Month End Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > CompTIA > SecurityX > CAS-005

CAS-005 CompTIA SecurityX Certification Exam Question and Answers

Question # 4

During the course of normal SOC operations, three anomalous events occurred and were flagged as potential IoCs. Evidence for each of these potential IoCs is provided.

INSTRUCTIONS

Review each of the events and select the appropriate analysis and remediation options for each IoC.

Full Access
Question # 5

Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?

A.

Securing data transfer between hospitals

B.

Providing for non-repudiation of data

C.

Reducing liability from identity theft

D.

Protecting privacy while supporting portability

Full Access
Question # 6

A pharmaceutical lab hired a consultant to identify potential risks associated with Building 2, a new facility that is under construction. The consultant received the IT project plan, which includes the following VLAN design:

Which of the following TTPs should the consultant recommend be addressed first?

A.

Zone traversal

B.

Unauthorized execution

C.

Privilege escalation

D.

Lateral movement

Full Access
Question # 7

A security engineer is reviewing the following vulnerability scan report:

Which of the following should the engineer prioritize for remediation?

A.

Apache HTTP Server

B.

OpenSSH

C.

Google Chrome

D.

Migration to TLS 1.3

Full Access
Question # 8

A security analyst is reviewing a SIEM and generates the following report:

Later, the incident response team notices an attack was executed on the VM001 host. Which of the following should the security analyst do to enhance the alerting process on the SIEM platform?

A.

Include the EDR solution on the SIEM as a new log source.

B.

Perform a log correlation on the SIEM solution.

C.

Improve parsing of data on the SIEM.

D.

Create a new rule set to detect malware.

Full Access
Question # 9

An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment's notice. Which of the following should the organization consider first to address this requirement?

A.

Implement a change management plan to ensure systems are using the appropriate versions.

B.

Hire additional on-call staff to be deployed if an event occurs.

C.

Design an appropriate warm site for business continuity.

D.

Identify critical business processes and determine associated software and hardware requirements.

Full Access
Question # 10

PKI can be used to support security requirements in the change management process. Which of the following capabilities does PKI provide for messages?

A.

Non-repudiation

B.

Confidentiality

C.

Delivery receipts

D.

Attestation

Full Access
Question # 11

A security analyst Detected unusual network traffic related to program updating processes The analyst collected artifacts from compromised user workstations. The discovered artifacts were binary files with the same name as existing, valid binaries but. with different hashes which of the following solutions would most likely prevent this situation from reoccurring?

A.

Improving patching processes

B.

Implementing digital signature

C.

Performing manual updates via USB ports

D.

Allowing only dies from internal sources

Full Access
Question # 12

A global organization wants to manage all endpoint and user telemetry. The organization also needs to differentiate this data based on which office it is correlated to. Which of the following strategies best aligns with this goal?

A.

Sensor placement

B.

Data labeling

C.

Continuous monitoring

D.

Centralized logging

Full Access
Question # 13

A security configure isbuilding a solution to disable weak CBC configuration for remote access connections lo Linux systems. Which of the following should the security engineer modify?

A.

The /etc/openssl.conf file, updating the virtual site parameter

B.

The /etc/nsswith.conf file, updating the name server

C.

The /etc/hosts file, updating the IP parameter

D.

The /etc/etc/sshd, configure file updating the ciphers

Full Access
Question # 14

Recent repents indicate that a software tool is being exploited Attackers were able to bypass user access controls and load a database. A security analyst needs to find the vulnerability and recommend a mitigation. The analyst generates the following output:

Which of the following would the analyst most likely recommend?

A.

Installing appropriate EDR tools to block pass-the-hash attempts

B.

Adding additional time to software development to perform fuzz testing

C.

Removing hard coded credentials from the source code

D.

Not allowing users to change their local passwords

Full Access
Question # 15

Due to an infrastructure optimization plan, a company has moved from a unified architecture to a federated architecture divided by region. Long-term employees now have a better experience, but new employees are experiencing major performance issues when traveling between regions. The company is reviewing the following information:

Which of the following is the most effective action to remediate the issue?

A.

Creating a new user entry in the affected region for the affected employee

B.

Synchronizing all regions* user identities and ensuring ongoing synchronization

C.

Restarting European region physical access control systems

D.

Resyncing single sign-on application with connected security appliances

Full Access
Question # 16

An organization is planning for disaster recovery and continuity of operations.

INSTRUCTIONS

Review the following scenarios and instructions. Match each relevant finding to the affected host.

After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Each finding may be used more than once.

If at any time you would like to bring back the initial state of the simul-ation, please click the Reset All button.

Full Access
Question # 17

A security analyst isreviewing the following event timeline from an COR solution:

Which of the following most likely has occurred and needs to be fixed?

A.

The Dl P has failed to block malicious exfiltration and data tagging is not being utilized property

B.

An EDRbypass was utilized by a threat actor and updates must be installed by the administrator.

C.

A logic law has introduced a TOCTOU vulnerability and must be addressed by the COR vendor

D.

A potential insider threat is being investigated and will be addressed by the senior management team.

Full Access
Question # 18

Operational technology often relies upon aging command, control, and telemetry subsystems that were created with the design assumption of:

A.

operating in an isolated/disconnected system.

B.

communicating over distributed environments

C.

untrustworthy users and systems being present.

D.

an available EtherneVIP network stack for flexibility.

E.

anticipated eavesdropping from malicious actors.

Full Access
Question # 19

Users must accept the terms presented in a captive petal when connecting to a guest network. Recently, users have reported that they are unable to access the Internet after joining the network A network engineer observes the following:

• Users should be redirected to the captive portal.

• The Motive portal runs Tl. S 1 2

• Newer browser versions encounter security errors that cannot be bypassed

• Certain websites cause unexpected re directs

Which of the following mow likely explains this behavior?

A.

The TLS ciphers supported by the captive portal ate deprecated

B.

Employment of the HSTS setting is proliferating rapidly.

C.

Allowed traffic rules are causing the NIPS to drop legitimate traffic

D.

An attacker is redirecting supplicants to an evil twin WLAN.

Full Access
Question # 20

An organization recently acquired another company that is running a different EDR solution. A SOC analyst wants to automate the isolation of endpoints that are found to be compromised. Which of the following workflows best mitigates the risk of false positives and reduces the spread of malicious code?

A.

Using a SOAR solution to look up entities via a TIP platform and isolate endpoints via APIs

B.

Setting a policy on each EDR management console to isolate all endpoints that trigger any alerts

C.

Reviewing all alerts manually in the various portals and taking action to isolate them

D.

Automating the suppression of all alerts that are not critical and sending an email asking SOC analysts to review these alerts

Full Access
Question # 21

A network security architect for an organization with a highly remote workforce implements an always-on VPN to meet business requirements. Which of the following best explains why the architect is using this approach?

A.

To facilitate device authentication using on-premises directory services

B.

To allow access to directly connected print and scan resources

C.

To enable usability of locally attached removable storage

D.

To authorize updates to change the PIN on a smart card

Full Access
Question # 22

A systems administrator needs to identify new attacks that could be carried out against the environment. The administrator plans to proactively seek out and observe new attacks. Which of the following is the best way to accomplish this goal?

A.

Configuring an IPS

B.

Implementing sandboxing

C.

Scanning for IoCs

D.

Deploying a honeypot

Full Access
Question # 23

A company migrating to aremote work model requires that company-owned devices connect to a VPN before logging in to the device itself. The VPN gateway requires that a specific key extension is deployed to the machine certificates in the internal PKI. Which of the following best explains this requirement?

A.

The certificate is an additional factor to meet regulatory MFA requirements for VPN access.

B.

The VPN client selected the certificate with the correct key usage without user interaction.

C.

The internal PKI certificate deployment allows for Wi-Fi connectivity before logging in to other systems.

D.

The server connection uses SSL VPN, which uses certificates for secure communication.

Full Access
Question # 24

A senior security engineer flags the following log file snippet as having likely facilitated an attacker’s lateral movement in a recent breach:

qry_source: 19.27.214.22 TCP/53

qry_dest: 199.105.22.13 TCP/53

qry_type: AXFR

| in comptia.org

------------ directoryserver1 A 10.80.8.10

------------directoryserver2 A 10.80.8.11

------------ directoryserver3 A 10.80.8.12

------------ internal-dns A 10.80.9.1

----------- www-int A 10.80.9.3

------------ fshare A 10.80.9.4

------------ sip A 10.80.9.5

------------ msn-crit-apcs A 10.81.22.33

Which of the following solutions, if implemented, would mitigate the risk of this issue reoccurring?

A.

Disabling DNS zone transfers

B.

Restricting DNS traffic to UDP/53

C.

Implementing DNS masking on internal servers

D.

Permitting only clients from internal networks to query DNS

Full Access
Question # 25

An organization currently has IDS, firewall, and DLP systems in place. The systems administrator needs to integrate the tools in the environment to reduce response time. Which of the following should the administrator use?

A.

SOAR

B.

CWPP

C.

XCCDF

D.

CMDB

Full Access
Question # 26

A security architect for a global organization with a distributed workforce recently received funding lo deploy a CASB solution Which of the following most likely explains the choice to use a proxy-based CASB?

A.

The capability to block unapproved applications and services is possible

B.

Privacy compliance obligations are bypassed when using a user-based deployment.

C.

Protecting and regularly rotating API secret keys requires a significant time commitment

D.

Corporate devices cannot receive certificates when not connected to on-premises devices

Full Access
Question # 27

A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Select three).

A.

Temporal

B.

Availability

C.

Integrity

D.

Confidentiality

E.

Base

F.

Environmental

G.

Impact

Full Access
Question # 28

A company's security policy states that any publicly available server must be patched within 12 hours after a patch is released A recent llS zero-day vulnerability was discovered that affects all versions of the Windows Server OS:

Which of the following hosts should a security analyst patch first once a patch is available?

A.

1

B.

2

C.

3

D.

4

E.

5

F.

6

Full Access
Question # 29

A security analystreviews the following report:

Which of the following assessments is the analyst performing?

A.

System

B.

Supply chain

C.

Quantitative

D.

Organizational

Full Access
Question # 30

An analyst reviews a SIEM and generates the following report:

OnlyHOST002is authorized for internet traffic. Which of the following statements is accurate?

A.

The VM002 host is misconfigured and needs to be revised by the network team.

B.

The HOST002 host is under attack, and a security incident should be declared.

C.

The SIEM platform is reporting multiple false positives on the alerts.

D.

The network connection activity is unusual, and a network infection is highly possible.

Full Access
Question # 31

An organization hires a security consultant to establish a SOC that includes athreat-modeling function. During initial activities, the consultant works with system engineers to identify antipatterns within the environment. Which of the following is most critical for the engineers to disclose to the consultant during this phase?

A.

Results from the most recent infrastructure access review

B.

A listing of unpatchable IoT devices in use in the data center

C.

Network and data flow diagrams covering the production environment

D.

Results from the most recent software composition analysis

E.

A current inventory of cloud resources and SaaS products in use

Full Access
Question # 32

An organization is planning for disaster recovery and continuity ofoperations, and has noted the following relevant findings:

1. A natural disaster may disrupt operations at Site A, which would then cause an evacuation. Users are

unable to log into the domain from-their workstations after relocating to Site B.

2. A natural disaster may disrupt operations at Site A, which would then cause the pump room at Site B

to become inoperable.

3. A natural disaster may disrupt operations at Site A, which would then cause unreliable internet

connectivity at Site B due to route flapping.

INSTRUCTIONS

Match each relevant finding to the affected host by clicking on the host name and selecting the appropriate number.

For findings 1 and 2, select the items that should be replicated to Site B. For finding 3, select the item requiring configuration changes, then select the appropriate corrective action from the drop-down menu.

Full Access
Question # 33

A security review revealed that not all of the client proxy traffic is being captured. Which of the following architectural changes best enables the capture of traffic for analysis?

A.

Adding an additional proxy server to each segmented VLAN

B.

Setting up a reverse proxy for client logging at the gateway

C.

Configuring a span port on the perimeter firewall to ingest logs

D.

Enabling client device logging and system event auditing

Full Access
Question # 34

A healthcare system recently suffered from a ransomware incident. As a result, the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits, and had open RDP access to servers with personal health information. As the consultant builds the remediation plan, which of the following solutions would best solve these challenges? (Select three).

A.

SD-WAN

B.

PAM

C.

Remote access VPN

D.

MFA

E.

Network segmentation

F.

BGP

G.

NAC

Full Access
Question # 35

A company lined an email service provider called my-email.com to deliver company emails. The company stalled having several issues during the migration. A security engineer is troubleshooting and observes the following configuration snippet:

Which of the following should the security engineer modify to fix the issue? (Select two).

A.

The email CNAME record must be changed to a type A record pointing to 192.168.111

B.

The TXT record must be Changed to "v=dmarc ip4:192.168.1.10 include:my-email.com -all"

C.

The srvo1 A record must be changed to a type CNAME record pointing to the email server

D.

The email CNAMErecord must be changed to a type A record pointing to 192.168.1.10

E.

The TXT record must be changed to "v=dkim ip4:l92.168.1.11 include my-email.com -ell"

F.

The TXT record must be Changed to "v=dkim ip4:192.168.1.10 include:email-all"

G.

The srv01 A record must be changed to a type CNAME record pointing to the web01 server

Full Access
Question # 36

A systems engineer is configuring SSO for a business that will be using SaaS applications for its remote-only workforce. Privileged actions in SaaS applications must be allowed only from corporate mobile devices that meet minimum security requirements, but BYOD must also be permitted for other activity. Which of the following would best meet this objective?

A.

Block any connections from outside the business's network security boundary.

B.

Install machine certificates on corporate devices and perform checks against the clients.

C.

Configure device attestations and continuous authorization controls.

D.

Deploy application protection policies using a corporate, cloud-based MDM solution.

Full Access
Question # 37

Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole. Which of the following is the best way to achieve this goal? (Select two).

Implementing DLP controls preventing sensitive data from leaving Company B's network

A.

Documenting third-party connections used by Company B

B.

Reviewing the privacy policies currently adopted by Company B

C.

Requiring data sensitivity labeling tor all files shared with Company B

D.

Forcing a password reset requiring more stringent passwords for users on Company B's network

E.

Performing an architectural review of Company B's network

Full Access
Question # 38

A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM and downloaded the image to a secured USB drive to share with the government. Which of the following should be taken into consideration during the process of releasing the drive to the government?

A.

Encryption in transit

B.

Legal issues

C.

Chain of custody

D.

Order of volatility

E.

Key exchange

Full Access
Question # 39

A security architect is mitigating a vulnerability that previously led to a web application data breach. An analysis into the root cause of the issue finds the following:

An administrator’s account was hijacked and used on several Autonomous System Numbers within 30 minutes.

All administrators use named accounts that require multifactor authentication.

Single sign-on is used for all company applications.Which of the following should the security architect do to mitigate the issue?

A.

Configure token theft detection on the single sign-on system with automatic account lockouts.

B.

Enable context-based authentication when network locations change on administrator login attempts.

C.

Decentralize administrator accounts and force unique passwords for each application.

D.

Enforce biometric authentication requirements for the administrator’s named accounts.

Full Access
Question # 40

An IPSec solution is being deployed. The configuration files for both the VPN

concentrator and the AAA server are shown in the diagram.

Complete the configuration files to meet the following requirements:

• The EAP method must use mutual certificate-based authentication (With

issued client certificates).

