Improve Your Knowledge with CAS-004 Exam Dumps

Category:

Comments:

0 Comments

Post Date:

May 30, 2023

Practicing with CAS-004 questions can help you identify areas where you need to improve your knowledge. By answering CAS-004 questions and reviewing your responses, you can identify gaps in your understanding and focus your study efforts on those areas. The CAS-004 exam has a strict time limit, and you need to manage your time effectively to answer all the questions. Practicing with CompTIA CAS-004 dumps questions can help you develop time management skills by simulating the exam's time constraints. You'll learn how to pace yourself, manage your time effectively, and ensure that you complete the CAS-004 exam within the allotted time. Test CompTIA CAS-004 exam free dumps below.

Page 1 of 17

1. An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment’s notice.

Which of the following should the organization consider FIRST to address this requirement?

Implement a change management plan to ensure systems are using the appropriate versions.

Hire additional on-call staff to be deployed if an event occurs.

Design an appropriate warm site for business continuity.

Identify critical business processes and determine associated software and hardware requirements.

2. A company has a BYOD policy and has configured remote-wiping capabilities to support security requirements. An executive has raised concerns about personal contacts and photos being deleted from personal devices when an employee is terminated.

Which of the following is the best way to address these concerns?

Enforce the use of the approved email client.

Require full device encryption.

Disable geotagging on the devices.

Implement containerization.

3. A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor-effective way possible.

Which of the following will the developer MOST likely implement?

Certificate chain

Root CA

Certificate pinning

CRL

OCSP

4. A security analyst is investigating a possible buffer overflow attack.

The following output was found on a user’s workstation:

graphic.linux_randomization.prg

Which of the following technologies would mitigate the manipulation of memory segments?

NX bit

ASLR

DEP

HSM

5. A security analyst wants to keep track of alt outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT.

Which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?

X-Forwarded-Proto

X-Forwarded-For

Cache-Control

Strict-Transport-Security

Content-Security-Policy

6. A company that provides services to clients who work with highly sensitive data would like to provide assurance that the data’s confidentiality is maintained in a dynamic, low-risk environment.

Which of the following would best achieve this goal? (Select two).

Install a SOAR on all endpoints.

Hash all files.

Install SIEM within a SO

Encrypt all data and files at rest, in transit, and in use.

Configure SOAR to monitor and intercept files and data leaving the network.

Implement file integrity monitoring.

7. A company is looking for a solution to hide data stored in databases.

The solution must meet the following requirements:

Be efficient at protecting the production environment

Not require any change to the application

Act at the presentation layer

Which of the following techniques should be used?

Masking

Tokenization

Algorithmic

Random substitution

8. A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce.

The security architect's key objectives are to:

• Maintain customer trust

• Minimize data leakage

• Ensure non-repudiation

Which of the following would be the BEST set of recommendations from the security architect?

Enable the user authentication requirement, enable end-to-end encryption, and enable waiting rooms.

Disable file exchange, enable watermarking, and enable the user authentication requirement.

Enable end-to-end encryption, disable video recording, and disable file exchange.

Enable watermarking, enable the user authentication requirement, and disable video recording.

9. A software development company makes Its software version available to customers from a web portal. On several occasions, hackers were able to access the software repository to change the package that is automatically published on the website.

Which of the following would be the BEST technique to ensure the software the users download is the official software released by the company?

Distribute the software via a third-party repository.

Close the web repository and deliver the software via email.

Email the software link to all customers.

Display the SHA checksum on the website.

10. An ASIC manufacturer wishing to best reduce downstream supply chain risk can provide validation instructions for consumers that:

Leverage physically uncloneable functions.

Analyze an emplaced holographic icon on the board.

Include schematics traceable via X-ray interrogation.

Incorporate MD5 hashes of the ASIC design file.

Page 2 of 17

11. Which of the following is record-level encryption commonly used to do?

Protect database fields

Protect individual files

Encrypt individual packets

Encrypt the master boot record

12. A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services.

Which of the following should be modified to prevent the issue from reoccurring?

Recovery point objective

Recovery time objective

Mission-essential functions

Recovery service level

13. Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?

Importing the availability of messages

Ensuring non-repudiation of messages

Enforcing protocol conformance for messages

Assuring the integrity of messages

14. A company wants to refactor a monolithic application to take advantage of cloud native services and service micro segmentation to secure sensitive application components.

Which of the following should the company implement to ensure the architecture is portable?

Virtualized emulators

Type 2 hypervisors

Orchestration

Containerization

15. The Chief Information Security Officer (CISO) asked a security manager to set up a system that sends an alert whenever a mobile device enters a sensitive area of the company's data center. The CISO would also like to be able to alert the individual who is entering the area that the access was logged and monitored.

Which of the following would meet these requirements?

Near-field communication

Short Message Service

Geofencing

Bluetooth

16. A mobile application developer is creating a global, highly scalable, secure chat application. The developer would like to ensure the application is not susceptible to on-path attacks while the user is traveling in potentially hostile regions.

Which of the following would BEST achieve that goal?

Utilize the SAN certificate to enable a single certificate for all regions.

Deploy client certificates to all devices in the network.

Configure certificate pinning inside the application.

Enable HSTS on the application's server side for all communication.

17. An HVAC contractor requested network connectivity permission to remotely support/troubleshoot

equipment issues at a company location. Currently, the company does not have a process that allows vendors remote access to the corporate network

Which of the following solutions represents the BEST course of action to allow the contractor access?

Add the vendor's equipment to the existing network Give the vendor access through the standard corporate VPN

Give the vendor a standard desktop PC to attach the equipment to Give the vendor access through the standard corporate VPN

Establish a certification process for the vendor Allow certified vendors access to the VDI to monitor and maintain the HVAC equipment

Create a dedicated segment with no access to the corporate network Implement dedicated VPN hardware for vendor access

18. A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.

Which of the following would provide the BEST boot loader protection?

TPM

HSM

PKI

UEFI/BIOS

19. Which of the following indicates when a company might not be viable after a disaster?

Maximum tolerable downtime

Recovery time objective

Mean time to recovery

Annual loss expectancy

20. An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization’s headquarters and only datacenter are located in New York City.

The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:

Low latency for all mobile users to improve the users’ experience

SSL offloading to improve web server performance

Protection against DoS and DDoS attacks

High availability

Which of the following should the organization implement to BEST ensure all requirements are met?

A cache server farm in its datacenter

A load-balanced group of reverse proxy servers with SSL acceleration

A CDN with the origin set to its datacenter

Dual gigabit-speed Internet connections with managed DDoS prevention

Page 3 of 17

21. A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites.

Which of the following would BEST support multiple domain names while minimizing the amount of certificates needed?

ocsp

CRL

SAN

22. A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.

Which of the following actions would BEST address the potential risks by the activity in the logs?

Alerting the misconfigured service account password

Modifying the AllowUsers configuration directive

Restricting external port 22 access

Implementing host-key preferences

23. While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.

Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

Pay the ransom within 48 hours.

Isolate the servers to prevent the spread.

Notify law enforcement.

Request that the affected servers be restored immediately.

24. The security analyst discovers a new device on the company’s dedicated loT subnet during the most recent vulnerability scan. The scan results show numerous open ports and insecure protocols in addition to default usernames and passwords. A camera needs to transmit video to the security server in the loT subnet.

Which of the following should the security analyst recommend to securely operate the camera?

Harden the camera configuration.

Send camera logs to the SIE

Encrypt the camera's video stream.

Place the camera on an isolated segment

25. The information security manager at a 24-hour manufacturing facility is reviewing a contract for potential risks to the organization. The contract pertains to the support of printers and multifunction devices during non-standard business hours.

Which of the following will the security manager most likely identify as a risk?

Print configurations settings for locked print jobs

The lack of an NDA with the company that supports its devices

The lack of an MSA to govern other services provided by the service provider

The lack of chain of custody for devices prior to deployment at the company

26. An organization is researching the automation capabilities for systems within an OT network. A security analyst wants to assist with creating secure coding practices and would like to learn about the programming languages used on the PLCs.

Which of the following programming languages is the MOST relevant for PLCs?

Ladder logic

Rust

Python

Java

27. A software company wants to build a platform by integrating with another company's established product.

Which of the following provisions would be MOST important to include when drafting an agreement between the two companies?

Data sovereignty

Shared responsibility

Source code escrow

Safe harbor considerations

28. An organization is moving its intellectual property data from on premises to a CSP and wants to secure the data from theft.

Which of the following can be used to mitigate this risk?

An additional layer of encryption

A third-party data integrity monitoring solution

A complete backup that is created before moving the data

Additional application firewall rules specific to the migration

29. A pharmaceutical company was recently compromised by ransomware.

Given the following EDR output from the process investigation:

On which of the following devices and processes did the ransomware originate?

cpt-ws018, powershell.exe

cpt-ws026, DearCry.exe

cpt-ws002, NO-A

exe

cpt-ws026, NO-A

exe

cpt-ws002, DearCry.exe

30. In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:

cloud-native applications.

containerization.

serverless configurations.

software-defined netWorking.

secure access service edge.

Page 4 of 17

31. Users are reporting intermittent access issues with a new cloud application that was recently added to the network. Upon investigation, the security administrator notices the human resources department is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application.

Which of the following MOST likely needs to be done to avoid this in the future?

Modify the ACL

Review the Active Directory.

Update the marketing department's browser.

Reconfigure the WA

32. A systems engineer needs to develop a solution that uses digital certificates to allow authentication to laptops.

Which of the following authenticator types would be most appropriate for the engineer to include in the design?

TOTP token

Device certificate

Smart card

Biometric

33. During the development process, the team identifies major components that need to be rewritten. As a result, the company hires a security consultant to help address major process issues.

Which of the following should the consultant recommend to best prevent these issues from reoccurring in the future?

Implementing a static analysis tool within the CI/CD system

Configuring a dynamic application security testing tool

Performing software composition analysis on all third-party components

Utilizing a risk-based threat modeling approach on new projects

Setting up an interactive application security testing tool

34. A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by re reducing the risk of on-path attacks between the mobile client and its servers and by implementing stronger digital trust.

To support users’ trust, the company has released the following internal guidelines:

* Mobile clients should verify the identity of all social media servers locally.

* Social media servers should improve TLS performance of their certificate status.

+ Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Quick UDP internet connection

OCSP stapling

Private CA

DNSSEC

CRL

HSTS

Distributed object model

35. A hospital has fallen behind with patching known vulnerabilities due to concerns that patches may cause disruptions in the availability of data and impact patient care. The hospital does not have a tracking solution in place to audit whether systems have been updated or to track the length of time between notification of the weakness and patch completion Since tracking is not in place the hospital lacks accountability with regard to who is responsible for these activities and the timeline of patching efforts.

Which of the following should the hospital do first to mitigate this risk?

Complete a vulnerability analysis

Obtain guidance from the health ISAC

Purchase a ticketing system for auditing efforts

Ensure CVEs are current

Train administrators on why patching is important

36. An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application is released to the public, report come In that a previously vulnerability has returned.

Which of the following should the developer integrate into the process to BEST prevent this type of behavior?

Peer review

Regression testing

User acceptance

Dynamic analysis

37. An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware.

Which of the following should the loT manufacture do if the private key is compromised?

Use over-the-air updates to replace the private key

Manufacture a new loT device with a redesigned SoC

Replace the public portion of the loT key on its servers

Release a patch for the SoC software

38. A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements:

Support all phases of the SDLC.

Use tailored website portal software.

Allow the company to build and use its own gateway software.

Utilize its own data management platform.

Continue using agent-based security tools.

Which of the following cloud-computing models should the CIO implement?

SaaS

PaaS

MaaS

IaaS

39. A company has been the target of LDAP injections, as well as brute-force, whaling, and spear-phishing attacks. The company is concerned about ensuring continued system access. The company has already implemented a SSO system with strong passwords.

Which of the following additional controls should the company deploy?

Two-factor authentication

Identity proofing

Challenge questions

Live identity verification

40. A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through the main office infrastructure. Doing this would prevent remote users from accessing the Internet through their local networks while connected to the VPN.

Which of the following solutions does this describe?

Full tunneling

Asymmetric routing

SSH tunneling

Split tunneling

Page 5 of 17

41. A cloud security architect has been tasked with finding a solution for hardening VMS.

The solution must meet the following requirements:

• Data needs to be stored outside of the VMS.

• No unauthorized modifications to the VMS are allowed

• If a change needs to be done, a new VM needs to be deployed.

Which of the following is the BEST solution?

Immutable system

Data loss prevention

Storage area network

Baseline template

42. A security engineer is re-architecting a network environment that provides regional electric distribution services.

During a pretransition baseline assessment, the engineer identified the following security-relevant characteristics of the environment:

• Enterprise IT servers and supervisory industrial systems share the same subnet.

• Supervisory controllers use the 750MHz band to direct a portion of fielded PLCs.

• Command and telemetry messages from industrial control systems are unencrypted and unauthenticated.

Which of the following re-architecture approaches would be best to reduce the company's risk?

Implement a one-way guard between enterprise IT services and mission-critical systems, obfuscate legitimate RF signals by broadcasting noise, and implement modern protocols to authenticate ICS messages.

Characterize safety-critical versus non-safety-critical systems, isolate safety-critical systems from other systems, and increase the directionality of RF links in the field.

Create a new network segment for enterprise IT servers, configure NGFW to enforce a well-defined segmentation policy, and implement a WIDS to monitor the spectrum.

Segment supervisory controllers from field PLCs, disconnect the entire network from the internet, and use only the 750MHz link for controlling energy distribution services.

43. A help desk technician just informed the security department that a user downloaded a suspicious file from internet explorer last night. The user confirmed accessing all the files and folders before going home from work. the next morning, the user was no longer able to boot the system and was presented a screen with a phone number. The technician then tries to boot the computer using wake-on-LAN, but the system would not come up.

Which of the following explains why the computer would not boot?

The operating system was corrupted.

SElinux was in enforced status.

A secure boot violation occurred.

The disk was encrypted.

44. A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process ‘memory location.

Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

Execute never

Noexecute

Total memory encryption

Virtual memory protection

45. The general counsel at an organization has received written notice of upcoming litigation. The general counsel has issued a legal records hold.

Which of the following actions should the organization take to comply with the request?

Preserve all communication matching the requested search terms

Block communication with the customer while litigation is ongoing

Require employees to be trained on legal record holds

Request that all users do not delete any files

46. A company wants to prevent a partner company from denying agreement to a transaction.

Which of the following is the best solution for the company?

Federation

Key escrow

Salting hashes

Digital signatures

47. Which of the following describes how a risk assessment is performed when an organization has a critical vendor that provides multiple products?

At the individual product level

Through the selection of a random product

Using a third-party audit report

By choosing a major product

48. A company purchased Burp Suite licenses this year for each application security engineer. The engineers have used Burp Suite to identify several issues with the company’s SaaS application. In the upcoming year, the Chief Information Security Officer would like to purchase additional tools to protect the SaaS product.

Which of the following is the best option?

DAST

SAST

IAST

ZAP

49. An organization developed a containerized application. The organization wants to run the application in the cloud and automatically scale it based on demand. The security operations team would like to use container orchestration but does not want to assume patching responsibilities.

Which of the following service models best meets these requirements?

PaaS

SaaS

laaS

MaaS

50. A user experiences an HTTPS connection error when trying to access an Internet banking website from a corporate laptop. The user then opens a browser on a mobile phone and is able to access the same Internet banking website without issue.

Which of the following security configurations is MOST likely the cause of the error?

HSTS

TLS 1.2

Certificate pinning

Client authentication

Page 6 of 17

51. An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications.

The security team has concerns about the following:

Unstructured data being exfiltrated after an employee leaves the organization

Data being exfiltrated as a result of compromised credentials

Sensitive information in emails being exfiltrated

Which of the following solutions should the security team implement to mitigate the risk of data loss?

Mobile device management, remote wipe, and data loss detection

Conditional access, DoH, and full disk encryption

Mobile application management, MFA, and DRM

Certificates, DLP, and geofencing

52. A security consultant is designing an infrastructure security solution for a client company that has provided the following requirements:

• Access to critical web services at the edge must be redundant and highly available.

• Secure access services must be resilient to a proprietary zero-day vulnerability in a single component.

• Automated transition of secure access solutions must be able to be triggered by defined events or manually by security operations staff.

Which of the following solutions BEST meets these requirements?

Implementation of multiple IPSec VPN solutions with diverse endpoint configurations enabling user optionality in the selection of a remote access provider

Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks.

Two separate secure access solutions orchestrated by SOAR with components provided by the same vendor for compatibility.

Reverse TLS proxy configuration using OpenVPN/OpenSSL with scripted failover functionality that connects critical web services out to endpoint computers.

53. An organization wants to perform a scan of all its systems against best practice security configurations.

Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machine-readable checklist format for fill automation? (Choose two.)

ARF

XCCDF

CPE

CVE

CVSS

OVAL

54. A security engineer is assessing the security controls of loT systems that are no longer supported for updates and patching.

Which of the following is the best mitigation for defending these loT systems?

Disable administrator accounts

Enable SELinux

Enforce network segmentation

Assign static IP addresses

55. A cybersecurity analyst receives a ticket that indicates a potential incident is occurring. There has been a large in log files generated by a generated by a website containing a ‘’Contact US’’ form. The analyst must determine if the increase in website traffic is due to a recent marketing campaign of if this is a potential incident.

Which of the following would BEST assist the analyst?

Ensuring proper input validation is configured on the ‘’Contact US’’ form

Deploy a WAF in front of the public website

Checking for new rules from the inbound network IPS vendor

Running the website log files through a log reduction and analysis tool

56. A security analyst needs to recommend a remediation to the following threat:

Which of the following actions should the security analyst propose to prevent this successful exploitation?

Patch the system.

Update the antivirus.

Install a host-based firewall.

Enable TLS 1.2.

57. SIMULATION

A security engineer needs to review the configurations of several devices on the network to meet the following requirements:

• The PostgreSQL server must only allow connectivity in the 10.1.2.0/24 subnet.

• The SSH daemon on the database server must be configured to listen to port 4022.

• The SSH daemon must only accept connections from a Single workstation.

• All host-based firewalls must be disabled on all workstations.

• All devices must have the latest updates from within the past eight days.

• All HDDs must be configured to secure data at rest.

• Cleartext services are not allowed.

• All devices must be hardened when possible.

Instructions:

Click on the various workstations and network devices to review the posture assessment results.

Remediate any possible issues or indicate that no issue is found.

Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the pOSTGREsql

DATABASE VIA ssh

WAP A

PC A

Laptop A

Switch A

Switch B:

Laptop B

PC B

PC C

Server A

58. Company A is establishing a contractual with Company

B. The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights.

Which of the following documents will MOST likely contain these elements

Company A-B SLA v2.docx

Company A OLA v1b.docx

Company A MSA v3.docx

Company A MOU v1.docx

Company A-B NDA v03.docx

59. After a cybersecurity incident, a judge found that a company did not conduct a proper forensic investigation. The company was ordered to pay penalties.

Which of the following forensic steps would be best to prevent this from happening again?

Evidence preservation

Evidence verification

Evidence collection

Evidence analysis

60. A security engineer is working for a service provider and analyzing logs and reports from a new EDR solution, which is installed on a small group of workstations. Later that day, another security engineer receives an email from two developers reporting the software being used for development activities is now blocked. The developers have not made any changes to the software being used.

Which of the following is the EDR reporting?

True positive

False negative

False positive

True negative

Page 7 of 17

61. A security administrator needs to recommend an encryption protocol after a legacy stream cipher was deprecated when a security flaw was discovered. The legacy cipher excelled at maintaining strong cryptographic security and provided great performance for a streaming video service.

Which of the following AES modes should the security administrator recommend given these requirements?

CTR

ECB

OF8

GCM

62. A security architect examines a section of code and discovers the following:

Which of the following changes should the security architect require before approving the code for release?

Allow only alphanumeric characters for the username.

Make the password variable longer to support more secure passwords.

Prevent more than 20 characters from being entered.

Add a password parameter to the checkUserExists function.

63. An administrator at a software development company would like to protect the integrity of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA.

Which of the following is MOST likely the cause of the signature failing?

The NTP server is set incorrectly for the developers

The CA has included the certificate in its CR

The certificate is set for the wrong key usage.

Each application is missing a SAN or wildcard entry on the certificate

64. A company has a website with a huge database. The company wants to ensure that a DR site could be brought online quickly in the event of a failover. and end users would miss no more than 30 minutes of data.

Which of the following should the company do to meet these objectives?

Build a content caching system at the DR site.

Store the nightly full backups at the DR site.

Increase the network bandwidth to the DR site.

Implement real-time replication for the DR site.

65. A security engineer is implementing DLP.

Which of the following should the security engineer include in the overall DLP strategy?

Tokenization

Network traffic analysis

Data classification

Multifactor authentication

66. An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PI I and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards.

The assessment identifies the following:

1) There will be a 520,000 per day revenue loss for each day the system is delayed going into production.

2) The inherent risk is high.

3) The residual risk is low.

4) There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization's requirements?

Apply for a security exemption, as the risk is too high to accept.

Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.

Accept the risk, as compensating controls have been implemented to manage the risk.

Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.

67. During a recent breach, an attacker was able to get a user's login credentials by cracking a password that was retrieved via a stolen laptop. The attacker accessed the hashed passwords from the hard drive when it was connected to another device.

Which of the following security measures could have helped prevent this account from being compromised?

Host-based Intrusion Detection System

Endpoint Detection and Response

Host-based Firewall

Full Disk Encryption

68. A local university that has a global footprint is undertaking a complete overhaul of its website and associated systems.

Some of the requirements are:

• Handle an increase in customer demand of resources

• Provide quick and easy access to information

• Provide high-quality streaming media

• Create a user-friendly interface

Which of the following actions should be taken FIRST?

Deploy high-availability web servers.

Enhance network access controls.

Implement a content delivery network.

Migrate to a virtualized environment.

69. A security review of the architecture for an application migration was recently completed.

The following observations were made:

• External inbound access is blocked.

• A large amount of storage is available.

• Memory and CPU usage are low.

• The load balancer has only a single server assigned.

• Multiple APIs are integrated.

Which of the following needs to be addressed?

Scalability

Automation

Availability

Performance

70. During a phishing exercise, a few privileged users ranked high on the failure list. The enterprise would like to ensure that privileged users have an extra security-monitoring control in place.

Which of the following Is the MOST likely solution?

A WAF to protect web traffic

User and entity behavior analytics

Requirements to change the local password

A gap analysis

Page 8 of 17

71. Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure.

Which of the must occur to ensure the integrity of the image?

The image must be password protected against changes.

A hash value of the image must be computed.

The disk containing the image must be placed in a seated container.

A duplicate copy of the image must be maintained

72. A security engineer needs to recommend a solution that will meet the following requirements:

Identify sensitive data in the provider’s network

Maintain compliance with company and regulatory guidelines

Detect and respond to insider threats, privileged user threats, and compromised accounts Enforce datacentric security, such as encryption, tokenization, and access control

Which of the following solutions should the security engineer recommend to address these requirements?

WAF

CASB

SWG

DLP

73. A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements: https://i.postimg.cc/8P9sB3zx/image.png

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

TPM

Local secure password file

MFA

Key vault

74. A vulnerability scanner detected an obsolete version of an open-source file-sharing application on one of a company’s Linux servers. While the software version is no longer supported by the OSS community, the company’s Linux vendor backported fixes, applied them for all current vulnerabilities, and agrees to support the software in the future.

Based on this agreement, this finding is BEST categorized as a:

true positive.

true negative.

false positive.

false negative.

75. A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative, the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online.

Which of the following be the FIRST step taken by the team?

Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.

Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.

Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.

76. A company wants to improve the security of its web applications that are running on in-house servers A risk assessment has been performed and the following capabilities are desired:

• Terminate SSL connections at a central location

• Manage both authentication and authorization for incoming and outgoing web service calls

• Advertise the web service API

• Implement DLP and anti-malware features

Which of the following technologies will be the BEST option?

WAF

XML gateway

ESB gateway

API gateway

77. A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company’s website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option.

Which of the following is the BEST solution for this company?

Community cloud service model

Multinency SaaS

Single-tenancy SaaS

On-premises cloud service model

78. A security team is concerned with attacks that are taking advantage of return-oriented programming against the company's public-facing applications.

Which of the following should the company implement on the public-facing servers?

IDS

ASLR

TPM

HSM

79. A financial institution generates a list of newly created accounts and sensitive information on a daily basis. The financial institution then sends out a file containing thousands of lines of data.

Which of the following would be the best way to reduce the risk of a malicious insider making changes to the file that could go undetected?

Write a SIEM rule that generates a critical alert when files are created on the application server.

Implement a FIM that automatically generates alerts when the file is accessed by IP addresses that are not associated with the application.

Create a script that compares the size of the file on an hourly basis and generates alerts when changes are identified.

Tune the rules on the host-based IDS for the application server to trigger automated alerts when the application server is accessed from the internet.

80. A cyberanalyst has been tasked with recovering PDF files from a provided image file.

Which of the following is the best file-carving tool for PDF recovery?

objdump

Strings

Foremost

Page 9 of 17

81. A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM an downloaded the image to a secured USB drive to share with the government.

Which of the following should be taken into consideration during the process of releasing the drive to the government?

Encryption in transit

Legal issues

Chain of custody

Order of volatility

Key exchange

82. A development team needs terminal access to preproduction servers to verify settings and enter purchased license keys.

To address the team’s needs, the security administrator implements the following requirements:

• Only trusted accounts can access the preproduction servers.

• Developers cannot access the preproduction servers directly from their workstations.

• The trusted accounts should only have access to specific preproduction servers.

Which of the following are necessary to fulfill the security requirements? (Select two).

SSL VPN

NAT gateway

Air gap

WAF

Jump box

Network ACLs

83. A security analyst discovered that the company's WAF was not properly configured.

The main web server was breached, and the following payload was found in one of the malicious requests:

Which of the following would BEST mitigate this vulnerability?

Network intrusion prevention

Data encoding

Input validation

CAPTCHA

84. A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information.

Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?

Hybrid IaaS solution in a single-tenancy cloud

Pass solution in a multinency cloud

SaaS solution in a community cloud

Private SaaS solution in a single tenancy cloud.

85. A security administrator wants to enable a feature that would prevent a compromised encryption key from being used to decrypt all the VPN traffic.

Which of the following should the security administrator use?

Salsa20 cipher

TLS-based VPN

PKI-based IKE IPSec negotiation

Perfect forward secrecy

86. A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.

Which of the following encryption methods should the cloud security engineer select during the implementation phase?

Instance-based

Storage-based

Proxy-based

Array controller-based

87. The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually.

Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?

Black-box testing

Gray-box testing

Red-team hunting

White-box testing

Blue-learn exercises

88. A security analyst at a global financial firm was reviewing the design of a cloud-based system to identify opportunities to improve the security of the architecture. The system was recently involved in a data breach after a vulnerability was exploited within a virtual machine's operating system. The analyst observed the VPC in which the system was located was not peered with the security VPC that contained the centralized vulnerability scanner due to the cloud provider's limitations.

Which of the following is the BEST course of action to help prevent this situation m the near future?

Establish cross-account trusts to connect all VPCs via API for secure configuration scanning.

Migrate the system to another larger, top-tier cloud provider and leverage the additional VPC peering flexibility.

Implement a centralized network gateway to bridge network traffic between all VPCs.

Enable VPC traffic mirroring for all VPCs and aggregate the data for threat detection.

89. A security analyst is validating the MAC policy on a set of Android devices. The policy was written to ensure non-critical applications are unable to access certain resources.

When reviewing dmesg, the analyst notes many entries such as:

Despite the deny message, this action was still permit following is the MOST likely fix for this issue?

Add the objects of concern to the default context.

Set the devices to enforcing

Create separate domain and context files for irc.

Rebuild the policy, reinstall, and test.

90. An organization is assessing the security posture of a new SaaS CRM system that handles sensitive Pll and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards.

The assessment identifies the following:

1- There will be a $20,000 per day revenue loss for each day the system is delayed going into production.

2- The inherent risk is high.

3- The residual risk is low.

4- There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization's requirements?

Apply for a security exemption, as the risk is too high to accept.

Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.

Accept the risk, as compensating controls have been implemented to manage the risk.

Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.

Page 10 of 17

91. A Chief Information Officer is considering migrating all company data to the cloud to save money on expensive SAN storage.

Which of the following is a security concern that will MOST likely need to be addressed during migration?

Latency

Data exposure

Data loss

Data dispersion

92. A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information especially regarding configuration settings.

Which of the following scan types will provide the systems administrator with the MOST accurate information?

A passive, credentialed scan

A passive, non-credentialed scan

An active, non-credentialed scan

An active, credentialed scan

93. An organization wants to implement an access control system based on its data classification policy that includes the following data types:

Confidential

Restricted

Internal

Public

The access control system should support SSO federation to map users into groups. Each group should only access systems that process and store data at the classification assigned to the group.

Which of the following should the organization implement to enforce its requirements with minimal impact to systems and resources?

A tagging strategy in which all resources are assigned a tag based on the data classification type, and a system that enforces attribute-based access control.

Role-based access control that maps data types to internal roles, which are defined in the human resources department's source of truth system.

Network microsegmentation based on data types, and a network access control system enforcing mandatory access control based on the user principal.

A rule-based access control strategy enforced by the SSO system with rules managed by the internal LDAP and applied on a per-system basis.

94. A security architect is reviewing the following organizational specifications for a new application:

• Be sessionless and API-based

• Accept uploaded documents with Pll, so all storage must be ephemeral

• Be able to scale on-demand across multiple nodes

• Restrict all network access except for the TLS port

Which of the following ways should the architect recommend the application be deployed in order to meet security and organizational infrastructure requirements?

Utilizing the cloud container service

On server instances with autoscaling groups

Using scripted delivery

With a content delivery network

95. A Chief Information Security Officer is concerned about the condition of the code security being used for web applications. It is important to get the review right the first time, and the company is willing to use a tool that will allow developers to validate code as it is written.

Which of the following methods should the company use?

SAST

DAST

Fuzz testing

Intercepting proxy

96. A healthcare system recently suffered from a ransomware incident As a result the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits and had open RDP access to servers with personal health information.

As the consultant builds the remediation plan, which of the following solutions would BEST solve these challenges? (Select THREE).

SD-WAN

PAM

Remote access VPN

MFA

Network segmentation

BGP

NAC

97. A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.

Which of the following sources could the architect consult to address this security concern?

SDLC

OVAL

IEEE

OWASP

98. A security researcher identified the following messages while testing a web application:

Which of the following should the researcher recommend to remediate the issue?

Software composition analysis

Packet inspection

Proper error handling

Elimination of the use of unsafe functions

99. A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.

Which of the following offers an authoritative decision about whether the evidence was obtained legally?

Lawyers

Court

Upper management team

Police

100. A security analyst notices a number of SIEM events that show the following activity:

Which of the following response actions should the analyst take FIRST?

Disable powershell.exe on all Microsoft Windows endpoints.

Restart Microsoft Windows Defender.

Configure the forward proxy to block 40.90.23.154.

Disable local administrator privileges on the endpoints.

Page 11 of 17

101. The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified.

Which of the following should the incident response team perform to understand the crash and prevent it in the future?

Root cause analysis

Continuity of operations plan

After-action report

Lessons learned

102. An organization is in frequent litigation and has a large number of legal holds.

Which of the following types of functionality should the organization's new email system provide?

DLP

Encryption

E-discovery

Privacy-level agreements

103. An analyst determined that the current process for manually handling phishing attacks within the company is ineffective. The analyst is developing a new process to ensure phishing attempts are handled internally in an appropriate and timely manner. One of the analyst's requirements is that a blocklist be updated automatically when phishing attempts are identified.

Which of the following would help satisfy this requirement?

SOAR

MSSP

Containerization

Virtualization

MDR deployment

104. As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.

Which of the following BEST describes this kind of risk response?

Risk rejection

Risk mitigation

Risk transference

Risk avoidance

105. A security administrator has been provided with three separate certificates and is trying to organize them into a single chain of trust to deploy on a website.

Given the following certificate properties:

Which of the following are true about the PKI hierarchy? (Select two).

www.budgetcert.com.is the top-level C

www.budgetcert.com. is an intermediate C

SuperTrust RSA 2018 is the top-level C

SuperTrust RSA 2018 is an intermediate C

BudgetCert is the top-level CA

BudgetCert is an intermediate C

106. An accounting team member received a voicemail message from someone who sounded like the Chief Financial Officer (CFO). In the voicemail message, the caller requested a wire transfer to a bank account the organization had not used before.

Which of the following best describes this type of attack?

The attacker used deepfake technology to simulate the CFO's voice.

The CFO tried to commit a form of embezzlement.

The attacker used caller ID spoofing to imitate the CFO's internal phone extension.

The attacker successfully phished someone in the accounts payable department.

107. A company’s product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company’s reputation in the market.

Which of the following should the company implement to address the risk of system unavailability?

User and entity behavior analytics

Redundant reporting systems

A self-healing system

Application controls

108. A SOC analyst received an alert about a potential compromise and is reviewing the following SIEM logs:

Which of the following is the most appropriate action for the SOC analyst to recommend?

Disabling account JDoe to prevent further lateral movement

Isolating laptop314 from the network

Alerting JDoe about the potential account compromise

Creating HIPS and NIPS rules to prevent logins

109. A Chief Information Security Officer (CISO) is concerned that a company's current data disposal procedures could result in data remanence. The company uses only SSDs.

Which of the following would be the MOST secure way to dispose of the SSDs given the CISO's concern?

Degaussing

Overwiting

Shredding

Formatting

Incinerating

110. A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack.

A security analyst is reviewing the following web server configuration:

Which of the following ciphers should the security analyst remove to support the business requirements?

TLS_AES_128_CCM_8_SHA256

TLS_DHE_DSS_WITH_RC4_128_SHA

TLS_CHACHA20_POLY1305_SHA256

TLS_AES_128_GCM_SHA256

Page 12 of 17

111. A security analyst is reviewing the following output from a vulnerability scan from an organization's internet-facing web services:

Which of the following indicates a susceptibility whereby an attacker can take advantage of the trust relationship between the client and the server?

Line 06

Line 10

Line 13

Line 17

112. A security engineer is reviewing metrics for a series of bug bounty reports. The engineer finds systematic cross-site scripting issues and unresolved previous findings.

Which of the following is the best solution to address the issue?

Implementing a third-party API management solution with input filtering

Leveraging middleware to handle integrations in the application

Introducing secure coding training focused on common issues

Ensuring functional checks are performed in the software development pipeline

Configuring a software composition analysis tool to look for issues

113. A security analyst is reviewing a new IOC in which data is injected into an online process.

The IOC shows the data injection could happen in the following ways:

• Five numerical digits followed by a dash, followed by four numerical digits; or

• Five numerical digits

When one of these IOCs is identified, the online process stops working.

Which of the following regular expressions should be implemented in the NIPS?

^d{4}(-d{5})?$

^d{5}(-d{4})?$

^d{5-4}$

^d{9}$

114. A regulated company is in the process of refreshing its entire infrastructure. The company has a business-critical process running on an old 2008 Windows server.

If this server fails, the company would lose millions of dollars in revenue.

Which of the following actions should the company take?

Accept the risk as the cost of doing business.

Create an organizational risk register for project prioritization.

Implement network compensating controls.

Purchase insurance to offset the cost if a failure occurred.

115. During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. upon rebooting the machine, a malicious script that was running as a background process was no longer present. As a result, potentially useful evidence was lost.

Which of the following should the security analyst have followed?

Order of volatility

Chain of custody

Verification

Secure storage

116. An organization's finance system was recently attacked. A forensic analyst is reviewing the contents Of the compromised files for credit card data.

Which of the following commands should the analyst run to BEST determine whether financial data was lost?

Option A

Option B

Option C

Option D

117. A security engineer is reviewing Apache web server logs and has identified the following pattern in the log:

GET https://example.com/image5/../../etc/passwd HTTP/1.1 200 OK

The engineer has also reviewed IDS and firewall logs and established a correlation to an external IP

address.

Which of the following can be determined regarding the vulnerability and response?

A cross-site scripting attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to REST AP

A cross-site request forgery attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to HTTP POST commands.

A directory traversal attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to the filesystem.

A brute-force authentication attempt was successful, and the system should implement salting as part of the password hashing algorithm.

118. A web service provider has just taken on a very large contract that comes with requirements that are currently not being implemented in order to meet contractual requirements, the company must achieve the following thresholds

• 99 99% uptime

• Load time in 3 seconds

• Response time = <1 0 seconds

Starting with the computing environment, which of the following should a security engineer recommend to BEST meet the requirements? (Select THREE)

Installing a firewall at corporate headquarters

Deploying a content delivery network

Implementing server clusters

Employing bare-metal loading of applications

Lowering storage input/output

Implementing RAID on the backup servers

Utilizing redundant power for all developer workstations

Ensuring technological diversity on critical servers

119. A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server.

Which of the following steps should the administrator take NEXT?

Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2.

Take an MD5 hash of the server.

Delete all PHI from the network until the legal department is consulted.

Consult the legal department to determine the legal requirements.

120. A company would like to move its payment card data to a cloud provider.

Which of the following solutions will best protect account numbers from unauthorized disclosure?

Storing the data in an encoded file

Implementing database encryption at rest

Only storing tokenized card data

Implementing data field masking

Page 13 of 17

121. An organization is designing a network architecture that must meet the following requirements:

Users will only be able to access predefined services.

Each user will have a unique allow list defined for access.

The system will construct one-to-one subject/object access paths dynamically.

Which of the following architectural designs should the organization use to meet these requirements?

Peer-to-peer secure communications enabled by mobile applications

Proxied application data connections enabled by API gateways

Microsegmentation enabled by software-defined networking

VLANs enabled by network infrastructure devices

122. A company Is adopting a new artificial-intelligence-based analytics SaaS solution. This Is the company's first attempt at using a SaaS solution, and a security architect has been asked to determine any future risks.

Which of the following would be the GREATEST risk In adopting this solution?

The inability to assign access controls to comply with company policy

The inability to require the service provider process data in a specific country

The inability to obtain company data when migrating to another service

The inability to conduct security assessments against a service provider

123. An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors.

Which of the following categories BEST describes this type of vendor risk?

SDLC attack

Side-load attack

Remote code signing

Supply chain attack

124. An multinational organization was hacked, and the incident response team's timely action prevented a major disaster Following the event, the team created an after action report.

Which of the following is the primary goal of an after action review?

To gather evidence for subsequent legal action

To determine the identity of the attacker

To identify ways to improve the response process

To create a plan of action and milestones

125. The management team at a company with a large, aging server environment is conducting a server risk assessment in order to create a replacement strategy. The replacement strategy will be based upon the likelihood a server will fail, regardless of the criticality of the application running on a particular server.

Which of the following should be used to prioritize the server replacements?

SLE

MTTR

TCO

MTBF

MSA

126. A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP.

Block is an except of output from the troubleshooting session:

Which of the following BEST explains why secure LDAP is not working? (Select TWO.)

The clients may not trust idapt by default.

The secure LDAP service is not started, so no connections can be made.

Danvills.com is under a DDoS-inator attack and cannot respond to OCSP requests.

Secure LDAP should be running on UDP rather than TC

The company is using the wrong port. It should be using port 389 for secure LDA

Secure LDAP does not support wildcard certificates.

The clients may not trust Chicago by default.

127. A cloud security architect has been tasked with selecting the appropriate solution given the following:

* The solution must allow the lowest RTO possible.

* The solution must have the least shared responsibility possible.

« Patching should be a responsibility of the CSP.

Which of the following solutions can BEST fulfill the requirements?

Paas

laas

Private

Saas

128. A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company’s Chief Financial Officer loses a phone multiple times a year.

Which of the following will MOST likely secure the data on the lost device?

Require a VPN to be active to access company data.

Set up different profiles based on the person’s risk.

Remotely wipe the device.

Require MFA to access company applications.

129. An application security engineer is performing a vulnerability assessment against a new web application that uses SAML. The engineer wants to identify potential authentication issues within the application.

Which of the following methods would be most appropriate for the engineer to perform?

Fuzz testing

Static analysis

Side-channel analysis

Dynamic analysis

130. The solution must ensure the application is not susceptible to memory leaks.

Which of the following should be implemented to meet these requirements? (Select two).

Side-channel analysis

Protocol scanner

HTTP interceptor

DAST

Fuzz testing

SAST

SCAP

Page 14 of 17

131. An organization has a secure manufacturing facility that is approximately 10mi (16km) away from its corporate headquarters. The organization's management team is concerned about being able to track personnel who utilize the facility.

Which of the following would best help to prevent staff from being tracked?

Ensuring that all staff use covered parking so they cannot be seen from outside the perimeter.

Configuring geofencing to disable mobile devices and wearable devices near the secure facility.

Constructing a tunnel between headquarters and the facility to allow more secure access.

Enforcing physical security controls like access control vestibules and appropriate fencing.

132. A company is migrating its data center to the cloud. Some hosts had been previously isolated, but a risk assessment convinced the engineering team to reintegrate the systems. Because the systems were isolated, the risk associated with vulnerabilities was low.

Which of the following should the security team recommend be performed before migrating these servers to the cloud?

Performing patching and hardening

Deploying host and network IDS

Implementing least functionality and time-based access

Creating a honeypot and adding decoy files

133. An organization has an operational requirement with a specific equipment vendor The organization is located in the United States, but the vendor is located in another region.

Which of the following risks would be most concerning to the organization in the event of equipment failure?

Support may not be available during all business hours

The organization requires authorized vendor specialists.

Each region has different regulatory frameworks to follow

Shipping delays could cost the organization money

134. A PKI engineer is defining certificate templates for an organization's CA and would like to ensure at least two of the possible SAN certificate extension fields populate for documentation purposes.

Which of the following are explicit options within this extension? (Select two).

Type

OCSP responder

Registration authority

Common Name

DNS name

135. The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the ICS network.

A controller was restarted as part of the troubleshooting process, and the following issue was identified when the controller was restarted:

During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum.

Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique?

Evasion

Persistence

Collection

Lateral movement

136. An administrator completed remediation for all the findings of a penetration test and notifies the management team that the systems are ready to be placed back into production.

Which of the following steps should the management team require the analyst to perform immediately before placing the systems back into production?

Rescan for corrections/changes.

Conduct the entire penetration test again.

Harden the targeted systems.

Ensure a host-based IPS is in place.

137. An analyst is working to address a potential compromise of a corporate endpoint and discovers the attacker accessed a user’s credentials. However, it is unclear if the system baseline was modified to achieve persistence.

Which of the following would most likely support forensic activities in this scenario?

Side-channel analysis

Bit-level disk duplication

Software composition analysis

SCAP scanner

138. Which of the following controls primarily detects abuse of privilege but does not prevent it?

Off-boarding

Separation of duties

Least privilege

Job rotation

139. A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download

email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users are able to download emails correctly by using IMAP instead.

The network comprises three VLANs:

The security engineer looks at the UTM firewall rules and finds the following:

Which of the following should the security engineer do to ensure IMAPS functions properly on the corporate user network?

Contact the email service provider and ask if the company IP is blocked.

Confirm the email server certificate is installed on the corporate computers.

Make sure the UTM certificate is imported on the corporate computers.

Create an IMAPS firewall rule to ensure email is allowed.

140. A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability.

Which of the following would BEST resolve and mitigate the issue? (Select TWO).

Deploying a WAF signature

Fixing the PHP code

Changing the web server from HTTPS to HTTP

UsingSSLv3

Changing the code from PHP to ColdFusion

Updating the OpenSSL library

Page 15 of 17

141. A recent security assessment generated a recommendation to transition Wi-Fi to WPA2/WPA3 Enterprise requiring EAP-TLS.

Which of the following conditions must be met for the organization's mobile devices to be able to successfully join the corporate wireless network?

Client computer

509 certificates have been installed.

Supplicants are configured to provide a 64-bit authenticator.

A hardware TOTP token has been issued to mobile users.

The device's IPSec configuration matches the VPN concentrator.

142. A company recently acquired a SaaS provider and needs to integrate its platform into the company's existing infrastructure without impact to the customer's experience. The SaaS provider does not have a mature security program A recent vulnerability scan of the SaaS provider's systems shows multiple critical vulnerabilities attributed to very old and outdated Oss.

Which of the following solutions would prevent these vulnerabilities from being introduced into the company's existing infrastructure?

Segment the systems to reduce the attack surface if an attack occurs

Migrate the services to new systems with a supported and patched O

Patch the systems to the latest versions of the existing OSs

Install anti-malware. HIPS, and host-based firewalls on each of the systems

143. A security engineer is creating a single CSR for the following web server hostnames:

• wwwint internal

• www company com

• home.internal

• www internal

Which of the following would meet the requirement?

SAN

CRL

Issuer

144. In order to authenticate employees who, call in remotely, a company's help desk staff must be able to view partial Information about employees because the full information may be considered sensitive.

Which of the following solutions should be implemented to authenticate employees?

Data scrubbing

Field masking

Encryption in transit

Metadata

145. A technology company developed an in-house chat application that is used only by developers. An open-source library within the application has been deprecated.

The facts below are provided:

The cost of replacing this system is nominal.

The system provides no revenue to the business.

The system is not a critical part of the business.

Which of the following is the best risk mitigation strategy?

Transfer the risk, since developers prefer using this chat application over alternatives.

Accept the risk, since any system disruption will only impact developers.

Avoid the risk by shutting down this application and migrating to another chat platform.

Mitigate the risk by purchasing an EDR and configuring network ACLs.

146. A mobile administrator is reviewing the following mobile device DHCP logs to ensure the proper mobile settings are applied to managed devices:

Which of the following mobile configuration settings is the mobile administrator verifying?

Service set identifier authentication

Wireless network auto joining

802.1X with mutual authentication

Association MAC address randomization

147. To bring digital evidence in a court of law the evidence must be:

material

tangible

consistent

conserved

148. The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.

Which of the following testing methods would be BEST for the engineer to utilize in this situation?

Software composition analysis

Code obfuscation

Static analysis

Dynamic analysis

149. A company is preparing to deploy a global service.

Which of the following must the company do to ensure GDPR compliance? (Choose two.)

Inform users regarding what data is stored.

Provide opt-in/out for marketing messages.

Provide data deletion capabilities.

Provide optional data encryption.

Grant data access to third parties.

Provide alternative authentication techniques.

150. An auditor needs to scan documents at rest for sensitive text. These documents contain both text and Images.

Which of the following software functionalities must be enabled in the DLP solution for the auditor to be able to fully read these documents? (Select TWO).

Document interpolation

Regular expression pattern matching

Optical character recognition functionality

Baseline image matching

Advanced rasterization

Watermarking

Page 16 of 17

151. hgQ43jsu23Ly.com

Which of the following should the analyst do next?

Check for data exfiltration.

Reconfigure the server's DNS settings.

Browse for a website on the requested domain.

Add the host names to a block list.

152. Which of the following should an organization implement to prevent unauthorized API key sharing?

OTP

Encryption

API gateway

HSM

153. An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to-back firewalls separating the corporate and OT systems.

Which of the following is the MOST likely security consequence of this attack?

A turbine would overheat and cause physical harm.

The engineers would need to go to the historian.

The SCADA equipment could not be maintained.

Data would be exfiltrated through the data diodes.

154. A recent audit discovered that multiple employees had been using their badges to walk through the secured data center to get to the employee break room. Most of the employees were given access during a previous project, but the access was not removed in a timely manner when the project was complete.

Which of the following would reduce the likelihood of this scenario occurring again?

Create an automated quarterly attestation process that requires management approval for data center access and removes unapproved access.

Require all employees to sign an AUP that prohibits accessing the data center without an active service ticket number.

Remove all access to the data center badge readers and only re-add employees with a valid business purpose for entering the floor.

Implement time-of-day restrictions on the data center badge readers and create automated alerts for unapproved swipe attempts.

155. A company has decided that only administrators are permitted to use PowerShell on their Windows computers.

Which of the following is the BEST way for an administrator to implement this decision?

Monitor the Application and Services Logs group within Windows Event Log.

Uninstall PowerSheII from all workstations.

Configure user settings in Group Policy.

Provide user education and training.

Block PowerSheII via HID

156. A security architect discovers the following while reviewing code for a company’s website:

selection = "SELECT Item FROM Catalog WHERE ItemID * " & Request("ItemID”)

Which of the following should the security architect recommend?

Client-side processing

Query parameterization

Data normalization

Escape character blocking

URL encoding

157. A security administrator configured the account policies per security implementation guidelines.

However, the accounts still appear to be susceptible to brute-force attacks.

The following settings meet the existing compliance guidelines:

Must have a minimum of 15 characters

Must use one number

Must use one capital letter

Must not be one of the last 12 passwords used

Which of the following policies should be added to provide additional security?

Shared accounts

Password complexity

Account lockout

Password history

Time-based logins

158. An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them.

Which of the following is the BEST design option to optimize security?

Limit access to the system using a jump box.

Place the new system and legacy system on separate VLANs

Deploy the legacy application on an air-gapped system.

Implement MFA to access the legacy system.

159. After a security incident, a network security engineer discovers that a portion of the company’s sensitive external traffic has been redirected through a secondary ISP that is not normally used.

Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

Disable BGP and implement a single static route for each internal network.

Implement a BGP route reflector.

Implement an inbound BGP prefix list.

Disable BGP and implement OSP

160. An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server.

Attempts to reproduce the error are confirmed, and clients are reporting the following:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Which of the following is MOST likely the root cause?

The client application is testing PF

The client application is configured to use ECDH

The client application is configured to use RC4.

The client application is configured to use AES-256 in GC

Page 17 of 17

161. An IT department is currently working to implement an enterprise DLP solution. Due diligence and best practices must be followed in regard to mitigating risk.

Which of the following ensures that authorized modifications are well planned and executed?

Risk management

Network management

Configuration management

Change management

162. A company’s Chief Information Security Officer is concerned that the company’s proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC.

Which of the following compensating controls would be BEST to implement in this situation?

EDR

SIEM

HIDS

UEBA

163. Topic 3, Exam Pool C

A software company is developing an application in which data must be encrypted with a cipher that requires the following:

* Initialization vector

* Low latency

* Suitable for streaming

Which of the following ciphers should the company use?

Cipher feedback

Cipher block chaining message authentication code

Cipher block chaining

Electronic codebook

164. In a shared responsibility model for PaaS, which of the following is a customer's responsibility?

Network security

Physical security

OS security

Host infrastructure

165. An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.

Which of the following historian server locations will allow the business to get the required reports in an ОТ and IT environment?

In the ОТ environment, use a VPN from the IT environment into the ОТ environment.

In the ОТ environment, allow IT traffic into the ОТ environment.

In the IT environment, allow PLCs to send data from the ОТ environment to the IT environment.

Use a screened subnet between the ОТ and IT environments.

166. A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.

Which of the following would be BEST to proceed with the transformation?

An on-premises solution as a backup

A load balancer with a round-robin configuration

A multicloud provider solution

An active-active solution within the same tenant

TAGS:

CAS-004, CAS-004 exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Get CAS-004 Dumps Full Version

Q&As: 553
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

Improve Your Knowledge with CAS-004 Exam Dumps

Related

Posts

CAS-005 Dumps Questions Increase Your Chance of Success

Valid PT0-003 Exam Dumps are Your best Choice to Pass

Prepare N10-009 Exam with Using N10-009 Dump Questions

Online XK0-005 Exam Dumps Help You Build Confidence

About Us

EMAIL

Services

Opening Hours