Summer Special Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 28285818

Home > CompTIA > CompTIA CASP > CAS-003

CAS-003 CompTIA Advanced Security Practitioner (CASP) Exam Question and Answers

Question # 4

A company is not familiar with the risks associated with IPv6. The systems administrator wants to isolate IPv4 from IPv6 traffic between two different network segments. Which of the following should the company implement? (Select TWO)

A.

Use an internal firewall to block UDP port 3544.

B.

Disable network discovery protocol on all company routers.

C.

Block IP protocol 41 using Layer 3 switches.

D.

Disable the DHCPv6 service from all routers.

E.

Drop traffic for ::/0 at the edge firewall.

F.

Implement a 6in4 proxy server.

Full Access
Question # 5

Drag and drop the cloud deployment model to the associated use-case scenario. Options may be used only once or not at all.

Full Access
Question # 6

The Chief Information Officer (CIO) wants to increase security and accessibility among the organization’s cloud SaaS applications. The applications are configured to use passwords, and two-factor authentication is not provided natively. Which of the following would BEST address the CIO’s concerns?

A.

Procure a password manager for the employees to use with the cloud applications.

B.

Create a VPN tunnel between the on-premises environment and the cloud providers.

C.

Deploy applications internally and migrate away from SaaS applications.

D.

Implement an IdP that supports SAML and time-based, one-time passwords.

Full Access
Question # 7

A security administrator wants to implement two-factor authentication for network switches and routers. The solution should integrate with the company’s RADIUS server, which is used for authentication to the network infrastructure devices. The security administrator implements the following:

  • An HOTP service is installed on the RADIUS server.
  • The RADIUS server is configured to require the HOTP service for authentication.

The configuration is successfully tested using a software supplicant and enforced across all network devices. Network administrators report they are unable to log onto the network devices because they are not being prompted for the second factor.

Which of the following should be implemented to BEST resolve the issue?

A.

Replace the password requirement with the second factor. Network administrators will enter their username and then enter the token in place of their password in the password field.

B.

Configure the RADIUS server to accept the second factor appended to the password. Network administrators will enter a password followed by their token in the password field.

C.

Reconfigure network devices to prompt for username, password, and a token. Network administrators will enter their username and password, and then they will enter the token.

D.

Install a TOTP service on the RADIUS server in addition to the HOTP service. Use the HOTP on older devices that do not support two-factor authentication. Network administrators will use a web portal to log onto these devices.

Full Access
Question # 8

A security administrator wants to allow external organizations to cryptographically validate the company’s domain name in email messages sent by employees. Which of the following should the security administrator implement?

A.

SPF

B.

S/MIME

C.

TLS

D.

DKIM

Full Access
Question # 9

Full Access
Question # 10

Given the following code snippet:

Of which of the following is this snippet an example?

A.

Data execution prevention

B.

Buffer overflow

C.

Failure to use standard libraries

D.

Improper filed usage

E.

Input validation

Full Access
Question # 11

A company’s employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling . Which of the following is the MOST likely explanation? (Select TWO.)

A.

Outdated escalation attack

B.

Privilege escalation attack

C.

VPN on the mobile device

D.

Unrestricted email administrator accounts

E.

Chief use of UDP protocols

F.

Disabled GPS on mobile devices

Full Access
Question # 12

A security analyst is investigating an alert arising from an impossible travel pattern Within the span of 30 minutes, the email system saw successful authentication from two IP addresses, which geolocate more than 500mi (806km) away from each other Before locking the account which of the following actions should the analyst take?

A.

Verify email server NTP synchronization status

B.

Validate GeolP data source

C.

Review VPN authentication logs

D.

Verify the user's recent travel activities

Full Access
Question # 13

The president of an online retail company has decided the company needs to increase its market size by targeting more countries in order to increase sales. All customer data is currently stored in the same country as the company's headquarters. Which of the following will be the GREATEST concern of the Chief Information Security Officer (CISO) when customers from foreign countries become customers?

A.

The data sovereignty laws can vary between various jurisdictions, especially regarding consumer data privacy

B.

Many foreign countries are currently blocked by the geolocation of the IP address at the firewall for additional security.

C.

The likelihood of an outage to the company's servers is Increased due to higher latency between dispersed geographic locations.

D.

The company's incident response team will need to include personnel from every new country to understand local requirements.

Full Access
Question # 14

A group of security consultants is conducting an assessment of a customer's network across multiple physical locations. To save time, the customer has allowed the consultants to install a single server inside the network perimeter. In addition to open-source intelligence gathering and social engineering, which of the following BEST describes the technique the consultants are employing?

A.

Using persuasion and deception to gain access to systems

B.

Conducting physical attacks by a red team

C.

Moving laterally through a network from compromised hosts

D.

Performing black-box penetration testing

Full Access
Question # 15

An aircraft manufacturer is developing software that will perform automatic flight control (auto-pilot) Given the high safety criticality of the software the developer can BEST prove software correctness to a requirement’s specification by employing:

A.

static code analyzers

B.

formal methods

C.

test harnesses

D.

dynamic analysis methods

Full Access
Question # 16

A company has a DLP system with the following capabilities:

• Text examination

• Optical character recognition

• File type validation

• Multilingual translation of key words and phrases

• Blocking of content encrypted with a known cipher

• Examination of all egress points

Despite the existing protections a malicious insider was able to exfilltrated confidential information DLP logs show the malicious insider transferred a number of JPEG files to an external host but each of those files appears as negative for the presence of confidential information. Which of the following are the MOST likely explanations for this issue? (Select TWO)

A.

Translating the confidential information horn English into Farsi and then into French to avoid detection

B.

Scrambling the confidential information using a proprietary obfuscation scheme before sending the files via email

C.

Changing the extension of Word files containing confidential information to jpg and uploading them to a file sharing site

D.

Printing the documents to TIFF images and attaching the files to outbound email messages

E.

Leveraging stenography to hide the information within the JPEG files

F.

Placing the documents containing sensitive information into an AES-256 encrypted compressed archive file and using FTP to send them to an outside host

Full Access
Question # 17

A security tester is performing a Mack-box assessment of an RFID access control system. The tester has a handful of RFID tags and is able to access the reader However, the tester cannot disassemble the reader because it is in use by the company. Which of the following shows the steps the tester should take to assess the RFID access control system m the correct order?

A.

1. Attempt to eavesdrop and replay RFID communications

2. Determine the protocols being used between the tag and the reader

3. Retrieve the RFID tag identifier and manufacturer details

4. Take apart an RFID tag and analyze the chip

B.

1. Determine the protocols being used between the tag and the reader

2. Take apart an RFID tag and analyze the chip

3. Retrieve the RFID tag identifier and manufacturer details

4. Attempt to eavesdrop and replay RFID communications

C.

1. Retrieve the RFID tag identifier and manufacturer details

2. Determine the protocols being used between the tag and the reader

3. Attempt to eavesdrop and replay RFID communications

4. Take apart an RFID tag and analyze the chip

D.

1. Take apart an RFID lag and analyze the chip

2. Retrieve the RFO tag identifier and manufacturer details

3. Determine the protocols being used between the tag and the reader

4. Attempt to eavesdrop and replay RFID communications

Full Access
Question # 18

A network engineer recently configured a new wireless network that has issues with security stability and performance After auditing the configurations the engineer discovers some of them do not follow best practices Given the network information below

SSID = CompTIA Channel = 6 WPA-PSK

Which of the following would be the BEST approach to mitigate the issues?

A.

Avoid using 2 4GHz and prefer 5GHz to minimize interference Use WPA2-Enterpnse with EAPOL

B.

Do a site survey to determine the best channel to configure the wireless network Use WPA2-Enterprise with EAPOL.

C.

Hide the SSID Use WPA3 instead of WPA2.

D.

Change the radio channel to 11, as it has less interference Use CAPWAP to introduce a captive portal to force users to tog in to the wireless

Full Access
Question # 19

A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form? (Select TWO.)

A.

Text editor

B.

OOXML editor

C.

Event Viewer

D.

XML style sheet

E.

SCAP tool

F.

Debugging utility

Full Access
Question # 20

A product development team has submitted code snippets for review prior to release.

INSTRUCTIONS -

Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Full Access
Question # 21

A developer is concerned about input validation for a newly created shopping-cart application, which will be released soon on a popular website. Customers were previously able to manipulate the shopping can so they could receive multiple items while only paying for one item. This resulted in large losses. Which of the following would be the MOST efficient way to test the shopping cart and address the developer's concerns?

A.

Log analysis

B.

Dynamic analysis

C.

Vulnerability assessment

D.

Gray-box testing

E.

Manual code review

Full Access
Question # 22

A security engineer is attempting to inventory all network devices Most unknown devices are not responsive to SNMP queries. Which of the following would be the MOST secure configuration?

A.

Switch to SNMPv1 device inventory credentials

B.

Enable SSH for all switches and routers

C.

Set SFTP to enabled on all network devices

D.

Configure SNMPv3 server settings to match client settings

Full Access
Question # 23

A penetration tester is trying to 9am access to a bulking after hours as part of a physical assessment of an office complex. The tester notes that each employee touches a badge near a small black box outside the side door and the door unlocks. The tester uses a software-defined radio tool to determine a 125kHz signal is used during this process Which of the following technical solutions would be BEST to help the penetration tester gain access to the building?

A.

Generate a 125kHz tone

B.

Compromise the ICS SCADA system

C.

Utilize an RFlD duplicator

D.

Obtain a lock pick set

Full Access
Question # 24

An organization uses an internal, web-based chat service that is served by an Apache HTTP daemon. A vulnerability scanner has identified this service is susceptible to a POODLE attack. Which of the following strings within me server's virtual-host configuration block is at fault and needs to be changed?

A.

AccessFileName /vac/http/.acl

B.

SSLProtocol -all +SSLv3

C.

AllowEncodedSlashes on

D.

SSLCertificateFile /var/certs/home.pem

E.

AllowOverride Nonfatal-All AuthConfig

Full Access
Question # 25

An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

A.

Password cracker

B.

Port scanner

C.

Account enumerator

D.

Exploitation framework

Full Access
Question # 26

A large organization suffers a data breach after one staff member inadvertently shares a document on a corporate-approved, file-sharing, cloud-collaboration service. The security administrator must implement controls to reduce the likelihood of a similar event, via another channel, from occurring again. The controls also must assist with early detection and remediation should the event reoccur.

The organization has the following enterprise constraints:

1. On-premises proxies are used to control access to websites.

2 Some staff work remotely from home and connect directly to the Internet without a VPN.

3. Corporate firewalls send logs to a central log aggregator.

4. More than 40,000 staff members are distributed across two core buildings and 100 small branches.

Which of the following would BEST meet the requirements? (Select THREE).

A.

Implement dedicated SSL decryptors for outbound HTTPS connections.

B.

Migrate all staff to cloud-based proxy services.

C.

Block webmail and file-sharing categories on the proxies.

D.

Deploy a CASB solution to monitor and restrict file-sharing cloud services.

E.

Deploy a DLP solution that scans sfel TP and HTTPS/HTTP content.

F.

. Install an on-premises file-sharing service that can be accessed only when on the corporate network.

G.

Deploy VPN software and have all remote staff connect to the Internet via the corporate proxies.

Full Access
Question # 27

A small company is implementing a new technology that promises greater performance but does not abide by accepted RFCs. Which of the following should the company do to ensure the risks associated with Implementing the standard-violating technology is addressed?

A.

