Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CASP+ > casp8 > Flashcards

casp8 Flashcards

1
Q
  1. A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.
    Which of the following systems should the consultant review before making a recommendation?
    A. CAN
    B. ASIC

C. FPGA
D. SCADA

A

D. SCADA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. A security architect for a large, multinational manufacturer needs to design and implement a security solution to
    monitor traffic. When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the ICS network?
    A. Packets that are the wrong size or length
    B. Use of any non-DNP3 communication on a DNP3 port
    C. Multiple solicited responses over time
    D. Application of an unsupported encryption algorithm
A

C. Multiple solicited responses over time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines:
    *Must have a minimum of 15 characters
    *Must use one number
    *Must use one capital letter

*Must not be one of the last 12 passwords used
Which of the following policies should be added to provide additional security?
A. Shared accounts
B. Password complexity
C. Account lockout
D. Password history
E. Time-based logins

A

C. Account lockout

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. A cybersecurity analyst discovered a private key that could have been exposed.
    Which of the following is the BEST way for the analyst to determine if the key has been compromised?
    A. HSTS
    B. CRL
    C. CSRs
    D. OCSP
A

B. CRL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Which of the following technologies allows CSPs to add encryption across multiple data storages?
    A. Symmetric encryption
    B. Homomorphic encryption
    C. Data dispersion
    D. Bit splitting
A

D. Bit splitting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. A company’s Chief Information Security Officer is concerned that the company’s proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC.
    Which of the following compensating controls would be BEST to implement in this situation?
    A. EDR
    B. SIEM
    C. HIDS
    D. UEBA
A

B. SIEM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. A security team received a regulatory notice asking for information regarding collusion and pricing from staff members who are no longer with the organization. The legal department provided the security team with a list of search terms to investigate. This is an example of:
    A. Due intelligence
    B. E-discovery
    C. Due care
    D. Legal hold
A

A. Due intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. An organization’s assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the business via an API. Given this information, which of the following is a noted risk?
    A. Feature delay due to extended software development cycles
    B. Financial liability from a vendor data breach
    C. Technical impact to the API configuration
    D. The possibility of the vendor’s business ceasing operations.
A

B. Financial liability from a vendor data breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. In preparation for the holiday season, a company redesigned the system that manages retail sales and moved it to a cloud service provider. The new infrastructure did not meet the company’s availability requirements. During a postmortem analysis, the following issues were highlighted
    A. Serve static content via distributed CDNs, create a read replica of the central database and pull reports from there, and auto-scale API servers based on performance.
    B. Increase the bandwidth for the server that delivers images, use a CDN, change the database to a non-relational database, and split the ten API servers across two load balancers.
    C. Serve images from an object storage bucket with infrequent read times, replicate the database across different regions, and dynamically create API servers based on load.
    D. Serve static-content object storage across different regions, increase the instance size on the managed relational database, and distribute the ten API servers across multiple regions
A

A. Serve static content via distributed CDNs, create a read replica of the central database and pull reports from there, and auto-scale API servers based on performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CASP+ (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions