Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CASP+ > casp4 > Flashcards

casp4 Flashcards

1
Q
  1. A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.
    Which of the following is the BEST solution?
    A. Deploy an RA on each branch office.
    B. Use Delta CRLs at the branches.
    C. Configure clients to use OCSP
    D. Send the new CRLs by using GPO.
A

D. Send the new CRLs by using GPO.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. A financial institution has several servers that currently employ the following controls:
    * The servers follow a monthly patching cycle.
    * All changes must go through a change management process.
    * Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.
    * The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.

An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?
A. Require more than one approver for all change management requests.
B. Implement file integrity monitoring with automated alerts on the servers.
C. Disable automatic patch update capabilities on the servers
D. Enhanced audit logging on the jump servers and ship the logs to the SIEM.

A

B. Implement file integrity monitoring with automated alerts on the servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregator and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.
    A security engineer is concerned about the security of the solution and notes the following.
    * The critical device sends cleartext logs to the aggregator.
    * The log aggregator utilizes full disk encryption.
    * The log aggregator sends to the analysis server via port 80.
    * MSSP analysis utilizes an SSL VPN with MFA to access the log aggregator remotely.
    * The data is compressed and encrypted prior to being archived in the cloud.

Which of the following should be the engineer’s GREATEST concern
A. Hardware vulnerabilities introduced by the log aggregate server
B. Network bridging from a remote access VPN
C. Encryption of data in transit
D. Multitenancy and data remnants in the cloud

A

C. Encryption of data in transit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Which of the following BEST sets expectation between the security team and business units within an organization?
    A. Risk assessment

B. Memorandum of understanding
C. Business impact analysis
D. Business partnership agreement
E. Services level agreement

A

A. Risk assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.
    Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?
    A. Scan the code with a static code analyzer, change privileged user passwords, and provide security training.
    B. Change privileged usernames, review the OS logs, and deploy hardware tokens.
    C. Implement MFA, review the application logs, and deploy a WAF.
    D. Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.
A

B. Change privileged usernames, review the OS logs, and deploy hardware tokens.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.
    Which of the following would provide the BEST boot loader protection?
    A. TPM
    B. HSM
    C. PKI
    D. UEFI/BIOS
A

D. UEFI/BIOS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are

managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:

  • The network supports core applications that have 99.99% uptime.
  • Configuration updates to the SD-WAN routers can only be initiated from the management service.
  • Documents downloaded from websites must be scanned for malware.

Which of the following solutions should the network architect implement to meet the requirements?
A. Reverse proxy, stateful firewalls, and VPNs at the local sites
B. IDSs, WAFs, and forward proxy IDS
C. DoS protection at the hub site, mutual certificate authentication, and cloud proxy
D. IPSs at the hub, Layer 4 firewalls, and DLP

A

C. DoS protection at the hub site, mutual certificate authentication, and cloud proxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization’s current methods for addressing risk may not be possible in the cloud environment.

Which of the following BEST describes the reason why traditional methods of addressing risk may not be possible in the cloud?
A. Migrating operations assumes the acceptance of all risk.
B. Cloud providers are unable to avoid risk.
C. A Specific risks cannot be transferred to the cloud provider.
D. Risks to data in the cloud cannot be mitigated

A

C. A Specific risks cannot be transferred to the cloud provider.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.
    Which of the following describes the administrator’s discovery?
    A. A vulnerability
    B. A threat
    C. A breach
    D. A risk
A

A. A vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. A company states that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops.

Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?
A. Increased network latency
B. Unavailable of key escrow
C. Inability to selected AES-256 encryption
D. Removal of user authentication requirements

A

A. Increased network latency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells. Which of the following techniques will MOST likely meet the business’s needs?
    A. Performing deep-packet inspection of all digital audio files
    B. Adding identifying filesystem metadata to the digital audio files
    C. Implementing steganography
    D. Purchasing and installing a DRM suite
A

D. Purchasing and installing a DRM suite

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.
    After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?
    A. Protecting
    B. Permissive
    C. Enforcing
    D. Mandatory
A

C. Enforcing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information.
    Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?
    A. Hybrid IaaS solution in a single-tenancy cloud
    B. PasS solution in a multitenancy cloud
    C. SaaS solution in a community cloud
    D. Private SaaS solution in a single tenancy cloud.
A

D. Private SaaS solution in a single tenancy cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed.
    Which of the following will allow the inspection of the data without multiple certificate deployments?
    A. Include all available cipher suites.
    B. Create a wildcard certificate.
    C. Use a third-party
    D. Implement certificate pinning.
A

B. Create a wildcard certificate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information. Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?
    A. NIST
    B. GDPR
    C. PCI DSS
    D. ISO
A

C. PCI DSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. An organization recently experienced a ransomware attack. The security team leader is concerned about the attack reoccurring. However, no further security measures have been implemented. Which of the following processes can be used to identify potential prevention recommendations?
    A. Detection
    B. Remediation
    C. Preparation
    D. Recovery
A

A. Detection

17
Q
  1. An organization’s hunt team thinks a persistent threat exists and already has a foothold in the enterprise network. Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?
    A. Deploy a SOAR tool.
    B. Modify user password history and length requirements.
    C. Apply new isolation and segmentation schemes.
    D. Implement decoy files on adjacent hosts.
A

D. Implement decoy files on adjacent hosts.

18
Q
  1. A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.
    Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?
    A. Execute never
    B. No-execute
    C. Total memory encryption
    D. Virtual memory encryption
A

D. Virtual memory encryption

19
Q
  1. A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services.

Which of the following should be modified to prevent the issue from reoccurring?
A. Recovery point objective
B. Recovery time objective
C. Mission-essential functions
D. Recovery service level

A

D. Recovery service level

20
Q
  1. Over the last 90 days, many private storage services have been exposed in the cloud services environments and the security team does not have the ability to see who is creating these instances, Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief Information Security Officer (CISO) has asked the security lead architect to recommend solutions to this problem. Which of the following BEST addresses the problem with the least amount of administrative effort
    A. Compile a list of firewall requests and compare them against interesting cloud services
    B. Implement a CASB solution and track cloud services use cases for greater visibility
    C. Implement a user-behavior analytic system to associate user events with cloud service creation events
    D. Capture all logs and feed them to a SIEM, and analyze for cloud service events
A

B. Implement a CASB solution and track cloud services use cases for greater visibility

CASP+ (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions