Get Updated CAS-003 Dumps To Pass CompTIA Advanced Security Practitioner (CASP+) Certification

1. A new database application was added to a company’s hosted VM environment. Firewall ACLs were modified to allow database users to access the server remotely. The company’s cloud security broker then identified abnormal from a database user on-site. Upon further investigation, the security team noticed the user ran code on a VM that provided access to the hypervisor directly and access to other sensitive data.

Which of the following should the security do to help mitigate future attacks within the VM environment? (Choose two.)

2. A developer needs to provide feedback on a peer’s work during the SDLC. While reviewing the code changes, the developers session ID tokens for a web application will be transmitted over an unsecure connection .

Which of the following code snippets should the developer recommend implement to correct the vulnerability?

A)

B)

C)

D)

3. Ann, a terminated employee, left personal photos on a company-issued laptop and no longer has access to them. Ann emails her previous manager and asks to get her personal photos back .

Which of the following BEST describes how the manager should respond?

4. A penetration test is being scoped for a set of web services with API endpoints. The APIs will be hosted on existing web application servers. Some of the new APIs will be available

to unauthenticated users, but some will only be available to authenticated users .

Which of the following tools or activities would the penetration tester MOST likely use or do during the engagement? (Select TWO.)

5. A systems administrator receives an advisory email that a recently discovered exploit is being used in another country and the financial institutions have ceased operations while they find a way to respond to the attack .

Which of the following BEST describes where the administrator should look to find information on the attack to determine if a response must be prepared for the systems? (Choose two.)

6. Which of the following is the GREATEST security concern with respect to BYOD?

7. A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline.

Which of the following tools should be implemented to detect similar attacks?

8. A system administrator recently conducted a vulnerability scan of the internet. Subsequently, the organization was successfully attacked by an adversary .

Which of the following in the MOST likely explanation for why the organization network was compromised?

9. A network printer needs Internet access to function. Corporate policy states all devices allowed on the network must be authenticated .

Which of the following is the MOST secure method to allow the printer on the network without violating policy?

10. Several days after deploying an MDM for smartphone control, an organization began noticing anomalous behavior across the enterprise Security analysts observed the following:

• Unauthorized certificate issuance

• Access to mutually authenticated resources utilizing valid but unauthorized certificates

• Granted access to internal resources via the SSL VPN

To address the immediate problem security analysts revoked the erroneous certificates .

Which of the following describes the MOST likely root cause of the problem and offers a solution?

11. A Chief Information Security Officer (CISO) has created a survey that will be distributed to managers of mission-critical functions across the organization. The survey requires the managers to determine how long their respective units can operate in the event of an extended IT outage before the organization suffers monetary losses from the outage To which of the following is the survey question related? (Select TWO)

12. A manufacturing company's security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently proposed some techniques to reduce the attack surface of the ICS to the Chief Information Security Officer (CISO) .

Which of the following would BEST track the reductions to show the CISO the engineer's plan is successful during each phase?

13. A project manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor’s cloud-based infrastructure. The organization will maintain responsibility for the software but will not manage the underlying server applications .

Which of the following does the organization plan to leverage?

14. During a security event investigation, a junior analyst fails to create an image of a server’s hard drive before removing the drive and sending it to the forensics analyst. Later, the evidence from the analysis is not usable in the prosecution of the attackers due to the uncertainty of tampering .

Which of the following should the junior analyst have followed?

15. A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing .

Which of the following should the CISO read and understand before writing the policies?

16. A security is testing a server finds the following in the output of a vulnerability scan:

Which of the following will the security analyst most likely use NEXT to explore this further?

17. The Chief Information Security Officer (CISO) of a company that has highly sensitive corporate locations wants its security engineers to find a solution to growing concerns regarding mobile devices.

The CISO mandates the following requirements:

• The devices must be owned by the company for legal purposes.

• The device must be as fully functional as possible when off site.

• Corporate email must be maintained separately from personal email

• Employees must be able to install their own applications.

Which of the following will BEST meet the CISO's mandate? (Select TWO).

