Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

CAS-003 Questions and Answers

Note! Following CAS-003 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is CAS-004

CAS-003 Questions and Answers

Question # 6

A security needs to deploy a file named boardconfig.mk to some company devices. the file contains the following information:

Much of the following represents the goal of this file?

A.

It is an iPhone security configuration file.

B.

It is a Symbian hardening configuration file

C.

It Is a Windows Phone security configuration file

D.

It is an Android security configuration file

Full Access
Question # 7

Which of the following is the primary cybersecurity-related difference between the goals of a risk assessment and a business impact analysts?

A.

Broad spectrum threat analysis

B.

Adherence to quantitative vs qualitative methods

C.

A focus on current state without regard to cost

D.

Measurements of ALE vs SLE and downtime

Full Access
Question # 8

A software development company recently implemented a new policy and control ruleset. The control ruleset defines the following:

• Account naming standards

• Password complexity standards

• SOLC practices

• Encryption baselines and standards

A review of the current applications used and developed by the company shows many production and mission-critical applications are not compliant with the new policies and control ruleset. Which of the following actions should be performed''

A.

Perform a review of the new policies and control ruleset, and update it to reflect the current production baselines and configurations.

B.

Remove the non-compliant applications from the production environment until they are compliant

C.

Document the non-compliant applications and track compliance activities and progress

D.

Prevent application code changes from being promoted to the production environment until the compliance issues are addressed

Full Access
Question # 9

A security technician wants to learn about the latest zero-day threats and newly discovered vulnerabilities but does not have the budget to purchase a commercial threat intelligence service. Which of the following would BEST meet the needs of the security technician? (Select TWO)

A.

Social media platforms

B.

Conferences and local community security events

C.

Software vendor threat reports

D.

RSS feed from reputable security bloggers

E.

Regional CERT

F.

White papers and journal articles

Full Access
Question # 10

The Chief Information Officer (CIO) asks the systems administrator to improve email security at the company based on the following requirements:

1. Do not use two-factor authentication.

2. Protect the contents of a user's mailbox.

3. Be able to sign emails digitally.

4. Protect internal users from spoofing.

5. Secure communications in transit.

6. Use a hierarchically validated certifier for key exchange.

7. Do not use additional plug-in.

8. Have minimal impact to the end-user experience.

Which of the following, when used together, should the systems administrator implement to BEST meet the objectives? (Select TWO).

A.

SPML

B.

S/MIME

C.

SIP

D.

SSL

E.

TLS

F.

PGP

Full Access
Question # 11

A security analyst is investigating an alert arising from an impossible travel pattern Within the span of 30 minutes, the email system saw successful authentication from two IP addresses, which geolocate more than 500mi (806km) away from each other Before locking the account which of the following actions should the analyst take?

A.

Verify email server NTP synchronization status

B.

Validate GeolP data source

C.

Review VPN authentication logs

D.

Verify the user's recent travel activities

Full Access
Question # 12

Which of the following vulnerabilities did the analyst uncover?

A.

A memory leak when executing exit (0);

B.

A race condition when switching variables in stropy(variable2) variable[1]);

C.

A buffer overflow when using the command stropy(variable2) variable1[1]);

D.

Error handling when executing principle ("stropy () failed. \n." >;

Full Access
Question # 13

A Chief Information Security Officer (CISO) wants to set up a SOC to respond to security threats and events more quickly. The SOC must have the following capacities:

• Real-time response

• Visualization

• Threat intelligence integration

• Cross-referencing from multiple sources

• Deduplication

Which of the following technologies would BEST meet these requirements?

A.

SIEM

B.

EDR

C.

OSINT

D.

UTM

Full Access
Question # 14

Following a major security modem that resulted in a significant loss of revenue and extended loss of server availability, a new Chief Information Security Officer (CISO) conducts a root cause analysis. Which of the following additional steps should the CISO take to mitigate the chance of a recurrence?

A.

Capture recommendations from a lessons-learned session with key management

B.

Install additional detective controls to facilitate a better root cause analysts in future incidents

C.

Purchase cyber-incident insurance specifically covering the root cause

D.

Compile a report containing all help desk tickets received during the incident

Full Access
Question # 15

A developer implements the following code snippet:

Which of the following vulnerabilities does this code snippet resolve?

A.

SQL injection

B.

Buffer overflow

C.

Missing session brat

D.

Information leakage

Full Access
Question # 16

While standing a proof-of-concept solution with a vendor, the following direction was given of connections to the default environments.

Which of the following is using used to secure the three environments from overlap if all of them reside on separate serves in the same DM2?

A.

Separation of environments policy

B.

Logical access controls

C.

Segmentation of VlLNs

D.

Subnetting of cloud environments

Full Access
Question # 17

An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application is released to the public, report come In that a previously vulnerability has returned. Which of the following should the developer integrate into the process to BEST prevent this type of behavior?

A.

Peer review

B.

Regression testing

C.

User acceptance

D.

Dynamic analysis

Full Access
Question # 18

The latest security scan of a web application reported multiple high vulnerabilities in session management Which of the following is the BEST way to mitigate the issue?

A.

Prohibiting session hijacking of cookies

B.

Using secure cookie storage and transmission

C.

Performing state management on the server

D.

Using secure and HttpOnly settings on cookies

Full Access
Question # 19

After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees’ devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees’ devices into the network securely?

A.

Distribute a NAC client and use the client to push the company’s private key to all the new devices.

B.

Distribute the device connection policy and a unique public/private key pair to each new employee’s device.

C.

Install a self-signed SSL certificate on the company’s RADIUS server and distribute the certificate’s public key to all new client devices.

D.

Install an 802.1X supplicant on all new devices and let each device generate a self-signed certificate to use for network access.

Full Access
Question # 20

Developers are working on anew feature to add to a social media platform. Thew new feature involves users uploading pictures of what they are currently doing. The data privacy officer (DPO) is concerned about various types of abuse that might occur due to this new feature. The DPO state the new feature cannot be released without addressing the physical safety concerns of the platform’s users. Which of the following controls would BEST address the DPO’s concerns?

A.

Increasing blocking options available to the uploader

B.

Adding a one-hour delay of all uploaded photos

C.

Removing all metadata in the uploaded photo file

D.

Not displaying to the public who uploaded the photo

E.

Forcing TLS for all connections on the platform

Full Access
Question # 21

A threat advisory alert was just emailed to the IT security staff. The alert references specific types of host operating systems that can allow an unauthorized person to access files on a system remotely. A fix was recently published, but it requires a recent endpoint protection engine to be installed prior to running the fix.

Which of the following MOST likely need to be configured to ensure the system are mitigated accordingly? (Select two.)

A.

Antivirus

B.

HIPS

C.

Application whitelisting

D.

Patch management

E.

Group policy implementation

F.

Firmware updates

Full Access
Question # 22

A networking administrator was recently promoted to security administrator in an organization that handles highly sensitive data. The Chief Information Security Officer (CISO) has just asked for all IT security personnel to review a zero-day vulnerability and exploit for specific application servers to help mitigate the organization’s exposure to that risk. Which of the following should the new security administrator review to gain more information? (Choose three.)

A.

CVE database

B.

Recent security industry conferences

C.

Security vendor pages

D.

Known vendor threat models

E.

Secure routing metrics

F.

Server’s vendor documentation

G.

Verified security forums

Full Access
Question # 23

An SQL database is no longer accessible online due to a recent security breach. An investigation reveals that unauthorized access to the database was possible due to an SQL injection vulnerability. To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two.)

A.

Secure storage policies

B.

Browser security updates

C.

Input validation

D.

Web application firewall

E.

Secure coding standards

F.

Database activity monitoring

Full Access
Question # 24

A systems administrator at a medical imaging company discovers protected health information (PHI) on a general purpose file server. Which of the following steps should the administrator take NEXT?

A.

Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2

B.

Immediately encrypt all PHI with AES 256

C.

Delete all PHI from the network until the legal department is consulted

D.

Consult the legal department to determine legal requirements

Full Access
Question # 25

A hospital uses a legacy electronic medical record system that requires multicast for traffic between the application servers and databases on virtual hosts that support segments of the application. Following a switch upgrade, the electronic medical record is unavailable despite physical connectivity between the hypervisor and the storage being in place. The network team must enable multicast traffic to restore access to the electronic medical record. The ISM states that the network team must reduce the footprint of multicast traffic on the network.

Using the above information, on which VLANs should multicast be enabled?

A.

VLAN201, VLAN202, VLAN400

B.

VLAN201, VLAN202, VLAN700

C.

VLAN201, VLAN202, VLAN400, VLAN680, VLAN700

D.

VLAN400, VLAN680, VLAN700

Full Access
Question # 26

A company has created a policy to allow employees to use their personally owned devices. The Chief Information Officer (CISO) is getting reports of company data appearing on unapproved forums and an increase in theft of personal electronic devices. Which of the following security controls would BEST reduce the risk of exposure?

A.

Disk encryption on the local drive

B.

Group policy to enforce failed login lockout

C.

Multifactor authentication

D.

Implementation of email digital signatures

Full Access
Question # 27

A regional business is expecting a severe winter storm next week. The IT staff has been reviewing corporate policies on how to handle various situations and found some are missing or incomplete. After reporting this gap in documentation to the information security manager, a document is immediately drafted to move various personnel to other locations to avoid downtime in operations. This is an example of:

A.

a disaster recovery plan

B.

an incident response plan

C.

a business continuity plan

D.

a risk avoidance plan

Full Access
Question # 28

A security administrator is reviewing the following output from an offline password audit:

Which of the following should the systems administrator implement to BEST address this audit finding? (Choose two.)

A.

Cryptoprocessor

B.

Bcrypt

C.

SHA-256

D.

PBKDF2

E.

Message authentication

Full Access
Question # 29

A remote user reports the inability to authenticate to the VPN concentrator. During troubleshooting, a security administrate captures an attempted authentication and discovers the following being presented by the user's VPN client:

Which of the following BEST describes the reason the user is unable to connect to the VPN service?

A.

The user's certificate is not signed by the VPN service provider

B.

The user's certificate has been compromised and should be revoked.

C.

The user's certificate was not created for VPN use

D.

The user's certificate was created using insecure encryption algorithms

Full Access
Question # 30

The Chief Executive Officer (CEO) of a fast-growing company no longer knows all the employees and is concerned about the company's intellectual property being stolen by an employee. Employees are allowed to work remotely with flexible hours, creating unpredictable schedules. Roles are poorly defined due to frequent shifting needs across the company. Which of the following new initiatives by the information security team would BEST secure the company and mitigate the CEO's concerns?

A.

Begin simulated phishing campaigns for employees and follow up with additional security awareness training.

B.

Seed company fileshares and servers with text documents containing fake passwords and then monitor for their use.

C.

Implement DLP to monitor data transfer between employee accounts and external parties and services

D.

Report data from a user-behavior monitoring tool and assign security analysts to review it daily

Full Access
Question # 31

An internal application has been developed to increase the efficiency of an operational process of a global manufacturer. New code was implemented to fix a security bug, but it has caused operations to halt. The executive team has decided fixing the security bug is less important than continuing operations.

Which of the following would BEST support immediate rollback of the failed fix? (Choose two.)

A.

Version control

B.

Agile development

C.

Waterfall development

D.

Change management

E.

Continuous integration

Full Access
Question # 32

Joe, a penetration tester, is assessing the security of an application binary provided to him by his client. Which of the following methods would be the MOST effective in reaching this objective?

A.

Employ a fuzzing utility

B.

Use a static code analyzer

C.

Run the binary in an application sandbox

D.

Manually review the binary in a text editor

Full Access
Question # 33

A university’s help desk is receiving reports that Internet access on campus is not functioning. The network administrator looks at the management tools and sees the 1Gbps Internet is completely saturated with ingress traffic. The administrator sees the following output on the Internet router:

The administrator calls the university’s ISP for assistance, but it takes more than four hours to speak to a network engineer who can resolve the problem. Based on the information above, which of the following should the ISP engineer do to resolve the issue?

A.

The ISP engineer should null route traffic to the web server immediately to restore Internet connectivity. The university should implement a remotely triggered black hole with the ISP to resolve this more quickly in the future.

B.

A university web server is under increased load during enrollment. The ISP engineer should immediately increase bandwidth to 2Gbps to restore Internet connectivity. In the future, the university should pay for more bandwidth to handle spikes in web server traffic.

C.

The ISP engineer should immediately begin blocking IP addresses that are attacking the web server to restore Internet connectivity. In the future, the university should install a WAF to prevent this attack from happening again.

D.

The ISP engineer should begin refusing network connections to the web server immediately to restore Internet connectivity on campus. The university should purchase an IPS device to stop DDoS attacks in the future.

Full Access
Question # 34

As part of an organization's ongoing vulnerability assessment program, the Chief Information Security Officer (CISO) wants to evaluate the organization's systems, personnel, and facilities for various threats As part of the assessment the CISO plans to engage an independent cybersecurity assessment firm to perform social engineering and physical penetration testing against the organization's corporate offices and remote locations. Which of the following techniques would MOST likely be employed as part of this assessment? (Select THREE).

A.

Privilege escalation

B.

SQL injection

C.

TOC/TOU exploitation

D.

Rogue AP substitution

E.

Tailgating

F.

Vulnerability scanning

G.

Vishing

Full Access
Question # 35

The results of an external penetration test for a software development company show a small number of applications account for the largest number of findings. While analyzing the content and purpose of the applications, the following matrix is created.

The findings are then categorized according to the following chart:

Which of the following would BEST reduce the amount of immediate risk incurred by the organization from a compliance and legal standpoint? (Select TWO)

A.

Place a WAF in line with Application 2

B.

Move Application 3 to a secure VLAN and require employees to use a jump server for access.

C.

Apply the missing OS and software patches to the server hosting Application 4

D.

Use network segmentation and ACLs to control access to Application 5.

E.

Implement an IDS/IPS on the same network segment as Application 3

F.

Install a FIM on the server hosting Application 4

Full Access
Question # 36

A new security policy states all wireless and wired authentication must include the use of certificates when connecting to internal resources within the enterprise LAN by all employees.

Which of the following should be configured to comply with the new security policy? (Choose two.)

A.

SSO

B.

New pre-shared key

C.

802.1X

D.

OAuth

E.

Push-based authentication

F.

PKI

Full Access
Question # 37

An organization designs and develops safety-critical embedded firmware (inclusive of embedded OS and services) for the automotive industry. The organization has taken great care to exercise secure software development practices for the firmware Of paramount importance is the ability to defeat attacks aimed at replacing or corrupting running firmware once the vehicle leaves production and is in the field Integrating, which of the following host and OS controls would BEST protect against this threat?

A.

Configure the host to require measured boot with attestation using platform configuration registers extended through the OS and into application space.

B.

Implement out-of-band monitoring to analyze the state of running memory and persistent storage and, in a failure mode, signal a check-engine light condition for the operator.

C.

Perform reverse engineering of the hardware to assess for any implanted logic or other supply chain integrity violations

D.

Ensure the firmware includes anti-malware services that will monitor and respond to any introduction of malicious logic.

E.

Require software engineers to adhere to a coding standard, leverage static and dynamic analysis within the development environment, and perform exhaustive state space analysis before deployment

Full Access
Question # 38

During a recent incident, sensitive data was disclosed and subsequently destroyed through a properly secured, cloud-based storage platform. An incident response technician is working with management to develop an after action report that conveys critical metrics regarding the incident.

Which of the following would be MOST important to senior leadership to determine the impact of the breach?

A.

The likely per-record cost of the breach to the organization

B.

The legal or regulatory exposure that exists due to the breach

C.

The amount of downtime required to restore the data

D.

The number of records compromised

Full Access
Question # 39

A project manager is working with a software development group to collect and evaluate user scenarios related to the organization’s internally designed data analytics tool. While reviewing stakeholder input, the project manager would like to formally document the needs of the various stakeholders and the associated organizational compliance objectives supported by the project.

Which of the following would be MOST appropriate to use?

A.

Roles matrix

B.

Peer review

C.

BIA

D.

SRTM

Full Access
Question # 40

The security administrator of a small firm wants to stay current on the latest security vulnerabilities and attack vectors being used by crime syndicates and nation-states. The information must be actionable and reliable. Which of the following would BEST meet the needs of the security administrator?

A.

Software vendor threat reports

B.

White papers

C.

Security blogs

D.

Threat data subscription

Full Access
Question # 41

A company has decided to replace all the T-1 uplinks at each regional office and move away from using the existing MPLS network. All regional sites will use high-speed connections and VPNs to connect back to the main campus. Which of the following devices would MOST likely be added at each location?

A.

SIEM

B.

IDS/IPS

C.

Proxy server

D.

Firewall

E.

Router

Full Access
Question # 42

A security engineer is attempting to inventory all network devices Most unknown devices are not responsive to SNMP queries. Which of the following would be the MOST secure configuration?

A.

Switch to SNMPv1 device inventory credentials

B.

Enable SSH for all switches and routers

C.

Set SFTP to enabled on all network devices

D.

Configure SNMPv3 server settings to match client settings

Full Access
Question # 43

A financial institution’s information security officer is working with the risk management officer to determine what to do with the institution’s residual risk after all security controls have been implemented. Considering the institution’s very low risk tolerance, which of the following strategies would be BEST?

A.

Transfer the risk.

B.

Avoid the risk

C.

Mitigate the risk.

D.

Accept the risk.

Full Access
Question # 44

A project manager is working with system owners to develop maintenance windows for system pathing and upgrades in a cloud-based PaaS environment. Management has indicated one maintenance windows will be authorized per month, but clients have stated they require quarterly maintenance windows to meet their obligations. Which of the following documents should the project manager review?

A.

MOU

B.

SOW

C.

SRTM

D.

SLA

Full Access
Question # 45

A vulnerability was recently announced that allows a malicious user to gain root privileges on other virtual machines running within the same hardware cluster. Customers of which of the following cloud-based solutions should be MOST concerned about this vulnerability?

A.

Single-tenant private cloud

B.

Multitenant SaaS cloud

C.

Single-tenant hybrid cloud

D.

Multitenant IaaS cloud

E.

Multitenant PaaS cloud

F.

Single-tenant public cloud

Full Access
Question # 46

Ann, a corporate executive, has been the recent target of increasing attempts to obtain corporate secrets by competitors through advanced, well-funded means. Ann frequently leaves her laptop unattended and physically unsecure in hotel rooms during travel. A security engineer must find a practical solution for Ann that minimizes the need for user training. Which of the following is the BEST solution in this scenario?

A.

Full disk encryption

B.

Biometric authentication

C.

An eFuse-based solution

D.

Two-factor authentication

Full Access
Question # 47

A security engineer is performing an assessment again for a company. The security engineer examines the following output from the review:

Which of the following tools is the engineer utilizing to perform this assessment?

A.

Vulnerability scanner

B.

SCAP scanner

C.

Port scanner

D.

Interception proxy

Full Access
Question # 48

A technician receives the following security alert from the firewall's automated system:

Match_Time: 10/10/16 16:20:43

Serial: 002301028176

Device_name: COMPSEC1

Type: CORRELATION

Scrusex: domain\samjones

Scr: 10.50.50.150

Object_name: beacon detection

Object_id: 6005

Category: compromised-host

Severity: medium

Evidence: host repeatedly visited a dynamic DNS domain (17 time)

After reviewing the alert, which of the following is the BEST analysis?

A.

the alert is a false positive because DNS is a normal network function.

B.

this alert indicates a user was attempting to bypass security measures using dynamic DNS.

C.

this alert was generated by the SIEM because the user attempted too many invalid login attempts.

D.

this alert indicates an endpoint may be infected and is potentially contacting a suspect host.

Full Access
Question # 49

An analyst is investigating behavior on a corporate-owned, corporate-managed mobile device with application whitelisting enabled, based on a name string. The employee to whom the device is assigned reports the approved email client is displaying warning messages that can launch browser windows and is adding unrecognized email addresses to the “compose” window.

Which of the following would provide the analyst the BEST chance of understanding and characterizing the malicious behavior?

A.

Reverse engineer the application binary.

B.

Perform static code analysis on the source code.

C.

Analyze the device firmware via the JTAG interface.

D.

Change to a whitelist that uses cryptographic hashing.

E.

Penetration test the mobile application.

Full Access
Question # 50

A company is updating its acceptable use and security policies to allow personal devices to be connected to the network as king as certain security parameters can be enforced Which of the following describes this new policy change?

A.

COPE

B.

CYOD

C.

BYOD

D.

POTS

Full Access
Question # 51

An ICS security engineer is performing a security assessment at a bank in Chicago. The engineer reviews the following output:

Which of the following tools is the engineer using the provide this output?

A.

SCAP scanner

B.

Shodan

C.

Fuzzer

D.

Vulnerability scanner

Full Access
Question # 52

While the code is still in the development environment, a security architect is testing the code stored in the code repository to ensure the top ten OWASP secure coding practices are being followed. Which of the following code analyzers will produce the desired results?

A.

Static

B.

Dynamic

C.

Fuzzer

D.

Peer review

Full Access
Question # 53

Following a recent outage a systems administrator is conducting a study to determine a suitable bench stock of server hard drives. Which of the following metrics is MOST valuable to the administrator in determining how many hard drives to keep on hand?

A.

TTR

B.

ALE

C.

MTBF

D.

SLE

E.

PRO

Full Access
Question # 54

A security administrator is advocating for enforcement of a new policy that would require employers with privileged access accounts to undergo periodic inspections and review of certain job performance data. To which of the following policies is the security administrator MOST likely referring?

A.

Background investigation

B.

Mandatory vacation

C.

Least privilege

D.

Separation of duties

Full Access
Question # 55

An organization is evaluating options related to moving organizational assets to a cloud-based environment using an IaaS provider. One engineer has suggested connecting a second cloud environment within the organization’s existing facilities to capitalize on available datacenter space and resources. Other project team members are concerned about such a commitment of organizational assets, and ask the Chief Security Officer (CSO) for input. The CSO explains that the project team should work with the engineer to evaluate the risks associated with using the datacenter to implement:

A.

a hybrid cloud.

B.

an on-premises private cloud.

C.

a hosted hybrid cloud.

D.

a private cloud.

Full Access
Question # 56

An external red team member conducts a penetration test, attempting to gain physical access to a large organization's server room in a branch office. During reconnaissance, the red team member sees a clearly marked door to the server room, located next to the lobby, with a tumbler lock.

Which of the following is BEST for the red team member to bring on site to open the locked door as quickly as possible without causing significant damage?

A.

Screwdriver set

B.

Bump key

C.

RFID duplicator

D.

Rake picking

Full Access
Question # 57

A company deploys a system to use device and user certificates for network authentication Previously, the company only used separate certificates to send receive encrypted email. Users have begun notifying the help desk because they cannot read encrypted email Which of the following is the MOST likely cause of the issues7

A.

The attestation service is not configured to accept the new certificates.

B.

The device certificates have the S/MIME attribute selected

C.

The sending mail client is selecting the wrong public key to encrypt messages

D.

Multiple device certificates are associated with the same network port

Full Access
Question # 58

A security analyst is reviewing the security of a company's public-facing servers After some research the analyst discovers the following on a public pastebin website.

Which of the following should the analyst do NEXT?

A.

Review the system logs

B.

Scan *.company com for vulnerabilities.

C.

Begin a root cause analysis.

D.

Change the password to the MySQL database

Full Access
Question # 59

As part of an organization’s compliance program, administrators must complete a hardening checklist and note any potential improvements. The process of noting improvements in the checklist is MOST likely driven by:

A.

the collection of data as part of the continuous monitoring program.

B.

adherence to policies associated with incident response.

C.

the organization’s software development life cycle.

D.

changes in operating systems or industry trends.

Full Access
Question # 60

A factory-floor system uses critical legacy, and unsupported application software to enable factory operations A latent vulnerability was recently exposed, which permitted attackers to send a specific string of characters followed by arbitrary code for execution Patches are unavailable, as the manufacturer is no longer m business Which of the following would be the BEST approach the company should take to mitigate the risk of this vulnerability and other latent vulnerability exploits'' (Select TWO)

A.

Configure a host-based firewall on the application server and restrict access to necessary ports and services

B.

Create a factory-floor enclave segregated from direct LANWAN reachability

C.

implement a proxy that will sanitize input provided to the application

D.

install server-side X 509 certificates and enable TLS 1.0 or later for client access

E.

Install network and host-based IDS feeding logs to SIEM and alerts to SOC operators

F.

Create a hunt team focused on the factory-floor operations

Full Access
Question # 61

A security assessor is working with an organization to review the policies and procedures associated with managing the organization’s virtual infrastructure. During a review of the virtual environment, the assessor determines the organization is using servers to provide more than one primary function, which violates a regulatory requirement. The assessor reviews hardening guides and determines policy allows for this configuration. It would be MOST appropriate for the assessor to advise the organization to:

A.

segment dual-purpose systems on a hardened network segment with no external access

B.

assess the risks associated with accepting non-compliance with regulatory requirements

C.

update system implementation procedures to comply with regulations

D.

review regulatory requirements and implement new policies on any newly provisioned servers

Full Access
Question # 62

Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in secure environment?

A.

NDA

B.

MOU

C.

BIA

D.

SLA

Full Access
Question # 63

A systems administrator receives an advisory email that a recently discovered exploit is being used in another country and the financial institutions have ceased operations while they find a way to respond to the attack. Which of the following BEST describes where the administrator should look to find information on the attack to determine if a response must be prepared for the systems? (Choose two.)

A.

Bug bounty websites

B.

Hacker forums

C.

Antivirus vendor websites

D.

Trade industry association websites

E.

CVE database

F.

Company’s legal department

Full Access
Question # 64

An architect was recently hired by a power utility to increase the security posture of the company’s power generation and distribution sites. Upon review, the architect identifies legacy hardware with highly vulnerable and unsupported software driving critical operations. These systems must exchange data with each other, be highly synchronized, and pull from the Internet time sources. Which of the following architectural decisions would BEST reduce the likelihood of a successful attack without harming operational capability? (Choose two.)

A.

Isolate the systems on their own network

B.

Install a firewall and IDS between systems and the LAN

C.

Employ own stratum-0 and stratum-1 NTP servers

D.

Upgrade the software on critical systems

E.

Configure the systems to use government-hosted NTP servers

Full Access
Question # 65

An attacker exploited an unpatched vulnerability in a web framework, and then used an application service account that had an insecure configuration to download a rootkit The attacker was unable to obtain root privileges Instead the attacker then downloaded a crypto-currency mining program and subsequently was discovered The server was taken offline, rebuilt, and patched. Which of the following should the security engineer suggest to help prevent a similar scenario in the future?

A.

Remove root privileges from the application service account

B.

Implement separation of duties.

C.

Properly configure SELinux and set it to enforce.

D.

Use cron to schedule regular restarts of the service to terminate sessions.

E.

Perform regular uncredentialed vulnerability scans

Full Access
Question # 66

A newly hired systems administrator is trying to connect a new and fully updated, but very customized, Android device to access corporate resources. However, the MDM enrollment process continually fails. The administrator asks a security team member to look into the issue.

Which of the following is the MOST likely reason the MDM is not allowing enrollment?

A.

The OS version is not compatible

B.

The OEM is prohibited

C.

The device does not support FDE

D.

The device is rooted

Full Access
Question # 67

A security administrator must configure the database server shown below to comply with the four requirements listed. Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement. Answer options may be used once or not at all.

Full Access
Question # 68

A security engineer is attempting to convey the importance of including job rotation in a company’s standard security policies. Which of the following would be the BEST justification?

A.

Making employees rotate through jobs ensures succession plans can be implemented and prevents single point of failure.

B.

Forcing different people to perform the same job minimizes the amount of time malicious actions go undetected by forcing malicious actors to attempt collusion between two or more people.

C.

Administrators and engineers who perform multiple job functions throughout the day benefit from being cross-trained in new job areas.

D.

It eliminates the need to share administrative account passwords because employees gain administrative rights as they rotate into a new job area.

Full Access
Question # 69

A web developer has implemented HTML5 optimizations into a legacy web application. One of the modifications the web developer made was the following client side optimization:

localStorage.setItem(“session-cookie”, document.cookie);

Which of the following should the security engineer recommend?

A.

SessionStorage should be used so authorized cookies expire after the session ends

B.

Cookies should be marked as “secure” and “HttpOnly”

C.

Cookies should be scoped to a relevant domain/path

D.

Client-side cookies should be replaced by server-side mechanisms

Full Access
Question # 70

A network printer needs Internet access to function. Corporate policy states all devices allowed on the network must be authenticated. Which of the following is the MOST secure method to allow the printer on the network without violating policy?

A.

Request an exception to the corporate policy from the risk management committee

B.

Require anyone trying to use the printer to enter their username and password

C.

Have a help desk employee sign in to the printer every morning

D.

Issue a certificate to the printer and use certificate-based authentication

Full Access
Question # 71

A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares. Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two.)

A.

Conduct role-based training for privileged users that highlights common threats against them and covers best practices to thwart attacks

B.

Increase the frequency at which host operating systems are scanned for vulnerabilities, and decrease the amount of time permitted between vulnerability identification and the application of corresponding patches

C.

Enforce command shell restrictions via group policies for all workstations by default to limit which native operating system tools are available for use

D.

Modify the existing rules of behavior to include an explicit statement prohibiting users from enumerating user and file directories using available tools and/or accessing visible resources that do not directly pertain to their job functions

E.

For all workstations, implement full-disk encryption and configure UEFI instances to require complex passwords for authentication

F.

Implement application blacklisting enforced by the operating systems of all machines in the enterprise

Full Access
Question # 72

A security engineer is employed by a hospital that was recently purchased by a corporation. Throughout the acquisition process, all data on the virtualized file servers must be shared by departments within both organizations. The security engineer considers data ownership to determine:

A.

the amount of data to be moved.

B.

the frequency of data backups.

C.

which users will have access to which data

D.

when the file server will be decommissioned

Full Access
Question # 73

An engineer is assisting with the design of a new virtualized environment that will house critical company services and reduce the datacenter’s physical footprint. The company has expressed concern about the integrity of operating systems and wants to ensure a vulnerability exploited in one datacenter segment would not lead to the compromise of all others.

Which of the following design objectives should the engineer complete to BEST mitigate the company’s concerns? (Choose two.)

A.

Deploy virtual desktop infrastructure with an OOB management network

B.

Employ the use of vT PM with boot attestation

C.

Leverage separate physical hardware for sensitive services and data

D.

Use a community CSP with independently managed security services

E.

Deploy to a private cloud with hosted hypervisors on each physical machine

Full Access
Question # 74

Which of the following is MOST likely to be included in a security services SLA with a third-party vendor?

A.

The standard of quality for anti-malware engines

B.

Parameters for applying critical patches

C.

The validity of program productions

D.

Minimum bit strength for encryption-in-transit.

Full Access
Question # 75

A security is assisting the marketing department with ensuring the security of the organization’s social media platforms. The two main concerns are:

The Chief marketing officer (CMO) email is being used department wide as the username

The password has been shared within the department

Which of the following controls would be BEST for the analyst to recommend?

A.

Configure MFA for all users to decrease their reliance on other authentication.

B.

Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.

C.

Create multiple social media accounts for all marketing user to separate their actions.

D.

Ensue the password being shared is sufficiently and not written down anywhere.

Full Access
Question # 76

A company makes consumer health devices and needs to maintain strict confidentiality of unreleased product designs Recently unauthorized photos of products still in development have been for sale on the dark web. The Chief Information Security Officer (CISO) suspects an insider threat, but the team that uses the secret outdoor testing area has been vetted many times and nothing suspicious has been found Which of the following is the MOST likely cause of the unauthorized photos?

A.

The location of the testing facility was discovered by analyzing fitness device information the test engineers posted on a website

B.

One of the test engineers is working for a competitor and covertly installed a RAT on the marketing department's servers

C.

The company failed to implement least privilege on network devices, and a hacktivist published stolen public relations photos

D.

Pre-release marketing materials for a single device were accidentally left in a public location

Full Access
Question # 77

An employee decides to log into an authorized system. The system does not prompt the employee for authentication prior to granting access to the console, and it cannot authenticate the network resources. Which of the following attack types can this lead to if it is not mitigated?

A.

Memory leak

B.

Race condition

C.

Smurf

D.

Resource exhaustion

Full Access
Question # 78

While an employee is on vacation, suspicion arises that the employee has been involved in malicious activity on

the network. The security engineer is concerned the investigation may need to continue after the employee

returns to work. Given this concern, which of the following should the security engineer recommend to maintain

the integrity of the investigation?

A.

Create archival copies of all documents and communications related to the employee

B.

Create a forensic image of network infrastructure devices

C.

Create an image file of the employee’s network drives and store it with hashes

D.

Install a keylogger to capture the employee’s communications and contacts

Full Access
Question # 79

A legal services company wants to ensure emails to clients maintain integrity in transit Which of the following would BEST meet this requirement? (Select TWO)

A.

Signing emails to clients with the organization's public key

B.

Using the organization's private key to encrypt all communication

C.

Implementing a public key infrastructure

D.

Signing emails to clients with the organization's private key

E.

Using shared secret keys

F.

Hashing all outgoing emails

Full Access
Question # 80

An e-commerce company that provides payment gateways is concerned about the growing expense and time associated with PCI audits of its payment gateways and external audits by customers for their own compliance reasons The Chief Information Officer (CIO) asks the security team to provide a list of options that will:

1. Reduce the overall cost of these audits

2. Leverage existing infrastructure where possible

3. Keep infrastructure costs to a minimum

4. Provide some level of attestation of compliance

Which of the following will BEST address the CIO"s concerns? (Select TWO)

A.

Invest in new UBA to detect report, and remediate attacks faster

B.

Segment the network to reduce and limit the audit scope

C.

Undertake ISO certification for all core infrastructure including datacenters.

D.

Implement a GRC system to track and monitor controls

E.

Implement DLP controls on HTTP'HTTPS and email

F.

Install EDR agents on all corporate endpoints

Full Access
Question # 81

A new employee is plugged into the network on a BYOD machine but cannot access the network Which of the following must be configured so the employee can connect to the network?

A.

Port security

B.

Firewall

C.

Remote access

D.

VPN

Full Access
Question # 82

During an audit, it was determined from a sample that four out of 20 former employees were still accessing their email accounts An information security analyst is reviewing the access to determine if the audit was valid Which of the following would assist with the validation and provide the necessary documentation to audit?

A.

Examining the termination notification process from human resources and employee account access logs

B.

Checking social media platforms for disclosure of company sensitive and proprietary information

C.

Sending a test email to the former employees to document an undeliverable email and review the ERP access

D.

Reviewing the email global account list and the collaboration platform for recent activity

Full Access
Question # 83

An international e-commerce company has identified attack traffic originating from a whitelisted third party’s IP address used to mask the third party’s internal network. The security team needs to block the attack traffic without impacting the vendor’s services. Which of the following is the BEST approach to identify the threat?

A.

Ask the third-party vendor to block the attack traffic

B.

Configure the third party’s proxy to begin sending X-Forwarded-For headers

C.

Configure the e-commerce company’s IPS to inspect HTTP traffic

D.

Perform a vulnerability scan against the network perimeter and remediate any issues identified

Full Access
Question # 84

A security analyst has been assigned incident response duties and must instigate the response on a Windows device that appears to be compromised. Which of the following commands should be executed on the client FIRST?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 85

An attacker wants to gain information about a company's database structure by probing the database listener. The attacker tries to manipulate the company's database to see if it has any vulnerabilities that can be exploited to help carry out an attack. To prevent this type of attack, which of the following should the company do to secure its database?

A.

Mask the database banner

B.

Tighten database authentication and limit table access

C.

Harden web and Internet resources

D.

Implement challenge-based authentication

Full Access
Question # 86

Company A is establishing a contractual with Company B. The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights. Which of the following documents will MOST likely contain these elements

A.

Company A-B SLA v2.docx

B.

Company A OLA v1b.docx

C.

Company A MSA v3.docx

D.

Company A MOU v1.docx

E.

Company A-B NDA v03.docx

Full Access
Question # 87

The government is concerned with remote military missions being negatively impacted by the use of technology that may fail to protect operational security. To remediate this concern, a number of solutions have been implemented, including the following:

* End-to-end encryption of all inbound and outbound communication, including personal email and chat sessions that allow solders to securely communicate with families

* Layer 7 inspection and TCP/UDP port restriction, including firewall rules to only allow TCP port 80 and 443 and approved applications

* A host-based whitelist of approved websites and applications that only allow mission-related tools and sites

* The use of satellite communication to include multiple proxy servers to scramble the source IP address

Which of the following is of MOST concern in this scenario?

A.

The unsecure port 80 being used for general web traffic

B.

Family members posting geotagged images on social media that were received via email from solders

C.

The effect of communication latency that may negatively impact real-time communication with mission control

D.

The use of centrally managed military network and computers by solders when communicating with external parties

Full Access
Question # 88

A security analyst is attempting to identify code that is vulnerable to butler and integer overflow attacks. Which of the following code snippets is safe from these types of attacks?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 89

A healthcare company wants to increase the value of the data it collects on its patients by making the data available to third-party researchers for a fee Which of the following BEST mitigates the risk to the company?

A.

Log all access to the data and correlate with the researcher

B.

Anonymize identifiable information using keyed strings

C.

Ensure all data is encrypted in transit to the researcher

D.

Ensure all researchers sign and abide by non-disclosure agreements

E.

Sanitize date and time stamp information in the records.

Full Access
Question # 90

Which of the following is the MOST likely reason an organization would decide to use a BYOD policy?

