Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

CAS-003 Questions and Answers

Question # 4

A security program was allocated S2 million in funding far tie year. The cybersecurity team identified the following potential projects to deliver:

Which of the following solutions should the cybersecurity team prioritize to contain the BEST risk reduction within the allocated budget?

A.

1. Insider threat UEBA

2. APT threat hunting

3. Blockchain decentralized identity

B.

1 Bu.WSOC20

2 Insider threat UEBA

3. ML Ai security analytics data lake

C.

1 ML/AJ security analytics data lake

2 Blockchain decentralized identity

3 Build SOC 2 0

D.

1. Blockchain decentralized identity

2 Build SOC 20

3 Insider threat UEBA

Full Access
Question # 5

A product development team has submitted code snippets for review prior to release.

INSTRUCTIONS -

Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Full Access
Question # 6

A security analyst discovers what is believed to be evidence of a compromise due to a watering-note attack After an initial review of the incident the analyst notes there is ongoing web traffic to the same site. Which of the Mowing command-line tools would BEST allow the incident to be investigated?

A.

nc

B.

dd

C.

netatat

D.

tcpdump

Full Access
Question # 7

A company is planning to undergo a P2V project to improve resource utilisation redundancy, and failover across its two datacenters A consultant has provided a private cloud design that uses a specific Type 1 hypervisor based on Linux. The security manager is concerned about the integrity of the hypervisor Which of the following should the consultant suggest to address the security manager's concerns?

A.

Implementing remote attestation

B.

Enabling the vTPM

C.

Using a secure enclave

D.

Transition to a Type 2 hypervisor configuration

Full Access
Question # 8

Historical information shows that a small aerospace R&D company has a lack of user security awareness and is susceptible to nation-state social-engineering attacks and zero-day exploits. A network engineer advises the Chief Information Security Officer (CISO) to invest m a next-generation firewall to guard against incoming traffic and allow for the development of ACLs for new sessions Which of the following is the FIRST course of action for the CISO to take?

A.

Conduct a vulnerability scan

B.

Develop a threat model

C.

Purchase the firewall as suggested

D.

Place the public-facing website in the DMZ

Full Access
Question # 9

A company protects privileged accounts by using hardware keys as a second factor. A security engineer receives an error while attempting to authenticate with a hardware key for the first time. The engineer confirms the credentials are valid by logging Into a system while MFA is disabled. Which of the following is the MOST likely reason the login is failing?

A.

The code is not being entered in a timely manner.

B.

The one-time password must be entered in the password field.

C.

The security engineer entered the wrong password.

D.

The hardware key must be registered with the application.

Full Access
Question # 10

A facilities manager requests approval to deploy a new key management system that integrates with logical network access controls to provide conditional access. The security analyst who is assessing the risk has no experience which the category of products. Which of the following is the FIRST step the analyst should take to begin the research?

A.

Seek documented industry best practices

B.

Review the preferred vendor's white papers

C.

Compare the product function to relevant RFCs

D.

Execute a non-disclosure agreement with the vendor

Full Access
Question # 11

A system integrator wants to assess the security of the application binaries delivered by its subcontracted vendors. The vendors do not deliver source code as a part of their contract Which of the Mowing techniques can the integrator use to accomplish the objective? (Select TWO)

A.

Regression test

B.

Logic flow analysis

C.

Code signature validation

D.

Fuzziest

E.

Disassemble/decompile

F.

Static code analysis tool

Full Access
Question # 12

A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online. Which of the following be the FIRST step taken by the team?

A.

Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.

B.

Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

C.

Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.

D.

Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.

Full Access
Question # 13

A security team wants to keep up with emerging threats more efficiently by automating NIDS signature development and deployment Which of the following approaches, would BEST support this objective?

A.

Use open-source intelligence sources to gather current information on adversary networks/systems

B.

Subscribe to a commercial service provider that publishes IOCs

C.

Monitor cyberthreat newsgroups and translate articles into IDSIPS rulesets

D.

Configure NIDS to operate inline and use a DNS whitelist

Full Access
Question # 14

An administrative control that is put in place to ensure one person cannot carry out a critical task independently is:

A.

separation of duties

B.

job rotation

C.

mandatory vacation

D.

least privilege

Full Access
Question # 15

An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

A.

Password cracker

B.

Port scanner

C.

Account enumerator

D.

Exploitation framework

Full Access
Question # 16

While the code is still in the development environment, a security architect is testing the code stored in the code repository to ensure the top ten OWASP secure coding practices are being followed. Which of the following code analyzers will produce the desired results?

A.

Static

B.

Dynamic

C.

Fuzzer

D.

Peer review

Full Access
Question # 17

An analyst needs to obtain information about an organization as part of the initial phase of a black-box penetration test Much of the following can the analyst use to gain intelligence without connecting to the target? (Select TWO)

A.

Traceroute

B.

Fingerprinting

C.

Vulnerability scanning

D.

Banner grabbing

E.

Email harvesting

F.

Whois search

Full Access
Question # 18

A security consultant was hired to audit a company’s password are account policy. The company implements the following controls:

Minimum password length: 16

Maximum password age: 0

Minimum password age: 0

Password complexity: disabled

Store passwords in plain text: disabled

Failed attempts lockout: 3

Lockout timeout: 1 hour

The password database uses salted hashes and PBKDF2. Which of the following is MOST likely to yield the greatest number of plain text passwords in the shortest amount of time?

A.

Offline hybrid dictionary attack

B.

Offline brute-force attack

C.

Online hybrid dictionary password spraying attack

D.

Rainbow table attack

E.

Online brute-force attack

F.

Pass-the-hash attack

Full Access
Question # 19

An organization designs and develops safety-critical embedded firmware (inclusive of embedded OS and services) for the automotive industry. The organization has taken great care to exercise secure software development practices for the firmware Of paramount importance is the ability to defeat attacks aimed at replacing or corrupting running firmware once the vehicle leaves production and is in the field Integrating, which of the following host and OS controls would BEST protect against this threat?

A.

Configure the host to require measured boot with attestation using platform configuration registers extended through the OS and into application space.

B.

Implement out-of-band monitoring to analyze the state of running memory and persistent storage and, in a failure mode, signal a check-engine light condition for the operator.

C.

Perform reverse engineering of the hardware to assess for any implanted logic or other supply chain integrity violations

D.

Ensure the firmware includes anti-malware services that will monitor and respond to any introduction of malicious logic.

E.

Require software engineers to adhere to a coding standard, leverage static and dynamic analysis within the development environment, and perform exhaustive state space analysis before deployment

Full Access
Question # 20

A school contracts with a vendor to devise a solution that will enable the school library to lend out tablet computers to students while on site. The tablets must adhere to string security and privacy practices. The school’s key requirements are to:

  • Maintain privacy of students in case of loss
  • Have a theft detection control in place
  • Be compliant with defined disability requirements
  • Have a four-hour minimum battery life

Which of the following should be configured to BEST meet the requirements? (Choose two.)

A.

Remote wiping

B.

Geofencing

C.

Antivirus software

D.

TPM

E.

FDE

F.

Tokenization

Full Access
Question # 21

An organization is deploying IoT locks, sensors, and cameras, which operate over 802.11, to replace legacy building access control systems. These devices are capable of triggering physical access changes, including locking and unlocking doors and gates. Unfortunately, the devices have known vulnerabilities for which the vendor has yet to provide firmware updates.

Which of the following would BEST mitigate this risk?

A.

Direct wire the IoT devices into physical switches and place them on an exclusive VLAN.

B.

Require sensors to sign all transmitted unlock control messages digitally.

C.

Associate the devices with an isolated wireless network configured for WPA2 and EAP-TLS.

D.

Implement an out-of-band monitoring solution to detect message injections and attempts.

Full Access
Question # 22

A manufacturing company's security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently proposed some techniques to reduce the attack surface of the ICS to the Chief Information Security Officer (CISO). Which of the following would BEST track the reductions to show the CISO the engineer's plan is successful during each phase?

A.

Conducting tabletop exercises to evaluate system risk

B.

Contracting a third-party auditor after the project is finished

C.

Performing pre- and post-implementation penetration tests

D.

Running frequent vulnerability scans during the project

Full Access
Question # 23

A security analyst works for a defense contractor that produces classified research on drones. The contractor faces nearly constant attacks from sophisticated nation-state actors and other APIs.

Which of the following would help protect the confidentiality of the research data?

A.

Use diverse components in layers throughout the architecture

B.

Implement non-heterogeneous components at the network perimeter

C.

Purge all data remnants from client devices' volatile memory at regularly scheduled intervals

D.

Use only in-house developed applications that adhere to strict SDLC security requirements

Full Access
Question # 24

A university’s help desk is receiving reports that Internet access on campus is not functioning. The network administrator looks at the management tools and sees the 1Gbps Internet is completely saturated with ingress traffic. The administrator sees the following output on the Internet router:

The administrator calls the university’s ISP for assistance, but it takes more than four hours to speak to a network engineer who can resolve the problem. Based on the information above, which of the following should the ISP engineer do to resolve the issue?

A.

The ISP engineer should null route traffic to the web server immediately to restore Internet connectivity. The university should implement a remotely triggered black hole with the ISP to resolve this more quickly in the future.

B.

A university web server is under increased load during enrollment. The ISP engineer should immediately increase bandwidth to 2Gbps to restore Internet connectivity. In the future, the university should pay for more bandwidth to handle spikes in web server traffic.

C.

The ISP engineer should immediately begin blocking IP addresses that are attacking the web server to restore Internet connectivity. In the future, the university should install a WAF to prevent this attack from happening again.

D.

The ISP engineer should begin refusing network connections to the web server immediately to restore Internet connectivity on campus. The university should purchase an IPS device to stop DDoS attacks in the future.

Full Access
Question # 25

A security analyst is classifying data based on input from data owners and other stakeholders. The analyst has identified three data types:

  • Financially sensitive data
  • Project data
  • Sensitive project data

The analyst proposes that the data be protected in two major groups, with further access control separating the financially sensitive data from the sensitive project data. The normal project data will be stored in a separate, less secure location. Some stakeholders are concerned about the recommended approach and insist that commingling data from different sensitive projects would leave them vulnerable to industrial espionage.

Which of the following is the BEST course of action for the analyst to recommend?

A.

Conduct a quantitative evaluation of the risks associated with commingling the data and reject or accept the concerns raised by the stakeholders.

B.

Meet with the affected stakeholders and determine which security controls would be sufficient to address the newly raised risks.

C.

Use qualitative methods to determine aggregate risk scores for each project and use the derived scores to more finely segregate the data.

D.

Increase the number of available data storage devices to provide enough capacity for physical separation of non-sensitive project data.

Full Access
Question # 26

An organization is moving internal core data-processing functions related to customer data to a global public cloud provider that uses aggregated services from other partner organizations. Which of the following compliance issues will MOST likely be introduced as a result of the migration?

A.

Internal data integrity standards and outsourcing contracts and partnerships

B.

Data ownership, internal data classification, and risk profiling of outsourcers

C.

Company audit functions, cross-boarding jurisdictional challenges, and export controls

D.

Data privacy regulations, data sovereignty, and third-party providers

Full Access
Question # 27

An investigation showed a worm was introduced from an engineer’s laptop. It was determined the company does not provide engineers with company-owned laptops, which would be subject to a company policy and technical controls. Which of the following would be the MOST secure control implement?

A.

Deploy HIDS on all engineer-provided laptops, and put a new router in the management network.

B.

Implement role-based group policies on the management network for client access.

C.

Utilize a jump box that is only allowed to connect to client from the management network.

D.

Deploy a company-wide approved engineering workstation for management access.

Full Access
Question # 28

A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After invest the new vulnerability, it was determined that the web services providing are being impacted by this new threat. Which of the following data types a MOST likely at risk of exposure based on this new threat? (Select TWO)

A.

Cardholder data

B.

intellectual property

C.

Personal health information

D.

Employee records

E.

Corporate financial data

Full Access
Question # 29

After an employee was terminated, the company discovered the employee still had access to emails and attached content that should have been destroyed during the off-boarding. The employee’s laptop and cell phone were confiscated and accounts were disabled promptly. Forensic investigation suggests the company’s DLP was effective, and the content in question was not sent outside of work or transferred to removable media. Personality owned devices are not permitted to access company systems or information.

Which of the following would be the MOST efficient control to prevent this from occurring in the future?

A.

Install application whitelist on mobile devices.

B.

Disallow side loading of applications on mobile devices.

C.

Restrict access to company systems to expected times of day and geographic locations.

D.

Prevent backup of mobile devices to personally owned computers.

E.

Perform unannounced insider threat testing on high-risk employees.

Full Access
Question # 30

A security administrator is updating corporate policies to respond to an incident involving collusion between two systems administrators that went undetected for more than six months.

Which of the following policies would have MOST likely uncovered the collusion sooner? (Choose two.)

A.

Mandatory vacation

B.

Separation of duties

C.

Continuous monitoring

D.

Incident response

E.

Time-of-day restrictions

F.

Job rotation

Full Access
Question # 31

Staff members are reporting an unusual number of device thefts associated with time out of the office. Thefts increased soon after the company deployed a new social networking app. Which of the following should the Chief Information Security Officer (CISO) recommend implementing?

A.

Automatic location check-ins

B.

Geolocated presence privacy

C.

Integrity controls

D.

NAC checks to quarantine devices

Full Access
Question # 32

A security engineer successfully exploits an application during a penetration test. As proof of the exploit, the security engineer takes screenshots of how data was compromised in the application. Given the information below from the screenshot.

Which of the following tools was MOST likely used to exploit the application?

A.

The engineer captured the data with a protocol analyzer, and then utilized Python to edit the data

B.

The engineer queried the server and edited the data using an HTTP proxy interceptor

C.

The engineer used a cross-site script sent via curl to edit the data

D.

The engineer captured the HTTP headers, and then replaced the JSON data with a banner-grabbing tool

Full Access
Question # 33

A cybersecurity analyst has received an alert that well-known "call home" messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the massages. After determining the alert was a true positive, which of the following represents OST likely cause?

A.

Attackers are running reconnaissance on company resources.

B.

An outside command and control system is attempting to reach an infected system.

C.

An insider trying to exfiltrate information to a remote network.

D.

Malware is running on a company system

Full Access
Question # 34

A request has been approved for a vendor to access a new internal server using only HTTPS and SSH to manage the back-end system for the portal. Internal users just need HTTP and HTTPS access to all internal web servers. All other external access to the new server and its subnet is not allowed. The security manager must ensure proper access is configured.

Below is a snippet from the firewall related to that server (access is provided in a top-down model):

Which of the following lines should be configured to allow the proper access? (Choose two.)

A.

Move line 3 below line 4 and change port 80 to 443 on line 4.

B.

Move line 3 below line 4 and add port 443 to line.

C.

Move line 4 below line 5 and add port 80 to 8080 on line 2.

D.

Add port 22 to line 2.

E.

Add port 22 to line 5.

F.

Add port 443 to line 2.

G.

Add port 443 to line 5.

Full Access
Question # 35

A project manager is working with a software development group to collect and evaluate user scenarios related to the organization’s internally designed data analytics tool. While reviewing stakeholder input, the project manager would like to formally document the needs of the various stakeholders and the associated organizational compliance objectives supported by the project.

Which of the following would be MOST appropriate to use?

A.

Roles matrix

B.

Peer review

C.

BIA

D.

SRTM

Full Access
Question # 36

A manufacturing company employs SCADA systems to drive assembly lines across geographically dispersed sites. Therefore, the company must use the Internet to transport control messages and responses. Which of the following architectural changes when integrated will BEST reduce the manufacturing control system's attack surface? (Select TWO)

A.

Design a patch management capability for control systems.

B.

Implement supply chain security.

C.

Integrate message authentication

D.

Add sensors and collectors at the Internet boundary.

E.

Isolate control systems from enterprise systems.

F.

Implement a site-to-site VPN across sites

Full Access
Question # 37

A security administrator is advocating for enforcement of a new policy that would require employers with privileged access accounts to undergo periodic inspections and review of certain job performance data. To which of the following policies is the security administrator MOST likely referring?

A.

Background investigation

B.

Mandatory vacation

C.

Least privilege

D.

Separation of duties

Full Access
Question # 38

The Chief Financial Officer (CFO) of a major hospital system has received a ransom letter that demands a large sum of cryptocurrency be transferred to an anonymous account. If the transfer does not take place within ten hours, the letter states that patient information will be released on the dark web. A partial listing of recent patients is included in the letter. This is the first indication that a breach took place. Which of the following steps should be done FIRST?

A.

Review audit logs to determine the extent of the breach

B.

Pay the hacker under the condition that all information is destroyed

C.

Engage a counter-hacking team to retrieve the data

D.

Notify the appropriate legal authorities and legal counsel

Full Access
Question # 39

A security administrator is concerned about employees connecting their personal devices to the company network. Doing so is against company policy. The network does not have a NAC solution. The company uses a GPO that disables the firewall on all company-owned devices while they are connected to the internal network Additionally, all company-owned devices implement a standard naming convention that uses the device's serial number. The security administrator wants to identify active personal devices and write a custom script to disconnect them from the network Which of the following should the script use to BEST accomplish this task?

A.

Recursive DNS logs

B.

DHCP logs

C.

AD authentication logs

D.

RADIUS logs

E.

Switch and router ARP tables

Full Access
Question # 40

Designing a system in which only information that is essential for a particular job task is allowed to be viewed can be accomplished successfully by using:

A.

mandatory vacations.

B.

job rotations

C.

role-based access control

D.

discretionary access

E.

separation of duties

Full Access
Question # 41

As part of an organization's ongoing vulnerability assessment program, the Chief Information Security Officer (CISO) wants to evaluate the organization's systems, personnel, and facilities for various threats As part of the assessment the CISO plans to engage an independent cybersecurity assessment firm to perform social engineering and physical penetration testing against the organization's corporate offices and remote locations. Which of the following techniques would MOST likely be employed as part of this assessment? (Select THREE).

A.

Privilege escalation

B.

SQL injection

C.

TOC/TOU exploitation

D.

Rogue AP substitution

E.

Tailgating

F.

Vulnerability scanning

G.

Vishing

Full Access
Question # 42

A government contractor was the victim of a malicious attack that resulted in the theft of sensitive information. An analyst’s subsequent investigation of sensitive systems led to the following discoveries:

  • There was no indication of the data owner’s or user’s accounts being compromised.
  • No database activity outside of previous baselines was discovered.
  • All workstations and servers were fully patched for all known vulnerabilities at the time of the attack.
  • It was likely not an insider threat, as all employees passed polygraph tests.

Given this scenario, which of the following is the MOST likely attack that occurred?

A.

The attacker harvested the hashed credentials of an account within the database administrators group after dumping the memory of a compromised machine. With these credentials, the attacker was able to access the database containing sensitive information directly.

B.

An account, which belongs to an administrator of virtualization infrastructure, was compromised with a successful phishing attack. The attacker used these credentials to access the virtual machine manager and made a copy of the target virtual machine image. The attacker later accessed the image offline to obtain sensitive information.

C.

A shared workstation was physically accessible in a common area of the contractor’s office space and was compromised by an attacker using a USB exploit, which resulted in gaining a local administrator account. Using the local administrator credentials, the attacker was able to move laterally to the server hosting the database with sensitive information.

D.

After successfully using a watering hole attack to deliver an exploit to a machine, which belongs to an employee of the contractor, an attacker gained access to a corporate laptop. With this access, the attacker then established a remote session over a VPN connection with the server hosting the database of sensitive information.

Full Access
Question # 43

A company is updating its acceptable use and security policies to allow personal devices to be connected to the network as king as certain security parameters can be enforced Which of the following describes this new policy change?

A.

COPE

B.

CYOD

C.

BYOD

D.

POTS

Full Access
Question # 44

A security needs to deploy a file named boardconfig.mk to some company devices. the file contains the following information:

Much of the following represents the goal of this file?

A.

It is an iPhone security configuration file.

B.

It is a Symbian hardening configuration file

C.

It Is a Windows Phone security configuration file

D.

It is an Android security configuration file

Full Access
Question # 45

A company is implementing a new MFA initiative. The requirements for the second factor ate as folio.*.s

• It cannot be phished

• it must work as a second factor for laptop logins

• It must be something the user has

Which of the following solutions should the company choose?

A.

User biometrics

B.

U2F hardware keys

C.

TOTP hardware keys

D.

Push ratification to a mobile device

E.

SMS notification to a managed device

Full Access
Question # 46

A product owner is working w*h a security engineer to improve the security surrounding certificate revocation which is important for the clients using a web application. The organization is currently using a CRL configuration to manage revocation, but it is looking for a solution that addresses the reporting delays associated with CRLs. The security engineer recommends OCSP but the product owner is concerned about the overhead associated with its use Which of the following would the security engineer MOST likely suggest to address the product owner's concerns?

A.

Key escrow can be used on the WAF

B.

S/MIME can be used m lieu of OCSP

C.

Stapling should be used with OCSP

D.

The organization should use wildcard certificates

Full Access
Question # 47

A security engineer is attempting to inventory all network devices Most unknown devices are not responsive to SNMP queries. Which of the following would be the MOST secure configuration?

A.

Switch to SNMPv1 device inventory credentials

B.

Enable SSH for all switches and routers

C.

Set SFTP to enabled on all network devices

D.

Configure SNMPv3 server settings to match client settings

Full Access
Question # 48

A human resources employee receives a call from an individual who is representing a background verification firm that is conducting a background check on a prospective candidate. The employee verifies the employment dates and title of the candidate. The caller then requests the employee's email address to complete the verification process. The employee receives an email containing a URL for completing the process. After clicking the link, the employee's workstation is infected with ransomware. Which of the following BEST describes the initial phone call made by the threat actor?

A.

Pretexting

B.

Phishing

C.

Pivoting

D.

Reconnaissance

Full Access
Question # 49

Which of the following would MOST likely cause an organization to review and potentially rebaseline its current risk assessment?

A.

Emergence of a new class of threats

B.

Decommissioning of a backup server

C.

Implementation of a new access control system

D.

Reduction in the attack surface

Full Access
Question # 50

The credentials of a hospital's HVAC vendor were obtained using credential-harvesting malware through a phishing email. The HVAC vendor has administrative privileges m the SCADA network. Which of the following would prevent this from happening again in the future?

A.

Network segmentation

B.

Vulnerability scanning

C.

Password complexity rules

D.

Security patching

Full Access
Question # 51

An analyst discovers the following while reviewing some recent activity logs:

Which of the following tools would MOST likely identify a future incident in a timely manner?

A.

DDoS protection

B.

File integrity monitoring

C.

SCAP scanner

D.

Protocol analyzer

Full Access
Question # 52

The latest security scan of a web application reported multiple high vulnerabilities in session management Which of the following is the BEST way to mitigate the issue?

A.

Prohibiting session hijacking of cookies

B.

Using secure cookie storage and transmission

C.

Performing state management on the server

D.

Using secure and HttpOnly settings on cookies

Full Access
Question # 53

An information security officer reviews a report and notices a steady increase in outbound network traffic over the past ten months. There is no clear explanation for the increase The security officer interviews several business units and discovers an unsanctioned cloud storage provider was used to share marketing materials with potential customers. Which of the following services would be BEST for the security officer to recommend to the company?

A.

NIDS

B.

HIPS

C.

CASB

D.

SFTP

Full Access
Question # 54

The Chief Executive Officer (CEO) of a company has considered implementing a cost-saving measure that

might result in new risk to the company. When deciding whether to implement this measure, which of the

following would be the BEST course of action to manage the organization’s risk?

A.

Present the detailed risk resulting from the change to the company’s board of directors

B.

Pilot new mitigations that cost less than the total amount saved by the change

C.

Modify policies and standards to discourage future changes that increase risk

D.

Capture the risk in a prioritized register that is shared routinely with the CEO

Full Access
Question # 55

A hospital is deploying new imaging softwares that requires a web server for access to image for both local and remote users. The web server allows user authentication via secure LDAP. The information security officer wants to ensure the server does not allow unencrypted access to the imaging server by using Nmap to gather additional information. Given the following.

* The imaging server IP is 192.168.101.24

* The domain controller IP is 192.168.100.1

* The client machine IP is 192.168.200.37

Which of the following should be used to confirm this is the only open post on the web server?

A.

nmap "p 80,443 192.168.101.24

B.

nmap "p 80,443,389,636 192.168.100.1

C.

nmap "p 80,389 192.168.200.37

D.

nmap "p" 192.168.101.24

Full Access
Question # 56

Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?

A.

Traffic interceptor log analysis

B.

Log reduction and visualization tools

C.

Proof of work analysis

D.

Ledger analysis software

Full Access
Question # 57

Which of the following risks does expanding business into a foreign country carry?

A.

Data sovereignty laws could result in unexpected liability

B.

Export controls might decrease software costs

C.

Data ownership might revert to the regulatory entities in the new country

D.

Some security tools might be monitored by legal authorities

Full Access
Question # 58

The information security manager of an e-commerce company receives an alert over the weekend that all the servers in a datacenter have gone offline Upon discussing this situation with the facilities manager, the information security manager learns there was planned electrical maintenance. The information security manager is upset at not being part of the maintenance planning, as this could have resulted in a loss of:

A.

data confidentiality.

B.

data security.

C.

PCI compliance

D.

business availability.

Full Access
Question # 59

When of the following is the BEST reason to implement a separation of duties policy?

A.

It minimizes the risk of Dos due to continuous monitoring.

B.

It eliminates the need to enforce least privilege by logging all actions.

C.

It increases the level of difficulty for a single employee to perpetrate fraud.

D.

it removes barriers to collusion and collaboration between business units.

Full Access
Question # 60

A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

A.

Increased network latency

B.

Unavailable of key escrow

C.

Inability to selected AES-256 encryption

D.

Removal of user authentication requirements

Full Access
Question # 61

A company recently deployed an agent-based DLP solution to all laptop in the environment. The DLP solution is configured to restrict the following:

• USB ports

• FTP connections

• Access to cloud-based storage sites

• Outgoing email attachments

• Saving data on the local C: drive

Despite these restrictions, highly confidential data was from a secure fileshare in the research department. Which of the following should the security team implement FIRST?

A.

Application whitelisting for all company-owned devices

B.

A secure VDI environment for research department employees

C.

NIDS/NIPS on the network segment used by the research department

D.

Bluetooth restriction on all laptops

Full Access
Question # 62

Confidential information related to Application A. Application B and Project X appears to have been leaked to a competitor. After consulting with the legal team, the IR team is advised to take immediate action to preserve evidence for possible litigation and criminal charges.

While reviewing the rights and group ownership of the data involved in the breach, the IR team inspects the following distribution group access lists:

Which of the following actions should the IR team take FIRST?

A.

Remove all members from the distribution groups immediately

B.

Place the mailbox for jsmith on legal hold

C.

Implement a proxy server on the network to inspect all outbound SMTP traffic for the DevOps group

D.

Install DLP software on all developer laptops to prevent data from leaving the network.

Full Access
Question # 63

A security manager is determining the best DLP solution for an enterprise. A list of requirements was created to use during the source selection. The security manager wants to confirm a solution exists for the requirements that have been defined. Which of the following should the security manager use?

A.

NDA

B.

RFP

C.

RFQ

D.

MSA

E.

RFI

Full Access
Question # 64

An employee decides to log into an authorized system. The system does not prompt the employee for authentication prior to granting access to the console, and it cannot authenticate the network resources. Which of the following attack types can this lead to if it is not mitigated?

A.

Memory leak

B.

Race condition

C.

Smurf

D.

Resource exhaustion

Full Access
Question # 65

A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?

A.

Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2.

B.

Take an MD5 hash of the server.

C.

Delete all PHI from the network until the legal department is consulted.

D.

Consult the legal department to determine the legal requirements.

Full Access
Question # 66

A security manager wants to implement a policy that will management with the ability to monitor employees’ activities with minimum impact to productivity. Which of the following policies Is BEST suited for this scenario?

A.

Separation of duties

B.

Mandatory vacations

C.

Least privilege

D.

Incident response

Full Access
Question # 67

Following the merger of two large companies the newly combined security team is overwhelmed by the volume of logs flowing from the IT systems The company's data retention schedule complicates the issue by requiring detailed logs to be collected and available for months. Which of the following designs BEST meets the company's security and retention requirement?

A.

Forward logs to both a SlEM and a cheaper longer-term storage and then delete logs from the SlEM after 14 days

B.

Reduce the log volume by disabling logging of routine maintenance activities or failed authentication attempts

C.

Send logs to a SlEM that correlates security data and store only the alerts and relevant data arising from that system.

D.

Maintain both companies' logging and SlEM solutions separately but merge the resulting alerts and reports.

Full Access
Question # 68

A company runs a well –attended, on-premises fitness club for its employees, about 200 of them each day. Employees want to sync center’s login and attendance program with their smartphones. Human resources, which manages the contract for the fitness center, has asked the security architecture to help draft security and privacy requirements. Which of the following would BEST address these privacy concerns?

A.

Use biometric authentication.

B.

Utilize geolocation/geofencing.

C.

Block unauthorized domain bridging.

D.

Implement containerization

Full Access
Question # 69

A security engineer is helping the web developers assess a new corporate web application The application will be Internet facing so the engineer makes the following recommendation:

In an htaccess file or the site config add:

or add to the location block:

Which of the following is the security engineer trying to accomplish via cookies? (Select TWO)

A.

Ensure session IDs are generated dynamically with each cookie request

B.

Prevent cookies from being transmitted to other domain names

C.

Create a temporary space on the user's drive root for ephemeral cookie storage

D.

Enforce the use of plain text HTTP transmission with secure local cookie storage

E.

Add a sequence ID to the cookie session ID while in transit to prevent CSRF.

F.

Allow cookie creation or updates only over TLS connections

Full Access
Question # 70

A security manager needed to protect a high-security data center, so the manager installed a mantrap that can detect an employee’s heartbeat, weight, and badge. Which of the following did the security manager implement?

A.

A physical control

B.

A corrective control

C.

A compensating control

D.

A managerial control

D18912E1457D5D1DDCBD40AB3BF70D5D

Full Access
Question # 71

A security analyst is reviewing weekly email reports and finds an average of 1.000 emails received daily from the internal security alert email address. Which of the following should be implemented?

A.

Tuning the networking monitoring service

B.

Separation of duties for systems administrators

C.

Machine learning algorithms

D.

DoS attack prevention

Full Access
Question # 72

A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?

A.

DLP

B.

Mail gateway

C.

Data flow enforcement

D.

UTM

Full Access
Question # 73

A security analyst is reviewing an endpoint that was found to have a rookit installed. The rootkit survived multiple attempts to clean the endpoints, as well as an attempt to reinstall the QS. The security analyst needs to implement a method to prevent other endpoint from having similar issues. Which of the following would BEST accomplish this objective?

A.

Utilize measured boot attestation.

B.

Enforce the secure boot process.

C.

Reset the motherboard’s TPM chip.

D.

Reinstall the OS with known-good media.

E.

Configure custom anti-malware rules.

Full Access
Question # 74

While an employee is on vacation, suspicion arises that the employee has been involved in malicious activity on

the network. The security engineer is concerned the investigation may need to continue after the employee

returns to work. Given this concern, which of the following should the security engineer recommend to maintain

the integrity of the investigation?

A.

Create archival copies of all documents and communications related to the employee

B.

Create a forensic image of network infrastructure devices

C.

Create an image file of the employee’s network drives and store it with hashes

D.

Install a keylogger to capture the employee’s communications and contacts

Full Access
Question # 75

A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch?

A.

Set up an air gap for the switch.

B.

Change the default password for the switch.

C.

Place the switch in a Faraday cage.

D.

Install a cable lock on the switch.

Full Access
Question # 76

A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company’s website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?

A.

Community cloud service model

B.

Multinency SaaS

C.

Single-tenancy SaaS

D.

On-premises cloud service model

Full Access
Question # 77

An administrator wants to ensure hard drives cannot be removed from hosts and men installed into and read by unauthorized hosts Which of the following techniques would BEST support this?

A.

Access control lists

B.

TACACS+ server for AAA

C.

File-level encryption

D.

TPM with sealed storage

Full Access
Question # 78

A company is trying to resolve the following issues related to its web servers and Internet presence:

• The company's security rating declined on multiple occasions when it failed to renew a TLS certificate on one or more infrequently used web servers

• The company is running out of public IPs assigned by its ISP

• The company is implementing a WAF. and the WAF vendor charges by back-end hosts to which the WAF routes

Which of the following solutions will help the company mitigate these issues'? (Select TWO).

A.

Use a DMZ architecture

B.

Implement reverse proxy servers

C.

Use an automated CA service API for certificate renewal

D.

Work with the company's ISP to configure BGP

E.

Deploy IPv6 for external-facing servers

F.

Implement self-signed certificates and disable trust verification.

Full Access
Question # 79

An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions.

Which of the following types of information could be drawn from such participation?

A.

Threat modeling

B.

Risk assessment

C.

Vulnerability data

D.

Threat intelligence

E.

Risk metrics

F.

Exploit frameworks

Full Access
Question # 80

A security consultant is considering authentication options for a financial institution. The following authentication options are available. Drag and drop the security mechanism to the appropriate use case. Options may be used once.

Full Access
Question # 81

A network engineer is upgrading the network perimeter and installing a new firewall, IDS, and external edge router. The IDS is reporting elevated UDP traffic, and the internal routers are reporting high utilization. Which of the following is the BEST solution?

A.

Reconfigure the firewall to block external UDP traffic.

B.

Establish a security baseline on the IDS.

C.

Block echo reply traffic at the firewall.

D.

Modify the edge router to not forward broadcast traffic.

Full Access
Question # 82

A penetration test is being scoped for a set of web services with API endpoints. The APIs will be hosted on existing web application servers. Some of the new APIs will be available to unauthenticated users, but some will only be available to authenticated users. Which of the following tools or activities would the penetration tester MOST likely use or do during the engagement? (Select TWO.)

A.

Static code analyzer

B.

Intercepting proxy

C.

Port scanner

D.

Reverse engineering

E.

Reconnaissance gathering

F.

User acceptance testing

Full Access
Question # 83

A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares. Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two.)

A.

Conduct role-based training for privileged users that highlights common threats against them and covers best practices to thwart attacks

B.

Increase the frequency at which host operating systems are scanned for vulnerabilities, and decrease the amount of time permitted between vulnerability identification and the application of corresponding patches

C.

Enforce command shell restrictions via group policies for all workstations by default to limit which native operating system tools are available for use

D.

Modify the existing rules of behavior to include an explicit statement prohibiting users from enumerating user and file directories using available tools and/or accessing visible resources that do not directly pertain to their job functions

E.

For all workstations, implement full-disk encryption and configure UEFI instances to require complex passwords for authentication

F.

Implement application blacklisting enforced by the operating systems of all machines in the enterprise

Full Access
Question # 84

A recent assessment identified that several users’ mobile devices are running outdated versions of endpoint security software that do not meet the company’s security policy. Which of the following should be performed to ensure the users can access the network and meet the company’s security requirements?

A.

Vulnerability assessment

B.

Risk assessment

C.

Patch management

D.

Device quarantine

E.

Incident management

Full Access
Question # 85

A security analyst is reviewing the following company requirements prior to selecting the appropriate technical control configuration and parameter:

RTO:2 days

RPO:36 hours

MTTR:24 hours

MTBF:60 days

Which of the following solutions will address the RPO requirements?

A.

Remote Syslog facility collecting real-time events

B.

Server farm behind a load balancer delivering five-nines uptime

C.

Backup solution that implements daily snapshots

D.

Cloud environment distributed across geographic regions

Full Access
Question # 86

A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate RTO and RPO for the organization’s ERP. Which of the following should the CISO interview as MOST qualified to provide RTO/RPO metrics?

A.

Data custodian

B.

Data owner

C.

Security analyst

D.

Business unit director

E.

Chief Executive Officer (CEO)

Full Access
Question # 87

Legal authorities notify a company that its network has been compromised for the second time in two years. The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks. Which of the following would have allowed the security team to use historical information to protect against the second attack?

A.

Key risk indicators

B.

Lessons learned

C.

Recovery point objectives

D.

Tabletop exercise

Full Access
Question # 88

A consulting firm was hired to conduct assessment for a company. During the first stage, a penetration tester used a tool that provided the following output:

TCP 80 open

TCP 443 open

TCP 1434 filtered

The penetration tester then used a different tool to make the following requests:

GET / script/login.php?token=45$MHT000MND876

GET / script/login.php?token=@#984DCSPQ%091DF

Which of the following tools did the penetration tester use?

A.

Protocol analyzer

B.

Port scanner

C.

Fuzzer

D.

Brute forcer

E.

Log analyzer

F.

HTTP interceptor

Full Access
Question # 89

Given the following output from a security tool in Kali:

A.

Log reduction

B.

Network enumerator

C.

Fuzzer

D.

SCAP scanner

Full Access
Question # 90

The Chief Executive Officer (CEO) of a small company decides to use cloud computing to host critical corporate data for protection from natural disasters. The recommended solution is to adopt the public cloud for its cost savings If the CEO insists on adopting the public cloud model, which of the following would be the BEST advice?

A.

Ensure the cloud provider supports a secure virtual desktop infrastructure

B.

Ensure the colocation facility implements a robust DRP to help with business continuity planning.

C.

Ensure the on-premises datacenter employs fault tolerance and load balancing capabilities.

D.

Ensure the ISP is using a standard help-desk ticketing system to respond to any system outages

Full Access
Question # 91

A security technician is incorporating the following requirements in an RFP for a new SIEM:

  • New security notifications must be dynamically implemented by the SIEM engine
  • The SIEM must be able to identify traffic baseline anomalies
  • Anonymous attack data from all customers must augment attack detection and risk scoring

Based on the above requirements, which of the following should the SIEM support? (Choose two.)

A.

Autoscaling search capability

B.

Machine learning

C.

Multisensor deployment

D.

Big Data analytics

E.

Cloud-based management

F.

Centralized log aggregation

Full Access
Question # 92

A security administrator must configure the database server shown below to comply with the four requirements listed. Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement. Answer options may be used once or not at all.

Full Access
Question # 93

An organization implemented a secure boot on its most critical application servers which produce content and capability for other consuming servers A recent incident, however led the organization to implement a centralized attestation service for these critical servers. Which of the following MOST likely explains the nature of the incident that caused the organization to implement this remediation?

A.

An attacker masqueraded as an internal DNS server

B.

An attacker leveraged a heap overflow vulnerability in the OS

C.

An attacker was able to overwrite an OS integrity measurement register

D.

An attacker circumvented IEEE 802.1X network-level authentication requirements.

Full Access
Question # 94

The Chief Executive Officer (CEO) of a small startup company has an urgent need for a security policy and assessment to address governance, risk management, and compliance. The company has a resource-constrained IT department, but has no information security staff. The CEO has asked for this to be completed in three months.

Which of the following would be the MOST cost-effective solution to meet the company’s needs?

A.

Select one of the IT personnel to obtain information security training, and then develop all necessary policies and documents in-house.

B.

Accept all risks associated with information security, and then bring up the issue again at next year’s annual board meeting.

C.

Release an RFP to consultancy firms, and then select the most appropriate consultant who can fulfill the requirements.

D.

Hire an experienced, full-time information security team to run the startup company’s information security department.

Full Access
Question # 95

After embracing a BYOD policy, a company is faced with new security challenges from unmanaged mobile devices and laptops. The company’s IT department has seen a large number of the following incidents:

  • Duplicate IP addresses
  • Rogue network devices
  • Infected systems probing the company’s network

Which of the following should be implemented to remediate the above issues? (Choose two.)

A.

Port security

B.

Route protection

C.

NAC

D.

HIPS

E.

NIDS

Full Access
Question # 96

An architect was recently hired by a power utility to increase the security posture of the company’s power generation and distribution sites. Upon review, the architect identifies legacy hardware with highly vulnerable and unsupported software driving critical operations. These systems must exchange data with each other, be highly synchronized, and pull from the Internet time sources. Which of the following architectural decisions would BEST reduce the likelihood of a successful attack without harming operational capability? (Choose two.)

A.

Isolate the systems on their own network

B.

Install a firewall and IDS between systems and the LAN

C.

Employ own stratum-0 and stratum-1 NTP servers

D.

Upgrade the software on critical systems

E.

Configure the systems to use government-hosted NTP servers

Full Access
Question # 97

A company has decided to lower costs by conducting an internal assessment on specific devices and various internal and external subnets. The assessment will be done during regular office hours, but it must not affect any production servers. Which of the following would MOST likely be used to complete the assessment? (Select two.)

A.

Agent-based vulnerability scan

B.

Black-box penetration testing

C.

Configuration review

D.

Social engineering

E.

Malware sandboxing

F.

Tabletop exercise

Full Access
Question # 98

A security engineer is employed by a hospital that was recently purchased by a corporation. Throughout the acquisition process, all data on the virtualized file servers must be shared by departments within both organizations. The security engineer considers data ownership to determine:

A.

the amount of data to be moved.

B.

the frequency of data backups.

C.

which users will have access to which data

D.

when the file server will be decommissioned

Full Access
Question # 99

A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The Chief Information Security Officer (CISO) will then present this list to the board to request funding for controls in areas that have insufficient coverage.

Which of the following exercise types should the analyst perform?

A.

Summarize the most recently disclosed vulnerabilities.

B.

Research industry best practices and latest RFCs.

C.

Undertake an external vulnerability scan and penetration test.

D.

Conduct a threat modeling exercise.

Full Access
Question # 100

An information security manager is concerned that connectivity used to configure and troubleshoot critical network devices could be attacked. The manager has tasked a network security engineer with meeting the following requirements:

  • Encrypt all traffic between the network engineer and critical devices.
  • Segregate the different networking planes as much as possible.
  • Do not let access ports impact configuration tasks.

Which of the following would be the BEST recommendation for the network security engineer to present?

A.

Deploy control plane protections.

B.

Use SSH over out-of-band management.

C.

Force only TACACS to be allowed.

D.

Require the use of certificates for AAA.

Full Access
Question # 101

A company’s existing forward proxies support software-based TLS decryption, but are currently at 60% load just dealing with AV scanning and content analysis for HTTP traffic. More than 70% outbound web traffic is currently encrypted. The switching and routing network infrastructure precludes adding capacity, preventing the installation of a dedicated TLS decryption system. The network firewall infrastructure is currently at 30% load and has software decryption modules that can be activated by purchasing additional license keys. An existing project is rolling out agent updates to end-user desktops as part of an endpoint security refresh.

Which of the following is the BEST way to address these issues and mitigate risks to the organization?

A.

Purchase the SSL, decryption license for the firewalls and route traffic back to the proxies for end-user categorization and malware analysis.

B.

Roll out application whitelisting to end-user desktops and decommission the existing proxies, freeing up network ports.

C.

Use an EDP solution to address the malware issue and accept the diminishing role of the proxy for URL categorization in the short team.

D.

Accept the current risk and seek possible funding approval in the next budget cycle to replace the existing proxies with ones with more capacity.

Full Access
Question # 102

A large, multinational company currently has two separate databases One is used for ERP while the second is used for CRM To consolidate services and infrastructure, it is proposed to combine the databases The company's compliance manager is asked to review the proposal and is concerned about this integration Which of the following would pose the MOST concern to the compliance manager?

A.

The attack surface of the combined database is lower than the previous separate systems, so there likely are wasted resources on additional security controls that will not be needed

B.

There are specific regulatory requirements the company might be violating by combining these two types of services into one shared platform.

C.

By consolidating services in this manner, there is an increased risk posed to the organization due to the number of resources required to manage the larger data pool.

D.

Auditing the combined database structure will require more short-term resources, as the new system will need to be learned by the auditing team to ensure all security controls are in

Full Access
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 17 Aug 2022