of their web servers to inspect HTTP/HTTPS?SOAP traffic for malicious activity. Which of the following in the best solution to use? a. Screened host firewall b. Packet filter firewall c. DMZ d. WAF

1. The IT group within your organization wants to filter requests between clients and their servers. They want to place a device in front of the servers that acts as a go-between for the clients and the servers. This device receives the request from the clients and forwards the request to the servers. The server will reply to the request by sending the reply to the device; then the device will forward the reply to the clients. What device best meets this description? a. Firewall b. NIDS c. Reverse proxy d. Proxy

1. The IT security department was tasked with recommending a single security device that can perform various security functions. The security functions include antivirus protection, antispyware, a firewall, and an IDP. What device should the IT security department recommend? a. Next-generation firewall b. Unified threat management system c. Quantum proxy d. Next-generation IDP

1. The corporate network has grown to a point where the management of individual routers and switches is problematic. Your CISO wants to move to a solution where the control function of the routers and switches are centralized, leaving the routers and switches to perform the basic forwarding of traffic. Which technology best performs this function? a. CDC b. NAS c. SAN d. SDN (Software defined network.)

Troy must decide about his organization's file integrity monitoring (FIM) monitoring. Stand-alone FIM generally means file analysis only. Another option is to integrate it with the host so that Troy can detect threats in other areas, such as system memory or an I/O. for the integration, which of the following does Troy need to use? a. HIDS b. ADVFIM c. NIDS

1. Troy must decide about his organization's file integrity monitoring (FIM) monitoring. Stand-alone FIM generally means file analysis only. Another option is to integrate it with the host so that Troy can detect threats in other areas, such as system memory or an I/O. for the integration, which of the following does Troy need to use? a. HIDS b. ADVFIM c. NIDS

1. What system is used to collect and analyze data logs from various network devices and to report detected security events? a. Syslog b. NIPS c. WIPS d. SIEM system

1. Your IT staff is seeking a wireless solution to transmit data in a manufacturing area with lots of electrical motors. The technology must transmit approximately 1 Mbps of data approximately 1 meter using line of sight. No obstacles are between the devices using this technology. Because of the environment, using RF is not a viable solution. What technology is best suited. Because of the environment, using RF is not a viable situation. What technology is best suited for this situation? a. A. Wi-Fi b. Bluetooth c. IrDA (Infrared Data Association). d. RF

1. Your company grew to a point where a screened host firewall solution is no longer viable. IT wants to move to a screened subnet solution. Which of the following is considered a type of screened subnet. a. LAN b. DMZ c. Egress d. WAN

1. Your company hired a new IT manager who will be working remotely. Their first order of business is to perform a risk assessment on a new mobile device that is to be given to all employees. The device is commercially available and runs a popular operating system. What are the most important security factors that you should consider while conducting this risk assessment? a. Remote wipe controls, encryption, and vendor track record. b. Encryption, IPV6, cost, and color c. Remote wipe, maintenance, and inventory management d. Remote monitoring, cost SSD, and vendor track record.

1. Your company underwent a merger, and you are attempting to consolidate domains. What tool do you use to find out who the owner of a domain is, when it expires, and contact details? a. Netstat b. Whois c. SSH TCPDump

1. Your department is looking for a new storage solution that enables a yet undetermined number of systems to connect using file-based protocols (such as NFS and SMB) for peering. This solution will also be used for file-sharing services such as data storage, access, and management services to network clients. What is the best storage solution for your organization? a. SAN b. NAS c. DAG d. DAS

1. Your employees need internal access while traveling to remote locations. You need a service that enable them to securely connect back to a private corporate network from a public network to log into a centralized portal. You want the traffic to be encrypted. Which of the following is the best tool? a. Wi-Fi b. VPN c. RDP d. NIC

1. Your hospital just merged with another hospital in another state that falls under a different legal jurisdiction. You are tasked with improving network security. Your CISO suggest data isolation by blocking communication between the two hospitals. How do you accomplish this? a. Implementing HIDS b. Building gateway firewalls c. Configuring ERP d. Creating network micro segmentation

1. Your network administrator, George, reaches out to you to investigate why your e-commerce site went down twice in the past three days. Everything looks good on your network, so you reach out to your ISP. You suspect an attacker set up botnets that flood your DNS server with invalid requests. You find this out by examining your external logging service. What is this type of attack called? a. DDoS b. Spamming c. IP spoofing d. Containerization

1. Your newly formed IT team is investigating cloud computing models. You would like to use a cloud computing model that is subscription based for common services and where the vendor oversees developing and managing as well as maintaining the pool of computer resources shared between multiple tenants across the network. Which of the following is the best choice for this situation? a. Public b. Private c. Agnostic d. hybrid

1. Your news organization is dealing with a recent defacement of your website and secure web server. The server was compromised around a three-day holiday weekend while most of the IT staff was not at work. The network diagram, in the order from the outside in, consists of the Internet, firewall, IDS, SSL accelerator, web server farm, internal firewall, and internal network. You attempt a forensic analysis, but all the web server logs have been deleted, and the internal firewall logs show no activity. As the security administrator, what do you do? a. Review sensor placement and examine the external firewall logs to find the attack b. Review the IDS logs to determine the source of attack c. Correlate all the logs from all the devices to find where the organization was compromised. d. Reconfigure the network and put the IDS between the SSL accelerator and server farm to better determine the cause of future attacks.

1. Your organization has opted into a hybrid cloud solution for all your strategic organizations with multiple verticals with different IT requirements. Which one of these is an advantage? a. Flexible, scalable, reliable, and improved security posture. b. Strong compatibility and integration requirements c. Complexity as the organization evolves. d. Can be very expensive.

1. Your organization slowly evolved from simply locking doors to RFID-enabled cards issued to employees to secure the physical environment. You want to protect these cards from cloning, because some parts of your organization host sensitive information. What should you implement? a. Encryption b. IDR c. HIDS d. NIPS

1. Your security team implemented NAC lists for authentication as well as corporate policy enforcement. Originally, the team installed software on the devices to perform these tasks. However, the security team decided this method is not longer desirable. They want to implement a solution that performs the same function but doesn't require software be installed on the devices. In the context of NAC, what is this configuration called? a. Agent b. Agentless c. Volatile d. Persistent

1. Your security team implemented NAC lists for authentication as well as corporate policy enforcement. Originally, the team installed software on the devices to perform these tasks. However, the security team decided this method is not longer desirable. They want to implement a solution that performs the same function but doesn't require software be installed on the devices. In the context of NAC, what is this configuration called? a. Agent b. Agentless c. Volatile d. Persistent GLOSSARY Heuristic antivirus- Examines the code and searches for specific commands or instructions that would not normally be found in an application. Micro segmentation-Network micro segmentation enable you to increase network security by creating defense in depth. In today's environment you are always under attack. Virus- Malicious code capable of destroying data and corrupting systems. Virtual network computing (VNC)- Uses a Remote Fra

1. Your security team implemented NAC lists for authentication as well as corporate policy enforcement. Originally, the team installed software on the devices to perform these tasks. However, the security team decided this method is not longer desirable. They want to implement a solution that performs the same function but doesn't require software be installed on the devices. In the context of NAC, what is this configuration called? a. Agent b. Agentless c. Volatile d. Persistent GLOSSARY Heuristic antivirus- Examines the code and searches for specific commands or instructions that would not normally be found in an application. Micro segmentation-Network micro segmentation enable you to increase network security by creating defense in depth. In today's environment you are always under attack. Virus- Malicious code capable of destroying data and corrupting systems. Virtual network computing (VNC)- Uses a Remote Frame Buffer (RFB) protocol to enable a host desktop to be viewed and controlled over a network connection.

CASP+ Chapter 1 Security Architecture

Related study sets

Management: Final exam

Quiz 6

Symbiosis

Mechanical Ventilation, Chest Tube

Microeconomics Ch.5

LM Final Exam

Exam 3 DA & Book Practice Questions

Unit 6. I fell for a Craigslist job scam

Final Study Guide

mgmt chapter 4

pharm EAQ 1

El Día de Acción de Gracias

exam 4- drugs

Prep U ch 14

7. Body Cavities and Viscera

Ch 10: The Formation of Traditional and E-Contracts

EAPS 100 Exam #2

Vocabulary Workshop Level G Units 1 - 8

Chapter 9 - patient assessment

GM Interview Prep