A.

It enables employees to use the devices they are already own, thus reducing costs.

B.

It should reduce the number of help desk and tickets significantly.

C.

It is most secure, as the company owns and completely controls the devices.

D.

It is the least complex method for systems administrator to maintain over time.

Full Access
Question # 91

A large industrial system’s smart generator monitors the system status and sends alerts to third-party

maintenance personnel when critical failures occur. While reviewing the network logs, the company’s security manager notices the generator’s IP is sending packets to an internal file server’s IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

A.

Segmentation

B.

Firewall whitelisting

C.

Containment

D.

Isolation

Full Access
Question # 92

A security administrator receives reports that several workstations are unable to access resources within one network segment. A packet capture shows the segment is flooded with ICMPv6 traffic from the source fe80::21ae;4571:42ab:1fdd and for the destination ff02::1. Which of the following should the security administrator integrate into the network to help prevent this from occurring?

A.

Raise the dead peer detection interval to prevent the additional network chatter

B.

Deploy honeypots on the network segment to identify the sending machine.

C.

Ensure routers will use route advertisement guards.

D.

Deploy ARP spoofing prevention on routers and switches.

Full Access
Question # 93

A Chief Information Security Officer (CISO) is running a test to evaluate the security of the corporate network and attached devices. Which of the following components should be executed by an outside vendor?

A.

Penetration tests

B.

Vulnerability assessment

C.

Tabletop exercises

D.

Blue-team operations

Full Access
Question # 94

A security engineer is helping the web developers assess a new corporate web application The application will be Internet facing so the engineer makes the following recommendation:

In an htaccess file or the site config add:

or add to the location block:

Which of the following is the security engineer trying to accomplish via cookies? (Select TWO)

A.

Ensure session IDs are generated dynamically with each cookie request

B.

Prevent cookies from being transmitted to other domain names

C.

Create a temporary space on the user's drive root for ephemeral cookie storage

D.

Enforce the use of plain text HTTP transmission with secure local cookie storage

E.

Add a sequence ID to the cookie session ID while in transit to prevent CSRF.

F.

Allow cookie creation or updates only over TLS connections

Full Access
Question # 95

A vulnerability scan with the latest definitions was performed across Sites A and B.

Match each relevant finding to the affected host-After associating the finding with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Full Access
Question # 96

A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

A.

Increased network latency

B.

Unavailable of key escrow

C.

Inability to selected AES-256 encryption

D.

Removal of user authentication requirements

Full Access
Question # 97

A developer implement the following code snippet.

Which of the following vulnerabilities does the code snippet resolve?

A.

SQL inject

B.

Buffer overflow

C.

Missing session limit

D.

Information leakage

Full Access
Question # 98

A creative services firm has a limited security budget and staff. Due to its business model, the company sends and receives a high volume of files every day through the preferred method defined by its customers. These include email, secure file transfers, and various cloud service providers. Which of the following would BEST reduce the risk of malware infection while meeting the company's resource requirements and maintaining its current workflow?

A.

Configure a network-based intrusion prevention system

B.

Contract a cloud-based sandbox security service.

C.

Enable customers to send and receive files via SFTP

D.

Implement appropriate DLP systems with strict policies.

Full Access
Question # 99

A company is trying to resolve the following issues related to its web servers and Internet presence:

• The company's security rating declined on multiple occasions when it failed to renew a TLS certificate on one or more infrequently used web servers

• The company is running out of public IPs assigned by its ISP

• The company is implementing a WAF. and the WAF vendor charges by back-end hosts to which the WAF routes

Which of the following solutions will help the company mitigate these issues'? (Select TWO).

A.

Use a DMZ architecture

B.

Implement reverse proxy servers

C.

Use an automated CA service API for certificate renewal

D.

Work with the company's ISP to configure BGP

E.

Deploy IPv6 for external-facing servers

F.

Implement self-signed certificates and disable trust verification.

Full Access
Question # 100

A company is transitioning to a new VDI environment, and a system engineer is responsible for developing a sustainable security strategy for the VDIs.

Which of the following is the MOST appropriate order of steps to be taken?

A.

Firmware update, OS patching, HIDS, antivirus, baseline, monitoring agent

B.

OS patching, baseline, HIDS, antivirus, monitoring agent, firmware update

C.

Firmware update, OS patching, HIDS, antivirus, monitoring agent, baseline

D.

Baseline, antivirus, OS patching, monitoring agent, HIDS, firmware update

Full Access
Question # 101

An organization has recently deployed an EDR solution across its laptops, desktops, and server infrastructure. The organization’s server infrastructure is deployed in an IaaS environment. A database within the non-production environment has been misconfigured with a routable IP and is communicating with a command and control server.

Which of the following procedures should the security responder apply to the situation? (Choose two.)

A.

Contain the server.

B.

Initiate a legal hold.

C.

Perform a risk assessment.

D.

Determine the data handling standard.

E.

Disclose the breach to customers.

F.

Perform an IOC sweep to determine the impact.

Full Access
Question # 102

A systems administrator has installed a disk wiping utility on all computers across the organization and configured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. The company has also instituted a policy that requires users to erase files containing sensitive information when they are no longer needed.

To ensure the process provides the intended results, an auditor reviews the following content from a randomly selected decommissioned hard disk:

Which of the following should be included in the auditor’s report based on the above findings?

A.

The hard disk contains bad sectors

B.

The disk has been degaussed.

C.

The data represents part of the disk BIOS.

D.

Sensitive data might still be present on the hard drives.

Full Access