• The IKEv2 Cipher suite must be configured to the MOST secure

authenticated mode of operation,

• The secret must contain at least one uppercase character, one lowercase

character, one numeric character, and one special character, and it must

meet a minimumlength requirement of eight characters,

INSTRUCTIONS

Click on the AAA server and VPN concentrator to complete the configuration.

Fill in the appropriate fields and make selections from the drop-down menus.

VPN Concentrator:

AAA Server:

Full Access
Question # 41

A building camera is remotely accessed and disabled from the remote console application during off-hours. A security analyst reviews the following logs:

Which of the following actions should the analyst take to best mitigate the threat?

A.

Implement WAF protection for the web application.

B.

Upgrade the firmware on the camera.

C.

Only allowconnections from approved IPs.

D.

Block IP 104.18.16.29 on the firewall.

Full Access
Question # 42

Source code snippets for two separate malware samples are shown below:

Sample 1:

knockEmDown(String e) {

if(target.isAccessed()) {

target.toShell(e);

System.out.printIn(e.toString());

c2.sendTelemetry(target.hostname.toString + " is " + e.toString());

} else {

target.close();

}

}

Sample 2:

targetSys(address a) {

if(address.islpv4()) {

address.connect(1337);

address.keepAlive("paranoid");

String status = knockEmDown(address.current);

remote.sendC2(address.current + " is " + status);

} else {

throw Exception e;

}

}

Which of the following describes the most important observation about the two samples?

A.

Telemetry is first buffered and then transmitted in paranoid mode.

B.

The samples were probably written by the same developer.

C.

Both samples use IP connectivity for command and control.

D.

Sample 1 is the target agent while Sample 2 is the C2 server.

Full Access
Question # 43

A software vendor provides routine functionality and security updates to its global customer base. The vendor would like to ensure distributed updates are authorized, originate from only the company, and have not been modified by others. Which of the following solutions best supports these objectives?

A.

Envelope encryption

B.

File integrity monitoring

C.

Application control

D.

Code signing

Full Access
Question # 44

A company wants to implement hardware security key authentication for accessing sensitive information systems The goal is to prevent unauthorized users from gaining access with a stolen password Which of the following models should the company implement to b«st solve this issue?

A.

Rule based

B.

Time-based

C.

Role based

D.

Context-based

Full Access
Question # 45

Which of the following is the main reason quantum computing advancements are leading companies and countries to deploy new encryption algorithms?

A.

Encryption systems based on large prime numbers will be vulnerable to exploitation

B.

Zero Trust security architectures will require homomorphic encryption.

C.

Perfect forward secrecy will prevent deployment of advanced firewall monitoring techniques

D.

Quantum computers willenable malicious actors to capture IP traffic in real time

Full Access
Question # 46

A global company’s Chief Financial Officer (CFO) receives a phone call from someone claiming to be the Chief Executive Officer (CEO). The caller claims to be stranded and in desperate need of money. The CFO is suspicious, but the caller’s voice sounds similar to the CEO’s. Which of the following best describes this type of attack?

A.

Smishing

B.

Deepfake

C.

Automated exploit generation

D.

Spear phishing

Full Access
Question # 47

A security engineer is given the following requirements:

• An endpoint must only execute Internally signed applications

• Administrator accounts cannot install unauthorized software.

• Attempts to run unauthorized software must be logged

Which of the following best meets these requirements?

A.

Maintaining appropriate account access through directory management and controls

B.

Implementing a CSPM platform to monitor updates being pushed to applications

C.

Deploying an EDR solution to monitor and respond to software installation attempts

D.

Configuring application control with blocked hashes and enterprise-trusted root certificates

Full Access
Question # 48

Which of the following security risks should be considered as an organization reduces cost and increases availability of services by adopting serverless computing?

A.

Level of control and influence governments have over cloud service providers

B.

Type of virtualization or emulation technology used in the provisioning of services

C.

Vertical scalability of the infrastructure underpinning the serverless offerings

D.

Use of third-party monitoring of service provisioning and configurations

Full Access
Question # 49

A company wants to invest in research capabilities with the goal to operationalize the research output. Which of the following is the best option for a security architect to recommend?

A.

Dark web monitoring

B.

Threat intelligence platform

C.

Honeypots

D.

Continuous adversary emulation

Full Access
Question # 50

A network engineer must ensure that always-on VPN access is enabled Curt restricted to company assets Which of the following best describes what the engineer needs to do''

A.

Generate device certificates using the specific template settings needed

B.

Modify signing certificates in order to support IKE version 2

C.

Create a wildcard certificate for connections from public networks

D.

Add the VPN hostname as a SAN entry on the root certificate

Full Access
Question # 51

During a gap assessment, an organization notes that OYOD usage is asignificant risk. The organization implemented administrative policies prohibiting BYOD usage However, the organization has not implemented technical controls to prevent the unauthorized use of BYOD assets when accessing the organization's resources. Which of the following solutions should the organization implement to b»« reduce the risk of OYOD devices? (Select two).

A.

Cloud 1AM to enforce the use of token based MFA

B.

Conditional access, to enforce user-to-device binding

C.

NAC, to enforce device configuration requirements

D.

PAM. to enforce local password policies

E.

SD-WAN. to enforce web content filtering through external proxies

F.

DLP, to enforce data protection capabilities

Full Access
Question # 52

A security architect is investigating instances of employees who had their phones stolen in public places through seemingly targeted attacks. Devices are able to access company resources such as email and internal documentation, some of which can persist in application storage. Which of the following would best protect the company from information exposure? (Select two).

A.

Implement a remote wipe procedure if the phone does not check in for a period of time

B.

Enforce biometric access control with configured timeouts

C.

Set up geofencing for corporate applications where the phone must be near an office

D.

Use application control to restrict the applications that can be installed

E.

Leverage an MDM solution to prevent the side loading of mobile applications

F.

Enable device certificates that will be used for access to company resources

Full Access
Question # 53

An auditor is reviewing the logs from a web application to determine the source of an incident. The web application architecture includes an internet-accessible application load balancer, a number of web servers in a private subnet, application servers, and one database server in a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets:

Web server logs:

192.168.1.10 - - [24/Oct/2020 11:24:34 +05:00] "GET /bin/bash" HTTP/1.1" 200 453 Safari/536.36

192.168.1.10 - - [24/Oct/2020 11:24:35 +05:00] "GET / HTTP/1.1" 200 453 Safari/536.36

Application server logs:

24/Oct/2020 11:24:34 +05:00 - 192.168.2.11 - request does not match a known local user. Querying DB

24/Oct/2020 11:24:35 +05:00 - 192.168.2.12 - root path. Begin processing

Database server logs:

24/Oct/2020 11:24:34 +05:00 [Warning] 'option read_buffer_size1 unassigned value 0 adjusted to 2048

24/Oct/2020 11:24:35 +05:00 [Warning] CA certificate ca.pem is self-signed.

Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?

A.

Enable the X-Forwarded-For header at the load balancer.

B.

Install a software-based HIDS on the application servers.

C.

Install a certificate signed by a trusted CA.

D.

Use stored procedures on the database server.

E.

Store the value of the $_SERVER['REMOTE_ADDR'] received by the web servers.

Full Access
Question # 54

A company is preparing to move a new version of a web application to production. No issues were reported during security scanning or quality assurance in the CI/CD pipeline. Which of the following actions should thecompany take next?

A.

Merge the test branch to the main branch

B.

Perform threat modeling on the production application

C.

Conduct unit testing on the submitted code

D.

Perform a peer review on the test branch

Full Access
Question # 55

An organization recently migrated data to a new file management system. The architect decides to use a discretionary authorization model on the new system. Which of the following best explains the architect's choice?

A.

The responsibility of migrating data to the new file management system was outsourced to the vendor providing the platform.

B.

The permissions were not able to be migrated to the new system, and several stakeholders were made responsible for granting appropriate access.

C.

The legacy file management system did not support modern authentication techniques despite the business requirements.

D.

The data custodians were selected by business stakeholders to ensure backups of the file management system are maintained off site.

Full Access
Question # 56

Previously intercepted communications must remain secure even if a current encryption key is compromised in the future. Which of the following best supports this requirement?

A.

Tokenization

B.

Key stretching

C.

Forward secrecy

D.

Simultaneous authentication of equals

Full Access
Question # 57

An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories best describes this type of vendor risk?

A.

SDLC attack

B.

Side-load attack

C.

Remote code signing

D.

Supply chain attack

Full Access
Question # 58

All organization is concerned about insider threats from employees who have individual access to encrypted material. Which of the following techniques best addresses this issue?

A.

SSO with MFA

B.

Sating and hashing

C.

Account federation with hardware tokens

D.

SAE

E.

Key splitting

Full Access
Question # 59

Which of the following are risks associated with vendor lock-in? (Select two).

A.

The client can seamlessly move data.

B.

The vendor canchange product offerings.

C.

The client receives a sufficient level of service.

D.

The client experiences decreased quality of service.

E.

The client can leverage a multicloud approach.

F.

The client experiences increased interoperability.

Full Access
Question # 60

A systems administrator wants to introduce a newly released feature for an internal application. The administrate docs not want to test the feature in the production environment. Which of the following locations is the best place to test the new feature?

A.

Staging environment

B.

Testing environment

C.

CI/CO pipeline

D.

Development environment

Full Access
Question # 61

Which of the following key management practices ensures that an encryption key is maintained within the organization?

A.

Encrypting using a key stored in an on-premises hardware security module

B.

Encrypting using server-side encryption capabilities provided by the cloud provider

C.

Encrypting using encryption and key storage systems provided by the cloud provider

D.

Encrypting using a key escrow process for storage of the encryption key

Full Access
Question # 62

After an organization met with its ISAC, the organization decided to test the resiliency of its security controls against a small number of advanced threat actors. Which of the following will enable the security administrator to accomplish this task?

A.

Adversary emulation

B.

Reliability factors

C.

Deployment of a honeypot

D.

Internal reconnaissance

Full Access
Question # 63

An audit finding reveals that a legacy platform has not retained loos for more than 30 days The platform has been segmented due to its interoperability with newer technology. As a temporarysolution, the IT department changed the log retention to 120 days. Which of the following should the security engineer do to ensure the logs are being properly retained?

A.

Configure a scheduled task nightly to save the logs

B.

Configure event-based triggers to export the logs at a threshold.

C.

Configure the SIEM to aggregate the logs

D.

Configure a Python script to move the logs into a SQL database.

Full Access
Question # 64

After several companies in the financial industry were affected by a similar incident, they shared information about threat intelligence and the malware used for exploitation. Which of the following should the companies do to best indicate whether the attacks are being conducted by the same actor?

A.

Apply code stylometry.

B.

Look for common IOCs.

C.

Use IOC extractions.

D.

Leverage malware detonation.

Full Access
Question # 65

A company wants to install a three-tier approach to separate the web. database, and application servers A security administrator must harden the environment which of the following is the best solution?

A.

Deploying a VPN to prevent remote locations from accessing server VLANs

B.

Configuring a SASb solution to restrict users to server communication

C.

Implementing microsegmentation on the server VLANs

D.

installing a firewall and making it the network core

Full Access
Question # 66

A security architect is establishing requirements to design resilience in un enterprise system trial will be extended to other physical locations. The system must

• Be survivable to one environmental catastrophe

• Re recoverable within 24 hours of critical loss of availability

• Be resilient to active exploitation of one site-to-site VPN solution

A.

Load-balance connection attempts and data Ingress at internet gateways

B.

Allocate fully redundant and geographically distributed standby sites.

C.

Employ layering of routers from diverse vendors

D.

Lease space to establish cold sites throughout other countries

E.

Use orchestration to procure, provision, and transfer application workloads lo cloud services

F.

Implement full weekly backups to be stored off-site for each of the company's sites

Full Access
Question # 67

A user reports application access issues to the help desk. The help desk reviews the logs for the user

Which of the following is most likely The reason for the issue?

A.

The userinadvertently tripped the impossible travel security rule in the SSO system.

B.

A threat actor has compromised the user's account and attempted to lop, m

C.

The user is not allowed to access the human resources system outside of business hours

D.

The user did not attempt to connect from an approved subnet

Full Access
Question # 68

Within a SCADA a business needs access to the historian server in order together metric about the functionality of the environment. Which of the following actions should be taken to address this requirement?

A.

Isolating the historian server for connections only from The SCADA environment

B.

Publishing the C$ share from SCADA to the enterprise

C.

Deploying a screened subnet between 11 and SCADA

D.

Adding the business workstations to the SCADA domain

Full Access
Question # 69

A systems administrator wants to reduce the number of failed patch deployments in an organization. The administrator discovers that system owners modify systems or applications in an ad hoc manner. Which of the following is the best way to reduce the number of failed patch deployments?

A.

Compliance tracking

B.

Situational awareness

C.

Change management

D.

Quality assurance

Full Access
Question # 70

An organization plans to deploy new software. The project manager compiles a list of roles that will be involved in different phases of the deployment life cycle. Which of the following should the project manager use to track these roles?

A.

CMDB

B.

Recall tree

C.

ITIL

D.

RACI matrix

Full Access
Question # 71

A security engineer must resolve a vulnerability in a deprecated version of Python for a custom-developed flight simul-ation application that is monitored and controlled remotely. The source code is proprietary and built with Python functions running on the Ubuntu operating system. Version control is not enabled for the application in development or production. However, the application must remain online in the production environment using built-in features. Which of the following solutions best reduces theattack surface of these issues and meets the outlined requirements?

A.

Configure code-signing within the CI/CD pipeline, update Python with aptitude, and update modules with pip in a test environment. Deploy the solution to production.

B.

Enable branch protection in the GitHub repository. Update Python with aptitude, and update modules with pip in a test environment. Deploy the solution to production.

C.

Use an NFS network share. Update Python with aptitude, and update modules with pip in a test environment. Deploy the solution to production.

D.

Configure version designation within the Python interpreter. Update Python with aptitude, and update modules with pip in a test environment. Deploy the solution to production.

Full Access
Question # 72

While investigating a security event an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware. Which of the following is the next step the analyst should take after reporting the incident to the management team?

A.

Pay the ransom within 48 hours

B.

Isolate the servers to prevent the spread

C.

Notify law enforcement

D.

Request that the affected servers be restored immediately

Full Access
Question # 73

A security engineer needs to review the configurations of several devices on the network to meet the following requirements:

• The PostgreSQL server must only allow connectivity in the 10.1.2.0/24

subnet.

• The SSH daemon on the database server must be configured to listen

to port 4022.

• The SSH daemon must only accept connections from a Single

workstation.

• All host-based firewalls must be disabled on all workstations.

• All devices must have the latest updates from within the past eight

days.

•All HDDs must be configured to secure data at rest.

• Cleartext services are not allowed.

• All devices must be hardened when possible.

Instructions:

Click on the various workstations and network devices to review the posture assessment results. Remediate any possible issues or indicate that no issue is found.

Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the pOSTGREsql DATABASE VIA ssh

WAP A

PC A

Laptop A

Switch A

Switch B:

Laptop B

PC B

PC C

Server A

Full Access
Question # 74

A developer needs toimprove the cryptographic strength of a password-storage component in a web application without completely replacing the crypto-module. Which of the following is the most appropriate technique?

A.

Key splitting

B.

Key escrow

C.

Key rotation

D.

Key encryption

E.

Key stretching

Full Access