CASP003-Questions 1
A government agency considers confidentiality to be of utmost importance and availability issues to be of least importance. Knowing this, which of the following correctly orders various vulnerabilities in the order of MOST important to LEAST important? A. Insecure direct object references, CSRF, Smurf B. Privilege escalation, Application DoS, Buffer overflow C. SQL injection, Resource exhaustion, Privilege escalation D. CSRF, Fault injection, Memory leaks
A
A hospital's security team recently determined its network was breached and patient data was accessed by an external entity. The Chief Information Security Officer (CISO) of the hospital approaches the executive management team with this information, reports the vulnerability that led to the breach has already been remediated, and explains the team is continuing to follow the appropriate incident response plan. The executive team is concerned about the hospital's brand reputation and asks the CISO when the incident should be disclosed to the affected patients. Which of the following is the MOST appropriate response? A. When it is mandated by their legal and regulatory requirements B. As soon as possible in the interest of the patients C. As soon as the public relations department is ready to be interviewed D. When all steps related to the incident response plan are completed E. Upon the approval of the Chief Executive Officer (CEO) to release information to the public
A
A protect manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor's cloud-based Infrastructure. The organization will maintain responsibility for the software but wit not manage the underlying server applications. Which of the following does the organization plan to leverage? A. SaaS B. PaaS C. IaaS D. Hybrid cloud E. Network virtualization
A
A regional business is expecting a severe winter storm next week. The IT staff has been reviewing corporate policies on how to handle various situations and found some are missing or incomplete. After reporting this gap in documentation to the information security manager, a document is immediately drafted to move various personnel to other locations to avoid downtime in operations. This is an example of ____. A. a disaster recovery plan B. an incident response plan C. a business continuity plan D. a risk avoidance plan
A
A security assessor is working with an organization to review the policies and procedures associated with managing the organization's virtual infrastructure. During a review of the virtual environment, the assessor determines the organization is using servers to provide more than one primary function, which violates a regulatory requirement. The assessor reviews hardening guides and determines policy allows for this configuration. It would be MOST appropriate for the assessor to advise the organization to ____. A. segment dual-purpose systems on a hardened network segment with no external access B. assess the risks associated with accepting non-compliance with regulatory requirements C. update system implementation procedures to comply with regulations D. review regulatory requirements and implement new policies on any newly provisioned servers
A
A security consultant is improving the physical security of a sensitive site and takes pictures of the unbranded building to include in the report. Two weeks later, the security consultant misplaces the phone, which only has one hour of charge left on it. The person who finds the phone removes the MicroSD card in an attempt to discover the owner to return it. The person extracts the following data from the phone and EXIF data from some files: - DCIM images folder - Audio books folder - Torrents - My TAN xls file - Consultancy HR Manual doc file - Camera: SM-G950F - Exposure time: 1/60 s - Location: 3500 Lacey Road USA Which of the following BEST describes the security problem? A. MicroSD is not encrypted and also contains personal data. B. MicroSD contains a mixture of personal and work data. C. MicroSD is nor encrypted and contains geotagging information. D. MicroSD contains pirated software and is not encrypted
A
A security engineer is deploying an IdP to broker authentication between applications. These applications all utilize SAML 2.0 for authentication. Users log into the IdP with their credentials and are given a list of applications they may access. One of the application's authentications is not functional when a user initiates an authentication attempt from the IdP. The engineer modifies the configuration so users browse to the application first, which corrects the issue. Which of the following BEST describes the root cause? A. The application only supports SP-initiated authentication. B. The IdP only supports SAML 1.0. C. There is an SSL certificate mismatch between the IdP and the SaaS application. D. The user is not provisioned correctly on the IdP.
A
After the departure of a developer under unpleasant circumstances, the company is concerned about the security of the software to which the developer has access. Which of the following is the BEST way to ensure security of the code following the incident? A. Hire an external red tem to conduct black box testing. B. Conduct a peer review and cross reference the SRTM. C. Perform white-box testing on all impacted finished products. D. Perform regression testing and search for suspicious code.
A
An asset manager is struggling with the best way to reduce the time required to perform asset location activities in a large warehouse. A project manager indicated that RFID might be a valid solution if the asset manager's requirements were supported by current RFID capabilities. Which of the following requirements would be MOST difficult for the asset manager to implement? A. The ability to encrypt RFID data in transmission. B. The ability to integrate environmental sensors into the RFID tag. C. The ability to track assets in real time as they move throughout the facility. D. The ability to assign RFID tags a unique identifier.
A
The security administrator has just installed an active\passive cluster of two firewalls for enterprise perimeter defense of the corporate network. Stateful firewall inspection is being used in the firewall implementation. There have been numerous reports of dropped connections with external clients. Which of the following is MOST likely the cause of this problem? A. TCP sessions are traversing one firewall and return traffic is being sent through the secondary firewall and sessions are being dropped. B. TCP and UDP sessions are being balanced across both firewalls and connections are being dropped because the session IDs are not recognized by the secondary firewall. C. Prioritize UDP traffic and associated stateful UDP session information is traversing the passive firewall causing the connections to be dropped. D. The firewall administrator connected a dedicated communication cable between the firewalls in order to share a single state table across the cluster causing the sessions to be dropped.
A
During a criminal investigation, the prosecutor submitted the original hard drive from the suspect's computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected. Which of the following practices should the prosecutor's forensics team have used to ensure the suspect's data would be admissible as evidence? (Choose two.) A. Follow chain of custody best practices. B. Create an identical image of the original hard drive, store the original securely, and then perform forensics only on the imaged drive. C. Use forensics software on the original hard drive and present generated reports as evidence. D. Create a tape backup of the original hard drive and present the backup as evidence. E. Create an exact image of the original hard drive for forensics purposes, and then place the original back in service.
A, B
Users have been reporting unusual automated phone calls, including names and phone numbers, that appear to come from devices internal to the company. What of the following should the systems administrators do to BEST address this problem? (Choose two.) A. Add an ACL to the Firewall to block VoIP. B. Change the settings on the phone system to use SIP-TLS. C. Have the phones download new configuration over TFTP. D. Enable QoS configuration on the phone VLAN
A, B
A legacy web application, which is being used by a hospital, cannot be upgraded for 12 months. A new vulnerability is found in the legacy application, and the networking team is tasked with mitigation. Middleware for mitigation will cost $100,000 per year. Which of the following must be calculated to determine ROI? (Choose two.) A. ALE B. RTO C. MTBF D. ARO E. RPO
A, D
A security manager recently categorized an information system. During the categorization effort, the manager determined the loss of integrity of a specific information type would impact business significantly. Based on this, the security manager recommends the implementation of several solutions. Which of the following, when combined, would BEST mitigate this risk? (Choose two.) A. Access control B. Whitelisting C. Signing D. Validation E. Boot attestation
A, D
A security engineer is employed by a hospital that was recently purchased by a corporation. Throughout the acquisition process, all data on the virtualized file servers must be shared by departments within both organizations. The security engineer considers data ownership to determine ____. A. the amount of data to be moved B. the frequency of data backups C. which users will have access to which data D. when the file server will be decommissioned
C
A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline. Which of the following tools should be implemented to detect similar attacks? A. Vulnerability scanner B. TPM C. Host-based firewall D. File integrity monitor E. NIPS
C
A system administrator has a responsibility to maintain the security of the video teleconferencing system. During a self-audit of the video teleconferencing room, the administrator notices that speakers and microphones are hard-wired and wireless enabled. Which of the following security concerns should the system administrator have about the existing technology in the room? A. Wired transmissions could be intercepted by remote users. B. Bluetooth speakers could cause RF emanation concerns. C. Bluetooth is an unsecure communication channel. D. Wireless transmission causes interference with the video signal.
C
A team is at the beginning stages of designing a new enterprise-wide application. The new application will have a large database and require a capital investment in hardware. The Chief Information Officer (IO) has directed the team to save money and reduce the reliance on the datacenter, and the vendor must specialize in hosting large databases in the cloud. Which of the following cloud-hosting options would BEST meet these needs? A. Multi-tenancy SaaS B. Hybrid IaaS C. Single-tenancy PaaS D. Community IaaS
C
A team is at the beginning stages of designing a new enterprise-wide application. The new application will have a large database and require a capital investment in hardware. The Chief Information Officer (СIO) has directed the team to save money and reduce the reliance on the datacenter, and the vendor must specialize in hosting large databases in the cloud. Which of the following cloud-hosting options would BEST meet these needs? A. Multi-tenancy SaaS B. Hybrid IaaS C. Single-tenancy PaaS D. Community IaaS
C
A web developer has implemented HTML5 optimizations into a legacy web application. One of the modifications the web developer made was the following client side optimization: localStorage.setItem("session-cookie", document.cookie); Which of the following should the security engineer recommend? A. SessionStorage should be used so authorized cookies expire after the session ends B. Cookies should be marked as "secure" and HttpOnly" C. Cookies should be scoped to a relevant omain/path D. Client-side cookies should be replaced by server-side mechanisms
C
An information security manager conducted a gap analysis, which revealed a 75% implementation of security controls for high-risk vulnerabilities, 90% for medium vulnerabilities, and 10% for lowrisk vulnerabilities. To create a road map to close the identified gaps, the assurance team reviewed the likelihood of exploitation of each vulnerability and the business impact of each associated control. To determine which controls to implement, which of the following is the MOST important to consider? A. KPI B. KRI C. GRC D. BIA
C
Any infrastructure portal will require time-based authentication: A. Kerberos B. oAuth C. OTP D. SAML
C
As part of an organization's compliance program, administrators must complete a hardening checklist and note any potential improvements. The process of noting potential improvements in the checklist is MOST likely driven by ____. A. the collection of data as part of the continuous monitoring program B. adherence to policies associated with incident response C. the organization's software development life cycle D. changes in operating systems or industry trends
C
As part of the development process for a new system, the organization plans to perform requirements analysis and risk assessment. The new system will replace a legacy system, which the organization has used to perform data analytics. Which of the following is MOST likely to be part of the activities conducted by management during this phase of the project? A. Static code analysis and peer review of all application code. B. Validation of expectations relating to system performance and security. C. Load testing the system to ensure response times is acceptable to stakeholders. D. Design reviews and user acceptance testing to ensure the system has been deployed properly. E. Regression testing to evaluate interoperability with the legacy system during the deployment.
C
During a security event investigation, a junior analyst fails to create an image of a server's hard drive before removing the drive and sending it to the forensics analyst. Later, the evidence from the analysis is not usable in the prosecution of the attackers due to the uncertainty of tampering. Which of the following should the junior analyst have followed? A. Continuity of operations B. Chain of custody C. Order of volatility D. Data recovery
C
Following a recent data breach, a company has hired a new Chief Information Security Officer (CISO). The CISO is very concerned about the response time to the previous breach and wishes to know how the security team expects to react to a future attack. Which of the following is the BEST method to achieve this goal while minimizing disruption? A. Perform a black box assessment. B. Hire an external red team audit. C. Conduct a tabletop exercise. D. Recreate the previous breach. E. Conduct an external vulnerability assessment.
C
Part of the procedure for decommissioning a database server is to wipe all local disks, as well as SAN LUNs allocated to the server, even though the SAN itself is not being decommissioned. Which of the following is the reason for wiping the SAN LUNs? A. LUN masking will prevent the next server from accessing the LUNs. B. The data may be replicated to other sites that are not as secure. C. Data remnants remain on the LUN that could be read by other servers. D. The data is not encrypted during transport.
C
A Chief Information Officer (CIO) has mandated that all web-based applications the company uses are required to be hosted on the newest stable operating systems and application stack. Additionally, a monthly report must be generated and provided to the audit department. Which of the following security tools should a security analyst use to provide the BEST information? A. Protocol analyzer B. Network enumerator C. Penetration testing platform D. Vulnerability scanner E. GRC software
D
A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate RTO and RPO for the organization's ERP. Which of the following should the CISO interview as MOST qualified to provide RTO/RPO metrics? A. Data custodian B. Data owner C. Security analyst D. Business unit director E. Chief Executive Officer (CEO)
D
A bank is initiating the process of acquiring another smaller bank. Before negotiations happen between the organizations, which of the follwing business documents would be used as the FIRST step in the process? A. MOU B. OLA C. BPA D. NDA
D
A company has decided to replace all the T-1 uplinks at each regional office and move away from using the existing MPLS network. All regional sites will use high-speed connections and VPNs to connect back to the main campus. Which of the following devices would MOST likely be added at each location? A. SIEM B. IDS/IPS C. Proxy server D. Firewall E. Router
D
A development team is testing an in-house-developed application for bugs. During the test, the application crashes several times due to null pointer exceptions. Which of the following tools, if integrated into an IDE during coding, would identify these bugs routinely? A. Issue tracker B. Static code analyzer C. Source code repository D. Fuzzing utility
D
A large organization that builds and configures every data center against distinct requirements loses efficiency, which results in slow response time to resolve issues. However, total uniformity presents other problems. Which of the following presents the GREATEST risk when consolidating to a single vendor or design solution? A. Competitors gain an advantage by increasing their service offerings. B. Vendor lock in may prevent negotiation of lower rates or prices. C. Design constraints violate the principle of open design. D. Lack of diversity increases the impact of specific events or attacks.
D
A network engineer is upgrading the network perimeter and installing a new firewall, IDS, and external edge router. The IDS is reporting elevated UDP traffic and the Internal Routers are reporting high utilization. Which of the following is the BEST solution? A. Reconfigure the firewall to block external UDP traffic. B. Establish a security baseline on the IDS. C. Block echo reply traffic at the firewall. D. Modify the edge router to not forward broadcast traffic
D
A network printer needs Internet access to function. Corporate policy states all devices allowed on the network must be authenticated. Which of the following is the MOST secure method to allow the printer on the network without violating policy? A. Request an exception to the corporate policy from the risk management committee. B. Require anyone trying to use the printer to enter their username and password. C. Have a help desk employee sign in to the printer every morning. D. Issue a certificate to the printer and use certificate-based authentication.
D
A newly hired systems administrator is trying to connect a new and fully updated, but very customized, Android device to access corporate resources. However, the MDM enrollment process continually fails. The administrator asks a security team member to look into the issue. Which of the following is the MOST likely reason the MDM is not allowing enrollment? A. The OS version is not compatible B. The OEM is prohibited C. The device does not support FDE D. The device is rooted
D
A recent CRM upgrade at a branch office was completed after the desired deadline. Several technical issues were found during the upgrade and need to be discussed in depth before the next branch office is upgraded. Which of the following should be used to identify weak processes and other vulnerabilities? A. Gap analysis B. Benchmarks and baseline results C. Risk assessment D. Lessons learned report
D
A security administrator wants to allow external organizations to cryptographically validate the company's domain name in email messages sent by employees. Which of the following should the security administrator implement? A. SPF B. S/MIME C. TLS D. DKIM
D
A company wants to confirm sufficient executable space protection is in place for scenarios in which malware may be attempting buffer overflow attacks. Which of the following should the security engineer check? A. NX/XN B. ASLR C. strcpy D. ECC
B
A security administrator wants to deploy a dedicated storage solution which is inexpensive, can natively integrate with AD, allows files to be selectively encrypted and is suitable for a small number of users at a satellite office. Which of the following would BEST meet the requirement? A. SAN B. NAS C. Virtual SAN D. Virtual storage
B
A system owner has requested support from data owners to evaluate options for the disposal of equipment containing sensitive data. Regulatory requirements state the data must be rendered unrecoverable via logical means or physically destroyed. Which of the following factors is the regulation intended to address? A. Sovereignty B. E-waste C. Remanence D. Deduplication
B
A technician is validating compliance with organizational policies. The user and machine accounts in the AD are not set to expire, which is non-compliant. Which of the following network tools would provide this type of information? A. SIEM server B. IDS appliance C. SCAP scanner D. HTTP interceptor
B
An administrator has noticed mobile devices from an adjacent company on the corporate wireless network. Malicious activity is being reported from those devices. To add another layer of security in an enterprise environment an administrator wants to add contextual authentication to allow users to access enterprise resources only while present in corporate buildings. Which of the following technologies would accomplish this? A. Port security. B. Rogue device detection C. Bluetooth D. GPS
B
An application present on the majority of an organization's 1,000 systems is vulnerable to a buffer overflow attack. Which of the following is the MOST comprehensive way to resolve the issue? A. Deploy custom HIPS signatures to detect and block the attacks. B. Validate and deploy the appropriate patch. C. Run the application in terminal services to reduce the threat landscape. D. Deploy custom NIPS signatures to detect and block the attacks.
B
Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the investigation process? A. Collection, Identification, Preservation, Examination, Analysis, Presentation. B. Identification, Preservation, Collection, Examination, Analysis, Presentation. C. Collection, Preservation, Examination, Identification, Analysis, Presentation. D. Identification, Examination, Preservation, Collection, Analysis, Presentation.
B
Following a recent network intrusion, a company wants to determine the current security awareness of all of its employees. Which of the following is the BEST way to test awareness? A. Conduct a series of security training events with comprehensive tests at the end. B. Hire an external company to provide an independent audit of the network security posture. C. Review the social media of all employees to see how much proprietary information is shared. D. Send an email from a corporate account, requesting users to log onto a website with their enterprise account.
B
To meet a SLA, which of the following document should be drafted, defining the company's internal interdependent unit responsibilities and delivery timelines. A. BPA B. OLA C. MSA D. MOU
B
Where users are attached to the corporate network, single sign-on will be utilized: A. Kerberos B. oAuth C. OTP D. SAML
B
To meet a SLA, which of the following document should be drafted, defining the company's internal interdependent unit responsibilities and delivery timelines? A. BPA B. OLA C. MSA D. MOU
B Explanation: OLA is an agreement between the internal support groups of an institution that supports SLA. According to the Operational Level Agreement, each internal support group has certain responsibilities to the other group. The OLA clearly depicts the performance and relationship of the internal service groups. The main objective of OLA is to ensure that all the support groups provide the intended ServiceLevelAgreement
A business is growing and starting to branch out into other locations. In anticipation of opening an office in a different country, the Chief Information Security Officer (CISO) and legal team agree they need to meet the following criteria regarding data to open the new office: Store taxation-related documents for five years Store customer addresses in an encrypted format Destroy customer information after one year Keep data only in the customer's home country Which of the following should the CISO implement to BEST meet these requirements? (Choose three.) A. Capacity planning policy B. Data retention policy C. Data classification standard D. Legal compliance policy E. Data sovereignty policy F. Backup policy G. Acceptable use policy H. Encryption standard
B, C, H
A security administrator wants to prevent sensitive data residing on corporate laptops and desktops from leaking outside of the corporate network. The company has already implemented full-disk encryption and has disabled all peripheral devices on its desktops and laptops. Which of the following additional controls MUST be implemented to minimize the risk of data leakage? (Select TWO). A. A full-system backup should be implemented to a third-party provider with strong encryption for data in transit. B. A DLP gateway should be installed at the company border. C. Strong authentication should be implemented via external biometric devices. D. Full-tunnel VPN should be required for all network communication. E. Full-drive file hashing should be implemented with hashes stored on separate storage. F. Split-tunnel VPN should be enforced when transferring sensitive data.
B, D
A penetration test is being scoped for a set of web services with API endpoints. The APIs will be hosted on existing web application servers. Some of the new APIs will be available to unauthenticated users, but some will only be available to authenticated users. Which of the following tools or activities would the penetration tester MOST likely use or do during the engagement? (Choose two.) A. Static code analyzer B. Intercepting proxy C. Port scanner D. Reverse engineering E. Reconnaissance gathering F. User acceptance testing
B, E
An architect was recently hired by a power utility to increase the security posture of the company's power generation and distribution sites. Upon review, the architect identifies legacy hardware with highly vulnerable and unsupported software driving critical operations. These systems must exchange data with each other, be highly synchronized, and pull from the Internet time sources. Which of the following architectural decisions would BEST reduce the likelihood of a successful attack without harming operational capability? (Choose two.) A. Isolate the systems on their own network B. Install a firewall and IDS between systems and the LAN C. Employ own stratum-0 and stratum-1 NTP servers D. Upgrade the software on critical systems E. Configure the systems to use government-hosted NTP servers
B, E
Within the past six months, a company has experienced a series of attacks directed at various collaboration tools. Additionally, sensitive information was compromised during a recent security breach of a remote access session from an unsecure site. As a result, the company is requiring all collaboration tools to comply with the following: - Secure messaging between internal users using digital signatures - Secure sites for video-conferencing sessions - Presence information for all office employees - Restriction of certain types of messages to be allowed into the network Which of the following applications must be configured to meet the new requirements? (Choose two.) A. Remote desktop B. VoIP C. Remote assistance D. Email E. Instant messaging F. Social media websites
B, E
A company's security policy states any remote connections must be validated using two forms of network- based authentication. It also states local administrative accounts should not be used for any remote access. PKI currently is not configured within the network. RSA tokens have been provided to all employees, as well as a mobile application that can be used for 2FA authentication. A new NGFW has been installed within the network to provide security for external connections, and the company has decided to use it for VPN connections as well. Which of the following should be configured? (Choose two.) A. Certificate-based authentication B. TACACS+ C. 802.1X D. RADIUS E. LDAP F. Local user database
D, E
An engineer needs to provide access to company resources for several offshore contractors. The contractors require: - Access to a number of applications, including internal websites. - Access to database data and the ability to manipulate it. - The ability to log into Linux and Windows servers remotely. Which of the following remote access technologies are the BEST choices to provide all of this access securely? (Choose two.) A. VTC B. VRRP C. VLAN D. VDI E. VPN F. Telnet
D, E
First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss in a rush to isolate the three hosts that were calling out to the NAS to encrypt whole directories, the hosts were shut down immediately without investigation and then isolated. Which of the following were missed? (Choose two.) A. CPU, process state tables, and main memory dumps. B. Essential information needed to perform data restoration to a known clean state. C. Temporary file system and swap space. D. Indicators of compromise to determine ransomware encryption. E. Chain of custody information needed for investigation.
D, E
A security administrator is updating a company's SCADA authentication system with a new application. To ensure interoperability between the legacy system and the new application, which of the following stakeholders should be involved in the configuration process before deployment? (Choose two.) A. Network engineer B. Service desk personnel C. Human resources administrator D. Incident response coordinator E. Facilities manager F. Compliance manager
D, F
A threat advisory alert was just emailed to the IT security staff. The alert references specific types of host operating systems that can allow an unauthorized person to access files on a system remotely. A fix was recently published, but it requires a recent endpoint protection engine to be installed prior to running the fix. Which of the following MOST likely need to be configured to ensure the system are mitigated accordingly? (Choose two.) A. Antivirus B. HIPS C. Application whitelisting D. Patch management E. Group policy implementation F. Firmware updates
D, F
At 9:00 am each morning, all of the virtual desktops in a VDI implementation become extremely slow and/or unresponsive. The outage lasts for around 10 minutes, after which everything runs properly again. The administrator has traced the problem to a lab of thin clients that are all booted at 9:00 am each morning. Which of the following is the MOST likely cause of the problem and the BEST solution? (Select TWO). A. Add guests with more memory to increase capacity of the infrastructure. B. A backup is running on the thin clients at 9am every morning. C. Install more memory in the thin clients to handle the increased load while booting. D. Booting all the lab desktops at the same time is creating excessive I/O. E. Install 10-Gb uplinks between the hosts and the lab to increase network capacity. F. Install faster SSD drives in the storage system used in the infrastructure. G. The lab desktops are saturating the network while booting. H. The lab desktops are using more memory than is available to the host systems.
D, F
A security controls assessor intends to perform a holistic configuration compliance test of networked assets. The assessor has been handed a package of definitions provided in XML format, and many of the files have two common tags within them: "<object object_ref=... />" and "<state state_ref=... />". Which of the following tools BEST supports the use of these definitions? A. HTTP interceptor B. Static code analyzer C. SCAP scanner D. XML fuzzer
D
A security engineer at a software development company has identified several vulnerabilities in a product late in the development cycle. This causes a huge delay for the release of the product. Which of the following should the administrator do to prevent these issues from occurring in the future? A. Recommend switching to an SDLC methodology and perform security testing during each maintenance iteration. B. Recommend switching to a spiral software development model and perform security testing during the requirements gathering. C. Recommend switching to a waterfall development methodology and perform security testing during the testing phase. D. Recommend switching to an agile development methodology and perform security testing during iterations.
D
A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter ding an authorized test. The device must bypass all firewalls and NIDS place as well as allow in the upload of commands from a cent, allied command and control server. The total cost of the deuce must be kept to a minimum in case the device is discovered doing an assessment. Which of the following tools should the engineer load onto the device being designed? A. Custom firmware with routing key generation. B. Automatic MITM proxy. C. TCP beacon broadcast software. D. Reverse shell endpoint listener.
D
A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production code on the project. Which of the following methods could be used in addition to an integrated development environment to reduce the severity of the issue? A. Conduct a penetration test on each function as it is developed B. Develop a set of basic checks for common coding errors C. Adopt a waterfall method of software development D. Implement unit tests that incorporate static code analyzers
D
A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production code on the project. Which of the following methods could be used in addition to an integrated development environment to reduce the severity of the issue? A. Conduct a penetration test on each function as it is developed. B. Develop a set of basic checks for common coding errors. C. Adopt a waterfall method of software development. D. Implement unit tests that incorporate static code analyzers
D
After multiple service interruptions caused by an older datacenter design, a company decided to migrate away from its datacenter. The company has successfully completed the migration of all datacenter servers and services to a cloud provider. The migration project includes the following phases: Selection of a cloud provider Architectural design Microservice segmentation Virtual private cloud Geographic service redundancy Service migration The Chief Information Security Officer (CISO) is still concerned with the availability requirements of critical company applications. Which of the following should the company implement NEXT? A. Multicloud solution B. Single-tenancy private cloud C. Hybrid cloud solution D. Cloud access security broker
D
After several industry comnpetitors suffered data loss as a result of cyebrattacks, the Chief Operating Officer (COO) of a company reached out to the information security manager to review the organization's security stance. As a result of the discussion, the COO wants the organization to meet the following criteria: - Blocking of suspicious websites - Prevention of attacks based on threat intelligence - Reduction in spam - Identity-based reporting to meet regulatory compliance - Prevention of viruses based on signature - Project applications from web-based threats Which of the following would be the BEST recommendation the information security manager could make? A. Reconfigure existing IPS resources B. Implement a WAF C. Deploy a SIEM solution D. Deploy a UTM solution E. Implement an EDR platform
D
During the deployment of a new system, the implementation team determines that APIs used to integrate the new system with a legacy system are not functioning properly. Further investigation shows there is a misconfigured encryption algorithm used to secure data transfers between systems. Which of the following should the project manager use to determine the source of the defined algorithm in use? A. Code repositories. B. Security requirements traceability matrix. C. Software development life cycle. D. Data design diagram. E. Roles matrix. F. Implementation guide.
E
A systems administrator receives an advisory email that a recently discovered exploit is being used in another country and the financial institutions have ceased operations while they find a way to respond to the attack. Which of the following BEST describes where the administrator should look to find information on the attack to determine if a response must be prepared for the systems? (Choose two.) A. Bug bounty websites B. Hacker forums C. Antivirus vendor websites D. Trade industry association websites E. CVE database F. Company's legal department
E, F
An organization is currently working with a client to migrate data between a legacy ERP system and a cloud-based ERP tool using a global PaaS provider. As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements. Which of the following is the MOST likely reason for the need to sanitize the client data? A. Data aggregation B. Data sovereignty C. Data isolation D. Data volume E. Data analytics
A
An organization's Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer (CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO's inbox from a familiar name with an attachment. Which of the following should the CISO task a security analyst with to determine whether or not the attachment is safe? A. Place it in a malware sandbox. B. Perform a code review of the attachment. C. Conduct a memory dump of the CFO's PC. D. Run a vulnerability scan on the email server.
A
Customers will have delegated access to multiple digital services: A. Kerberos B. oAuth C. OTP D. SAML
A
Following the successful response to a data-leakage incident, the incident team lead facilitates an exercise that focuses on continuous improvement of the organization's incident response capabilities. Which of the following activities has the incident team lead executed? A. Lessons learned review B. Root cause analysis C. Incident audit D. Corrective action exercise
A
Legal authorities notify a company that its network has been compromised for the second time in two years. The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks. Which of the following would have allowed the security team to use historical information to protect against the second attack? A. Key risk indicators B. Lessons learned C. Recovery point objectives D. Tabletop exercise
A
Legal authorities notify a company that its network has been compromised for the second time in two years. The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks. Which of the following would have allowed the security team to use historical information to protect against the second attack? A. Key risk indicators B. Lessons learned C. Recovery point objectives D. Tabletop exercise
A
The Chief Information Security Officer (CISO) suspects that a database administrator has been tampering with financial data to the administrator's advantage. Which of the following would allow a third-party consultant to conduct an on-site review of the administrator's activity? A. Separation of duties B. Job rotation C. Continuous monitoring D. Mandatory vacation
A
The finance department has started to use a new payment system that requires strict Pll security restrictions on various network devices. The company decides to enforce the restrictions and configure all devices appropriately. Which of the following risk response strategies is being used? A. Avoid B. Mitigate C. Transfer D. Accept
A
The manager of the firewall team is getting complaints from various IT teams that firewall changes are causing issues. Which of the following should the manager recommend to BEST address these issues? A. Set up a weekly review for relevant teams to discuss upcoming changes likely to have a broad impact. B. Update the change request form so that requesting teams can provide additional details about the requested changes. C. Require every new firewall rule go through a secondary firewall administrator for review before pushing the firewall policy. D. Require the firewall team to verify the change with the requesting team before pushing the updated firewall policy.
A
A company's chief cybersecurity architect wants to configure mutual authentication to access an internal payroll website. The architect has asked the administration team to determine the configuration that would provide the best defense against MITM attacks. Which of the folowing implementation approaches would BEST support the architect's goals? A. Utilize a challenge-response prompt as required input at username/password entry. B. Implement TLS and require the client to use its own certificate during handshake. C. Configure a web application proxy and institute monitoring of HTTPS transactions. D. Install a reverse proxy in the corporate DMZ configured to decrypt TLS sessions.
C
A deployment manager is working with a software development group to assess the security of a new version of the organization's internally developed ERP tool. The organization prefers to not perform assessment activities following deployment, instead focusing on assessing security throughout the life cycle. Which of the following methods would BEST assess the security of the product? A. Static code analysis in the IDE environment B. Penetration testing of the UAT environment C. Vulnerability scanning of the production environment D. Penetration testing of the production environment E. Peer review prior to unit testing
C
A developer has implemented a piece of client-side JavaScript code to sanitize a user's provided input to a web page login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web server log: 10.235.62.11 - - [02/Mar/2014:06:13:04] "GET /site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1" 200 5724 Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer? A. The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters. B. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side. C. The security administrator is concerned with SQL injection, and the developer should implement server side input validation. D. The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced.
C
A popular commercial virtualization platform allows for the creation of virtual hardware. To virtual machines, this virtual hardware is indistinguishable from real hardware. By implementing virtualized TPMs, which of the following trusted system concepts can be implemented? A. Software-based root of trust B. Continuous chain of trust C. Chain of trust with a hardware root of trust D. Software-based trust anchor with no root of trust
C
A project manager is working with a software development group to collect and evaluate user stories related to the organization's internally designed CRM tool. After defining requirements, the project manager would like to validate the developer's interpretation and understanding of the user's request. Which of the following would BEST support this objective? A. Peer review B. Design review C. Scrum D. User acceptance testing E. Unit testing
C
The Chief Information Security Officer (CISO) of an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local authorities, and when they arrive on- site, the authorities ask a security engineer to create a point-in-time copy of the running database in their presence. This is an example of ____. A. creating a forensic image B. deploying fraud monitoring C. following a chain of custody D. analyzing the order of volatility
C
A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares. Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two.) A. Conduct role-based training for privileged users that highlights common threats against them and covers best practices to thwart attacks B. Increase the frequency at which host operating systems are scanned for vulnerabilities, and decrease the amount of time permitted between vulnerability identification and the application of corresponding patches C. Enforce command shell restrictions via group policies for all workstations by default to limit which native operating system tools are available for use D. Modify the existing rules of behavior to include an explicit statement prohibiting users from enumerating user and file directories using available tools and/or accessing visible resources that do not directly pertain to their job functions E. For all workstations, implement full-disk encryption and configure UEFI instances to require complex passwords for authentication F. Implement application blacklisting enforced by the operating systems of all machines in the enterprise
C, D
An organization is currently performing a market scan for managed security services and EDR capability. Which of the following business documents should be released to the prospective vendors in the first step of the process? (Choose two.) A. MSA B. RFP C. NDA D. RFI E. MOU F. RFQ
C, D
A security administrator is shown the following log excerpt from a Unix system: 2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2 2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2 2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2 2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2 2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port 37920 ssh2 2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2 Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO). A. An authorized administrator has logged into the root account remotely. B. The administrator should disable remote root logins. C. Isolate the system immediately and begin forensic analysis on the host. D. A remote attacker has compromised the root account using a buffer overflow in sshd. E. A remote attacker has guessed the root password using a dictionary attack. F. Use iptables to immediately DROP connections from the IP 198.51.100.23. G. A remote attacker has compromised the private key of the root account. H. Change the root password immediately to a password not found in a dictionary.
C, E
A technician is configuring security options on the mobile device manager for users who often utilize public Internet connections while travelling. After ensuring that full disk encryption is enabled, which of the following security measures should the technician take? (Choose two.) A. Require all mobile device backups to be encrypted. B. Ensure all mobile devices back up using USB OTG. C. Issue a remote wipe of corporate and personal partitions. D. Restrict devices from making long-distance calls during business hours. E. Implement an always-on VPN
C, E
While conducting a BIA for a proposed acquisition, the IT integration team found that both companies outsource CRM services to competing and incompatible third-party cloud services. The decision has been made to bring the CRM service in-house, and the IT team has chosen a future solution. With which of the following should the Chief Information Security Officer (CISO) be MOST concerned? (Choose two.) A. Data remnants B. Sovereignty C. Compatible services D. Storage encryption E. Data migration F. Chain of custody
C, E
A company is acquiring incident response and forensic assistance from a managed security service provider in the event of a data breach. The company has selected a partner and must now provide required documents to be reviewed and evaluated. Which of the following documents would BEST protect the company and ensure timely assistance? (Choose two.) A. RA B. BIA C. NDA D. RFI E. RFQ F. MSA
C, F
An organization is concerned with potential data loss in the event of a disaster, and created a backup datacenter as a mitigation strategy. The current storage method is a single NAS used by all servers in both datacenters. Which of the following options increases data availability in the event of a datacenter failure? A. Replicate NAS changes to the tape backups at the other datacenter. B. Ensure each server has two HBAs connected through two routes to the NAS. C. Establish deduplication across diverse storage paths. D. Establish a SAN that replicates between datacenters.
D
An organization just merged with an organization in another legal jurisdiction and must improve its network security posture in ways that do not require additional resources to implement data isolation. One recommendation is to block communication between endpoint PCs. Which of the following would be the BEST solution? A. Installing HIDS B. Configuring a host-based firewall C. Configuring EDR D. Implementing network segmentation
D
Authentication to cloud-based corporate portals will feature single sign-on: A. Kerberos B. oAuth C. OTP D. SAML
D
In a SPML exchange, Provisioning Service Target (PST), Provisioning Service Provider (PSP) and Request Authority (RA), which of the following BEST describes the three primary roles? A. The PST entity makes the provisioning request, the PSP responds to the PST requests, and the PST performs the provisioning. B. The PSP entity makes the provisioning request, the PST responds to the PSP requests, and the PSP performs the provisioning. C. The RA entity makes the provisioning request, the PST responds to the RA requests, and the PSP performs the provisioning. D. The RA entity makes the provisioning request, the PSP responds to the RA requests, and the PST performs the provisioning.
D
The Chief Executive Officers (CEOs) from two different companies are discussing the highly sensitive prospect of merging their respective companies together. Both have invited their Chief Information Officers (CIOs) to discern how they can securely and digitaly communicate, and the following criteria are collectively determined: - Must be encrypted on the email servers and clients - Must be OK to transmit over unsecure Internet connections Which of the following communication methods would be BEST to recommend? A. Force TLS between domains. B. Enable STARTTLS on both domains. C. Use PGP-encrypted emails. D. Switch both domains to utilize DNSSEC.
D
The finance department has started to use a new payment system that requires strict PII security restrictions on various network devices. The company decides to enforce the restrictions and configure all devices appropriately. Which of the following risk response strategies is being used? A. Avoid B. Mitigate C. Transfer D. Accept
D
Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in secure environment? A. NDA B. MOU C. BIA D. SLA
D
With which of the following departments should an engineer for a consulting firm coordinate when determining the control and reporting requirements for storage of sensitive, proprietary customer information? A. Human resources B. Financial C. Sales D. Legal counsel
D
select id, firstname, lastname from authors User input= firstname= Hack;man lastname=Johnson Which of the following types of attacks is the user attempting? A. XML injection B. Command injection C. Cross-site scripting D. SQL injection
D
A company is not familiar with the risks associated with IPv6. The systems administrator wants to isolate IPv4 from IPv6 traffic between two different network segments. Which of the following should the company implement? (Choose two.) A. Use an internal firewall to block UDP port 3544. B. Disable network discovery protocol on all company routers. C. Block IP protocol 41 using Layer 3 switches. D. Disable the DHCPv6 service from all routers. E. Drop traffic for ::/0 at the edge firewall. F. Implement a 6in4 proxy server.
D, E
