CompTIA Advanced Security Practitioner (CASP+) Certified CAS-003 Dumps Questions Updated

1. A security engineer must establish a method to assess compliance with company security policies as they apply to the unique configuration of individual endpoints, as well as to the shared configuration policies of common devices.

Which of the following tools is the security engineer using to produce the above output?

2. A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The Chief Information Security Officer (CISO) will then present this list to the board to request funding for controls in areas that have insufficient coverage.

Which of the following exercise types should the analyst perform?

3. An online bank has contracted with a consultant to perform a security assessment of the bank’s web portal. The consultant notices the login page is linked from the main page with HTTPS, but when the URL is changed to HTTP, the browser is automatically redirected back to the HTTPS site .

Which of the following is a concern for the consultant, and how can it be mitigated?

4. The risk subcommittee of a corporate board typically maintains a master register of the most prominent risks to the company.

A centralized holistic view of risk is particularly important to the corporate Chief Information Security Officer (CISO) because:

5. A development team is testing an in-house-developed application for bugs. During the test, the application crashes several times due to null pointer exceptions .

Which of the following tools, if integrated into an IDE during coding, would identify these bugs routinely?

6. Click on the exhibit buttons to view the four messages.

A security architect is working with a project team to deliver an important service that stores and processes customer banking details. The project, internally known as ProjectX, is due to launch its first set of features publicly within a week, but the team has not been able to implement encryption-at-rest of the customer records. The security architect is drafting an escalation email to senior leadership.

Which of the following BEST conveys the business impact for senior leadership?

7. A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production code on the project.

Which of the following methods could be used in addition to an integrated development environment to reduce the severity of the issue?

8. A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes .

Which of the following controls would BEST mitigate the identified vulnerability?

9. An organization based in the United States is planning to expand its operations into the European market later in the year Legal counsel is exploring the additional requirements that must be established as a result of the expansion. The BEST course of action would be to

10. A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security. The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises .

Which of the following should the consultant recommend be performed to evaluate potential risks?

11. An organization has established the following controls matrix:

The following control sets have been defined by the organization and are applied in aggregate fashion:

✑ Systems containing PII are protected with the minimum control set.

✑ Systems containing medical data are protected at the moderate level.

✑ Systems containing cardholder data are protected at the high level.

The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients.

Based on the controls classification, which of the following controls would BEST meet these requirements?

12. A medical facility wants to purchase mobile devices for doctors and nurses. To ensure accountability, each individual will be assigned a separate mobile device.

Additionally, to protect patients’ health information, management has identified the following requirements:

✑ Data must be encrypted at rest.

✑ The device must be disabled if it leaves the facility.

✑ The device must be disabled when tampered with.

Which of the following technologies would BEST support these requirements? (Select two.)

13. A company’s chief cybersecurity architect wants to configure mutual authentication to access an internal payroll website. The architect has asked the administration team to determine the configuration that would provide the best defense against MITM attacks .

Which of the following implementation approaches would BEST support the architect’s goals?

14. A company recently migrated to a SaaS-based email solution.

The solution is configured as follows.

• Passwords are synced to the cloud to allow for SSO

• Cloud-based antivirus is enabled

• Cloud-based anti-spam is enabled

• Subscription-based blacklist is enabled

Although the above controls are enabled, the company's security administrator is unable to detect an account compromise caused by phishing attacks in a timely fashion because email logs are not immediately available to review .

Which of the following would allow the company to gam additional visibility and reduce additional costs? (Select TWO)

15. Two new technical SMB security settings have been enforced and have also become policies that increase secure communications.

Network Client: Digitally sign communication

Network Server: Digitally sign communication

A storage administrator in a remote location with a legacy storage array, which contains time-sensitive data, reports employees can no longer connect to their department shares .

Which of the following mitigation strategies should an information security manager recommend to the data owner?

16. A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline.

Which of the following tools should be implemented to detect similar attacks?

17. A DevOps team wants to move production data into the QA environment for testing. This data contains credit card numbers and expiration dates that are not tied to any individuals. The security analyst wants to reduce risk .

Which of the following will lower the risk before moving the data''

18. Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue.

The security team needs to find a technical control mechanism that will meet the following requirements and aid in preventing these outbreaks:

✑ Stop malicious software that does not match a signature

✑ Report on instances of suspicious behavior

✑ Protect from previously unknown threats

✑ Augment existing security capabilities

Which of the following tools would BEST meet these requirements?

19. A company's human resources department recently had its own shadow IT department spin up ten VMs that host a mixture of differently labeled data types (confidential and restricted) on the same VMs.

Which of the following cloud and visualization considerations would BEST address the issue presented in this scenario?

20. A Chief Information Security Officer (CISO is reviewing and revising system configuration and hardening guides that were developed internally and have been used several years to secure the organization’s systems. The CISO knows improvements can be made to the guides.

Which of the following would be the BEST source of reference during the revision process?

21. A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs.

The program has highlighted the following requirements:

✑ Long-lived sessions are required, as users do not log in very often.

✑ The solution has multiple SPs, which include mobile and web applications.

✑ A centralized IdP is utilized for all customer digital channels.

✑ The applications provide different functionality types such as forums and customer portals.

✑ The user experience needs to be the same across both mobile and web-based applications.

Which of the following would BEST improve security while meeting these requirements?

22. A company has adopted and established a continuous-monitoring capability, which has proven to be effective in vulnerability management, diagnostics, and mitigation. The company wants to increase the likelihood that it is able to discover and therefore respond to emerging threats earlier in the life cycle.

Which of the following methodologies would BEST help the company to meet this objective? (Choose two.)

23. After multiple service interruptions caused by an older datacenter design, a company decided to migrate away from its datacenter. The company has successfully completed the migration of all datacenter servers and services to a cloud provider.

The migration project includes the following phases:

✑ Selection of a cloud provider

✑ Architectural design

✑ Microservice segmentation

✑ Virtual private cloud

✑ Geographic service redundancy

✑ Service migration

The Chief Information Security Officer (CISO) is still concerned with the availability requirements of critical company applications.

Which of the following should the company implement NEXT?

24. An engineer is assisting with the design of a new virtualized environment that will house critical company services and reduce the datacenter’s physical footprint. The company has expressed concern about the integrity of operating systems and wants to ensure a vulnerability exploited in one datacenter segment would not lead to the compromise of all others.

Which of the following design objectives should the engineer complete to BEST mitigate the company’s concerns? (Choose two.)

25. An organization is implementing a virtualized thin-client solution for normal user computing and access. During a review of the architecture, concerns were raised that an attacker could gain access to multiple user environments by simply gaining a foothold on a single one with malware .

Which of the following reasons BEST explains this?

26. To meet a SLA, which of the following documents should be drafted, defining the company’s internal interdependent unit responsibilities and delivery timelines.

27. During the decommissioning phase of a hardware project, a security administrator is tasked with ensuring no sensitive data is released inadvertently. All paper records are scheduled to be shredded in a crosscut shredded, and the waste will be burned. The system drives and removable media have been removed prior to e-cycling the hardware.

Which of the following would ensure no data is recovered from the system droves once they are disposed of?

28. A consulting firm was hired to conduct assessment for a company.

During the first stage, a penetration tester used a tool that provided the following output:

TCP 80 open

TCP 443 open

TCP 1434 filtered

The penetration tester then used a different tool to make the following requests:

GET / script/login.php?token=45$MHT000MND876

GET / script/login.php?token=@#984DCSPQ%091DF

Which of the following tools did the penetration tester use?

29. A systems administrator at a medical imaging company discovers protected health information (PHI) on a general purpose file server .

Which of the following steps should the administrator take NEXT?

30. A systems administrator receives an advisory email that a recently discovered exploit is being used in another country and the financial institutions have ceased operations while they find a way to respond to the attack .

Which of the following BEST describes where the administrator should look to find information on the attack to determine if a response must be prepared for the systems? (Choose two.)

31. An information security officer is responsible for one secure network and one office network. Recent intelligence suggests there is an opportunity for attackers to gain access to the secure network due to similar login credentials across networks.

To determine the users who should change their information, the information security officer uses a tool to scan a file with hashed values on both networks and receives the following data:

Which of the following tools was used to gather this information from the hashed values in the file?

32. A security engineer has implemented an internal user access review tool so service teams can baseline user accounts and group memberships. The tool is functional and popular among its initial set of onboarded teams. However, the tool has not been built to cater to a broader set of internal teams yet.

The engineer has sought feedback from internal stakeholders, and a list of summarized requirements is as follows:

✑ The tool needs to be responsive so service teams can query it, and then perform an automated response action.

✑ The tool needs to be resilient to outages so service teams can perform the user access review at any point in time and meet their own SLAs.

✑ The tool will become the system-of-record for approval, reapproval, and removal life cycles of group memberships and must allow for data retrieval after failure.

Which of the following need specific attention to meet the requirements listed above? (Choose three.)

33. An SQL database is no longer accessible online due to a recent security breach. An investigation reveals that unauthorized access to the database was possible due to an SQL injection vulnerability.

To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two.)

34. A forensics analyst suspects that a breach has occurred. Security logs show the company’s OS patch system may be compromised, and it is serving patches that contain a zero-day exploit and backdoor. The analyst extracts an executable file from a packet capture of communication between a client computer and the patch server.

Which of the following should the analyst use to confirm this suspicion?

35. When reviewing KRIs of the email security appliance with the Chief Information Security Officer (CISO) of an insurance company, the security engineer notices the following:

Which of the following measures should the security engineer take to ensure PII is not

intercepted in transit while also preventing interruption to business?

36. Given the following code snippet:

Of which of the following is this snippet an example?

37. The Chief Executive Officers (CEOs) from two different companies are discussing the highly sensitive prospect of merging their respective companies together.

Both have invited their Chief Information Officers (CIOs) to discern how they can securely and digitally communicate, and the following criteria are collectively determined:

✑ Must be encrypted on the email servers and clients

✑ Must be OK to transmit over unsecure Internet connections

Which of the following communication methods would be BEST to recommend?

38. A security analyst is reviewing the corporate MDM settings and notices some disabled settings, which consequently permit users to download programs from untrusted developers and manually install them. After some conversations, it is confirmed that these settings were disabled to support the internal development of mobile applications. The security analyst is now recommending that developers and testers have a separate device profile allowing this, and that the rest of the organization’s users do not have the ability to manually download and install untrusted applications .

Which of the following settings should be toggled to achieve the goal? (Choose two.)

39. A security engineer is working with a software development team. The engineer is tasked with ensuring all security requirements are adhered to by the developers .

Which of the following BEST describes the contents of the supporting document the engineer is creating?

40. A consultant is hired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessment will be considered successful if the consultant can discover the name of one of the IT administrators .

Which of the following is MOST likely to produce the needed information?

41. A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate RTO and RPO for the organization’s ERP .

Which of the following should the CISO interview as MOST qualified to provide RTO/RPO metrics?

42. DRAG DROP

A security administrator must configure the database server shown below to comply with the four requirements listed.

Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement. Answer options may be used once or not at all.

43. In the past, the risk committee at Company A has shown an aversion to even minimal amounts of risk acceptance. A security engineer is preparing recommendations regarding the risk of a proposed introducing legacy ICS equipment. The project will introduce a minor vulnerability into the enterprise. This vulnerability does not significantly expose the enterprise to risk and would be expensive against.

Which of the following strategies should the engineer recommended be approved FIRST?

44. A penetration tester noticed special characters in a database table. The penetration tester configured the browser to use an HTTP interceptor to verify that the front-end user registration web form accepts invalid input in the user’s age field. The developer was notified and asked to fix the issue.

Which of the following is the MOST secure solution for the developer to implement?

45. An organization is preparing to develop a business continuity plan. The organization is required to meet regulatory requirements relating to confidentiality and availability, which are well-defined. Management has expressed concern following initial meetings that the organization is not fully aware of the requirements associated with the regulations.

Which of the following would be MOST appropriate for the project manager to solicit additional resources for during this phase of the project?

46. A developer emails the following output to a security administrator for review:

Which of the following tools might the security administrator use to perform further security assessment of this issue?

47. An organization is currently performing a market scan for managed security services and EDR capability .

Which of the following business documents should be released to the prospective vendors in the first step of the process? (Select TWO).

48. Providers at a healthcare system with many geographically dispersed clinics have been fined five times this year after an auditor received notice of the following SMS messages:

Which of the following represents the BEST solution for preventing future fines?

49. A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place, as well as allow for the upload of commands from a centralized command and control answer. The total cost of the device must be kept to a minimum in case the device is discovered during an assessment .

Which of the following tools should the engineer load onto the device being designed?

50. An engineer wants to assess the OS security configurations on a company's servers. The engineer has downloaded some files to orchestrate configuration checks.

When the engineer opens a file in a text editor, the following excerpt appears:

Which of the following capabilities would a configuration compliance checker need to support to interpret this file?

51. An information security manager conducted a gap analysis, which revealed a 75% implementation of security controls for high-risk vulnerabilities, 90% for medium vulnerabilities, and 10% for low-risk vulnerabilities. To create a road map to close the identified gaps, the assurance team reviewed the likelihood of exploitation of each vulnerability and the business impact of each associated control.

To determine which controls to implement, which of the following is the MOST important to consider?

52. Developers are working on anew feature to add to a social media platform. Thew new feature involves users uploading pictures of what they are currently doing. The data privacy officer (DPO) is concerned about various types of abuse that might occur due to this new feature. The DPO state the new feature cannot be released without addressing the physical safety concerns of the platform’s users .

Which of the following controls would BEST address the DPO’s concerns?

53. The Chief Information Officer (CISO) is concerned that certain systems administrators will privileged access may be reading other users’ emails. Review of a tool’s output shows the administrators have used web mail to log into other users’ inboxes.

Which of the following tools would show this type of output?

54. An engineer needs to provide access to company resources for several offshore contractors.

The contractors require:

✑ Access to a number of applications, including internal websites

✑ Access to database data and the ability to manipulate it

✑ The ability to log into Linux and Windows servers remotely

Which of the following remote access technologies are the BEST choices to provide all of this access securely? (Choose two.)

55. While conducting online research about a company to prepare for an upcoming penetration test, a security analyst discovers detailed financial information on an investor website the company did not make public. The analyst shares this information with the Chief Financial Officer (CFO), who confirms the information is accurate, as it was recently discussed at a board of directors meeting. Many of the details are verbatim discussion comments captured by the board secretary for purposes of transcription on a mobile device .

Which of the following would MOST likely prevent a similar breach in the future?

56. The code snippet below controls all electronic door locks to a secure facility in which the doors should only fail open in an emergency.

In the code, “criticalValue” indicates if an emergency is underway:

Which of the following is the BEST course of action for a security analyst to recommend to the software developer?

57. The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation. The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board meeting .

Which of the following would be the BEST methods to prepare this report? (Choose two.)

58. A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior.

The company must deploy a host solution to meet the following requirements:

✑ Detect administrative actions

✑ Block unwanted MD5 hashes

✑ Provide alerts

✑ Stop exfiltration of cardholder data

Which of the following solutions would BEST meet these requirements? (Choose two.)

59. A software development company lost customers recently because of a large number of software issues. These issues were related to integrity and availability defects, including buffer overflows, pointer deferences, and others .

Which of the following should the company implement to improve code quality? (Select two).

60. The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review.

Which of the following BEST meets the needs of the board?

61. An organization implemented a secure boot on its most critical application servers which produce content and capability for other consuming servers A recent incident, however led the organization to implement a centralized attestation service for these critical servers .

Which of the following MOST likely explains the nature of the incident that caused the organization to implement this remediation?

62. A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization’s vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to the organization. The CISO determines systems administrators need to participate in industry security events .

Which of the following is the CISO looking to improve?

63. An organization’s Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer (CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO’s inbox from a familiar name with an attachment .

Which of the following should the CISO task a security analyst with to determine whether or not the attachment is safe?

64. A company has gone through a round of phishing attacks. More than 200 users have had their workstation infected because they clicked on a link in an email. An incident analysis has determined an executable ran and compromised the administrator account on each workstation. Management is demanding the information security team prevent this from happening again .

Which of the following would BEST prevent this from happening again?

65. An administrator has noticed mobile devices from an adjacent company on the corporate wireless network. Malicious activity is being reported from those devices. To add another layer of security in an enterprise environment, an administrator wants to add contextual authentication to allow users to access enterprise resources only while present in corporate buildings .

Which of the following technologies would accomplish this?

66. During a criminal investigation, the prosecutor submitted the original hard drive from the suspect’s computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected .

Which of the following practices should the prosecutor’s forensics team have used to ensure the suspect’s data would be admissible as evidence? (Select TWO.)

67. Access to the corporate applications

Which of the following solution components should be deployed to BEST meet the requirements? (Select three.)

68. The marketing department has developed a new marketing campaign involving significant social media outreach. The campaign includes allowing employees and customers to submit blog posts and pictures of their day-to-day experiences at the company. The information security manager has been asked to provide an informative letter to all participants regarding the security risks and how to avoid privacy and operational security issues .

Which of the following is the MOST important information to reference in the letter?

69. A security analyst who is concerned about sensitive data exfiltration reviews the following:

Which of the following tools would allow the analyst to confirm if data exfiltration is occuring?

70. A project manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor’s cloud-based infrastructure. The organization will maintain responsibility for the software but will not manage the underlying server applications .

Which of the following does the organization plan to leverage?

71. A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities.

The analyst inspects the following portions of different configuration files:

Configuration file 1:

Operator ALL=/sbin/reboot

Configuration file 2:

Command=”/sbin/shutdown now”, no-x11-forwarding, no-pty, ssh-dss

Configuration file 3:

Operator:x:1000:1000::/home/operator:/bin/bash

Which of the following explains why an intended operator cannot perform the intended action?

72. Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatment strategies. As part of the CISO’s evaluation, a judgment of potential impact based on the identified risk is performed. To prioritize response actions, the CISO uses past experience to take into account the exposure factor as well as the external accessibility of the weakness identified.

Which of the following is the CISO performing?

73. Security policies that are in place at an organization prohibit USB drives from being utilized across the entire enterprise, with adequate technical controls in place to block them. As a way to still be able to work from various locations on different computing resources, several sales staff members have signed up for a web-based storage solution without the consent of the IT department. However, the operations department is required to use the same service to transmit certain business partner documents.

Which of the following would BEST allow the IT department to monitor and control this behavior?

74. CORRECT TEXT

75. As part of the development process for a new system, the organization plans to perform requirements analysis and risk assessment. The new system will replace a legacy system, which the organization has used to perform data analytics .

Which of the following is MOST likely to be part of the activities conducted by management during this phase of the project?

76. Management is reviewing the results of a recent risk assessment of the organization’s policies and procedures. During the risk assessment it is determined that procedures associated with background checks have not been effectively implemented. In response to this risk, the organization elects to revise policies and procedures related to background checks and use a third-party to perform background checks on all new employees.

Which of the following risk management strategies has the organization employed?

77. After investigating virus outbreaks that have cost the company $1000 per incident, the company’s Chief Information Security Officer (CISO) has been researching new antivirus software solutions to use and be fully supported for the next two years.

The CISO has narrowed down the potential solutions to four candidates that meet all the company’s performance and capability requirements:

Using the table above, which of the following would be the BEST business-driven choice among five possible solutions?

78. A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive analysis attacks.

Which of the following is the BEST solution?

79. A Chief Information Security Officer (CISO) is reviewing the results of a gap analysis with an outside cybersecurity consultant.

The gap analysis reviewed all procedural and technical controls and found the following:

✑ High-impact controls implemented: 6 out of 10

✑ Medium-impact controls implemented: 409 out of 472

✑ Low-impact controls implemented: 97 out of 1000

The report includes a cost-benefit analysis for each control gap.

The analysis yielded the following information:

✑ Average high-impact control implementation cost: $15,000; Probable ALE for each high-impact control gap: $95,000

✑ Average medium-impact control implementation cost: $6,250; Probable ALE for each medium-impact control gap: $11,000

Due to the technical construction and configuration of the corporate enterprise, slightly more than 50% of the medium-impact controls will take two years to fully implement .

Which of the following conclusions could the CISO draw from the analysis?

80. A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable.

Which of the following solutions BEST meets all of the architect’s objectives?

81. The data will be hosted and managed outside of the company’s geographical location

The number of users accessing the system will be small, and no sensitive data will be hosted in the solution.

As the security consultant on the project, which of the following should the project’s security consultant recommend as the NEXT step?

82. A security assessor is working with an organization to review the policies and procedures associated with managing the organization’s virtual infrastructure. During a review of the virtual environment, the assessor determines the organization is using servers to provide more than one primary function, which violates a regulatory requirement. The assessor reviews hardening guides and determines policy allows for this configuration.

It would be MOST appropriate for the assessor to advise the organization to:

83. To prepare for an upcoming audit, the Chief Information Security Officer (CISO) asks for all 1200 vulnerabilities on production servers to be remediated. The security engineer must determine which vulnerabilities represent real threats that can be exploited so resources can be prioritized to migrate the most dangerous risks. The CISO wants the security engineer to act in the same manner as would an external threat, while using vulnerability scan results to prioritize any actions.

Which of the following approaches is described?

84. A security administrator is troubleshooting RADIUS authentication issues from a newly implemented controller-based wireless deployment.

The RADIUS server contains the following information in its logs:

Based on this information, the administrator reconfigures the RADIUS server, which results in the following log data:

To correct this error message, the administrator makes an additional change to the RADIUS server .

Which of the following did the administrator reconfigure on the RADIUS server? (Select TWO)

85. A legacy web application, which is being used by a hospital, cannot be upgraded for 12 months. A new vulnerability is found in the legacy application, and the networking team is tasked with mitigation. Middleware for mitigation will cost $100,000 per year .

Which of the following must be calculated to determine ROI? (Choose two.)

86. A security administrator was informed that a server unexpectedly rebooted.

The administrator received an export of syslog entries for analysis:

Which of the following does the log sample indicate? (Choose two.)

87. Legal counsel has notified the information security manager of a legal matter that will require the preservation of electronic records for 2000 sales force employees. Source records will be email, PC, network shares, and applications.

After all restrictions have been lifted, which of the following should the information manager review?

88. An organization is in the process of integrating its operational technology and information technology areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents.

The following observations have been identified:

✑ The ICS supplier has specified that any software installed will result in lack of support.

✑ There is no documented trust boundary defined between the SCADA and corporate networks.

✑ Operational technology staff have to manage the SCADA equipment via the engineering workstation.

✑ There is a lack of understanding of what is within the SCADA network.

Which of the following capabilities would BEST improve the security position?

89. A systems administrator has installed a disk wiping utility on all computers across the organization and configured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. The company has also instituted a policy that requires users to erase files containing sensitive information when they are no longer needed.

To ensure the process provides the intended results, an auditor reviews the following content from a randomly selected decommissioned hard disk:

Which of the following should be included in the auditor’s report based on the above findings?

90. A security engineer is assisting a developer with input validation, and they are studying the following code block:

The security engineer wants to ensure strong input validation is in place for customer-provided account identifiers. These identifiers are ten-digit numbers. The developer wants to ensure input validation is fast because a large number of people use the system.

Which of the following would be the BEST advice for the security engineer to give to the developer?

91. An organization's mobile device inventory recently provided notification that a zero-day vulnerability was identified in the code used to control the baseband of the devices. The device manufacturer is expediting a patch, but the rollout will take several months Additionally several mobile users recently returned from an overseas trip and report their phones now contain unknown applications, slowing device performance Users have been unable to uninstall these applications, which persist after wiping the devices.

Which of the following MOST likely occurred and provides mitigation until the patches are released?

92. A software development team is conducting functional and user acceptance testing of internally developed web applications using a COTS solution. For automated testing, the solution uses valid user credentials from the enterprise directory to authenticate to each application. The solution stores the username in plain text and the corresponding password as an encoded string in a script within a file, located on a globally accessible network share. The account credentials used belong to the development team lead.

To reduce the risks associated with this scenario while minimizing disruption to ongoing testing, which of the following are the BEST actions to take? (Choose two.)

93. An architect was recently hired by a power utility to increase the security posture of the company’s power generation and distribution sites. Upon review, the architect identifies legacy hardware with highly vulnerable and unsupported software driving critical operations. These systems must exchange data with each other, be highly synchronized, and pull from the Internet time sources .

Which of the following architectural decisions would BEST reduce the likelihood of a successful attack without harming operational capability? (Choose two.)

94. A Chief Information Officer (CIO) publicly announces the implementation of a new financial system.

As part of a security assessment that includes a social engineering task, which of the following tasks should be conducted to demonstrate the BEST means to gain information to use for a report on social vulnerability details about the financial system?