Massive Halloween Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

CAS-003 Questions and Answers

Question # 4

A company’s security policy states any remote connections must be validated using two forms of network-based authentication. It also states local administrative accounts should not be used for any remote access. PKI currently is not configured within the network. RSA tokens have been provided to all employees, as well as a mobile application that can be used for 2FA authentication. A new NGFW has been installed within the network to provide security for external connections, and the company has decided to use it for VPN connections as well. Which of the following should be configured? (Choose two.)

A.

Certificate-based authentication

B.

TACACS+

C.

802.1X

D.

RADIUS

E.

LDAP

F.

Local user database

Full Access
Question # 5

Ann, a retiring employee, cleaned out her desk. The next day, Ann’s manager notices company equipment that was supposed to remain at her desk is now missing.

Which of the following would reduce the risk of this occurring in the future?

A.

Regular auditing of the clean desk policy

B.

Employee awareness and training policies

C.

Proper employee separation procedures

D.

Implementation of an acceptable use policy

Full Access
Question # 6

A Chief Information Security Officer (CISO) of a large financial institution undergoing an IT transformation program wants to embed security across the business rapidly and across as many layers of the business as possible to achieve quick wins and reduce risk to the organization. Which of the following business areas should the CISO target FIRST to best meet the objective?

A.

Programmers and developers should be targeted to ensure secure coding practices, including automated code reviews with remediation processes, are implemented immediately.

B.

Human resources should be targeted to ensure all new employees undertake security awareness and compliance training to reduce the impact of phishing and ransomware attacks.

C.

The project management office should be targeted to ensure security is managed and included at all levels of the project management cycle for new and in-flight projects.

D.

Risk assurance teams should be targeted to help identify key business unit security risks that can be aggregated across the organization to produce a risk posture dashboard for executive management.

Full Access
Question # 7

A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a specific platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After the new vulnerability, it was determined that web services provided are being impacted by this new threat. Which of the following data types MOST likely at risk of exposure based on this new threat? (Select Two)

A.

Cardholder data

B.

Intellectual property

C.

Personal health information

D.

Employee records

E.

Corporate financial data

Full Access
Question # 8

A technician receives the following security alert from the firewall's automated system:

Match_Time: 10/10/16 16:20:43

Serial: 002301028176

Device_name: COMPSEC1

Type: CORRELATION

Scrusex: domain\samjones

Scr: 10.50.50.150

Object_name: beacon detection

Object_id: 6005

Category: compromised-host

Severity: medium

Evidence: host repeatedly visited a dynamic DNS domain (17 time)

After reviewing the alert, which of the following is the BEST analysis?

A.

the alert is a false positive because DNS is a normal network function.

B.

this alert indicates a user was attempting to bypass security measures using dynamic DNS.

C.

this alert was generated by the SIEM because the user attempted too many invalid login attempts.

D.

this alert indicates an endpoint may be infected and is potentially contacting a suspect host.

Full Access
Question # 9

As part of incident response, a technician is taking an image of a compromised system and copying the image to a remote image server (192.168.45.82). The system drive is very large but does not contain the sensitive data. The technician has limited time to complete this task. Which of the following is the BEST command for the technician to run?

A.

tar cvf - / | ssh 192.168.45.82 “cat - > /images/image.tar”

B.

dd if=/dev/mem | scp - 192.168.45.82:/images/image.dd

C.

memdump /dev/sda1 | nc 192.168.45.82 3000

D.

dd if=/dev/sda | nc 192.168.45.82 3000

Full Access
Question # 10

Following a recent outage a systems administrator is conducting a study to determine a suitable bench stock of server hard drives. Which of the following metrics is MOST valuable to the administrator in determining how many hard drives to keep on hand?

A.

TTR

B.

ALE

C.

MTBF

D.

SLE

E.

PRO

Full Access
Question # 11

A security engineer successfully exploits an application during a penetration test. As proof of the exploit, the security engineer takes screenshots of how data was compromised in the application. Given the information below from the screenshot.

Which of the following tools was MOST likely used to exploit the application?

A.

The engineer captured the data with a protocol analyzer, and then utilized Python to edit the data

B.

The engineer queried the server and edited the data using an HTTP proxy interceptor

C.

The engineer used a cross-site script sent via curl to edit the data

D.

The engineer captured the HTTP headers, and then replaced the JSON data with a banner-grabbing tool

Full Access
Question # 12

A core router was manipulated by a credentialed bypass to send all network traffic through a secondary router under the control of an unauthorized user connected to the network by WiFi.

Which of the following would BEST reduce the risk of this attack type occurring?

A.

Implement a strong, complex password policy for user accounts that have access to the core router.

B.

Deploy 802.1X as the NAC system for the WiFi infrastructure.

C.

Add additional port security settings for the switching environment connected to the core router.

D.

Allow access to the core router management interface only through an out-of-band channel.

Full Access
Question # 13

Joe, a penetration tester, is assessing the security of an application binary provided to him by his client. Which of the following methods would be the MOST effective in reaching this objective?

A.

Employ a fuzzing utility

B.

Use a static code analyzer

C.

Run the binary in an application sandbox

D.

Manually review the binary in a text editor

Full Access
Question # 14

A company wants to implement a cloud-based security solution that will sinkhole malicious DNS requests. The security administrator has implemented technical controls to direct DNS requests to the cloud servers but wants to extend the solution to all managed and unmanaged endpoints that may have user-defined DNS manual settings Which of the following should the security administrator implement to ensure the solution will protect all connected devices?

A) Implement firewall ACLs as follows

B) Implement NAT as follows:

C) Implement DHCP options as follows:

D) Implement policy routing as follows:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 15

Following a complete outage of the electronic medical record system for more than 18 hours, the hospital’s Chief Executive Officer (CEO) has requested that the Chief Information Security Officer (CISO) perform an investigation into the possibility of a disgruntled employee causing the outage maliciously. To begin the investigation, the CISO pulls all event logs and device configurations from the time of the outage. The CISO immediately notices the configuration of a top-of-rack switch from one day prior to the outage does not match the configuration that was in place at the time of the outage. However, none of the event logs show who changed the switch configuration, and seven people have the ability to change it. Because of this, the investigation is inconclusive.

Which of the following processes should be implemented to ensure this information is available for future investigations?

A.

Asset inventory management

B.

Incident response plan

C.

Test and evaluation

D.

Configuration and change management

Full Access
Question # 16

A security administrator is updating corporate policies to respond to an incident involving collusion between two systems administrators that went undetected for more than six months.

Which of the following policies would have MOST likely uncovered the collusion sooner? (Choose two.)

A.

Mandatory vacation

B.

Separation of duties

C.

Continuous monitoring

D.

Incident response

E.

Time-of-day restrictions

F.

Job rotation

Full Access
Question # 17

A security analyst for a bank received an anonymous tip on the external banking website showing the following:

Protocols supported

TLS 1.0

SSL 3

SSL 2

Cipher suites supported

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA-ECDH p256r1

TLS_DHE_RSA_WITH_AES_256_CBC_SHA-DH 1024bit

TLS_RSA_WITH_RC4_128_SHA

TLS_FALLBACK_SCSV non supported

POODLE

Weak PFS

OCSP stapling supported

Which of the following should the analyst use to reproduce these findings comprehensively?

A.

Query the OCSP responder and review revocation information for the user certificates.

B.

Review CA-supported ciphers and inspect the connection through an HTTP proxy.

C.

Perform a POODLE (SSLv3) attack using an exploitations framework and inspect the output.

D.

Inspect the server certificate and simulate SSL/TLS handshakes for enumeration.

Full Access
Question # 18

An external red team is brought into an organization to perform a penetration test of a new network-based application. The organization deploying the network application wants the red team to act like remote, external attackers, and instructs the team to use a black-box approach. Which of the following is the BEST methodology for the red team to follow?

A.

Run a protocol analyzer to determine what traffic is flowing in and out of the server, and look for ways to alter the data stream that will result in information leakage or a system failure.

B.

Send out spear-phishing emails against users who are known to have access to the network-based application, so the red team can go on-site with valid credentials and use the software.

C.

Examine the application using a port scanner, then run a vulnerability scanner against open ports looking for known, exploitable weaknesses the application and related services may have.

D.

Ask for more details regarding the engagement using social engineering tactics in an attempt to get the organization to disclose more information about the network application to make attacks easier.

Full Access
Question # 19

A security engineer is assessing the controls that are in place to secure the corporate-Internet-facing DNS server. The engineer notices that security ACLs exist but are not being used properly. The DNS server should respond to any source but only provide information about domains it has authority over. Additionally, the DNS administrator have identified some problematic IP addresses that should not be able to make DNS requests. Given the ACLs below:

Which of the following should the security administrator configure to meet the DNS security needs?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 20

A security analyst works for a defense contractor that produces classified research on drones. The contractor faces nearly constant attacks from sophisticated nation-state actors and other APIs.

Which of the following would help protect the confidentiality of the research data?

A.

Use diverse components in layers throughout the architecture

B.

Implement non-heterogeneous components at the network perimeter

C.

Purge all data remnants from client devices' volatile memory at regularly scheduled intervals

D.

Use only in-house developed applications that adhere to strict SDLC security requirements

Full Access
Question # 21

A security administrator is updating a company’s SCADA authentication system with a new application. To ensure interoperability between the legacy system and the new application, which of the following stakeholders should be involved in the configuration process before deployment? (Choose two.)

A.

Network engineer

B.

Service desk personnel

C.

Human resources administrator

D.

Incident response coordinator

E.

Facilities manager

F.

Compliance manager

Full Access
Question # 22

A malware infection spread to numerous workstations within the marketing department. The workstations were quarantined and replaced with machines. Which of the following represents a FINAL step in the prediction of the malware?

A.

The workstations should be isolated from the network.

B.

The workstations should be donated for refuse.

C.

The workstations should be reimaged

D.

The workstations should be patched and scanned.

Full Access
Question # 23

A Chief Information Security Officer (CISO) is creating a security committee involving multiple business units of the corporation.

Which of the following is the BEST justification to ensure collaboration across business units?

A.

A risk to one business unit is a risk avoided by all business units, and liberal BYOD policies create new and unexpected avenues for attackers to exploit enterprises.

B.

A single point of coordination is required to ensure cybersecurity issues are addressed in protected, compartmentalized groups.

C.

Without business unit collaboration, risks introduced by one unit that affect another unit may go without compensating controls.

D.

The CISO is uniquely positioned to control the flow of vulnerability information between business units.

Full Access
Question # 24

An analyst has noticed unusual activities in the SIEM to a .cn domain name. Which of the following should the analyst use to identify the content of the traffic?

A.

Log review

B.

Service discovery

C.

Packet capture

D.

DNS harvesting

Full Access
Question # 25

A vendor develops a mobile application for global customers. The mobile application supports advanced encryption of data between the source (the mobile device) and the destination (the organization’s ERP system).

As part of the vendor’s compliance program, which of the following would be important to take into account?

A.

Mobile tokenization

B.

Export controls

C.

Device containerization

D.

Privacy policies

Full Access
Question # 26

The Chief Information Security Officer (CISO) of a company that has highly sensitive corporate locations wants its security engineers to find a solution to growing concerns regarding mobile devices The CISO mandates the following requirements:

• The devices must be owned by the company for legal purposes.

• The device must be as fully functional as possible when off site.

• Corporate email must be maintained separately from personal email

• Employees must be able to install their own applications.

Which of the following will BEST meet the CISO's mandate? (Select TWO).

A.

Disable the device's camera

B.

Allow only corporate resources in a container.

C.

Use an MDM to wipe the devices remotely

D.

Block all sideloading of applications on devices

E.

Use geofencmg on certain applications

F.

Deploy phones in a BYOD model

Full Access
Question # 27

A cybersecurity analyst has received an alert that well-known "call home" messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the massages. After determining the alert was a true positive, which of the following represents OST likely cause?

A.

Attackers are running reconnaissance on company resources.

B.

An outside command and control system is attempting to reach an infected system.

C.

An insider trying to exfiltrate information to a remote network.

D.

Malware is running on a company system

Full Access
Question # 28

The Chief Executive Officer (CEO) of a fast-growing company no longer knows all the employees and is concerned about the company's intellectual property being stolen by an employee. Employees are allowed to work remotely with flexible hours, creating unpredictable schedules. Roles are poorly defined due to frequent shifting needs across the company. Which of the following new initiatives by the information security team would BEST secure the company and mitigate the CEO's concerns?

A.

Begin simulated phishing campaigns for employees and follow up with additional security awareness training.

B.

Seed company fileshares and servers with text documents containing fake passwords and then monitor for their use.

C.

Implement DLP to monitor data transfer between employee accounts and external parties and services

D.

Report data from a user-behavior monitoring tool and assign security analysts to review it daily

Full Access
Question # 29

A regional transportation and logistics company recently hired its first Chief Information Security Officer (CISO). The CISO’s first project after onboarding involved performing a vulnerability assessment against the company’s public facing network. The completed scan found a legacy collaboration platform application with a critically rated vulnerability. While discussing this issue with the line of business, the CISO learns the vulnerable application cannot be updated without the company incurring significant losses due to downtime or new software purchases.

Which of the following BEST addresses these concerns?

A.

The company should plan future maintenance windows such legacy application can be updated as needed.

B.

The CISO must accept the risk of the legacy application, as the cost of replacing the application greatly exceeds the risk to the company.

C.

The company should implement a WAF in front of the vulnerable application to filter out any traffic attempting to exploit the vulnerability.

D.

The company should build a parallel system and perform a cutover from the old application to the new application, with less downtime than an upgrade.

Full Access
Question # 30

A Chief Information Security Officer (CISO) is reviewing the results of a gap analysis with an outside cybersecurity consultant. The gap analysis reviewed all procedural and technical controls and found the following:

  • High-impact controls implemented: 6 out of 10
  • Medium-impact controls implemented: 409 out of 472
  • Low-impact controls implemented: 97 out of 1000

The report includes a cost-benefit analysis for each control gap. The analysis yielded the following information:

  • Average high-impact control implementation cost: $15,000; Probable ALE for each high-impact control gap: $95,000
  • Average medium-impact control implementation cost: $6,250; Probable ALE for each medium-impact control gap: $11,000

Due to the technical construction and configuration of the corporate enterprise, slightly more than 50% of the medium-impact controls will take two years to fully implement. Which of the following conclusions could the CISO draw from the analysis?

A.

Too much emphasis has been placed on eliminating low-risk vulnerabilities in the past

B.

The enterprise security team has focused exclusively on mitigating high-level risks

C.

Because of the significant ALE for each high-risk vulnerability, efforts should be focused on those controls

D.

The cybersecurity team has balanced residual risk for both high and medium controls

Full Access
Question # 31

A security engineer is designing a system in which offshore, outsourced staff can push code from the development environment to the production environment securely. The security engineer is concerned with data loss, while the business does not want to slow down its development process. Which of the following solutions BEST balances security requirements with business need?

A.

Set up a VDI environment that prevents copying and pasting to the local workstations of outsourced staff members

B.

Install a client-side VPN on the staff laptops and limit access to the development network

C.

Create an IPSec VPN tunnel from the development network to the office of the outsourced staff

D.

Use online collaboration tools to initiate workstation-sharing sessions with local staff who have access to the development network

Full Access
Question # 32

A medical facility wants to purchase mobile devices for doctors and nurses. To ensure accountability, each individual will be assigned a separate mobile device. Additionally, to protect patients’ health information, management has identified the following requirements:

  • Data must be encrypted at rest.
  • The device must be disabled if it leaves the facility.
  • The device must be disabled when tampered with.

Which of the following technologies would BEST support these requirements? (Select two.)

A.

eFuse

B.

NFC

C.

GPS

D.

Biometric

E.

USB 4.1

F.

MicroSD

Full Access
Question # 33

An organization is improving its web services to enable better customer engagement and self-service. The organization has a native mobile application and a rewards portal provided by a third party. The business wants to provide customers with the ability to log in once and have SSO between each of the applications. The integrity of the identity is important so it can be propagated through to back-end systems to maintain a consistent audit trail. Which of the following authentication and authorization types BEST meet the requirements? (Choose two.)

A.

SAML

B.

Social login

C.

OpenID connect

D.

XACML

E.

SPML

F.

OAuth

Full Access
Question # 34

As a result of an acquisition, a new development team is being integrated into the company. The development team has BYOD laptops with IDEs installed, build servers, and code repositories that utilize SaaS. To have the team up and running effectively, a separate Internet connection has been procured. A stand up has identified the following additional requirements:

1. Reuse of the existing network infrastructure

2. Acceptable use policies to be enforced

3. Protection of sensitive files

4. Access to the corporate applications

Which of the following solution components should be deployed to BEST meet the requirements? (Select three.)

A.

IPSec VPN

B.

HIDS

C.

Wireless controller

D.

Rights management

E.

SSL VPN

F.

NAC

G.

WAF

Full Access
Question # 35

A hospital’s security team recently determined its network was breached and patient data was accessed by an external entity. The Chief Information Security Officer (CISO) of the hospital approaches the executive management team with this information, reports the vulnerability that led to the breach has already been remediated, and explains the team is continuing to follow the appropriate incident response plan. The executive team is concerned about the hospital’s brand reputation and asks the CISO when the incident should be disclosed to the affected patients. Which of the following is the MOST appropriate response?

A.

When it is mandated by their legal and regulatory requirements

B.

As soon as possible in the interest of the patients

C.

As soon as the public relations department is ready to be interviewed

D.

When all steps related to the incident response plan are completed

E.

Upon the approval of the Chief Executive Officer (CEO) to release information to the public

Full Access
Question # 36

A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes. Which of the following controls would BEST mitigate the identified vulnerability?

A.

Issue digital certificates to all users, including owners of group mailboxes, and enable S/MIME

B.

Federate with an existing PKI provider, and reject all non-signed emails

C.

Implement two-factor email authentication, and require users to hash all email messages upon receipt

D.

Provide digital certificates to all systems, and eliminate the user group or shared mailboxes

Full Access
Question # 37

A legacy web application, which is being used by a hospital, cannot be upgraded for 12 months. A new vulnerability is found in the legacy application, and the networking team is tasked with mitigation. Middleware for mitigation will cost $100,000 per year. Which of the following must be calculated to determine ROI? (Choose two.)

A.

ALE

B.

RTO

C.

MTBF

D.

ARO

E.

RPO

Full Access
Question # 38

A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities. The analyst inspects the following portions of different configuration files:

Configuration file 1:

Operator ALL=/sbin/reboot

Configuration file 2:

Command=”/sbin/shutdown now”, no-x11-forwarding, no-pty, ssh-dss

Configuration file 3:

Operator:x:1000:1000::/home/operator:/bin/bash

Which of the following explains why an intended operator cannot perform the intended action?

A.

The sudoers file is locked down to an incorrect command

B.

SSH command shell restrictions are misconfigured

C.

The passwd file is misconfigured

D.

The SSH command is not allowing a pty session

Full Access
Question # 39

A security administrator is opening connectivity on a firewall between Organization A and Organization B Organization B just acquired Organization A. Which of the following risk mitigation strategies should the administrator implement to reduce the risk involved with this change?

A.

DLP on internal network nodes

B.

A network traffic analyzer for incoming traffic

C.

A proxy server to examine outgoing web traffic

D.

IPS/IDS monitoring on the new connection

Full Access
Question # 40

A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization’s vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to the organization. The CISO determines systems administrators need to participate in industry security events. Which of the following is the CISO looking to improve?

A.

Vendor diversification

B.

System hardening standards

C.

Bounty programs

D.

Threat awareness

E.

Vulnerability signatures

Full Access
Question # 41

An organization just merged with an organization in another legal jurisdiction and must improve its network security posture in ways that do not require additional resources to implement data isolation. One recommendation is to block communication between endpoint PCs. Which of the following would be the BEST solution?

A.

Installing HIDS

B.

Configuring a host-based firewall

C.

Configuring EDR

D.

Implementing network assess control

Full Access
Question # 42

An engineer needs to provide access to company resources for several offshore contractors. The contractors require:

  • Access to a number of applications, including internal websites
  • Access to database data and the ability to manipulate it
  • The ability to log into Linux and Windows servers remotely

Which of the following remote access technologies are the BEST choices to provide all of this access securely? (Choose two.)

A.

VTC

B.

VRRP

C.

VLAN

D.

VDI

E.

VPN

F.

Telnet

Full Access
Question # 43

A company has deployed MFA Some employees, however, report they ate not gelling a notification on their mobile device Other employees report they downloaded a common authenticates application but when they tap the code in the application it just copies the code to memory instead of confirming the authentication attempt Which of the following are the MOST likely explanations for these scenarios? (Select TWO)

A.

The company is using a claims-based authentication system for MFA

B.

These are symptoms of known compatibility issues with OAuth 1 0

C.

OpenID Connect requires at least one factor to be a biometric

D.

The company does not allow an SMS authentication method

E.

The WAYF method requires a third factor before the authentication process can complete

F.

A vendor-specific authenticator application is needed for push notifications

Full Access
Question # 44

Legal counsel has notified the information security manager of a legal matter that will require the preservation of electronic records for 2000 sales force employees. Source records will be email, PC, network shares, and applications.

After all restrictions have been lifted, which of the following should the information manager review?

A.

Data retention policy

B.

Legal hold

C.

Chain of custody

D.

Scope statement

Full Access
Question # 45

Two competing companies experienced similar attacks on their networks from various threat actors. To improve response times, the companies wish to share some threat intelligence about the sources and methods of attack.

Which of the following business documents would be BEST to document this engagement?

A.

Business partnership agreement

B.

Memorandum of understanding

C.

Service-level agreement

D.

Interconnection security agreement

Full Access
Question # 46

A company has gone through a round of phishing attacks. More than 200 users have had their workstation infected because they clicked on a link in an email. An incident analysis has determined an executable ran and compromised the administrator account on each workstation. Management is demanding the information security team prevent this from happening again. Which of the following would BEST prevent this from happening again?

A.

Antivirus

B.

Patch management

C.

Log monitoring

D.

Application whitelisting

E.

Awareness training

Full Access
Question # 47

An organization, which handles large volumes of PII, allows mobile devices that can process, store, and transmit PII and other sensitive data to be issued to employees. Security assessors can demonstrate recovery and decryption of remnant sensitive data from device storage after MDM issues a successful wipe command. Assuming availability of the controls, which of the following would BEST protect against the loss of sensitive data in the future?

A.

Implement a container that wraps PII data and stores keying material directly in the container’s encrypted application space.

B.

Use encryption keys for sensitive data stored in an eF use-backed memory space that is blown during remote wipe.

C.

Issue devices that employ a stronger algorithm for the authentication of sensitive data stored on them.

D.

Procure devices that remove the bootloader binaries upon receipt of an MDM-issued remote wipe command.

Full Access
Question # 48

A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior. The company must deploy a host solution to meet the following requirements:

  • Detect administrative actions
  • Block unwanted MD5 hashes
  • Provide alerts
  • Stop exfiltration of cardholder data

Which of the following solutions would BEST meet these requirements? (Choose two.)

A.

AV

B.

EDR

C.

HIDS

D.

DLP

E.

HIPS

F.

EFS

Full Access
Question # 49

Given the code snippet below:

Which of the following vulnerability types in the MOST concerning?

A.

Only short usernames are supported, which could result in brute forcing of credentials.

B.

Buffer overflow in the username parameter could lead to a memory corruption vulnerability.

C.

Hardcoded usernames with different code paths taken depend on which user is entered.

D.

Format string vulnerability is present for admin users but not for standard users.

Full Access
Question # 50

A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence. The firm’s systems are running modern operating systems and feature UEFI and TPMs. Which of the following technical options would provide the MOST preventive value?

A.

Update and deploy GPOs

B.

Configure and use measured boot

C.

Strengthen the password complexity requirements

D.

Update the antivirus software and definitions

Full Access
Question # 51

During a security event investigation, a junior analyst fails to create an image of a server’s hard drive before removing the drive and sending it to the forensics analyst. Later, the evidence from the analysis is not usable in the prosecution of the attackers due to the uncertainty of tampering. Which of the following should the junior analyst have followed?

A.

Continuity of operations

B.

Chain of custody

C.

Order of volatility

D.

Data recovery

Full Access
Question # 52

A threat advisory alert was just emailed to the IT security staff. The alert references specific types of host operating systems that can allow an unauthorized person to access files on a system remotely. A fix was recently published, but it requires a recent endpoint protection engine to be installed prior to running the fix.

Which of the following MOST likely need to be configured to ensure the system are mitigated accordingly? (Select two.)

A.

Antivirus

B.

HIPS

C.

Application whitelisting

D.

Patch management

E.

Group policy implementation

F.

Firmware updates

Full Access
Question # 53

After the departure of a developer under unpleasant circumstances, the company is concerned about the security of the software to which the developer has access. Which of the following is the BEST way to ensure security of the code following the incident?

A.

Hire an external red tem to conduct black box testing

B.

Conduct a peer review and cross reference the SRTM

C.

Perform white-box testing on all impacted finished products

D.

Perform regression testing and search for suspicious code

Full Access
Question # 54

A Chief Security Officer (CSO) is reviewing the organization’s incident response report from a recent incident. The details of the event indicate:

  • A user received a phishing email that appeared to be a report from the organization’s CRM tool.
  • The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool.
  • The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials.
  • Several weeks later, the user reported anomalous activity within the CRM tool.
  • Following an investigation, it was determined the account was compromised and an attacker in another country has gained access to the CRM tool.
  • Following identification of corrupted data and successful recovery from the incident, a lessons learned activity was to be led by the CSO.

Which of the following would MOST likely have allowed the user to more quickly identify the unauthorized use of credentials by the attacker?

A.

Security awareness training

B.

Last login verification

C.

Log correlation

D.

Time-of-check controls

E.

Time-of-use controls

F.

WAYF-based authentication

Full Access
Question # 55

The Chief Information Security Officer (CISO) of an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local authorities, and when they arrive on-site, the authorities ask a security engineer to create a point-in-time copy of the running database in their presence. This is an example of:

A.

creating a forensic image

B.

deploying fraud monitoring

C.

following a chain of custody

D.

analyzing the order of volatility

Full Access
Question # 56

An information security manager conducted a gap analysis, which revealed a 75% implementation of security controls for high-risk vulnerabilities, 90% for medium vulnerabilities, and 10% for low-risk vulnerabilities. To create a road map to close the identified gaps, the assurance team reviewed the likelihood of exploitation of each vulnerability and the business impact of each associated control. To determine which controls to implement, which of the following is the MOST important to consider?

A.

KPI

B.

KRI

C.

GRC

D.

BIA

Full Access
Question # 57

Users have been reporting unusual automated phone calls, including names and phone numbers, that appear to come from devices internal to the company. Which of the following should the systems administrator do to BEST address this problem?

A.

Add an ACL to the firewall to block VoIP.

B.

Change the settings on the phone system to use SIP-TLS.

C.

Have the phones download new configurations over TFTP.

D.

Enable QoS configuration on the phone VLAN.

Full Access
Question # 58

A company monitors the performance of all web servers using WMI. A network administrator informs the security engineer that web servers hosting the company’s client-facing portal are running slowly today. After some investigation, the security engineer notices a large number of attempts at enumerating host information via SNMP from multiple IP addresses.

Which of the following would be the BEST technique for the security engineer to employ in an attempt to prevent reconnaissance activity?

A.

Install a HIPS on the web servers

B.

Disable inbound traffic from offending sources

C.

Disable SNMP on the web servers

D.

Install anti-DDoS protection in the DMZ

Full Access
Question # 59

A financial services company has proprietary trading algorithms, which were created and are maintained by a team of developers on their private source code repository. If the details of this operation became known to competitors, the company's ability to profit from its trading would disappear immediately. Which of the following would the company MOST likely use to protect its trading algorithms?

A.

Single-tenancy cloud

B.

Managed security service providers

C.

Virtual desktop infrastructure

D.

Cloud security broker

Full Access
Question # 60

A security analyst is attempting to identify code that is vulnerable to butler and integer overflow attacks. Which of the following code snippets is safe from these types of attacks?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 61

While traveling to another state, the Chief Financial (CFO) forgot to submit payroll for the company. The CFO quickly gained to the corporate through the high-speed wireless network provided by the hotel and completed the desk. Upon returning from the business trip, the CFO was told no one received their weekly pay due to a malware on attack on the system. Which of the following is the MOST likely of the security breach?

A.

The security manager did not enforce automate VPN connection.

B.

The company’s server did not have endpoint security enabled.

C.

The hotel and did require a wireless password to authenticate.

D.

The laptop did not have the host-based firewall properly configured.

Full Access
Question # 62

A company wants to configure its wireless network to require username and password authentication. Which of the following should the system administrator implement?

A.

WPS

B.

PEAP

C.

TKIP

D.

PKI

Full Access
Question # 63

Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company’s final software releases? (Choose two.)

A.

Unsecure protocols

B.

Use of penetration-testing utilities

C.

Weak passwords

D.

Included third-party libraries

E.

Vendors/supply chain

F.

Outdated anti-malware software

Full Access
Question # 64

A company is in the process of re-architecting its sensitive system infrastructure to take advantage of on-demand computing through a public cloud provider The system to be migrated is sensitive with respect to latency availability, and integrity The infrastructure team agreed to the following

• Application and middleware servers will migrate to the cloud " Database servers will remain on-site

• Data backup wilt be stored in the cloud

Which of the following solutions would ensure system and security requirements are met?

A.

Implement a direct connection from the company to the cloud provider

B.

Use a cloud orchestration tool and implement appropriate change control processes

C.

Implement a standby database on the cloud using a CASB for data-at-rest security

D.

Use multizone geographic distribution with satellite relays

Full Access
Question # 65

A security engineer is making certain URLs from an internal application available on the Internet The development team requires the following

• The URLs are accessible only from internal IP addresses

• Certain countries are restricted

• TLS is implemented.

• System users transparently access internal application services in a round robin to maximize performance

Which of the following should the security engineer deploy7

A.

DNS to direct traffic and a WAF with only the specific external URLs configured

B.

A load balancer with GeolP restrictions and least-load-sensing traffic distribution

C.

An application-aware firewall with geofencing and certificate services using DNS for traffic direction

D.

A load balancer with IP ACL restrictions and a commercially available PKI certificate

Full Access
Question # 66

Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?

A.

Traffic interceptor log analysis

B.

Log reduction and visualization tools

C.

Proof of work analysis

D.

Ledger analysis software

Full Access
Question # 67

A cloud architect needs to isolate the most sensitive portion of the network while maintaining hosting in a public cloud Which of the following configurations can be employed to support this effort?

A.

Create a single-tenancy security group in the public cloud that hosts only similar types of servers

B.

Privatize the cloud by implementing an on-premises instance.

C.

Create a hybrid cloud with an on-premises instance for the most sensitive server types.

D.

Sandbox the servers with the public cloud by server type

Full Access
Question # 68

The information security manager of an e-commerce company receives an alert over the weekend that all the servers in a datacenter have gone offline Upon discussing this situation with the facilities manager, the information security manager learns there was planned electrical maintenance. The information security manager is upset at not being part of the maintenance planning, as this could have resulted in a loss of:

A.

data confidentiality.

B.

data security.

C.

PCI compliance

D.

business availability.

Full Access
Question # 69

A company is deploying a DIP solution and scanning workstations and network drives for documents that contain potential Pll and payment card data. The results of the first scan are as follows:

The security learn is unable to identify the data owners for the specific files in a timely manner and does not suspect malicious activity with any of the detected files. Which of the following would address the inherent risk until the data owners can be formally identified?

A.

Move the files from the marketing share to a secured drive.

B.

Search the metadata for each file to locate the file's creator and transfer the files to the personal drive of the listed creator.

C.

Configure the DLP tool to delete the files on the shared drives

D.

Remove the access for the internal audit group from the accounts payable and payroll shares

Full Access
Question # 70

The Chief Executive Officer (CEO) of a company has considered implementing a cost-saving measure that

might result in new risk to the company. When deciding whether to implement this measure, which of the

following would be the BEST course of action to manage the organization’s risk?

A.

Present the detailed risk resulting from the change to the company’s board of directors

B.

Pilot new mitigations that cost less than the total amount saved by the change

C.

Modify policies and standards to discourage future changes that increase risk

D.

Capture the risk in a prioritized register that is shared routinely with the CEO

Full Access
Question # 71

Which of the following BEST sets expectation between the security team and business units within an organization?

A.

Risk assessment

B.

Memorandum of understanding

C.

Business impact analysis

D.

Business partnership agreement

E.

Services level agreement

Full Access
Question # 72

A security administrator wants to implement an MDM solution to secure access to company email and files in a BYOD environment. The solution must support the following requirements:

* Company administrators should not have access to employees' personal information.

* A rooted or jailbroken device should not have access to company sensitive information.

Which of the following BEST addresses the associated risks?

A.

Code signing

B.

VPN

C.

FDE

D.

Containerization

Full Access
Question # 73

A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form? (Select TWO.)

A.

Text editor

B.

OOXML editor

C.

Event Viewer

D.

XML style sheet

E.

SCAP tool

F.

Debugging utility

Full Access
Question # 74

A company recently experienced a period of rapid growth, and it now needs to move to a more scalable cloud-based solution Historically. salespeople have maintained separate systems for information on competing customers to prevent the inadvertent disclosure of one customer's information to another customer Which of the following would be the BEST method to provide secure data separation?

A.

Use a CRM tool to separate data stores

B.

Migrate to a single-tenancy cloud infrastructure

C.

Employ network segmentation to provide isolation among salespeople

D.

Implement an open-source public cloud CRM

Full Access
Question # 75

A hospital is deploying new imaging softwares that requires a web server for access to image for both local and remote users. The web server allows user authentication via secure LDAP. The information security officer wants to ensure the server does not allow unencrypted access to the imaging server by using Nmap to gather additional information. Given the following.

* The imaging server IP is 192.168.101.24

* The domain controller IP is 192.168.100.1

* The client machine IP is 192.168.200.37

Which of the following should be used to confirm this is the only open post on the web server?

A.

nmap "p 80,443 192.168.101.24

B.

nmap "p 80,443,389,636 192.168.100.1

C.

nmap "p 80,389 192.168.200.37

D.

nmap "p" 192.168.101.24

Full Access
Question # 76

During the migration of a company’s human resources application to a PaaS provider, the Chief Privacy Officer (CPO) expresses concern the vendor’s staff may be able to access data within the migrating applications. The application stack includes a multitier architecture and uses commercially available, vendor-supported software packages. Which of the following BEST addresses the CPO’s concerns?

A.

Execute non-disclosure agreements and background checks on vendor staff.

B.

Ensure the platform vendor implement date-at-rest encryption on its storage.

C.

Enable MFA to the vendor’s tier of the architecture.

D.

Impalement a CASB that tokenizes company data in transit to the migrated applications.

Full Access
Question # 77

Following the merger of two large companies the newly combined security team is overwhelmed by the volume of logs flowing from the IT systems The company's data retention schedule complicates the issue by requiring detailed logs to be collected and available for months. Which of the following designs BEST meets the company's security and retention requirement?

A.

Forward logs to both a SlEM and a cheaper longer-term storage and then delete logs from the SlEM after 14 days

B.

Reduce the log volume by disabling logging of routine maintenance activities or failed authentication attempts

C.

Send logs to a SlEM that correlates security data and store only the alerts and relevant data arising from that system.

D.

Maintain both companies' logging and SlEM solutions separately but merge the resulting alerts and reports.

Full Access
Question # 78

A secure facility has a server room that currently is controlled by a simple lock and key. and several administrators have copies of the key. To maintain regulatory compliance, a second lock, which is controlled by an application on the administrators' smartphones, is purchased and installed. The application has various authentication methods that can be used. The criteria for choosing the most appropriate method are:

• It cannot be invasive to the end user

• It must be utilized as a second factor.

• Information sharing must be avoided

• It must have a low false acceptance rate

Which of the following BEST meets the criteria?

A.

Facial recognition

B.

Swipe pattern

C.

Fingerprint scanning

D.

Complex passcode

E.

Token card

Full Access
Question # 79

A new employee is plugged into the network on a BYOD machine but cannot access the network Which of the following must be configured so the employee can connect to the network?

A.

Port security

B.

Firewall

C.

Remote access

D.

VPN

Full Access
Question # 80

An e-commerce company that provides payment gateways is concerned about the growing expense and time associated with PCI audits of its payment gateways and external audits by customers for their own compliance reasons The Chief Information Officer (CIO) asks the security team to provide a list of options that will:

1. Reduce the overall cost of these audits

2. Leverage existing infrastructure where possible

3. Keep infrastructure costs to a minimum

4. Provide some level of attestation of compliance

Which of the following will BEST address the CIO"s concerns? (Select TWO)

A.

Invest in new UBA to detect report, and remediate attacks faster

B.

Segment the network to reduce and limit the audit scope

C.

Undertake ISO certification for all core infrastructure including datacenters.

D.

Implement a GRC system to track and monitor controls

E.

Implement DLP controls on HTTP'HTTPS and email

F.

Install EDR agents on all corporate endpoints

Full Access
Question # 81

The email administrator must reduce the number of phishing emails by utilizing more appropriate security controls The following configurations already are in place

• Keyword Mocking based on word lists

• URL rewriting and protection

• Stopping executable files from messages

Which of the following is the BEST configuration change for the administrator to make?

A.

Configure more robust word lists for blocking suspicious emails

B.

Configure appropriate regular expression rules per suspicious email received

C.

Configure Bayesian filtering to block suspicious inbound email

D.

Configure the mail gateway to strip any attachments

Full Access
Question # 82

Which of the following may indicate a configuration item has reached end-of-life?

A.

The device will no longer turn on and indicated an error.

B.

The vendor has not published security patches recently.

C.

The object has been removed from the Active Directory.

D.

Logs show a performance degradation of the component.

Full Access
Question # 83

A security administrator is performing an audit of a local network used by company guests and executes a series of commands that generates the following output:

Which of the following actions should the security administrator take to BEST mitigate the issue that transpires from the above information?

A.

Implement switchport security

B.

Implement 802 1X

C.

Enforce static ARP mappings using GPO

D.

Enable unicast RPF

Full Access
Question # 84

A developer needs to provide feedback on a peer’s work during the SDLC. While reviewing the code changes, the developers session ID tokens for a web application will be transmitted over an unsecure connection. Which of the following code snippets should the developer recommend implement to correct the vulnerability?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 85

Which of the following risks does expanding business into a foreign country carry?

A.

Data sovereignty laws could result in unexpected liability

B.

Export controls might decrease software costs

C.

Data ownership might revert to the regulatory entities in the new country

D.

Some security tools might be monitored by legal authorities

Full Access
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 27 Oct 2021