18. Following a complete outage of the electronic medical record system for more than 18 hours, the hospital’s Chief Executive Officer (CEO) has requested that the Chief Information Security Officer (CISO) perform an investigation into the possibility of a disgruntled employee causing the outage maliciously. To begin the investigation, the CISO pulls all event logs and device configurations from the time of the outage. The CISO immediately notices the configuration of a top-of-rack switch from one day prior to the outage does not match the configuration that was in place at the time of the outage. However, none of the event logs show who changed the switch configuration, and seven people have the ability to change it. Because of this, the investigation is inconclusive.

Which of the following processes should be implemented to ensure this information is available for future investigations?

19. A security administrator wants to implement two-factor authentication for network switches and routers. The solution should integrate with the company’s RADIUS server, which is used for authentication to the network infrastructure devices.

The security administrator implements the following:

✑ An HOTP service is installed on the RADIUS server.

✑ . The RADIUS server is configured to require the HOTP service for authentication.

The configuration is successfully tested using a software supplicant and enforced across all network devices. Network administrators report they are unable to log onto the network devices because they are not being prompted for the second factor.

Which of the following should be implemented to BEST resolve the issue?

20. A new corporate policy requires that all employees have access to corporate resources on personal mobile devices. The information assurance manager is concerned about the potential for inadvertent and malicious data disclosure if a device is lost, while users are concerned about corporate overreach .

Which of the following controls would address these concerns and should be reflected in the company's mobile device policy?

21. A company’s security policy states any remote connections must be validated using two forms of network-based authentication. It also states local administrative accounts should not be used for any remote access. PKI currently is not configured within the network. RSA tokens have been provided to all employees, as well as a mobile application that can be used for 2FA authentication. A new NGFW has been installed within the network to provide security for external connections, and the company has decided to use it for VPN connections as well .

Which of the following should be configured? (Choose two.)

22. Staff members are reporting an unusual number of device thefts associated with time out of the office. Thefts increased soon after the company deployed a new social networking app .

Which of the following should the Chief Information Security Officer (CISO) recommend implementing?

23. After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees’ devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees’ devices into the network securely?

24. Following the most recent patch deployment, a security engineer receives reports that the ERP application is no longer accessible. The security engineer reviews the situation and determines a critical security patch that was applied to the ERP server is the cause. The patch is subsequently backed out.

Which of the following security controls would be BEST to implement to mitigate the threat caused by the missing patch?

25. An information security officer reviews a report and notices a steady increase in outbound network traffic over the past ten months. There is no clear explanation for the increase. The security officer interviews several business units and discovers an unsanctioned cloud storage provider was used to share marketing materials with potential customers .

Which of the following services would be BEST for the security officer to recommend to the company?

26. A security administrator is concerned about employees connecting their personal devices to the company network. Doing so is against company policy. The network does not have a NAC solution. The company uses a GPO that disables the firewall on all company-owned devices while they are connected to the internal network Additionally, all company-owned devices implement a standard naming convention that uses the device's serial number. The security administrator wants to identify active personal devices and write a custom script to disconnect them from the network.

Which of the following should the script use to BEST accomplish this task?

27. A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs.

The program has highlighted the following requirements:

✑ Long-lived sessions are required, as users do not log in very often.

✑ . The solution has multiple SPs, which include mobile and web applications.

✑ A centralized IdP is utilized for all customer digital channels.

✑ . The applications provide different functionality types such as forums and customer portals.

✑ . The user experience needs to be the same across both mobile and web-based applications.

Which of the following would BEST improve security while meeting these requirements?

28. A security administrator is confirming specific ports and IP addresses that are monitored by the IPS-IDS system as well as the firewall placement on the perimeter network between the company and a new business partner.

Which of the following business documents defines the parameters the security administrator must confirm?

29. A software company is releasing a new mobile application to a broad set of external customers. Because the software company is rapidly releasing new features, it has built in an over-the-air software update process that can automatically update the application at launch time .

Which of the following security controls should be recommended by the company’s security architect to protect the integrity of the update process? (Choose two.)

30. A project manager is working with a software development group to collect and evaluate user stories related to the organization’s internally designed CRM tool. After defining requirements, the project manager would like to validate the developer’s interpretation and understanding of the user’s request .

Which of the following would BEST support this objective?

31. A newly hired security analyst has joined an established SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concerned about it.

Which of the following is the MOST likely reason for the team lead’s position?

32. The government is concerned with remote military missions being negatively being impacted by the use of technology that may fail to protect operational security.

To remediate this concern, a number of solutions have been implemented, including the following:

✑ End-to-end encryption of all inbound and outbound communication, including personal email and chat sessions that allow soldiers to securely communicate with families.

✑ Layer 7 inspection and TCP/UDP port restriction, including firewall rules to only allow TCP port 80 and 443 and approved applications

✑ A host-based whitelist of approved websites and applications that only allow mission-related tools and sites

✑ . The use of satellite communication to include multiple proxy servers to scramble the source IP address

Which of the following is of MOST concern in this scenario?

33. Following a merger, the number of remote sites for a company has doubled to 52. The company has decided to secure each remote site with an NGFW to provide web filtering, NIDS/NIPS, and network antivirus. The Chief Information Officer (CIO) has requested that the security engineer provide recommendations on sizing for the firewall with the requirements that it be easy to manage and provide capacity for growth.

The tables below provide information on a subset of remote sites and the firewall options:

Which of the following would be the BEST option to recommend to the CIO?

34. A legacy web application, which is being used by a hospital, cannot be upgraded for 12 months. A new vulnerability is found in the legacy application, and the networking team is tasked with mitigation. Middleware for mitigation will cost $100,000 per year .

Which of the following must be calculated to determine ROI? (Choose two.)

35. A security analyst is comparing two virtual servers that were bum from the same image and patched at the same regular intervals Server A is used to host a public-facing website, and Server B runs accounting software inside the firewalled accounting network.

The analyst runs the same command and obtains the following output from Server A and Server B. respectively:

Which of the following will the analyst most likely use NEXT?

36. An administrator wants to ensure hard drives cannot be removed from hosts and men installed into and read by unauthorized hosts.

Which of the following techniques would BEST support this?

37. A government entity is developing requirements for an RFP to acquire a biometric authentication system.

When developing these requirements, which of the following considerations is MOST critical to the verification and validation of the SRTM?

38. The email administrator must reduce the number of phishing emails by utilizing more appropriate security controls.

The following configurations already are in place

• Keyword Mocking based on word lists

• URL rewriting and protection

• Stopping executable files from messages

Which of the following is the BEST configuration change for the administrator to make?

39. An organization wants to allow its employees to receive corporate email on their own smartphones.

A security analyst is reviewing the following information contained within the file system of an employee’s smartphone:

FamilyPix.jpg

Taxreturn.tax

paystub.pdf

employeesinfo.xls

SoccerSchedule.doc

RecruitmentPlan.xls

Based on the above findings, which of the following should the organization implement to prevent further exposure? (Select two).

40. A security technician is incorporating the following requirements in an RFP for a new SIEM:

✑ New security notifications must be dynamically implemented by the SIEM engine

✑ . The SIEM must be able to identify traffic baseline anomalies

✑ Anonymous attack data from all customers must augment attack detection and risk scoring

Based on the above requirements, which of the following should the SIEM support? (Choose two.)

41. CORRECT TEXT

You are a security analyst tasked with interpreting an Nmap scan output from Company A's privileged network.

The company's hardening guidelines indicate the following:

• There should be one primary server or service per device.

• Only default ports should be used.

• Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

For each device found, add a device entry to the Devices Discovered list, with the following information:

• The IP address of the device

• The primary server or service of the device

• The protocol(s) that should be disabled based on the hardening guidelines

42. The SOC has noticed an unusual volume of traffic coming from an open WiFi guest network that appears correlated with a broader network slowdown.

The network team is unavailable to capture traffic but logs from network services are available

• No users have authenticated recently through the guest network's captive portal

• DDoS mitigation systems are not alerting

• DNS resolver logs show some very long domain names

Which of the following is the BEST step for a security analyst to take next?

43. A SaaS-based email service provider often receives reports from legitimate customers that their IP netblocks are on blacklists and they cannot send email. The SaaS has confirmed that affected customers typically have IP addresses within broader network ranges and some abusive customers within the same IP ranges may have performed spam campaigns .

Which of the following actions should the SaaS provider perform to minimize legitimate customer impact?

44. The Chief Information Officer (CIO) wants to increase security and accessibility among the organization’s cloud SaaS applications. The applications are configured to use passwords, and two-factor authentication is not provided natively .

Which of the following would BEST address the CIO’s concerns?

45. Which of the following system would be at the GREATEST risk of compromise if found to have an open vulnerability associated with perfect ... secrecy?

46. A security engineer is working to secure an organization’s VMs. While reviewing the workflow for creating VMs on demand, the engineer raises a concern about the integrity of the secure boot process of the VM guest.

Which of the following would BEST address this concern?

47. During a criminal investigation, the prosecutor submitted the original hard drive from the suspect’s computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected .

Which of the following practices should the prosecutor’s forensics team have used to ensure the suspect’s data would be admissible as evidence? (Select TWO.)

48. An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions.

Which of the following types of information could be drawn from such participation?

49. An organization is considering the use of a thin client architecture as it moves to a cloud-hosted environment. A security analyst is asked to provide thoughts on the security advantages of using thin clients and virtual workstations .

Which of the following are security advantages of the use of this combination of thin clients and virtual workstations?

50. A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes .

Which of the following controls would BEST mitigate the identified vulnerability?

51. Following a recent and very large corporate merger, the number of log files an SOC needs to review has approximately tripled. The Chief Information Security Officer (CISO) has not been allowed to hire any more staff for the SOC, but is looking for other ways to automate the log review process so the SOC receives less noise .

Which of the following would BEST reduce log noise for the SOC?

52. A legal services company wants to ensure emails to clients maintain integrity in transit.

Which of the following would BEST meet this requirement? (Select TWO)

53. A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After invest the new vulnerability, it was determined that the web services providing are being impacted by this new threat .

Which of the following data types a MOST likely at risk of exposure based on this new threat? (Select TWO)

54. Two new technical SMB security settings have been enforced and have also become policies that increase secure communications.

Network Client: Digitally sign communication

Network Server: Digitally sign communication

A storage administrator in a remote location with a legacy storage array, which contains time-sensitive data, reports employees can no longer connect to their department shares .

Which of the following mitigation strategies should an information security manager recommend to the data owner?

55. A server (10.0.0.2) on the corporate network is experiencing a DoS from a number of marketing desktops that have been compromised and are connected to a separate network segment.

The security engineer implements the following configuration on the management router:

Which of the following is the engineer implementing?

56. A software development team has spent the last 18 months developing a new web-based front-end that will allow clients to check the status of their orders as they proceed through manufacturing. The marketing team schedules a launch party to present the new application to the client base in two weeks. Before the launch, the security team discovers numerous flaws that may introduce dangerous vulnerabilities, allowing direct access to a database used by manufacturing. The development team did not plan to remediate these vulnerabilities during development.

Which of the following SDLC best practices should the development team have followed?

57. A security analyst receives an email from a peer that includes a sample of code from a piece of malware found in an application running in the organization’s staging environment. During the incident response process, it is determined the code was introduced into the environment as a result of a compromised laptop being used to harvest credentials and access the organization’s code repository. While the laptop itself was not used to access the code repository, an attacker was able to leverage the harvested credentials from another system in the development environment to bypass the ACLs limiting access to the repositories .

Which of the following controls MOST likely would have interrupted the kill chain in this attack?

58. A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee’ PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address .

Which of the following is MOST likely the problem?

59. A company is implementing a new secure identity application, given the following requirements

• The cryptographic secrets used in the application must never be exposed to users or the OS

• The application must work on mobile devices.

