Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

CompTIA CAS-005 CompTIA SecurityX Certification Exam Exam Practice Test

Demo: 74 questions
Total 249 questions

CompTIA SecurityX Certification Exam Questions and Answers

Question 1

A developer needs toimprove the cryptographic strength of a password-storage component in a web application without completely replacing the crypto-module. Which of the following is the most appropriate technique?

Options:

A.

Key splitting

B.

Key escrow

C.

Key rotation

D.

Key encryption

E.

Key stretching

Question 2

After several companies in the financial industry were affected by a similar incident, they shared information about threat intelligence and the malware used for exploitation. Which of the following should the companies do to best indicate whether the attacks are being conducted by the same actor?

Options:

A.

Apply code stylometry.

B.

Look for common IOCs.

C.

Use IOC extractions.

D.

Leverage malware detonation.

Question 3

Employees use their badges to track the number of hours they work. The badge readers cannot be upgraded due to facility constraints. The software for the badge readers uses a legacy platform and requires connectivity to the enterprise resource planning solution. Which of the following is the best to ensure the security of the badge readers?

Options:

A.

Segmentation

B.

Vulnerability scans

C.

Anti-malware

Question 4

An organization that performs real-time financial processing is implementing a new backup solution. Given the following business requirements:

The backup solution must reduce the risk of potential backup compromise.

The backup solution must be resilient to a ransomware attack.

The time to restore from backups is less important than backup data integrity.

Multiple copies of production data must be maintained.

Which of the following backup strategies best meets these requirements?

Options:

A.

Creating a secondary, immutable database and adding live data on a continuous basis

B.

Utilizing two connected storage arrays and ensuring the arrays constantly sync

C.

Enabling remote journaling on the databases to ensure real-time transactions are mirrored

D.

Setting up anti-tampering on the databases to ensure data cannot be changed unintentionally

Question 5

All organization is concerned about insider threats from employees who have individual access to encrypted material. Which of the following techniques best addresses this issue?

Options:

A.

SSO with MFA

B.

Sating and hashing

C.

Account federation with hardware tokens

D.

SAE

E.

Key splitting

Question 6

A company that uses containers to run its applications is required to identify vulnerabilities on every container image in a private repository The security team needs to be able to quickly evaluate whether to respond to a given vulnerability Which of the following, will allow the security team to achieve the objective with the last effort?

Options:

A.

SAST scan reports

B.

Centralized SBoM

C.

CIS benchmark compliance reports

D.

Credentialed vulnerability scan

Question 7

A company finds logs with modified time stamps when compared to other systems. The security team decides to improve logging and auditing for incident response. Which of the following should the team do to best accomplish this goal?

Options:

A.

Integrate a file-monitoring tool with the SIEM.

B.

Change the log solution and integrate it with the existing SIEM.

C.

Implement a central logging server, allowing only log ingestion.

D.

Rotate and back up logs every 24 hours, encrypting the backups.

Question 8

A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Select three).

Options:

A.

Temporal

B.

Availability

C.

Integrity

D.

Confidentiality

E.

Base

F.

Environmental

G.

Impact

Question 9

You are a security analyst tasked with interpreting an Nmap scan output from company’s privileged network.

The company’s hardening guidelines indicate the following:

There should be one primary server or service per device.

Only default ports should be used.

Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:

The IP address of the device

The primary server or service of the device (Note that each IP should by associated with one service/port only)

The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Question 10

During a recent audit, a company's systems were assessed- Given the following information:

Which of the following is the best way to reduce the attack surface?

Options:

A.

Deploying an EDR solution to all impacted machines in manufacturing

B.

Segmenting the manufacturing network with a firewall and placing the rules in monitor mode

C.

Setting up an IDS inline to monitor and detect any threats to the software

D.

Implementing an application-aware firewall and writing strict rules for the application access

Question 11

A threat hunter is identifying potentially malicious activity associated with an APT. When the threat hunter runs queries against the SIEM platform with a date range of 60 to 90 days ago, the involved account seems to be typically most active in the evenings. When the threat hunter reruns the same query with a date range of 5 to 30 days ago, the account appears to be most active in the early morning. Which of the following techniques is the threat hunter using to better understand the data?

Options:

A.

TTP-based inquiries

B.

User behavior analytics

C.

Adversary emulation

D.

OSINT analysis activities

Question 12

Asecuntv administrator is performing a gap assessment against a specific OS benchmark The benchmark requires the following configurations be applied to endpomts:

• Full disk encryption

* Host-based firewall

• Time synchronization

* Password policies

• Application allow listing

* Zero Trust application access

Which of the following solutions best addresses the requirements? (Select two).

Options:

A.

CASB

B.

SBoM

C.

SCAP

D.

SASE

E.

HIDS

Question 13

A company lined an email service provider called my-email.com to deliver company emails. The company stalled having several issues during the migration. A security engineer is troubleshooting and observes the following configuration snippet:

Which of the following should the security engineer modify to fix the issue? (Select two).

Options:

A.

The email CNAME record must be changed to a type A record pointing to 192.168.111

B.

The TXT record must be Changed to "v=dmarc ip4:192.168.1.10 include:my-email.com -all"

C.

The srvo1 A record must be changed to a type CNAME record pointing to the email server

D.

The email CNAMErecord must be changed to a type A record pointing to 192.168.1.10

E.

The TXT record must be changed to "v=dkim ip4:l92.168.1.11 include my-email.com -ell"

F.

The TXT record must be Changed to "v=dkim ip4:192.168.1.10 include:email-all"

G.

The srv01 A record must be changed to a type CNAME record pointing to the web01 server

Question 14

A Chief Information Security Officer (CISO) is concerned that a company's current data disposal procedures could result in data remanence. The company uses only SSDs. Which of the following would be the most secure way to dispose of the SSDs given the CISO's concern?

Options:

A.

Degaussing

B.

Overwriting

C.

Shredding

D.

Formatting

E.

Incinerating

Question 15

A financial services organization is using Al lo fully automate the process of deciding client loan rates Which of the following should the organization be most concerned about from a privacy perspective?

Options:

A.

Model explainability

B.

Credential Theft

C.

Possible prompt Injections

D.

Exposure to social engineering

Question 16

An organization is planning for disaster recovery and continuity ofoperations, and has noted the following relevant findings:

1. A natural disaster may disrupt operations at Site A, which would then cause an evacuation. Users are

unable to log into the domain from-their workstations after relocating to Site B.

2. A natural disaster may disrupt operations at Site A, which would then cause the pump room at Site B

to become inoperable.

3. A natural disaster may disrupt operations at Site A, which would then cause unreliable internet

connectivity at Site B due to route flapping.

INSTRUCTIONS

Match each relevant finding to the affected host by clicking on the host name and selecting the appropriate number.

For findings 1 and 2, select the items that should be replicated to Site B. For finding 3, select the item requiring configuration changes, then select the appropriate corrective action from the drop-down menu.

Options:

Question 17

Recent repents indicate that a software tool is being exploited Attackers were able to bypass user access controls and load a database. A security analyst needs to find the vulnerability and recommend a mitigation. The analyst generates the following output:

Which of the following would the analyst most likely recommend?

Options:

A.

Installing appropriate EDR tools to block pass-the-hash attempts

B.

Adding additional time to software development to perform fuzz testing

C.

Removing hard coded credentials from the source code

D.

Not allowing users to change their local passwords

Question 18

A security engineer performed a code scan that resulted in many false positives. The security engineer must find asolution that improves the quality of scanning results before application deployment. Which of the following is the best solution?

Options:

A.

Limiting the tool to a specific coding language and tuning the rule set

B.

Configuring branch protection rules and dependency checks

C.

Using an application vulnerability scanner to identify coding flaws in production

D.

Performing updates on code libraries before code development

Question 19

A company plans to implement a research facility with Intellectual property data that should be protected The following is the security diagram proposed by the security architect

Which of the following security architect models is illustrated by the diagram?

Options:

A.

Identity and access management model

B.

Agent based security model

C.

Perimeter protection security model

D.

Zero Trust security model

Question 20

Which of the following are risks associated with vendor lock-in? (Select two).

Options:

A.

The client can seamlessly move data.

B.

The vendor canchange product offerings.

C.

The client receives a sufficient level of service.

D.

The client experiences decreased quality of service.

E.

The client can leverage a multicloud approach.

F.

The client experiences increased interoperability.

Question 21

A company receives several complaints from customers regarding its website. An engineer implements a parser for the web server logs that generates the following output:

which of the following should the company implement to best resolve the issue?

Options:

A.

IDS

B.

CDN

C.

WAF

D.

NAC

Question 22

After a company discovered a zero-day vulnerability in its VPN solution, the company plans to deploy cloud-hosted resources to replace its current on-premises systems. An engineer must find an appropriate solution to facilitate trusted connectivity. Which of the following capabilities is the most relevant?

Options:

A.

Container orchestration

B.

Microsegmentation

C.

Conditional access

D.

Secure access service edge

Question 23

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of the impact. Which of the following should the organization perform next?

Options:

A.

Assess the residual risk.

B.

Update the organization's threat model.

C.

Move to the next risk in the register.

D.

Recalculate the magnitude of the impact.

Question 24

A company wants to modify its process to comply with privacy requirements after an incident involving PII data in a development environment. In order to perform functionality tests, the QA team still needs to use valid data in the specified format. Which of the following best addresses the risk without impacting the development life cycle?

Options:

A.

Encrypting the data before moving into the QA environment

B.

Truncating the data to make it not personally identifiable

C.

Using a large language model to generate synthetic data

D.

Utilizing tokenization for sensitive fields

Question 25

A company detects suspicious activity associated with external connections Security detection tools are unable tocategorize this activity. Which of the following is the best solution to help the company overcome this challenge?

Options:

A.

Implement an Interactive honeypot

B.

Map network traffic to known loCs.

C.

Monitor the dark web

D.

implement UEBA

Question 26

A company wants to implement hardware security key authentication for accessing sensitive information systems The goal is to prevent unauthorized users from gaining access with a stolen password Which of the following models should the company implement to b«st solve this issue?

Options:

A.

Rule based

B.

Time-based

C.

Role based

D.

Context-based

Question 27

Due to an infrastructure optimization plan, a company has moved from a unified architecture to a federated architecture divided by region. Long-term employees now have a better experience, but new employees are experiencing major performance issues when traveling between regions. The company is reviewing the following information:

Which of the following is the most effective action to remediate the issue?

Options:

A.

Creating a new user entry in the affected region for the affected employee

B.

Synchronizing all regions* user identities and ensuring ongoing synchronization

C.

Restarting European region physical access control systems

D.

Resyncing single sign-on application with connected security appliances

Question 28

After an incident response exercise, a security administrator reviews the following table:

Which of the following should the administrator do to beat support rapid incident response in the future?

Options:

A.

Automate alerting to IT support for phone system outages.

B.

Enable dashboards for service status monitoring

C.

Send emails for failed log-In attempts on the public website

D.

Configure automated Isolation of human resources systems

Question 29

Which of the following is the main reason quantum computing advancements are leading companies and countries to deploy new encryption algorithms?

Options:

A.

Encryption systems based on large prime numbers will be vulnerable to exploitation

B.

Zero Trust security architectures will require homomorphic encryption.

C.

Perfect forward secrecy will prevent deployment of advanced firewall monitoring techniques

D.

Quantum computers willenable malicious actors to capture IP traffic in real time

Question 30

A company wants to invest in research capabilities with the goal to operationalize the research output. Which of the following is the best option for a security architect to recommend?

Options:

A.

Dark web monitoring

B.

Threat intelligence platform

C.

Honeypots

D.

Continuous adversary emulation

Question 31

A security analyst is reviewingsuspicious log-in activity and sees the following data in the SICM:

Which of the following is the most appropriate action for the analyst to take?

Options:

A.

Update the log configuration settings on the directory server that Is not being captured properly.

B.

Have the admin account owner change their password to avoid credential stuffing.

C.

Block employees from logging in to applications that are not part of their business area.

D.

implement automation to disable accounts that nave been associated with high-risk activity.

Question 32

During a gap assessment, an organization notes that OYOD usage is asignificant risk. The organization implemented administrative policies prohibiting BYOD usage However, the organization has not implemented technical controls to prevent the unauthorized use of BYOD assets when accessing the organization's resources. Which of the following solutions should the organization implement to b»« reduce the risk of OYOD devices? (Select two).

Options:

A.

Cloud 1AM to enforce the use of token based MFA

B.

Conditional access, to enforce user-to-device binding

C.

NAC, to enforce device configuration requirements

D.

PAM. to enforce local password policies

E.

SD-WAN. to enforce web content filtering through external proxies

F.

DLP, to enforce data protection capabilities

Question 33

After a vendor identified a recent vulnerability, a severity score was assigned to the vulnerability. A notification was also publicly distributed. Which of the following would most likely include information regarding the vulnerability and the recommended remediation steps?

Options:

A.

CVE

B.

CVSS

C.

CCE

D.

CPE

Question 34

A systems administrator wants to reduce the number of failed patch deployments in an organization. The administrator discovers that system owners modify systems or applications in an ad hoc manner. Which of the following is the best way to reduce the number of failed patch deployments?

Options:

A.

Compliance tracking

B.

Situational awareness

C.

Change management

D.

Quality assurance

Question 35

An organization recently migrated data to a new file management system. The architect decides to use a discretionary authorization model on the new system. Which of the following best explains the architect's choice?

Options:

A.

The responsibility of migrating data to the new file management system was outsourced to the vendor providing the platform.

B.

The permissions were not able to be migrated to the new system, and several stakeholders were made responsible for granting appropriate access.

C.

The legacy file management system did not support modern authentication techniques despite the business requirements.

D.

The data custodians were selected by business stakeholders to ensure backups of the file management system are maintained off site.

Question 36

Developers have been creating and managing cryptographic material on their personal laptops fix use in production environment. A security engineer needs to initiate a more secure process. Which of thefollowing is the best strategy for the engineer to use?

Options:

A.

Disabling the BIOS and moving to UEFI

B.

Managing secrets on the vTPM hardware

C.

Employing shielding lo prevent LMI

D.

Managing key material on a HSM

Question 37

An organization is implementing advanced security controls associated with the execution of software applications on corporate endpoints. The organization must implement a deny-all, permit-by-exception approach to software authorization for all systems regardless of OS. Which of the following should be implemented to meet these requirements?

Options:

A.

SELinux

B.

MDM

C.

XDR

D.

Block list

E.

Atomic execution

Question 38

Company A acquired Company B. During an audit, a security engineer found Company B's environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B's infrastructure could be integrated into Company A's security program. Which of the following risk-handling techniques was used?

Options:

A.

Accept

B.

Avoid

C.

Transfer

D.

Mitigate

Question 39

An organization is researching the automation capabilities for systems within an OT network. A security analyst wants to assist with creating secure coding practices and would like to learn about the programming languages used on the PLCs. Which of the following programming languages is the most relevant for PLCs?

Options:

A.

Ladder logic

B.

Rust

C.

C

D.

Python

E.

Java

Question 40

A security analyst is reviewing the following log:

Which of the following possible events should the security analyst investigate further?

Options:

A.

A macro that was prevented from running

B.

A text file containing passwords that were leaked

C.

A malicious file that was run in this environment

D.

A PDF that exposed sensitive information improperly

Question 41

A security architect is mitigating a vulnerability that previously led to a web application data breach. An analysis into the root cause of the issue finds the following:

An administrator’s account was hijacked and used on several Autonomous System Numbers within 30 minutes.

All administrators use named accounts that require multifactor authentication.

Single sign-on is used for all company applications.Which of the following should the security architect do to mitigate the issue?

Options:

A.

Configure token theft detection on the single sign-on system with automatic account lockouts.

B.

Enable context-based authentication when network locations change on administrator login attempts.

C.

Decentralize administrator accounts and force unique passwords for each application.

D.

Enforce biometric authentication requirements for the administrator’s named accounts.

Question 42

An organization determines existing business continuity practices areinadequateto support critical internal process dependencies during a contingency event. Acompliance analystwants the Chief Information Officer (CIO) to identify the level ofresidual riskthat is acceptable to guide remediation activities. Which of the following does the CIO need to clarify?

Options:

A.

Mitigation

B.

Impact

C.

Likelihood

D.

Appetite

Question 43

An audit finding reveals that a legacy platform has not retained loos for more than 30 days The platform has been segmented due to its interoperability with newer technology. As a temporarysolution, the IT department changed the log retention to 120 days. Which of the following should the security engineer do to ensure the logs are being properly retained?

Options:

A.

Configure a scheduled task nightly to save the logs

B.

Configure event-based triggers to export the logs at a threshold.

C.

Configure the SIEM to aggregate the logs

D.

Configure a Python script to move the logs into a SQL database.

Question 44

Which of the following AI concerns is most adequately addressed by input sanitation?

Options:

A.

Model inversion

B.

Prompt Injection

C.

Data poisoning

D.

Non-explainable model

Question 45

A company experienced a data breach, resulting in the disclosure of extremely sensitive data regarding a merger. As a regulated entity, the company must comply with reporting and disclosure requirements. The company is concerned about its public image and shareholder values. Which of the following best supports the organization in addressing its concerns?

Options:

A.

Data subject access request

B.

Business impact analysis

C.

Supply chain management program

D.

Crisis management plan

Question 46

Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole. Which of the following is the best way to achieve this goal? (Select two).

Implementing DLP controls preventing sensitive data from leaving Company B's network

Options:

A.

Documenting third-party connections used by Company B

B.

Reviewing the privacy policies currently adopted by Company B

C.

Requiring data sensitivity labeling tor all files shared with Company B

D.

Forcing a password reset requiring more stringent passwords for users on Company B's network

E.

Performing an architectural review of Company B's network

Question 47

Users must accept the terms presented in a captive petal when connecting to a guest network. Recently, users have reported that they are unable to access the Internet after joining the network A network engineer observes the following:

• Users should be redirected to the captive portal.

• The Motive portal runs Tl. S 1 2

• Newer browser versions encounter security errors that cannot be bypassed

• Certain websites cause unexpected re directs

Which of the following mow likely explains this behavior?

Options:

A.

The TLS ciphers supported by the captive portal ate deprecated

B.

Employment of the HSTS setting is proliferating rapidly.

C.

Allowed traffic rules are causing the NIPS to drop legitimate traffic

D.

An attacker is redirecting supplicants to an evil twin WLAN.

Question 48

Which of the following best describes a common use case for homomorphic encryption?

Options:

A.

Processing data on a server after decrypting in order to prevent unauthorized access in transit

B.

Maintaining the confidentiality of data both at rest and in transit to and from a CSP for processing

C.

Transmitting confidential data to a CSP for processing on a large number of resources without revealing information

D.

Storing proprietary data across multiple nodes in a private cloud to prevent access by unauthenticated users

Question 49

A company was recently infected by malware. During the root cause analysis, the company determined that several users were installing their own applications. To prevent further compromises, the company has decided it will onlyallow authorized applications to run on its systems. Which of the following should the company implement?

Options:

A.

Signing

B.

Access control

C.

HIPS

D.

Permit listing

Question 50

A Chief Information Security Officer is concerned about the operational impact of ransomware. In the event of a ransomware attack, the business requires the integrity of the data to remain intact and an RPO of less than one hour. Which of the following storage strategies best satisfies the business requirements?

Options:

A.

Full disk encryption

B.

Remote journaling

C.

Immutable

D.

RAID 10

Question 51

A security team is responding to malicious activity and needs to determine the scope of impact the malicious activity appears to affect certain version of an application used by the organization Which of the following actions best enables the team to determine the scope of Impact?

Options:

A.

Performing a port scan

B.

Inspecting egress network traffic

C.

Reviewing the asset inventory

D.

Analyzing user behavior

Question 52

An organization is planning for disaster recovery and continuity of operations.

INSTRUCTIONS

Review the following scenarios and instructions. Match each relevant finding to the affected host.

After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Each finding may be used more than once.

If at any time you would like to bring back the initial state of the simul-ation, please click the Reset All button.

Options:

Question 53

A systems administrator needs to identify new attacks that could be carried out against the environment. The administrator plans to proactively seek out and observe new attacks. Which of the following is the best way to accomplish this goal?

Options:

A.

Configuring an IPS

B.

Implementing sandboxing

C.

Scanning for IoCs

D.

Deploying a honeypot

Question 54

Which of the following best describes the challengesassociated with widespread adoption of homomorphic encryption techniques?

Options:

A.

Incomplete mathematical primitives

B.

No use cases to drive adoption

C.

Quantum computers not yet capable

D.

Insufficient coprocessor support

Question 55

A security architect is investigating instances of employees who had their phones stolen in public places through seemingly targeted attacks. Devices are able to access company resources such as email and internal documentation, some of which can persist in application storage. Which of the following would best protect the company from information exposure? (Select two).

Options:

A.

Implement a remote wipe procedure if the phone does not check in for a period of time

B.

Enforce biometric access control with configured timeouts

C.

Set up geofencing for corporate applications where the phone must be near an office

D.

Use application control to restrict the applications that can be installed

E.

Leverage an MDM solution to prevent the side loading of mobile applications

F.

Enable device certificates that will be used for access to company resources

Question 56

A vulnerability can on a web server identified the following:

Which of the following actions would most likely eliminate on path decryption attacks? (Select two).

Options:

A.

Disallowing cipher suites that use ephemeral modes of operation for key agreement

B.

Removing support for CBC-based key exchange and signing algorithms

C.

Adding TLS_ECDHE_ECDSA_WITH_AE3_256_GCMS_HA256

D.

Implementing HIPS rules to identify and block BEAST attack attempts

E.

Restricting cipher suites to only allow TLS_RSA_WITH_AES_128_CBC_SHA

F.

Increasing the key length to 256 for TLS_RSA_WITH_AES_128_CBC_SHA

Question 57

A global organization is reviewing potential vendors to outsource a critical payroll function. Each vendor's plan includes using local resources in multiple regions to ensure compliance with all regulations. The organization's Chief Information Security Officer is conducting a risk assessment on the potential outsourcing vendors' subprocessors. Which of the following best explains the need for this risk assessment?

Options:

A.

Risk mitigations must be more comprehensive than the existing payroll provider.

B.

Due care must be exercised during all procurement activities.

C.

The responsibility of protecting PII remains with the organization.

D.

Specific regulatory requirements must be met in each jurisdiction.

Question 58

An organization is developing on Al-enabled digital worker to help employees complete common tasks such as template development, editing, research, and scheduling. As part of the Al workload the organization wants to Implement guardrails within the platform. Which of the following should the company do to secure the Al environment?

Options:

A.

Limn the platform's abilities to only non-sensitive functions

B.

Enhance the training model's effectiveness.

C.

Grant the system the ability to self-govern

D.

Require end-useracknowledgement of organizational policies.

Question 59

During the course of normal SOC operations, three anomalous events occurred and were flagged as potential IoCs. Evidence for each of these potential IoCs is provided.

INSTRUCTIONS

Review each of the events and select the appropriate analysis and remediation options for each IoC.

Options:

Question 60

A security analyst is troubleshooting the reason a specific user is having difficulty accessing company resources The analyst reviews the following information:

Which of the following is most likely the cause of the issue?

Options:

A.

The local network access has been configured tobypass MFA requirements.

B.

A network geolocation is being misidentified by the authentication server

C.

Administrator access from an alternate location is blocked by company policy

D.

Several users have not configured their mobile devices toreceive OTP codes

Question 61

A company isolated its OT systems from other areas of the corporate network These systems are required to report usage information over the internet to the vendor Which oi the following b*st reduces the risk of compromise or sabotage' (Select two).

Options:

A.

Implementing allow lists

B.

Monitoring network behavior

C.

Encrypting data at rest

D.

Performing boot Integrity checks

E.

Executing daily health checks

F.

Implementing a site-to-site IPSec VPN

Question 62

A financial technology firm works collaboratively with business partners in the industry to share threat intelligence within a central platform This collaboration gives partner organizations the ability to obtain and share data associated with emerging threats from a variety of adversaries Which of the following should the organization most likely leverage to facilitate this activity? (Select two).

Options:

A.

CWPP

B.

YAKA

C.

ATTACK

D.

STIX

E.

TAXII

F.

JTAG

Question 63

A security engineer wants to propose an MDM solution to mitigate certain risks. The MDM solution should meet the following requirements:

• Mobile devices should be disabled if they leave the trusted zone.

• If the mobile device is lost, data is not accessible.

Which of the following options should the security engineer enable on the MDM solution? (Select two).

Options:

A.

Geofencing

B.

Patch management

C.

Containerization

D.

Full disk encryption

E.

Allow/blocklist

F.

Geotagging

Question 64

A security configure isbuilding a solution to disable weak CBC configuration for remote access connections lo Linux systems. Which of the following should the security engineer modify?

Options:

A.

The /etc/openssl.conf file, updating the virtual site parameter

B.

The /etc/nsswith.conf file, updating the name server

C.

The /etc/hosts file, updating the IP parameter

D.

The /etc/etc/sshd, configure file updating the ciphers

Question 65

The material finding from a recent compliance audit indicate a company has an issue with excessive permissions. The findings show that employees changing roles or departments results in privilege creep. Which of the following solutions are the best ways to mitigate this issue? (Select two).

Setting different access controls defined by business area

Options:

A.

Implementing a role-based access policy

B.

Designing a least-needed privilege policy

C.

Establishing a mandatory vacation policy

D.

Performing periodic access reviews

E.

Requiring periodic job rotation

Question 66

A security engineer wants to improve the security of an application as part of the development pipeline. The engineer reviews the following component of an internally developed web application that allows employees to manipulate documents from a number of internal servers:

response = requests.get(url)

Users can specify the document to be parsed by passing the document URL to the application as a parameter. Which of the following is the best solution?

Options:

A.

Indexing

B.

Output encoding

C.

Code scanner

D.

Penetration testing

Question 67

As part of a security audit in the software development life cycle, a product manager must demonstrate and provide evidence of a complete representation of the code and modules used within the production-deployed application prior to the build. Which of the following best provides the required evidence?

Options:

A.

Software composition analysis

B.

Runtime application inspection

C.

Static application security testing

D.

Interactive application security testing

Question 68

A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack. Which of the following is the next step of the incident response plan?

Options:

A.

Remediation

B.

Containment

C.

Response

D.

Recovery

Question 69

A security architect wants to develop abaseline of security configurations These configurations automatically will be utilized machine is created Which of the following technologies should the security architect deploy to accomplish this goal?

Options:

A.

Short

B.

GASB

C.

Ansible

D.

CMDB

Question 70

A security architect for a global organization with a distributed workforce recently received funding lo deploy a CASB solution Which of the following most likely explains the choice to use a proxy-based CASB?

Options:

A.

The capability to block unapproved applications and services is possible

B.

Privacy compliance obligations are bypassed when using a user-based deployment.

C.

Protecting and regularly rotating API secret keys requires a significant time commitment

D.

Corporate devices cannot receive certificates when not connected to on-premises devices

Question 71

After a penetration test on the internal network, the following report was generated:

Attack Target Result

Compromised host ADMIN01S.CORP.LOCAL Successful

Hash collected KRBTGT.CORP.LOCAL Successful

Hash collected SQLSV.CORP.LOCAL Successful

Pass the hash SQLSV.CORP.LOCAL Failed

Domain control CORP.LOCAL Successful

Which of the following should be recommended to remediate the attack?

Options:

A.

Deleting SQLSV

B.

Reimaging ADMIN01S

C.

Rotating KRBTGT password

D.

Resetting the local domain

Question 72

Previously intercepted communications must remain secure even if a current encryption key is compromised in the future. Which of the following best supports this requirement?

Options:

A.

Tokenization

B.

Key stretching

C.

Forward secrecy

D.

Simultaneous authentication of equals

Question 73

A company migrating to aremote work model requires that company-owned devices connect to a VPN before logging in to the device itself. The VPN gateway requires that a specific key extension is deployed to the machine certificates in the internal PKI. Which of the following best explains this requirement?

Options:

A.

The certificate is an additional factor to meet regulatory MFA requirements for VPN access.

B.

The VPN client selected the certificate with the correct key usage without user interaction.

C.

The internal PKI certificate deployment allows for Wi-Fi connectivity before logging in to other systems.

D.

The server connection uses SSL VPN, which uses certificates for secure communication.

Question 74

An organization recently implemented a new email DLP solution. Emails sent from company email addresses to matching personal email addresses generated a large number of alerts, but the content of the emails did not include company data. The security team needs to reduce the number of emails sent without blocking all emails to common personal email services. Which of the following should the security team implement first?

Options:

A.

Automatically quarantine outgoing email.

B.

Create an acceptable use policy.

C.

Enforce email encryption standards.

D.

Perform security awareness training focusing on phishing.

Demo: 74 questions
Total 249 questions