Document the technology's differences in a system security plan.

B.

Require the vendor to provide justification for the product's deviation.

C.

Increase the frequency of vulnerability scanning of all systems using the technology.

D.

Block the use of non-standard ports or protocols to and from the system.

Full Access
Question # 28

A company provides guest WiFi access to the internet and physically separates the guest network from the company’s internal WIFI. Due to a recent incident in which an attacker gained access to the compay’s intend WIFI, the company plans to configure WPA2 Enterprise in an EAP- TLS configuration. Which of the following must be installed on authorized hosts for this new configuration to work properly?

A.

Active Directory GPOs

B.

PKI certificates

C.

Host-based firewall

D.

NAC persistent agent

Full Access
Question # 29

A developer is writing a new mobile application that employees will use to connect to an Internet-facing sensitive system The security team is concerned with MITM attacks against the encrypted application traffic aimed at intercepting and decrypting sensitive information from the server to the mobile client. Which of the following should the developer implement to address the security team's concerns? (Select TWO).

A.

HSTS

B.

TLB 18

C.

OCSP

D.

Certificate pinning

E.

Key stretching

Full Access
Question # 30

The Chief Information Security Officer (CISO) of a power generation facility s concerned about being able to detect missing security updates on the critical infrastructure in use at the facility Most of this critical infrastructure consists of ICS and SCADA systems that are maintained by vendors, and the vendors have warned the CISO that proxying network traffic is likely to cause a DoS condition. Which of the following would be BEST to address the CISO s concerns while keeping the critical systems functional?

A.

Configuring the existing SIEM to ingest al log files property

B.

Implementing a passive vulnerability scanning solution

C.

Deploying a data diode for internal websites

D.

Adding more frequent antivirus and anti-malware signature updates

E.

Adjusting Me access rules to use the concept of least privilege

Full Access
Question # 31

The Chief information Officer (CIO) wants to establish a non-banding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a format partnership. Which of the follow would MOST likely be used?

A.

MOU

B.

OLA

C.

NDA

D.

SLA

Full Access
Question # 32

A developer implements the following code snippet:

Which of the following vulnerabilities does this code snippet resolve?

A.

SQL injection

B.

Buffer overflow

C.

Missing session brat

D.

Information leakage

Full Access
Question # 33

An application developer has been informed of a web application that is susceptible to a clickjacking vulnerability Which of the following code snippets would be MOST applicable to resolve this vulnerability?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 34

A company wants to analyze internal network traffic for IOCs. The security solution consists of a network collector appliance and a separate server which security analysts access via a browser to visualize and review the alerts generated from the network traffic. The company uses a collapsed core operating at Layer 2 at 100Gbps. The server win be placed in the datacenter. Which of the following architectures should be used to ensure the solution can provide visibility into all the company's internal network traffic including DNS and URL requests without impacting network traffic flow?

A.

Install the network collector appliance closer to the core switching infrastructure

B.

Install the network collector appliance closer to the distribution switches

C.

install multiple network collector appliances closer to the access layer switches

D.

Install the network collector appliance physically inline between the core switch and the firewall

Full Access
Question # 35

A company needs to deploy a home assistant that has the following requirement:

1. Revalidate identity when sensitive personal information is accessed and when there is a change m device state. 2 Authenticate every three months and upon registration 3. Support seamless access on all channel

Which of the following actions would be BEST to support the above requirements securely? (Select TWO).

A.

Implement long-lived refresh tokens when the application is opened with OAuth support of beater tokens.

B.

Refresh a new access token when the application is opened and OAuth device flow registration is implemented.

C.

Implement a content-aware security risk engine with push notification tokens

D.

Request a new bearer token from the token service when the application is opened and OAuth browserless flows are implemented

E.

Implement a user and entity behavioral analytics detection engine with a one-time magic link.

F.

Implement a rules-based security engine with software OTP tokens.

Full Access
Question # 36

A company is repeatedly being breached by hackers who valid credentials. The company’s Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?

A.

Implement strict three-factor authentication.

B.

Implement least privilege policies

C.

Switch to one-time or all user authorizations.

D.

Strengthen identify-proofing procedures

Full Access
Question # 37

The email administrator must reduce the number of phishing emails by utilizing more appropriate security controls The following configurations already are in place

• Keyword Mocking based on word lists

• URL rewriting and protection

• Stopping executable files from messages

Which of the following is the BEST configuration change for the administrator to make?

A.

Configure more robust word lists for blocking suspicious emails

B.

Configure appropriate regular expression rules per suspicious email received

C.

Configure Bayesian filtering to block suspicious inbound email

D.

Configure the mail gateway to strip any attachments

Full Access
Question # 38

A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation’s. Given the following output:

The penetration testers MOST likely took advantage of:

A.

A TOC/TOU vulnerability

B.

A plain-text password disclosure

C.

An integer overflow vulnerability

D.

A buffer overflow vulnerability

Full Access
Question # 39

A secure facility has a server room that currently is controlled by a simple lock and key. and several administrators have copies of the key. To maintain regulatory compliance, a second lock, which is controlled by an application on the administrators' smartphones, is purchased and installed. The application has various authentication methods that can be used. The criteria for choosing the most appropriate method are:

• It cannot be invasive to the end user

• It must be utilized as a second factor.

• Information sharing must be avoided

• It must have a low false acceptance rate

Which of the following BEST meets the criteria?

A.

Facial recognition

B.

Swipe pattern

C.

Fingerprint scanning

D.

Complex passcode

E.

Token card

Full Access
Question # 40

Which of the following attacks can be used to exploit a vulnerability that was created by untrained users?

A.

A spear-phishing email with a file attachment

B.

A DoS using IoT devices

C.

An evil twin wireless access point

D.

A domain hijacking of a bank website

Full Access
Question # 41

A security administrator wants to implement an MDM solution to secure access to company email and files in a BYOD environment. The solution must support the following requirements:

* Company administrators should not have access to employees' personal information.

* A rooted or jailbroken device should not have access to company sensitive information.

Which of the following BEST addresses the associated risks?

A.

Code signing

B.

VPN

C.

FDE

D.

Containerization

Full Access
Question # 42

A red team is able to connect a laptop with penetration testing tools directly into an open network port The team then is able to take advantage of a vulnerability on the domain controller to create and promote a new enterprise administrator. Which of the following technologies would MOST likely eliminate this attack vector m the future?

A.

Monitor for anomalous creations of privileged domain accounts

B.

Install a NIPS with rules appropriate to drop most exploit traffic

C.

Ensure the domain controller has the latest security patches

D.

Implement 802.1X with certificate-based authentication

Full Access
Question # 43

A Chief Information Security Officer (CISO) is running a test to evaluate the security of the corporate network and attached devices. Which of the following components should be executed by an outside vendor?

A.

Penetration tests

B.

Vulnerability assessment

C.

Tabletop exercises

D.

Blue-team operations

Full Access
Question # 44

An attacker wants to gain information about a company's database structure by probing the database listener. The attacker tries to manipulate the company's database to see if it has any vulnerabilities that can be exploited to help carry out an attack. To prevent this type of attack, which of the following should the company do to secure its database?

A.

Mask the database banner

B.

Tighten database authentication and limit table access

C.

Harden web and Internet resources

D.

Implement challenge-based authentication

Full Access
Question # 45

A system engineer is reviewing output from a web application vulnerability scan. The engineer has determined data is entering the application from an untrusted source and is being used to construct a query dynamically. Which of the following code snippets would BEST protect the application against an SQL injection attack?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 46

A security manager is determining the best DLP solution for an enterprise. A list of requirements was created to use during the source selection. The security manager wants to confirm a solution exists for the requirements that have been defined. Which of the following should the security manager use?

A.

NDA

B.

RFP

C.

RFQ

D.

MSA

E.

RFI

Full Access
Question # 47

A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following.

* Transactions being required by unauthorized individual

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attacker using email to distribute malware and ransom ware.

* Exfiltration of sensitivity company information.

The cloud-based email solution will provide an6-malware, reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the board’s concerns for this email migration?

A.

Data loss prevention

B.

Endpoint detection response

C.

SSL VPN

D.

Application whitelisting

Full Access
Question # 48

A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?

A.

Hybrid IaaS solution in a single-tenancy cloud

B.

Pass solution in a multinency cloud

C.

SaaS solution in a community cloud

D.

Private SaaS solution in a single tenancy cloud.

Full Access
Question # 49

The Chief Information Security Officer (CISO) is preparing a requirements matrix scorecard for a new security tool the company plans to purchase Feedback from which of the following documents will provide input for the requirements matrix scorecard during the vendor selection process?

A.

MSA

B.

RFQ

C.

RFI

D.

RFP

Full Access
Question # 50

A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?

A.

DLP

B.

Mail gateway

C.

Data flow enforcement

D.

UTM

Full Access
Question # 51

A company makes consumer health devices and needs to maintain strict confidentiality of unreleased product designs Recently unauthorized photos of products still in development have been for sale on the dark web. The Chief Information Security Officer (CISO) suspects an insider threat, but the team that uses the secret outdoor testing area has been vetted many times and nothing suspicious has been found Which of the following is the MOST likely cause of the unauthorized photos?

A.

The location of the testing facility was discovered by analyzing fitness device information the test engineers posted on a website

B.

One of the test engineers is working for a competitor and covertly installed a RAT on the marketing department's servers

C.

The company failed to implement least privilege on network devices, and a hacktivist published stolen public relations photos

D.

Pre-release marketing materials for a single device were accidentally left in a public location

Full Access
Question # 52

While traveling to another state, the Chief Financial (CFO) forgot to submit payroll for the company. The CFO quickly gained to the corporate through the high-speed wireless network provided by the hotel and completed the desk. Upon returning from the business trip, the CFO was told no one received their weekly pay due to a malware on attack on the system. Which of the following is the MOST likely of the security breach?

A.

The security manager did not enforce automate VPN connection.

B.

The company’s server did not have endpoint security enabled.

C.

The hotel and did require a wireless password to authenticate.

D.

The laptop did not have the host-based firewall properly configured.

Full Access
Question # 53

A security administrator is confirming specific ports and IP addresses that are monitored by the IPS-IDS system as well as the firewall placement on the perimeter network between the company and a new business partner Which of the following business documents defines the parameters the security administrator must confirm?

A.

BIA

B.

ISA

C.

NDA

D.

MOU

Full Access
Question # 54

A security analyst is attempting to identify code that is vulnerable to butler and integer overflow attacks. Which of the following code snippets is safe from these types of attacks?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 55

The Chief Financial Officer (CFO) of an organization wants the IT department to add the CFO's account to the domain administrator group The IT department thinks this is risky and wants support from the security manager before proceeding. Which of the following BEST supports the argument against providing the CFO with domain administrator access?

A.

Discretionary access control

B.

Separation of duties

C.

Data classification

D.

Mandatory access control

Full Access
Question # 56

During an audit, it was determined from a sample that four out of 20 former employees were still accessing their email accounts An information security analyst is reviewing the access to determine if the audit was valid Which of the following would assist with the validation and provide the necessary documentation to audit?

A.

Examining the termination notification process from human resources and employee account access logs

B.

Checking social media platforms for disclosure of company sensitive and proprietary information

C.

Sending a test email to the former employees to document an undeliverable email and review the ERP access

D.

Reviewing the email global account list and the collaboration platform for recent activity

Full Access
Question # 57

A product owner is reviewing the output of a web-application penetration test and has identified an application

that is presenting sensitive information in cleartext on a page. Which of the following code snippets would be

BEST to use to remediate the vulnerability?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 58

A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?

A.

Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2.

B.

Take an MD5 hash of the server.

C.

Delete all PHI from the network until the legal department is consulted.

D.

Consult the legal department to determine the legal requirements.

Full Access
Question # 59

A consultant is planning an assessment of a customer-developed system. The system consists of a custom-engineered board with modified open-source drivers and a one-off management GUI The system relies on two- factor authentication for interactive sessions, employs strong certificate-based data-in-transit encryption, and randomly switches ports for each session. Which of the following would yield the MOST useful information'?

A.

Password cracker

B.

Wireless network analyzer

C.

Fuzzing tools

D.

Reverse engineering principles

Full Access
Question # 60

A company wants to secure a newly developed application that is used to access sensitive information and data from corporate resources The application was developed by a third-party organization, and it is now being used heavily despite lacking the following controls:

• Certificate pinning

• Tokenization

• Biometric authentication

The company has already implemented the following controls:

• Full device encryption

• Screen lock

• Device password

• Remote wipe

The company wants to defend against interception of data attacks Which of the following compensating controls should the company implement NEXT?

A.

Enforce the use of a VPN when using the newly developed application.

B.

Implement a geofencing solution that disables the application according to company requirements.

C.

Implement an out-of-band second factor to authenticate authorized users

D.

Install the application in a secure container requiring additional authentication controls.

Full Access
Question # 61

A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

A.

Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

B.

Required all laptops to connect to the VPN before accessing email.

C.

Implement cloud-based content filtering with sandboxing capabilities.

D.

Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Full Access
Question # 62

A networking administrator was recently promoted to security administrator in an organization that handles highly sensitive data. The Chief Information Security Officer (CISO) has just asked for all IT security personnel to review a zero-day vulnerability and exploit for specific application servers to help mitigate the organization’s exposure to that risk. Which of the following should the new security administrator review to gain more information? (Choose three.)

A.

CVE database

B.

Recent security industry conferences

C.

Security vendor pages

D.

Known vendor threat models

E.

Secure routing metrics

F.

Server’s vendor documentation

G.

Verified security forums

Full Access
Question # 63

Following a recent network intrusion, a company wants to determine the current security awareness of all of its employees. Which of the following is the BEST way to test awareness?

A.

Conduct a series of security training events with comprehensive tests at the end

B.

Hire an external company to provide an independent audit of the network security posture

C.

Review the social media of all employees to see how much proprietary information is shared

D.

Send an email from a corporate account, requesting users to log onto a website with their enterprise account

Full Access
Question # 64

A company's Chief Information Security Officer (CISO) is working with the product owners to perform a business impact assessment. The product owners provide feedback related to the critically of various business processes, personal, and technologies. Transitioning into risk assessment activities, which of the following types of information should the CISO require to determine the proper risk ranking? (Select TWO).

A.

Trend analysis

B.

Likelihood

C.

TCO

D.

Compensating controls

E.

Magnitude

F.

ROI

Full Access
Question # 65

A malware infection spread to numerous workstations within the marketing department. The workstations were quarantined and replaced with machines. Which of the following represents a FINAL step in the prediction of the malware?

A.

The workstations should be isolated from the network.

B.

The workstations should be donated for refuse.

C.

The workstations should be reimaged

D.

The workstations should be patched and scanned.

Full Access
Question # 66

A company has decided to replace all the T-1 uplinks at each regional office and move away from using the existing MPLS network. All regional sites will use high-speed connections and VPNs to connect back to the main campus. Which of the following devices would MOST likely be added at each location?

A.

SIEM

B.

IDS/IPS

C.

Proxy server

D.

Firewall

E.

Router

Full Access
Question # 67

A cybersecurity analyst is conducting packet analysis on the following:

Which of the following is occurring in the given packet capture?

A.

ARP spoofing

B.

Broadcast storm

C.

Smurf attack

D.

Network enurneration

E.

Zero-day exploit

Full Access
Question # 68

Following a recent and very large corporate merger, the number of log files an SOC needs to review has approximately tripled. The Chief Information Security Officer (CISO) has not been allowed to hire any more staff for the SOC, but is looking for other ways to automate the log review process so the SOC receives less noise. Which of the following would BEST reduce log noise for the SOC?

A.

SIEM filtering

B.

Machine learning

C.

Outsourcing

D.

Centralized IPS

Full Access
Question # 69

A company uses an application in its warehouse that works with several commercially available tablets and can only be accessed inside the warehouse. The support department would like the selection of tablets to be limited to three models to provide better support and ensure spares are on hand. Users often keep the tablets after they leave the department, as many of them store personal media items.

Which of the following should the security engineer recommend to meet these requirements?

A.

COPE with geofencing

B.

BYOD with containerization

C.

MDM with remote wipe

D.

CYOD with VPN

Full Access
Question # 70

A company has completed the implementation of technical and management controls as required by its adopted security, ponies and standards. The implementation took two years and consumed s the budget approved to security projects. The board has denied any further requests for additional budget. Which of the following should the company do to address the residual risk?

A.

Transfer the risk

B.

Baseline the risk.

C.

Accept the risk

D.

Remove the risk

Full Access
Question # 71

When implementing a penetration testing program, the Chief Information Security Officer (CISO) designates different organizational groups within the organization as having different responsibilities, attack vectors, and rules of engagement. First, the CISO designates a team to operate from within the corporate environment. This team is commonly referred to as:

A.

the blue team.

B.

the white team.

C.

the operations team.

D.

the read team.

E.

the development team.

Full Access
Question # 72

A security administrator is concerned about the increasing number of users who click on malicious links contained within phishing emails. Although the company has implemented a process to block these links at the network perimeter, many accounts are still becoming compromised. Which of the following should be implemented for further reduce the number of account compromises caused by remote users who click these links?

A.

Anti-spam gateways

B.

Security awareness training

C.

URL rewriting

D.

Internal phishing campaign

Full Access
Question # 73

During a sprint, developers are responsible for ensuring the expected outcome of a change is thoroughly evaluated for any security impacts. Any impacts must be reported to the team lead. Before changes are made to the source code, which of the following MUST be performed to provide the required information to the team lead?

A.

Risk assessment

B.

Regression testing

C.

User story development

D.

Data abstraction

E.

Business impact assessment

Full Access
Question # 74

A security analyst for a bank received an anonymous tip on the external banking website showing the following:

Protocols supported

TLS 1.0

SSL 3

SSL 2

Cipher suites supported

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA-ECDH p256r1

TLS_DHE_RSA_WITH_AES_256_CBC_SHA-DH 1024bit

TLS_RSA_WITH_RC4_128_SHA

TLS_FALLBACK_SCSV non supported

POODLE

Weak PFS

OCSP stapling supported

Which of the following should the analyst use to reproduce these findings comprehensively?

A.

Query the OCSP responder and review revocation information for the user certificates.

B.

Review CA-supported ciphers and inspect the connection through an HTTP proxy.

C.

Perform a POODLE (SSLv3) attack using an exploitations framework and inspect the output.

D.

Inspect the server certificate and simulate SSL/TLS handshakes for enumeration.

Full Access
Question # 75

Ann, a security administrator, is conducting an assessment on a new firewall, which was placed at the perimeter of a network containing PII. Ann runs the following commands on a server (10.0.1.19) behind the firewall:

From her own workstation (192.168.2.45) outside the firewall, Ann then runs a port scan against the server and records the following packet capture of the port scan:

Connectivity to the server from outside the firewall worked as expected prior to executing these commands.

Which of the following can be said about the new firewall?

A.

It is correctly dropping all packets destined for the server.

B.

It is not blocking or filtering any traffic to the server.

C.

Iptables needs to be restarted.

D.

The IDS functionality of the firewall is currently disabled.

Full Access
Question # 76

An enterprise is configuring an SSL client-based VPN for certificate authentication. The trusted root certificate from the CA is imported into the firewall, and the VPN configuration in the firewall is configured for certificate authentication. Signed certificates from the trusted CA are distributed to user devices. The CA certificate is set as trusted on the end-user devices, and the VPN client is configured on the end-user devices When the end users attempt to connect however, the firewall rejects the connection after a brief period Which of the following is the MOST likely reason the firewall rejects the connection?

A.

In the firewall, compatible cipher suites must be enabled

B.

In the VPN client, the CA CRL address needs to be specified manually

C.

In the router, IPSec traffic needs to be allowed in bridged mode

D.

In the CA. the SAN field must be set for the root CA certificate and then reissued

Full Access
Question # 77

After an employee was terminated, the company discovered the employee still had access to emails and attached content that should have been destroyed during the off-boarding. The employee’s laptop and cell phone were confiscated and accounts were disabled promptly. Forensic investigation suggests the company’s DLP was effective, and the content in question was not sent outside of work or transferred to removable media. Personality owned devices are not permitted to access company systems or information.

Which of the following would be the MOST efficient control to prevent this from occurring in the future?

A.

Install application whitelist on mobile devices.

B.

Disallow side loading of applications on mobile devices.

C.

Restrict access to company systems to expected times of day and geographic locations.

D.

Prevent backup of mobile devices to personally owned computers.

E.

Perform unannounced insider threat testing on high-risk employees.

Full Access
Question # 78

A security analyst is classifying data based on input from data owners and other stakeholders. The analyst has identified three data types:

  • Financially sensitive data
  • Project data
  • Sensitive project data

The analyst proposes that the data be protected in two major groups, with further access control separating the financially sensitive data from the sensitive project data. The normal project data will be stored in a separate, less secure location. Some stakeholders are concerned about the recommended approach and insist that commingling data from different sensitive projects would leave them vulnerable to industrial espionage.

Which of the following is the BEST course of action for the analyst to recommend?

A.

Conduct a quantitative evaluation of the risks associated with commingling the data and reject or accept the concerns raised by the stakeholders.

B.

Meet with the affected stakeholders and determine which security controls would be sufficient to address the newly raised risks.

C.

Use qualitative methods to determine aggregate risk scores for each project and use the derived scores to more finely segregate the data.

D.

Increase the number of available data storage devices to provide enough capacity for physical separation of non-sensitive project data.

Full Access
Question # 79

An organization is moving internal core data-processing functions related to customer data to a global public cloud provider that uses aggregated services from other partner organizations. Which of the following compliance issues will MOST likely be introduced as a result of the migration?

A.

Internal data integrity standards and outsourcing contracts and partnerships

B.

Data ownership, internal data classification, and risk profiling of outsourcers

C.

Company audit functions, cross-boarding jurisdictional challenges, and export controls

D.

Data privacy regulations, data sovereignty, and third-party providers

Full Access
Question # 80

A security administrator is concerned about employees connecting their personal devices to the company network. Doing so is against company policy. The network does not have a NAC solution. The company uses a GPO that disables the firewall on all company-owned devices while they are connected to the internal network Additionally, all company-owned devices implement a standard naming convention that uses the device's serial number. The security administrator wants to identify active personal devices and write a custom script to disconnect them from the network Which of the following should the script use to BEST accomplish this task?

A.

Recursive DNS logs

B.

DHCP logs

C.

AD authentication logs

D.

RADIUS logs

E.

Switch and router ARP tables

Full Access
Question # 81

An enterprise’s Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) are meeting to discuss ongoing capacity and resource planning issues. The enterprise has experienced rapid, massive growth over the last 12 months, and the technology department is stretched thin for resources. A new accounting service is required to support the enterprise’s growth, but the only available compute resources that meet the accounting service requirements are on the virtual platform, which is hosting the enterprise’s website.

Which of the following should the CISO be MOST concerned about?

A.

Poor capacity planning could cause an oversubscribed host, leading to poor performance on the company’s website.

B.

A security vulnerability that is exploited on the website could expose the accounting service.

C.

Transferring as many services as possible to a CSP could free up resources.

D.

The CTO does not have the budget available to purchase required resources and manage growth.

Full Access
Question # 82

The Chief Executive Officer (CEO) of a small startup company has an urgent need for a security policy and assessment to address governance, risk management, and compliance. The company has a resource-constrained IT department, but has no information security staff. The CEO has asked for this to be completed in three months.

Which of the following would be the MOST cost-effective solution to meet the company’s needs?

A.

Select one of the IT personnel to obtain information security training, and then develop all necessary policies and documents in-house.

B.

Accept all risks associated with information security, and then bring up the issue again at next year’s annual board meeting.

C.

Release an RFP to consultancy firms, and then select the most appropriate consultant who can fulfill the requirements.

D.

Hire an experienced, full-time information security team to run the startup company’s information security department.

Full Access
Question # 83

An organization is reviewing endpoint security solutions. In evaluating products, the organization has the following requirements:

  • Support server, laptop, and desktop infrastructure
  • Due to limited security resources, implement active protection capabilities
  • Provide users with the ability to self-service classify information and apply policies
  • Protect data-at-rest and data-in-use

Which of the following endpoint capabilities would BEST meet the above requirements? (Select two.)

A.

Data loss prevention

B.

Application whitelisting

C.

Endpoint detect and respond

D.

Rights management

E.

Log monitoring

F.

Antivirus

Full Access
Question # 84

Following a complete outage of the electronic medical record system for more than 18 hours, the hospital’s Chief Executive Officer (CEO) has requested that the Chief Information Security Officer (CISO) perform an investigation into the possibility of a disgruntled employee causing the outage maliciously. To begin the investigation, the CISO pulls all event logs and device configurations from the time of the outage. The CISO immediately notices the configuration of a top-of-rack switch from one day prior to the outage does not match the configuration that was in place at the time of the outage. However, none of the event logs show who changed the switch configuration, and seven people have the ability to change it. Because of this, the investigation is inconclusive.

Which of the following processes should be implemented to ensure this information is available for future investigations?

A.

Asset inventory management

B.

Incident response plan

C.

Test and evaluation

D.

Configuration and change management

Full Access
Question # 85

Designing a system in which only information that is essential for a particular job task is allowed to be viewed can be accomplished successfully by using:

A.

mandatory vacations.

B.

job rotations

C.

role-based access control

D.

discretionary access

E.

separation of duties

Full Access
Question # 86

A company is moving all of its web applications to an SSO configuration using SAML. Some employees report that when signing in to an application, they get an error message on the login screen after entering their username and password, and are denied access. When they access another system that has been converted to the new SSO authentication model, they are able to authenticate successfully without being prompted for login.

Which of the following is MOST likely the issue?

A.

The employees are using an old link that does not use the new SAML authentication.

B.

The XACML for the problematic application is not in the proper format or may be using an older schema.

C.

The web services methods and properties are missing the required WSDL to complete the request after displaying the login page.

D.

A threat actor is implementing an MITM attack to harvest credentials.

Full Access
Question # 87

The finance department has started to use a new payment system that requires strict PII security restrictions on various network devices. The company decides to enforce the restrictions and configure all devices appropriately. Which of the following risk response strategies is being used?

A.

Avoid

B.

Mitigate

C.

Transfer

D.

Accept

Full Access
Question # 88

A company’s security policy states any remote connections must be validated using two forms of network-based authentication. It also states local administrative accounts should not be used for any remote access. PKI currently is not configured within the network. RSA tokens have been provided to all employees, as well as a mobile application that can be used for 2FA authentication. A new NGFW has been installed within the network to provide security for external connections, and the company has decided to use it for VPN connections as well. Which of the following should be configured? (Choose two.)

A.

Certificate-based authentication

B.

TACACS+

C.

802.1X

D.

RADIUS

E.

LDAP

F.

Local user database

Full Access
Question # 89

A penetration testing manager is contributing to an RFP for the purchase of a new platform. The manager has provided the following requirements:

  • Must be able to MITM web-based protocols
  • Must be able to find common misconfigurations and security holes

Which of the following types of testing should be included in the testing platform? (Choose two.)

A.

Reverse engineering tool

B.

HTTP intercepting proxy

C.

Vulnerability scanner

D.

File integrity monitor

E.

Password cracker

F.

Fuzzer

Full Access
Question # 90

An engineer is assisting with the design of a new virtualized environment that will house critical company services and reduce the datacenter’s physical footprint. The company has expressed concern about the integrity of operating systems and wants to ensure a vulnerability exploited in one datacenter segment would not lead to the compromise of all others.

Which of the following design objectives should the engineer complete to BEST mitigate the company’s concerns? (Choose two.)

A.

Deploy virtual desktop infrastructure with an OOB management network

B.

Employ the use of vT PM with boot attestation

C.

Leverage separate physical hardware for sensitive services and data

D.

Use a community CSP with independently managed security services

E.

Deploy to a private cloud with hosted hypervisors on each physical machine

Full Access
Question # 91

An organization is preparing to develop a business continuity plan. The organization is required to meet regulatory requirements relating to confidentiality and availability, which are well-defined. Management has expressed concern following initial meetings that the organization is not fully aware of the requirements associated with the regulations.

Which of the following would be MOST appropriate for the project manager to solicit additional resources for during this phase of the project?

A.

After-action reports

B.

Gap assessment

C.

Security requirements traceability matrix

D.

Business impact assessment

E.

Risk analysis

Full Access
Question # 92

Given the following:

Which of the following vulnerabilities is present in the above code snippet?

A.

Disclosure of database credential

B.

SQL-based string concatenation

C.

DOM-based injection

D.

Information disclosure in comments

Full Access
Question # 93

Compliance with company policy requires a quarterly review of firewall rules. You are asked to conduct a review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more secure. Given the following information perform the tasks listed below:

Untrusted zone: 0.0.0.0/0

User zone: USR 10.1.1.0/24

User zone: USR2 10.1.2.0/24

DB zone: 10.1.4.0/24

Web application zone: 10.1.5.0/24

Management zone: 10.1.10.0/24

Web server: 10.1.5.50

MS-SQL server: 10.1.4.70

MGMT platform: 10.1.10.250

Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Task 1) A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.

Task 2) The firewall must be configured so that the SQL server can only receive requests from the web server.

Task 3) The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.

Task 4) Ensure the final rule is an explicit deny.

Task 5) Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.

Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Full Access
Question # 94

The Chief Information Security Officer (CISO) suspects that a database administrator has been tampering with financial data to the administrator’s advantage. Which of the following would allow a third-party consultant to conduct an on-site review of the administrator’s activity?

A.

Separation of duties

B.

Job rotation

C.

Continuous monitoring

D.

Mandatory vacation

Full Access
Question # 95

Company.org has requested a black-box security assessment be performed on key cyber terrain. On area of concern is the company’s SMTP services. The security assessor wants to run reconnaissance before taking any additional action and wishes to determine which SMTP server is Internet-facing.

Which of the following commands should the assessor use to determine this information?

A.

dnsrecon –d company.org –t SOA

B.

dig company.org mx

C.

nc –v company.org

D.

whois company.org

Full Access
Question # 96

Given the code snippet below:

Which of the following vulnerability types in the MOST concerning?

A.

Only short usernames are supported, which could result in brute forcing of credentials.

B.

Buffer overflow in the username parameter could lead to a memory corruption vulnerability.

C.

Hardcoded usernames with different code paths taken depend on which user is entered.

D.

Format string vulnerability is present for admin users but not for standard users.

Full Access
Question # 97

A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities. The analyst inspects the following portions of different configuration files:

Configuration file 1:

Operator ALL=/sbin/reboot

Configuration file 2:

Command=”/sbin/shutdown now”, no-x11-forwarding, no-pty, ssh-dss

Configuration file 3:

Operator:x:1000:1000::/home/operator:/bin/bash

Which of the following explains why an intended operator cannot perform the intended action?

A.

The sudoers file is locked down to an incorrect command

B.

SSH command shell restrictions are misconfigured

C.

The passwd file is misconfigured

D.

The SSH command is not allowing a pty session

Full Access
Question # 98

A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares. Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two.)

A.

Conduct role-based training for privileged users that highlights common threats against them and covers best practices to thwart attacks

B.

Increase the frequency at which host operating systems are scanned for vulnerabilities, and decrease the amount of time permitted between vulnerability identification and the application of corresponding patches

C.

Enforce command shell restrictions via group policies for all workstations by default to limit which native operating system tools are available for use

D.

Modify the existing rules of behavior to include an explicit statement prohibiting users from enumerating user and file directories using available tools and/or accessing visible resources that do not directly pertain to their job functions

E.

For all workstations, implement full-disk encryption and configure UEFI instances to require complex passwords for authentication

F.

Implement application blacklisting enforced by the operating systems of all machines in the enterprise

Full Access
Question # 99

A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security. The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises. Which of the following should the consultant recommend be performed to evaluate potential risks?

A.

The consultant should attempt to gain access to physical offices through social engineering and then attempt data exfiltration

B.

The consultant should be granted access to all physical access control systems to review logs and evaluate the likelihood of the threat

C.

The company should conduct internal audits of access logs and employee social media feeds to identify potential insider threats

D.

The company should install a temporary CCTV system to detect unauthorized access to physical offices

Full Access
Question # 100

Which of the following BEST represents a risk associated with merging two enterprises during an acquisition?

A.

The consolidation of two different IT enterprises increases the likelihood of the data loss because there are now two backup systems

B.

Integrating two different IT systems might result in a successful data breach if threat intelligence is not shared between the two enterprises

C.

Merging two enterprise networks could result in an expanded attack surface and could cause outages if trust and permission issues are not handled carefully

D.

Expanding the set of data owners requires an in-depth review of all data classification decisions, impacting availability during the review

Full Access
Question # 101

A security architect is determining the best solution for a new project. The project is developing a new intranet with advanced authentication capabilities, SSO for users, and automated provisioning to streamline Day 1 access to systems. The security architect has identified the following requirements:

1. Information should be sourced from the trusted master data source.

2. There must be future requirements for identity proofing of devices and users.

3. A generic identity connector that can be reused must be developed.

4. The current project scope is for internally hosted applications only.

Which of the following solution building blocks should the security architect use to BEST meet the requirements?

A.

LDAP, multifactor authentication, oAuth, XACML

B.

AD, certificate-based authentication, Kerberos, SPML

C.

SAML, context-aware authentication, oAuth, WAYF

D.

NAC, radius, 802.1x, centralized active directory

Full Access
Question # 102

An agency has implemented a data retention policy that requires tagging data according to type before storing it in the data repository. The policy requires all business emails be automatically deleted after two years. During an open records investigation, information was found on an employee’s work computer concerning a conversation that occurred three years prior and proved damaging to the agency’s reputation. Which of the following MOST likely caused the data leak?

A.

The employee manually changed the email client retention settings to prevent deletion of emails

B.

The file that contained the damaging information was mistagged and retained on the server for longer than it should have been

C.

The email was encrypted and an exception was put in place via the data classification application

D.

The employee saved a file on the computer’s hard drive that contained archives of emails, which were more than two years old

Full Access