• The application must work with the company's badge reader system

Which of the following mobile device specifications are required for this design? (Select TWO).

60. A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

61. A Chief Information Security Officer (CISO) is running a test to evaluate the security of the corporate network and attached devices .

Which of the following components should be executed by an outside vendor?

62. A video-game developer has received reports of players who are cheating. All game players each have five capabilities that are ranked on a scale of 1 to 10 points, with 10 total points available for balance. Players can move these points between capabilities at any time.

The programming logic is as follows:

• A player asks to move points from one capability to another

• The source capability must have enough points to allow the move

• The destination capability must not exceed 10 after the move

• The move from source capability to destination capability is then completed

The time stamps of the game logs show each step of the transfer process takes about 900ms However, the time stamps of the cheating players show capability transfers at the exact same time. The cheating players have 10 points in multiple capabilities .

Which of the following is MOST likely being exploited to allow these capability transfers?

63. A security administrator wants to allow external organizations to cryptographically validate the company’s domain name in email messages sent by employees .

Which of the following should the security administrator implement?

64. A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive analysis attacks.

Which of the following is the BEST solution?

65. An organization wants to arm its cybersecurity defensive suite automatically with intelligence on zero-day threats shortly after they emerge. Acquiring tools and services that support which of the following data standards would BEST enable the organization to meet this objective?

66. Designing a system in which only information that is essential for a particular job task is allowed to be viewed can be accomplished successfully by using:

67. A penetration testing manager is contributing to an RFP for the purchase of a new platform.

The manager has provided the following requirements:

✑ Must be able to MITM web-based protocols

✑ Must be able to find common misconfigurations and security holes

Which of the following types of testing should be included in the testing platform? (Choose two.)

68. A recent overview of the network’s security and storage applications reveals a large amount of data that needs to be isolated for security reasons.

Below are the critical applications and devices configured on the network:

✑ Firewall

✑ Core switches

✑ RM server

✑ Virtual environment

✑ NAC solution

The security manager also wants data from all critical applications to be aggregated to correlate events from multiple sources .

Which of the following must be configured in certain applications to help ensure data aggregation and data isolation are implemented on the critical applications and devices? (Select TWO).

69. A hospital uses a legacy electronic medical record system that requires multicast for traffic between the application servers and databases on virtual hosts that support segments of the application. Following a switch upgrade, the electronic medical record is unavailable despite physical connectivity between the hypervisor and the storage being in place. The network team must enable multicast traffic to restore access to the electronic medical record. The ISM states that the network team must reduce the footprint of multicast traffic on the network.

Using the above information, on which VLANs should multicast be enabled?

70. An internal application has been developed to increase the efficiency of an operational process of a global manufacturer. New code was implemented to fix a security bug, but it has caused operations to halt. The executive team has decided fixing the security bug is less important than continuing operations.

Which of the following would BEST support immediate rollback of the failed fix? (Choose two.)

71. Following the merger of two large companies the newly combined security team is overwhelmed by the volume of logs flowing from the IT systems. The company's data retention schedule complicates the issue by requiring detailed logs to be collected and available for months .

Which of the following designs BEST meets the company's security and retention requirement?

72. A core router was manipulated by a credentialed bypass to send all network traffic through a secondary router under the control of an unauthorized user connected to the network by WiFi.

Which of the following would BEST reduce the risk of this attack type occurring?

73. An organization is struggling to differentiate threats from normal traffic and access to systems. A security engineer has been asked to recommend a system that will aggregate data and provide metrics that will assist in identifying malicious actors or other anomalous activity throughout the environment .

Which of the following solutions should the engineer recommend?

74. A networking administrator was recently promoted to security administrator in an organization that handles highly sensitive data. The Chief Information Security Officer (CISO) has just asked for all IT security personnel to review a zero-day vulnerability and exploit for specific application servers to help mitigate the organization’s exposure to that risk .

Which of the following should the new security administrator review to gain more information? (Choose three.)

75. CORRECT TEXT

Compliance with company policy requires a quarterly review of firewall rules. You are asked to conduct a review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more secure.

Given the following information perform the tasks listed below:

Untrusted zone: 0.0.0.0/0

User zone: USR 10.1.1.0/24

User zone: USR2 10.1.2.0/24

DB zone: 10.1.4.0/24

Web application zone: 10.1.5.0/24

Management zone: 10.1.10.0/24

Web server: 10.1.5.50

MS-SQL server: 10.1.4.70

MGMT platform: 10.1.10.250

Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Task 1) A rule was added to prevent the management platform from accessing the internet.

This rule is not working. Identify the rule and correct this issue.

Task 2). The firewall must be configured so that the SQL server can only receive requests from the web server.

Task 3). The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.

Task 4) Ensure the final rule is an explicit deny.

Task 5) Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.

Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

76. A security analyst is reviewing an endpoint that was found to have a rookit installed. The rootkit survived multiple attempts to clean the endpoints, as well as an attempt to reinstall the QS. The security analyst needs to implement a method to prevent other endpoint from having similar issues .

Which of the following would BEST accomplish this objective?

77. A laptop is recovered a few days after it was stolen.

Which of the following should be verified during incident response activities to determine the possible impact of the incident?

78. An internal penetration tester was assessing a recruiting page for potential issues before it was pushed to the production website. The penetration tester discovers an issue that must be corrected before the page goes live. The web host administrator collects the log files below and gives them to the development team so improvements can be made to the security design of the website.

Which of the following types of attack vector did the penetration tester use?

79. A bank is initiating the process of acquiring another smaller bank.

Before negotiations happen between the organizations, which of the following business documents would be used as the FIRST step in the process?

80. A school contracts with a vendor to devise a solution that will enable the school library to lend out tablet computers to students while on site. The tablets must adhere to string security and privacy practices.

The school’s key requirements are to:

✑ Maintain privacy of students in case of loss

✑ Have a theft detection control in place

✑ Be compliant with defined disability requirements

✑ Have a four-hour minimum battery life

Which of the following should be configured to BEST meet the requirements? (Choose two.)

81. A security analyst has requested network engineers integrate sFlow into the SOC’s overall monitoring picture.

For this to be a useful addition to the monitoring capabilities, which of the following must be considered by the engineering team?

82. An organization is evaluating options related to moving organizational assets to a cloud-based environment using an IaaS provider. One engineer has suggested connecting a second cloud environment within the organization’s existing facilities to capitalize on available datacenter space and resources. Other project team members are concerned about such a commitment of organizational assets, and ask the Chief Security Officer (CSO) for input. The CSO explains that the project team should work with the engineer to evaluate the risks associated with using the datacenter to implement:

83. Click on the exhibit buttons to view the four messages.

A security architect is working with a project team to deliver an important service that stores and processes customer banking details. The project, internally known as ProjectX, is due to launch its first set of features publicly within a week, but the team has not been able to implement encryption-at-rest of the customer records. The security architect is drafting an escalation email to senior leadership.

Which of the following BEST conveys the business impact for senior leadership?

84. A Chief Information Securiy Officer (CISO) is reviewing technical documentation from various regional offices and notices some key differences between these groups. The CISO has not discovered any governance documentation. The CISO creates the following chart to visualize the differences among the networking used.

Which of the following would be the CISO’s MOST immediate concern?

85. As part of a systems modernization program, the use of a weak encryption algorithm is identified m a wet se-vices API. The client using the API is unable to upgrade the system on its end which would support the use of a secure algorithm set As a temporary workaround the client provides its IP space and the network administrator Limits access to the API via an ACL to only the IP space held by the client .

Which of the following is the use of the ACL in this situation an example of?

86. An organization is in the process of integrating its operational technology and information technology areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents.

The following observations have been identified:

✑ The ICS supplier has specified that any software installed will result in lack of support.

✑ There is no documented trust boundary defined between the SCADA and corporate networks.

✑ Operational technology staff have to manage the SCADA equipment via the engineering workstation.

✑ There is a lack of understanding of what is within the SCADA network.

Which of the following capabilities would BEST improve the security position?

87. A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP. Block is an except of output from the troubleshooting session:

Which of the following BEST explains why secure LDAP is not working? (Select TWO.)

88. An analyst is investigating behavior on a corporate-owned, corporate-managed mobile device with application whitelisting enabled, based on a name string. The employee to whom the device is assigned reports the approved email client is displaying warning messages that can launch browser windows and is adding unrecognized email addresses to the “compose” window.

Which of the following would provide the analyst the BEST chance of understanding and characterizing the malicious behavior?

89. A software development firm wants to validate the use of standard libraries as part of the software development process Each developer performs unit testing prior to committing changes to the code repository .

Which of the following activities would be BEST to perform after a commit but before the creation of a branch?

90. An engineer is assisting with the design of a new virtualized environment that will house critical company services and reduce the datacenter’s physical footprint. The company has expressed concern about the integrity of operating systems and wants to ensure a vulnerability exploited in one datacenter segment would not lead to the compromise of all others.

Which of the following design objectives should the engineer complete to BEST mitigate the company’s concerns? (Choose two.)

91. While conducting a BIA for a proposed acquisition, the IT integration team found that both companies outsource CRM services to competing and incompatible third-party cloud services. The decision has been made to bring the CRM service in-house, and the IT team has chosen a future solution. With which of the following should the Chief Information Security Officer (CISO) be MOST concerned? (Choose two.)

92. A company recently implemented a variety of security services to detect various types of traffic that pose a threat to the company.

The following services were enabled within the network:

• Scan of specific subsets for vulnerabilities

• Categorizing and logging of website traffic

• Enabling specific ACLs based on application traffic

• Sending suspicious files to a third-party site for validation

A report was sent to the security team that identified multiple incidents of users sharing large amounts of data from an on-premise server to a public site. A small percentage of that data also contained malware and spyware

Which of the following services MOST likely identified the behavior and sent the report?

93. An organization is facing budget constraints. The Chief Technology Officer (CTO) wants to add a new marketing platform but the organization does not have the resources to obtain separate servers to run the new platform. The CTO recommends running the new marketing platform on a virtualized video-conferencing server because video conferencing is rarely used. The Chief Information Security Officer (CISO) denies this request.

Which of the following BEST explains the reason why the CISO has not approved the request?

94. An organization is preparing to develop a business continuity plan. The organization is required to meet regulatory requirements relating to confidentiality and availability, which are well-defined. Management has expressed concern following initial meetings that the organization is not fully aware of the requirements associated with the regulations.

Which of the following would be MOST appropriate for the project manager to solicit additional resources for during this phase of the project?

95. A remote user reports the inability to authenticate to the VPN concentrator.

During troubleshooting, a security administrate captures an attempted authentication and discovers the following being presented by the user's VPN client:

Which of the following BEST describes the reason the user is unable to connect to the VPN service?

96. A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable.

Which of the following solutions BEST meets all of the architect’s objectives?

97. An organization is implementing a virtualized thin-client solution for normal user computing and access. During a review of the architecture, concerns were raised that an attacker could gain access to multiple user environments by simply gaining a foothold on a single one with malware .

Which of the following reasons BEST explains this?

98. A technician uses an old SSL server due to budget constraints and discovers performance degrades dramatically after enabling PFS. The technician cannot determine why performance degraded so dramatically A newer version of the SSL server does not suffer the same performance degradation. Performance rather than security is the main priority for the technician.

The system specifications and configuration of each system are listed below:

Which of the following is MOST likely the cause of the degradation in performance and should be changed?

99. The Chief Information Security Officer (CISO) for an organization wants to develop custom IDS rulesets faster, prior to new rules being released by IDS vendors .

Which of the following BEST meets this objective?

100. A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relations employee who has access to several of the compromised accounts. Subsequent antivirus scans of the device do not return an findings, but the CIRT finds undocumented services running on the device .

Which of the following controls would reduce the discovery time for similar in the future?