Improve Your Knowledge with CAS-004 Exam Dumps

1. Which of the following best explain why organizations prefer to utilize code that is digitally signed? (Select two).

2. An organization is assessing the security posture of a new SaaS CRM system that handles sensitive Pll and identity information, such as passport numbers.

The SaaS CRM system does not meet the organization's current security standards.

The assessment identifies the following:

1- There will be a $20,000 per day revenue loss for each day the system is delayed going into production.

2- The inherent risk is high.

3- The residual risk is low.

4- There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization's requirements?

3. A security administrator wants to enable a feature that would prevent a compromised encryption key from being used to decrypt all the VPN traffic.

Which of the following should the security administrator use?

4. A developer implement the following code snippet.





Which of the following vulnerabilities does the code snippet resolve?

5. A host on a company’s network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.

Which of the following steps would be best to perform FIRST?

6. A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was

opened.

7. A security engineer performed an assessment on a recently deployed web application.

The engineer was able to exfiltration a company report by visiting the following URL: www.intranet.abc.com/get-files.jsp?file=report.pdf

Which of the following mitigation techniques would be BEST for the security engineer to recommend?

8. A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce.

The security architect's key objectives are to:

• Maintain customer trust

• Minimize data leakage

• Ensure non-repudiation

Which of the following would be the BEST set of recommendations from the security architect?

9. An organization has an operational requirement with a specific equipment vendor The organization is located in the United States, but the vendor is located in another region.

Which of the following risks would be most concerning to the organization in the event of equipment failure?

10. During a vendor assessment, an analyst reviews a listing of the complementary user entity controls included in the audit report.

Which of the following is the most important aspect to consider when reviewing this list with the security team?

11. An organization is moving its intellectual property data from on premises to a CSP and wants to secure the data from theft.

Which of the following can be used to mitigate this risk?

12. To save on device life-cycle costs, a company is transitioning to a BYOD deployment scheme for enterprise mobility. Local laws protect users from corporate-initiated wiping or manipulation of data not owned by the company.

Which of the following techniques would best protect corporate data while ensuring the integrity of private data?

13. The Chief Information Security Officer (CISO) is working with a new company and needs a legal “document to ensure all parties understand their roles during an assessment.

Which of the following should the CISO have each party sign?

14. A company's BIA indicates that any loss of more than one hour of data would be catastrophic to the

business.

Which of the following must be in place to meet this requirement?

15. Several unlabeled documents in a cloud document repository contain cardholder information.

Which of the following configuration changes should be made to the DLP system to correctly label these documents in the future?

16. A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.

Which of the following would be BEST to proceed with the transformation?

17. A company underwent an audit in which the following issues were enumerated:

• Insufficient security controls for internet-facing services, such as VPN and extranet

• Weak password policies governing external access for third-party vendors

Which of the following strategies would help mitigate the risks of unauthorized access?

18. A security engineer investigates an incident and determines that a rogue device is on the network. Further investigation finds that an employee's personal device has been set up to access company resources and does not comply with standard security controls.

Which of the following should the security engineer recommend to reduce the risk of future reoccurrence?

19. The primary advantage of an organization creating and maintaining a vendor risk registry is to:

20. A security analyst is investigating a possible buffer overflow attack.

The following output was found on a user’s workstation: graphic.linux_randomization.prg

Which of the following technologies would mitigate the manipulation of memory segments?

21. While performing mandatory monthly patch updates on a production application server, the security analyst reports an instance of buffer overflow for a new application that was migrated to the cloud and is also publicly exposed. Security policy requires that only internal users have access to the application.

Which of the following should the analyst implement to mitigate the issues reported? (Select two).

22. The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank’s risk committee is to ensure:

23. A company has moved its sensitive workloads lo the cloud and needs to ensure high availability and resiliency of its web-based application.

The cloud architecture team was given the following requirements

• The application must run at 70% capacity at all times

• The application must sustain DoS and DDoS attacks.

• Services must recover automatically.

Which of the following should the cloud architecture team implement? (Select THREE).

24. A development team created a mobile application that contacts a company’s back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.

Which of the following would BEST safeguard the APIs? (Choose two.)

25. An administrator completed remediation for all the findings of a penetration test and notifies the management team that the systems are ready to be placed back into production.

Which of the following steps should the management team require the analyst to perform immediately before placing the systems back into production?

26. A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.

A security engineer is concerned about the security of the solution and notes the following.

* The critical devise send cleartext logs to the aggregator.

* The log aggregator utilize full disk encryption.

* The log aggregator sends to the analysis server via port 80.

* MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.

* The data is compressed and encrypted prior to being achieved in the cloud.

Which of the following should be the engineer’s GREATEST concern?

27. An organization recently recovered from an attack that featured an adversary injecting Malicious logic into OS bootloaders on endpoint devices Therefore, the organization decided to require the use of TPM for measured boot and attestation, monitoring each component from the IJEFI through the full loading of OS components. of the following TPM structures enables this storage functionality?

28. A healthcare system recently suffered from a ransomware incident As a result the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits and had open RDP access to servers with personal health information.

As the consultant builds the remediation plan, which of the following solutions would BEST solve these challenges? (Select THREE).

29. A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts.

The organization websites are:

* www.mycompany.org

* www.mycompany.com

* campus.mycompany.com

* wiki. mycompany.org

The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks.

Which of the following is the BEST solution?

30. Which of the followingbestdescribes a common use case for homomorphic encryption?

A. Processing data on a server after decrypting in order to prevent unauthorized access in transit

B. Maintaining the confidentiality of data both at rest and in transit to and from a CSP for processing

C. Transmitting confidential data to a CSP for processing on a large number of resources without revealing information

D. Storing proprietary data across multiple nodes in a private cloud to prevent access by unauthenticated users

31. Which of the following is the MOST important cloud-specific risk from the CSP’s viewpoint?

32. A client is adding scope to a project.

Which of the following processes should be used when requesting updates or corrections to the client's systems?

A. The implementation engineer requests direct approval from the systems engineer and the Chief Information Security Officer.

B. The change control board must review and approve a submission.

C. The information system security officer provides the systems engineer with the system updates.

D. The security engineer asks the project manager to review the updates for the client's system.

33. A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation.

Which of the following metric groups would the analyst need to determine to get the overall scores? (Select THREE).

34. After a lengthy exercise manually analyzing various types of logs related to a security breach, a security team was able to tie the activity to specific employees.

Which of the following should the team implement to help streamline this process moving forward?

35. A forensic investigator started the process of gathering evidence on a laptop in response to an incident The investigator took a snapshof of the hard drive, copied relevant log files and then performed a memory dump.

Which of the following steps in the process should have occurred first?

36. A security architect was asked to modify an existing internal network design to accommodate the following requirements for RDP:

• Enforce MFA for RDP

• Ensure RDP connections are only allowed with secure ciphers.

The existing network is extremely complex and not well segmented. Because of these limitations, the company has requested that the connections not be restricted by network-level firewalls Of ACLs.

Which of the following should the security architect recommend to meet these requirements?

37. Which of the following objectives BEST supports leveraging tabletop exercises in business continuity planning?

38. A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.

Which of the following should the company use to prevent data theft?

39. Which of the following ensures that certain inbound traffic from third-party vendors is restricted from being sourced from high-risk countries?

A. Microsegmentation

B. Supply chain visibility

C. Geocoded firewall rules

D. Source code reviews

40. A software developer has been tasked with creating a unique threat detection mechanism that is based on machine learning. The information system for which the tool is being developed is on a rapid CI/CD pipeline, and the tool developer is considered a supplier to the process.

Which of the following presents the most risk to the development life cycle and lo the ability to deliver the security tool on time?

41. A cybersecurity analyst discovered a private key that could have been exposed.

Which of the following is the BEST way for the analyst to determine if the key has been compromised?

42. A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.

Which of the following offers an authoritative decision about whether the evidence was obtained legally?

43. An incident response team completed recovery from offline backup for several workstations. The workstations were subjected to a ransomware attack after users fell victim to a spear-phishing campaign, despite a robust training program.

Which of the following questions should be considered during the lessons-learned phase to most likely reduce the risk of reoccurrence? (Select two).

44. A company suspects a web server may have been infiltrated by a rival corporation.

The security engineer reviews the web server logs and finds the following:





The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:





Which of the following is an appropriate security control the company should implement?

45. An organization is designing a network architecture that must meet the following requirements:

Users will only be able to access predefined services.

Each user will have a unique allow list defined for access.

The system will construct one-to-one subject/object access paths dynamically.

Which of the following architectural designs should the organization use to meet these requirements?

46. A company that provides services to clients who work with highly sensitive data would like to provide assurance that the data’s confidentiality is maintained in a dynamic, low-risk environment.

Which of the following would best achieve this goal? (Select two).

47. A security administrator needs to recommend an encryption protocol after a legacy stream cipher was deprecated when a security flaw was discovered. The legacy cipher excelled at maintaining strong cryptographic security and provided great performance for a streaming video service.

Which of the following AES modes should the security administrator recommend given these requirements?

48. Which of the following protocols is a low power, low data rate that allows for the creation of PAN networks?

49. A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.

Which of the following should be the analyst’s FIRST action?

50. A company performs an annual attack surface analysis and identifies a large number of unexpected, external-facing systems. The Chief Information Security Officer (CISO) wishes to ensure this issue does not reoccur.

Which of the following should the company do?

51. Which of the following is the primary reason that a risk practitioner determines the security boundary prior to conducting a risk assessment?

52. A security manager wants to transition the organization to a zero trust architecture. To meet this requirement, the security manager has instructed administrators to remove trusted zones, role-based access, and one-time authentication.

Which of the following will need to be implemented to achieve this objective? (Select THREE).

A. Least privilege

B. VPN

C. Policy automation

D. PKI

E. Firewall

F. Continuous validation

G. Continuous integration

H. laas

53. A company requires a task to be carried by more than one person concurrently. This is an example of:

54. A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems.

Which of the following now describes the level of risk?

55. Which of the following technologies would benefit the most from the use of biometric readers proximity badge entry systems, and the use of hardware security tokens to access various environments and data entry systems?

56. When managing and mitigating SaaS cloud vendor risk, which of the following responsibilities belongs to the client?

57. A security manager is creating a standard configuration across all endpoints that handle sensitive data.

Which of the following techniques should be included in the standard configuration to ensure the endpoints are hardened?

58. A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider.

Which of the following is MOST likely identified as a potential risk by the CISO?

59. A company moved its on-premises services to the cloud. Although a recent audit verified that data throughout the cloud service is properly classified and documented, other systems are unable to act or filter based on this information.

Which of the following should the company deploy to allow other cloud-based systems to consume this information?

60. A security analyst is examining a former employee's laptop for suspected evidence of suspicious activity. The analyst uses dd during the investigation.

Which of the following best explains why the analyst is using this tool?

61. A security analyst discovered that the company’s WAF was not properly configured.

The main web server was breached, and the following payload was found in one of the malicious requests:





Which of the following would BEST mitigate this vulnerability?

62. A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.





Which of the following should the security analyst perform?

63. A security engineer is assessing the security controls of loT systems that are no longer supported for updates and patching.

Which of the following is the best mitigation for defending these loT systems?

64. A company’s SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign.

Which of the following should the company use to make this determination?

65. The findings from a recent penetration test report indicate a systematic issue related to cross-site scripting (XSS). A security engineer would like to prevent this type of issue for future reports.

Which of the following mitigation strategies should the engineer use to best resolve the issue?

66. An organization is running its e-commerce site in the cloud. The capacity is sufficient to meet the organization's needs throughout most of the year, except during the holidays when the organization plans to introduce a new line of products and expects an increase in traffic. The organization is not sure how well its products will be received.

To address this issue, the organization needs to ensure that:

* System capacity is optimized.

* Cost is reduced.

Which of the following should be implemented to address these requirements? (Select TWO).

67. A company has identified a number of vulnerable, end-of-support systems with limited defensive capabilities.

Which of the following would be the first step in reducing the attack surface in this environment?

68. A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation was observed connecting to multiple databases through ODBC.

The following query behavior was captured:





Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?

A) Personal health information: Inform the human resources department of the breach and review the DLP logs.

В) Account history; Inform the relationship managers of the breach and create new accounts for the affected users.

C) Customer IDs: Inform the customer service department of the breach and work to change the account numbers.

D) PAN: Inform the legal department of the breach and look for this data in dark web monitoring.

69. An organization’s assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the business via an API.

Given this information, which of the following is a noted risk?

70. A security engineer notices the company website allows users following example:

hitps://mycompany.com/main.php?Country=US

Which of the following vulnerabilities would MOST likely affect this site?

71. A security engineer is concerned about the threat of side-channel attacks The company experienced a past attack that degraded parts of a SCADA system, causing a fluctuation to 20,000rpm from its normal operating range As a result, the part deteriorated more quickly than the mean time to failure A further investigation revealed the attacker was able to determine the acceptable rpm range, and the malware would then fluctuate the rpm until the pan failed.

Which of the following solutions would be best to prevent a side-channel attack in the future?

72. A security engineer has learned that terminated employees' accounts are not being disabled. The termination dates are updated automatically in the human resources information system software by the appropriate human resources staff.

Which of the following would best reduce risks to the organization?

73. An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.

Which of the following should the organization perform NEXT?

74. A company recently acquired a SaaS provider and needs to integrate its platform into the company's existing infrastructure without impact to the customer's experience. The SaaS provider does not have a mature security program A recent vulnerability scan of the SaaS provider's systems shows multiple critical vulnerabilities attributed to very old and outdated Oss.

Which of the following solutions would prevent these vulnerabilities from being introduced into the company's existing infrastructure?

75. A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.

Which of the following is the BEST solution to meet these objectives?

76. A security engineer is implementing DLP.

Which of the following should the security engineer include in the overall DLP strategy?

77. A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.

Which of the following does the business’s IT manager need to consider?

78. A security compliance requirement states that specific environments that handle sensitive data must

be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment.

Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?

79. An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment’s notice.

Which of the following should the organization consider FIRST to address this requirement?

80. A company purchased Burp Suite licenses this year for each application security engineer. The engineers have used Burp Suite to identify several issues with the company’s SaaS application. In the upcoming year, the Chief Information Security Officer would like to purchase additional tools to protect the SaaS product.

Which of the following is the best option?

81. A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by reducing the risk of on-path attacks between the mobile

client and its servers and by implementing stronger digital trust.

To support users' trust, the company has released the following internal guidelines:

• Mobile clients should verify the identity of all social media servers locally.

• Social media servers should improve TLS performance of their certificate status

• Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

82. To bring digital evidence in a court of law the evidence must be:

83. A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:





Which of the following MOST appropriate corrective action to document for this finding?

84. Company A acquired Company В. During an audit, a security engineer found Company B’s environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B's infrastructure could be integrated into Company A’s security program.

Which of the following risk-handling techniques was used?

85. A software development company wants to ensure that users can confirm the software is legitimate when installing it.

Which of the following is the best way for the company to achieve this security objective?

86. Company A is merging with Company B Company A is a small, local company Company B has a large, global presence The two companies have a lot of duplication in their IT systems processes, and procedures On the new Chief Information Officer's (ClO's) first day a fire breaks out at Company B's mam data center.

Which of the following actions should the CIO take first?

87. A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup.

Which of the following solutions will BEST meet this requirement?

88. Law enforcement officials informed an organization that an investigation has begun.

Which of the following is the FIRST step the organization should take?

89. An ASIC manufacturer wishing to best reduce downstream supply chain risk can provide validation instructions for consumers that:

90. A company with customers in the United States and Europe wants to ensure its content is delivered to end users with low latency. Content includes both sensitive and public information. The company's data centers are located on the West Coast of the United States. Users on the East Coast of the United States and users in Europe are experiencing slow application response.

Which of the following would allow the company to improve application response quickly?

91. A security architect is tasked with scoping a penetration test that will start next month. The architect wants to define what security controls will be impacted.

Which of the following would be the BEST document to consult?

92. A security architect Is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business.

Which of the following techniques should have been Implemented to prevent these types of risks?

93. A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered data. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements.

Which of the following would MOST likely help the company gain consensus to move the data to the cloud?

94. A company wants to refactor a monolithic application to take advantage of cloud native services and service microsegmentation to secure sensitive application components.

Which of the following should the company implement to ensure the architecture is portable?

95. A DNS forward lookup zone named complia.org must:

• Ensure the DNS is protected from on-path attacks.

• Ensure zone transfers use mutual authentication and are authenticated and negotiated.

Which of the following should the security architect configure to meet these requirements? (Select two).

96. A forensic investigator would use the foremost command for:

97. An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware.

Which of the following should the loT manufacture do if the private key is compromised?

98. A company is in the process of refreshing its entire infrastructure The company has a business-critical process running on an old 2008 Windows server If this server fails, the company would lose millions of dollars in revenue.

Which of the following actions should the company should take?

99. Which of the following are risks associated with vendor lock-in? (Choose two.)

100. The Chief Executive Officer of an online retailer notices a sudden drop in sales A security analyst at the retailer detects a redirection of unsecure web traffic to a competitor's site.

Which of the following would best prevent this type of attack?

101. An organization found a significant vulnerability associated with a commonly used package in a variety of operating systems. The organization develops a registry of software dependencies to facilitate incident response activities. As part of the registry, the organization creates hashes of packages that have been formally vetted.

Which of the following attack vectors does this registry address?

102. A threat hunting team receives a report about possible APT activity in the network.

Which of the following threat management frameworks should the team implement?

103. A penetration tester discovers a condition that causes unexpected behavior in a web application. This results in the dump of the interpreter's debugging information, which includes the interpreter's version, full path of binary files, and the user ID running the process.

Which of the following actions would best mitigate this risk?

104. Users are reporting intermittent access issues with a new cloud application that was recently added to the network. Upon investigation, the security administrator notices the human resources department is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application.

Which of the following MOST likely needs to be done to avoid this in the future?

105. An engineer has had scaling issues with a web application hosted on premises and would like to move to a serverless architecture.

Which of the following cloud benefits would be best to utilize for this project?

106. A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.

After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?

107. The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the ICS network.

A controller was restarted as part of the troubleshooting process, and the following issue was identified when the controller was restarted:





During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum.

Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique?

108. A developer is creating a new mobile application for a company. The application usesREST APIandTLS 1.2to communicate securely with the external back-end server. Due to this configuration, the company is concerned aboutHTTPS interception attacks.

Which of the following would be thebestsolution against this type of attack?

A. Cookies

B. Wildcard certificates

C. HSTS

D. Certificate pinning

109. PKI can be used to support security requirements in the change management process.

Which of the following capabilities does PKI provide for messages?

110. A security analyst is reviewing the following vulnerability assessment report:





Which of the following should be patched FIRST to minimize attacks against Internet-facing hosts?

111. Which of the following should an organization implement to prevent unauthorized API key sharing?

112. A municipal department receives telemetry data from a third-party provider The server collecting telemetry sits in the municipal departments screened network and accepts connections from the third party over HTTPS. The daemon has a code execution vulnerability from a lack of input sanitization of out-of-bound messages, and therefore, the cybersecurity engineers would like to Implement nsk mitigations.

Which of the following actions, if combined, would BEST prevent exploitation of this vulnerability? (Select TWO).

113. A company has retained the services of a consultant to perform a security assessment. As part of the assessment the consultant recommends engaging with others in the industry to collaborate in regards to emerging attacks.

Which of the following would best enable this activity?

114. A company is on a deadline to roll out an entire CRM platform to all users at one time. However, the company is behind schedule due to reliance on third-party vendors.

Which of the following development approaches will allow the company to begin releases but also continue testing and development for future releases?

115. A company has a website with a huge database. The company wants to ensure that a DR site could be brought online quickly in the event of a failover. and end users would miss no more than 30 minutes of data.

Which of the following should the company do to meet these objectives?

116. A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application.

Which of the following is the MOST likely cause?

117. A bank is working with a security architect to find the BEST solution to detect database management system compromises.

The solution should meet the following requirements:

♦ Work at the application layer

♦ Send alerts on attacks from both privileged and malicious users

♦ Have a very low false positive

Which of the following should the architect recommend?

118. A financial institution has several that currently employ the following controls:

* The severs follow a monthly patching cycle.

* All changes must go through a change management process.

* Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.

* The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.

An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour.

Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

119. Which of the following is record-level encryption commonly used to do?

120. An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party.

Which of the following would BEST accomplish this goal?

121. Which of the following testing plans is used to discuss disaster recovery scenarios with representatives from multiple departments within an incident response team but without taking any invasive actions?

122. A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field.

Which of the following should the security team recommend FIRST?

123. A business wants to migrate its workloads from an exclusively on-premises IT infrastructure to the cloud but cannot implement all the required controls.

Which of the following BEST describes the risk associated with this implementation?

124. A systems administrator is preparing to run avulnerability scanon a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produceaccurate information, especially regardingconfiguration settings.

Which of the following scan types will provide the systems administrator with themost accurate information?

A. A passive, credentialed scan

B. A passive, non-credentialed scan

C. An active, non-credentialed scan

D. An active, credentialed scan

125. A company has integrated source code from a subcontractor into its security product. The subcontractor is located in an adversarial country and has informed the company of a requirement to escrow the source code with the subcontractor’s government.

Which of the following is a potential security risk arising from this situation?

126. Signed applications reduce risks by:

127. An analyst reviews the following output collected during the execution of a web application security assessment:





Which of the following attacks would be most likely to succeed, given the output?

128. A user logged in to a web application. Later, a SOC analyst noticed the user logged in to systems after normal business hours. The end user confirms the log-ins after hours were unauthorized. Following an investigation, the SOC analyst determined that the web server was running an outdated version of OpenSSL. No other suspicious user log-ins were found.

Which of the following describes what happened and how to fix it?

129. A cyberanalyst has been tasked with recovering PDF files from a provided image file.

Which of the following is the best file-carving tool for PDF recovery?

130. Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application-level controls to the cloud

provider.

In the shared responsibility model, which of the following levels of service meets this requirement?

131. A cloud security architect has been tasked with selecting the appropriate solution given the following:

* The solution must allow the lowest RTO possible.

* The solution must have the least shared responsibility possible.

« Patching should be a responsibility of the CSP.

Which of the following solutions can BEST fulfill the requirements?

132. Which of the following BEST describes a common use case for homomorphic encryption?

A. Processing data on a server after decrypting in order to prevent unauthorized access in transit

B. Maintaining the confidentiality of data both at rest and in transit to and from a CSP for processing

C. Transmitting confidential data to a CSP for processing on a large number of resources without revealing information

D. Storing proprietary data across multiple nodes in a private cloud to prevent access by unauthenticated users

133. The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:

* Transaction being requested by unauthorized individuals.

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attackers using email to malware and ransomeware.

* Exfiltration of sensitive company information.

The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing.

Which of the following is the BEST option to resolve the boar’s concerns for this email migration?

134. A security researcher detonated some malware in a lab environment and identified the following commands running from the EDR tool:





With which of the following MITRE ATT&CK TTPs is the command associated? (Select TWO).

135. As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.

Which of the following BEST describes this kind of risk response?

136. Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution?

137. A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation’s.

Given the following output:





The penetration testers MOST likely took advantage of:

138. A company with only U S -based customers wants to allow developers from another country to work on the company's website However, the company plans to block normal internet traffic from the other country.

Which of the following strategies should the company use to accomplish this objective? (Select two).

139. An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect.

On iOS devices, however, the following error occurs after importing the .p12 certificate file:

mbedTLS: ca certificate undefined

Which of the following is the root cause of this issue?

140. An organization developed a containerized application. The organization wants to run the application in the cloud and automatically scale it based on demand. The security operations team would like to use container orchestration but does not want to assume patching responsibilities.

Which of the following service models best meets these requirements?

141. A security analyst is configuring an IPSec tunnel to use the strongest encryption currently available.

Which of the following algorithms should be deployed to provide the most secure initial key exchange?

142. A security analyst is reviewing a new IOC in which data is injected into an online process.

The IOC shows the data injection could happen in the following ways:

• Five numerical digits followed by a dash, followed by four numerical digits; or

• Five numerical digits

When one of these IOCs is identified, the online process stops working.

Which of the following regular expressions should be implemented in the NIPS?

143. A security analyst is participating in a risk assessment and is helping to calculate the exposure factor associated with various systems and processes within the organization.

Which of the following resources would be most useful to calculate the exposure factor in this scenario?

144. A security architect is improving a healthcare organization's security posture. Most of the software is cloud-based, but some old applications are still running on a server on-site. Medical devices using such applications require very low latency. The most important consideration isconfidentiality, followed byavailability, and thenintegrity.

Which of the following is thefirst stepthe security architect should implement to protect PII?

A. Move the application server to a network load balancing cluster.

B. Move the application to a CSP.

C. Enable encryption at rest on medical devices.

D. Install FIM on the application server.

145. A local university that has a global footprint is undertaking a complete overhaul of its website and associated systems.

Some of the requirements are:

• Handle an increase in customer demand of resources

• Provide quick and easy access to information

• Provide high-quality streaming media

• Create a user-friendly interface

Which of the following actions should be taken FIRST?

146. A security analyst is validating the MAC policy on a set of Android devices. The policy was written to ensure non-critical applications are unable to access certain resources.

When reviewing dmesg, the analyst notes many entries such as:

Despite the deny message, this action was still permit following is the MOST likely fix for this issue?

147. A company wants to improve the security of its web applications that are running on in-house servers.

A risk assessment has been performed and the following capabilities are desired:

• Terminate SSL connections at a central location

• Manage both authentication and authorization for incoming and outgoing web service calls

• Advertise the web service API

• Implement DLP and anti-malware features

Which of the following technologies will be the BEST option?

148. A security engineer is assessing a legacy server and needs to determine if FTP is running and on which port The service cannot be turned off, as it would impact a critical application's ability to function.

Which of the following commands would provide the information necessary to create a firewall rule to prevent that service from being exploited?

149. A regulated company is in the process of refreshing its entire infrastructure. The company has a business-critical process running on an old 2008 Windows server. If this server fails, the company would lose millions of dollars in revenue.

Which of the following actions should the company take?

150. A recent audit discovered that multiple employees had been using their badges to walk through the secured data center to get to the employee break room. Most of the employees were given access during a previous project, but the access was not removed in a timely manner when the project was complete.

Which of the following would reduce the likelihood of this scenario occurring again?

151. Based on a recent security audit, a company discovered the perimeter strategy is inadequate for its recent growth.

To address this issue, the company is looking for a solution that includes the following requirements:

• Collapse of multiple network security technologies into a single footprint

• Support for multiple VPNs with different security contexts

• Support for application layer security (Layer 7 of the OSI Model)

Which of the following technologies would be the most appropriate solution given these requirements?

152. A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

153. A senior security analyst is helping the development team improve the security of an application that is being developed. The developers use third-party libraries and applications. The software in development used old, third-party packages that were not replaced before market distribution.

Which of the following should be implemented into the SDLC to resolve the issue?

154. SIMULATION

You are a security analyst tasked with interpreting an Nmap scan output from company’s privileged network.

The company’s hardening guidelines indicate the following:

There should be one primary server or service per device.

Only default ports should be used.

Non-secure protocols should be disabled.



INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:

The IP address of the device

The primary server or service of the device (Note that each IP should by associated with one

service/port only)

The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

155. A technology company developed an in-house chat application that is used only by developers. An

open-source library within the application has been deprecated.

The facts below are provided:

• The cost of replacing this system is nominal.

• The system provides no revenue to the business.

• The system is not a critical part of the business.

Which of the following is the best risk mitigation strategy?

156. A systems administrator was given the following IOC to detect the presence of a malicious piece of software communicating with its command-and-control server: post /malicious.php

User-Agent: Malicious Tool V 1.0

Host: www.rcalicious.com

The IOC documentation suggests the URL is the only part that could change.

Which of the following regular expressions would allow the systems administrator to determine if any of the company hosts are compromised, while reducing false positives?

157. Which of the following is a security concern for DNP3?

158. The information security manager at a 24-hour manufacturing facility is reviewing a contract for potential risks to the organization. The contract pertains to the support of printers and multifunction devices during non-standard business hours.

Which of the following will the security manager most likely identify as a risk?

159. Users are reporting intermittent access issues with & new cloud application that was recently added to the network. Upon investigation, he scary administrator notices the human resources department Is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application.

Which of the following MOST likely needs to be done to avoid this in the future?

160. An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them.

Which of the following is the BEST design option to optimize security?

161. The Chief Information Security Officer is concerned about the possibility of employees downloading ‘malicious files from the internet and ‘opening them on corporate workstations.

Which of the following solutions would be BEST to reduce this risk?

162. A cyberanalyst for a government agency is concerned about how Pll is protected A supervisor indicates that a Privacy Impact Assessment must be done.

Which of the following describes a function of a Privacy Impact Assessment?

163. A company recently acquired a SaaS company and performed a gap analysis. The results of the gap analysis indicate security controls are absent throughout the SDLC and have led to several vulnerable production releases.

Which of the following security tools best reduces the risk of vulnerable code being pushed to production in the future?

164. Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.

Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?

165. All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools.

The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

Leaked to the media via printing of the documents

Sent to a personal email address

Accessed and viewed by systems administrators

Uploaded to a file storage site

Which of the following would mitigate the department’s concerns?

166. A company just released a new video card. Due to limited supply and nigh demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's Intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems.

Which of the following now describes the level of risk?

167. The Chief Information Security Officer of a large multinational organization has asked the security risk manager to use risk scenarios during a risk analysis.

Which of the following is the most likely reason for this approach?

168. A company with multiple locations has taken a cloud-only approach to its infrastructure The company does not have standard vendors or systems resulting in a mix of various solutions put in place by each location The Chief Information Security Officer wants to ensure that the internal security team has visibility into all platforms.

Which of the following best meets this objective?

169. A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process ‘memory location.

Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

170. An organization develops a social media application that is used by customers in multiple remote geographic locations around the world. The organization's headquarters and only data center are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:

Low latencyfor all mobile users to improve the users' experience

SSL offloadingto improve web server performance

Protection against DoS and DDoS attacks

High availability

Which of the following should the organization implement tobestensure all requirements are met?

A. A cache server farm in its data center

B. A load-balanced group of reverse proxy servers with SSL acceleration

C. A CDN with the origin set to its data center

D. Dual gigabit-speed internet connections with managed DDoS prevention

171. A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.

Which of the following is the NEXT step of the incident response plan?

172. A hospitality company experienced a data breach that included customer Pll. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service.

Which of the following is the BEST solution to help prevent this type of attack in the future?

173. A company’s employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling.

Which of the following is the MOST likely explanation? (Select TWO.)

174. An organization is designing a MAC scheme (or critical servers running GNU/Linux. The security engineer is investigating SELinux but is confused about how to read labeling contexts.

The engineer executes the command stat ./secretfile and receives the following output:





Which of the following describes the correct order of labels shown in the output above?

175. A company's Chief Information Officer wants to Implement IDS software onto the current system's architecture to provide an additional layer of security. The software must be able to monitor system activity, provide Information on attempted attacks, and provide analysis of malicious activities to determine the processes or users Involved.

Which of the following would provide this information?

176. The management team at a company with a large, aging server environment is conducting a server risk assessment in order to create a replacement strategy. The replacement strategy will be based upon the likelihood a server will fail, regardless of the criticality of the application running on a particular server.

Which of the following should be used to prioritize the server replacements?

177. The Chief Security Officer (CSO) requested the security team implement technical controls that meet the following requirements:

* Monitors traffic to and from both local NAS and cloud-based file repositories

* Prevents on-site staff who are accessing sensitive customer Pll documents on file repositories from accidentally or deliberately sharing sensitive documents on personal Saa$S solutions

* Uses document attributes to reduce false positives

* Is agentless and not installed on staff desktops or laptops

Which of the following when installed and configured would BEST meet the CSO's requirements? (Select TWO).

178. A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.

Which of the following technologies can the developer enable on the ARM architecture to prevent

this type of malware?

179. A company is decommissioning old servers and hard drives that contain sensitive data.

Which of the following best protects against data leakage?

180. An organization requires a contractual document that includes

• An overview of what is covered

• Goals and objectives

• Performance metrics for each party

• A review of how the agreement is managed by all parties

Which of the following BEST describes this type of contractual document?

181. An organization needs to classify its systems and data in accordance with external requirements.

Which of the following roles is best qualified to perform this task?

182. A cloud security architect has been tasked with finding a solution for hardening VMS.

The solution must meet the following requirements:

• Data needs to be stored outside of the VMS.

• No unauthorized modifications to the VMS are allowed

• If a change needs to be done, a new VM needs to be deployed.

Which of the following is the BEST solution?

183. An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime.

Which of the following should the analyst perform?

184. A security administrator at a global organization wants to update password complexity rules for a system containing personally identifiable information.

Which of the following would be the best resource for this information?