Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CASP+ > casp5 > Flashcards

casp5 Flashcards

1
Q
  1. An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application is released to the public, reports come in that a previously vulnerability has returned. Which of the following should the developer integrate into the process to BEST prevent this type of behavior?
    A. Peer review
    B. Regression testing
    C. User acceptance
    D. Dynamic analysis
A

D. Dynamic analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue.

Which of the following is the MOST cost-effective solution?
A. Move the server to a cloud provider.
B. Change the operating system.
C. Buy a new server and create an active-active cluster.
D. Upgrade the server with a new one.

A

A. Move the server to a cloud provider.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Despite the fact that ten new API servers were added, the load across servers was
    heavy at peak times. Which of the following infrastructure design changes would be BEST for the organization to implement to avoid these issues in the future?
    A. Serve static content via distributed CDNs, create a read replica of the central database, and pull reports from there, and auto-scale API servers based on performance.
    B. Increase the bandwidth for the server that delivers images, use a CDN, change the database to a non- relational database, and split the ten API servers across two load balancers.
    C. Serve images from an object storage bucket with infrequent read times, replicate the database across different regions, and dynamically create API servers based on load.
    D. Serve static-content object storage across different regions, increase the instance size on the managed relational database, and distribute the ten API servers across multiple regions.
A

A. Serve static content via distributed CDNs, create a read replica of the central database, and pull reports from there, and auto-scale API servers based on performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. The Chief information Officer (CIO) wants to establish a non-binding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a format partnership. Which of the follow would MOST likely be used?
    A. MOU
    B. OLA
    C. NDA
    D. SLA
A

B. OLA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Company A is establishing a contractual relationship with Company B. The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights. Which of the following documents will MOST likely contain these elements?
    A. Company A-B SLA v2.docx
    B. Company A OLA v1b.docx
    C. Company A MSA v3.docx
    D. Company A MOU v1.docx
    E. Company A-B NDA v03.docx
A

A. Company A-B SLA v2.docx

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:
  • Transaction being requested by unauthorized individuals.
  • Complete discretion regarding client names, account numbers, and investment information.
  • Malicious attackers using email to malware and ransomware.
  • Exfiltration of sensitive company information.

The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing .

Which of the following is the BEST option to resolve the board’s concerns for this email migration?
A. Data loss prevention
B. Endpoint detection response
C. SSL VPN
D. Application whitelisting

A

A. Data loss prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belongs to a large, web-based cryptocurrency startup, Ann has distilled the relevant

information into an easily digestible report for executive management. However, she still needs to collect evidence of the intrusion that caused the incident.

Which of the following should Ann use to gather the required information?
A. Traffic interceptor log analysis
B. Log reduction and visualization tools
C. Proof of work analysis
D. Ledger analysis software

A

B. Log reduction and visualization tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. A small company needs to reduce its operating costs. Vendors have proposed solutions, which all focus on management of the company’s website and services. The Chief information Security Officer (CISO) insists all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?
    A. Community cloud service model
    B. Multinency SaaS
    C. Single-tenancy SaaS
    D. On-premises cloud service model
A

A. Community cloud service model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employee recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.
    A. Implement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.
    B. Require all laptops to connect to the VPN before accessing email.
    C. Implement cloud-based content filtering with sandboxing capabilities.
    D. Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.
A

C. Implement cloud-based content filtering with sandboxing capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. A Chief Information Officer is considering migrating all company data to the cloud to save money on expensive SAN storage.
    Which of the following is a security concern that will MOST likely need to be addressed during migration?
    A. Latency
    B. Data exposure
    C. Data loss
    D. Data dispersion
A

B. Data exposure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. A company is repeatedly being breached by hackers who valid credentials. The company’s Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token- based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls.
    Which of the following recommendation would MOST likely reduce the risk of unauthorized access?
    A. Implement strict three-factor authentication.
    B. Implement least privilege policies
    C. Switch to one-time or all user authorizations.
    D. Strengthen identify-proofing procedures
A

A. Implement strict three-factor authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. Which of the following is a benefit of using steganalysis techniques in forensic response?
    A. Breaking a symmetric cipher used in secure voice communications
    B. Determining the frequency of unique attacks against DRM-protected media
    C. Maintaining chain of custody for acquired evidence
    D. Identifying least significant bit encoding of data in a .wav file
A

D. Identifying least significant bit encoding of data in a .wav file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization.
    Which of the following actions would BEST resolve the issue?
    A. Conduct input sanitization.
    B. Deploy a SIEM
    C. Use containers
    D. Patch the OS
    E. Deploy a WAF
    F. Deploy a reverse proxy
    G. Deploy an IDS
A

E. Deploy a WAF
F. Deploy a reverse proxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Which of the following allows computation and analysis of data within ciphertext without knowledge of the plaintext?
    A. Lattice-based cryptography
    B. Quantum computing
    C. Asymmetric cryptography
    D. Homomorphic encryption
A

D. Homomorphic encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. A security engineer thinks the development team has been hard-coding sensitive environment variables in its code. Which of the following would BEST secure the company’s CI/CD pipeline?
    A. Utilizing a trusted secrets manager
    B. Performing DAST on a weekly basis
    C. Introducing the use of container orchestration
    D. Deploying instance tagging
A

A. Utilizing a trusted secrets manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks. Which of the following would be the BEST solution against this type of attack?
    A. Cookies
    B. Wildcard certificates
    C. HSTS
    D. Certificate pinning
A

D. Certificate pinning

17
Q
  1. A threat hunting team receives a report about possible APT activity in the network. Which of the following threat management frameworks should the team implement?
    A. NIST SP 800-53
    B. MITRE ATTACK
    C. The Cyber Kill Chain
    D. The Diamond Model of Intrusion Analysis
A

A. NIST SP 800-53

18
Q
  1. The energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports. Which of the following historian server locations will allow the business to get the required reports in an ICS and IT environment?
    A. In the ICS environment, use a VPN from the IT environment into the ICS environment
    B. In the ICS environment, allow IT traffic into the ICS environment
    C. In the IT environment, allow PLCs to send data from the ICS environment to the IT environment.
    D. Use a screened subnet between the ICS and IT environments
A

C. In the IT environment, allow PLCs to send data from the ICS environment to the IT environment.

19
Q
  1. A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals. Which of the following does the business’s IT manager need to consider?
    A. The availability of personal data
    B. The right to personal data erasure
    C. The company’s annual revenue
    D. The language of the web application
A

B. The right to personal data erasure

20
Q
  1. A company publishes several APIs for customers and is required to use keys to segregate customer data sets. Which of the following would be BEST to use to store customer keys?
    A. A trusted platform module
    B. A hardware security module
    C. A localized key store
    D. A public key infrastructure.
A

D. A public key infrastructure.

CASP+ (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions