Question 1

A security architect is reviewing the code for a company's financial website. The architect suggests adding the following HTML element, along with a server-side function, to generate a random number on the page used to initiate a funds transfer: <input type="hidden" name="token" value=generateRandomNumber()> Which of the following attacks is the security architect attempting to prevent?

Accepted Answer

The security architect is attempting to prevent Cross-Site Request Forgery (XSRF) by using a token to ensure that the request to initiate a funds transfer is legitimate and not forged by an attacker.

Question 2

After an employee was terminated, the company discovered the employee still had access to emails and attached content that should have been destroyed during the off-boarding. The employee's laptop and cell phone were confiscated and accounts were disabled promptly. Forensic investigation suggests the company's DLP was effective, and the content in question was not sent outside of work or transferred to removable media. Personality owned devices are not permitted to access company systems or information. Which of the following would be the MOST efficient control to prevent this from occurring in the future?

Accepted Answer

Restricting access to company systems to expected times of day and geographic locations would ensure that terminated employees cannot access company systems after their employment ends, thus preventing unauthorized access.

Question 3

A company's user community is being adversely affected by various types of emails whose authenticity cannot be trusted. The Chief Information Security Officer (CISO) must address the problem. Which of the following solutions would BEST support trustworthy communication solutions?

Accepted Answer

The answer of A company's user community is being adversely...

Question 4

A product manager is concerned about the unintentional sharing of the company's intellectual property through employees' use of social media. Which of the following would BEST mitigate this risk?

Accepted Answer

A web content filter can help mitigate the risk by restricting access to social media sites or monitoring and controlling the content that employees can post, thereby reducing the chance of unintentional sharing of intellectual property.

Question 5

The director of sales asked the development team for some small changes to increase the usability of an application used by the sales team. Prior security reviews of the code showed no significant vulnerabilities, and since the changes were small, they were given a peer review and then pushed to the live environment. Subsequent vulnerability scans now show numerous flaws that were not present in the previous versions of the code. Which of the following is an SDLC best practice that should have been followed?

Accepted Answer

Regression testing should have been conducted to ensure that new changes did not introduce new vulnerabilities or issues into the existing codebase.

Question 6

The audit team was only provided the physical and logical addresses of the network without any type of access credentials. Which of the following methods should the audit team use to gain initial access during the security assessment? (Choose two.)

Accepted Answer

The answer of The audit team was only provided the...

Question 7

Following a complete outage of the electronic medical record system for more than 18 hours, the hospital's Chief Executive Officer (CEO) has requested that the Chief Information Security Officer (CISO) perform an investigation into the possibility of a disgruntled employee causing the outage maliciously. To begin the investigation, the CISO pulls all event logs and device configurations from the time of the outage. The CISO immediately notices the configuration of a top-of-rack switch from one day prior to the outage does not match the configuration that was in place at the time of the outage. However, none of the event logs show who changed the switch configuration, and seven people have the ability to change it. Because of this, the investigation is inconclusive. Which of the following processes should be implemented to ensure this information is available for future investigations?

Accepted Answer

Configuration and change management processes would ensure that any changes to configurations are documented, tracked, and attributed to specific individuals, providing accountability and traceability for future investigations.

Question 8

A new database application was added to a company's hosted VM environment. Firewall ACLs were modified to allow database users to access the server remotely. The company's cloud security broker then identified abnormal from a database user on-site. Upon further investigation, the security team noticed the user ran code on a VM that provided access to the hypervisor directly and access to other sensitive data. Which of the following should the security team do to help mitigate future attacks within the VM environment? (Choose two.)

Accepted Answer

The answer of A new database application was added to...

Question 9

After embracing a BYOD policy, a company is faced with new security challenges from unmanaged mobile devices and laptops. The company's IT department has seen a large number of the following incidents: Duplicate IP addresses Rogue network devices Infected systems probing the company's network Which of the following should be implemented to remediate the above issues? (Choose two.)

Accepted Answer

The answer of After embracing a BYOD policy, a company...

Question 10

A regional transportation and logistics company recently hired its first Chief Information Security Officer (CISO). The CISO's first project after onboarding involved performing a vulnerability assessment against the company's public facing network. The completed scan found a legacy collaboration platform application with a critically rated vulnerability. While discussing this issue with the line of business, the CISO learns the vulnerable application cannot be updated without the company incurring significant losses due to downtime or new software purchases. Which of the following BEST addresses these concerns?

Accepted Answer

Implementing a Web Application Firewall (WAF) can help mitigate the risk by filtering out malicious traffic targeting the vulnerability, providing a temporary solution without incurring downtime or significant costs.

Question 11

A company is moving all of its web applications to an SSO configuration using SAML. Some employees report that when signing in to an application, they get an error message on the login screen after entering their username and password, and are denied access. When they access another system that has been converted to the new SSO authentication model, they are able to authenticate successfully without being prompted for login. Which of the following is MOST likely the issue?

Accepted Answer

The employees are likely using an old link that does not use the new SAML authentication, which is why they encounter an error when trying to log in. When they access another system that uses the new SSO configuration, they can authenticate successfully, indicating that the issue is specific to the link or configuration of the problematic application.

Question 12

A security appliance vendor is reviewing an RFP that is requesting solutions for the defense of a set of web-based applications. This RFP is from a financial institution with very strict performance requirements. The vendor would like to respond with its solutions. Before responding, which of the following factors is MOST likely to have an adverse effect on the vendor's qualifications?

Accepted Answer

The vendor's proposed solution operating below the Key Performance Parameters (KPPs) indicated in the RFP would likely disqualify them, as it does not meet the strict performance requirements of the financial institution.

Question 13

An organization is evaluating options related to moving organizational assets to a cloud-based environment using an IaaS provider. One engineer has suggested connecting a second cloud environment within the organization's existing facilities to capitalize on available datacenter space and resources. Other project team members are concerned about such a commitment of organizational assets, and ask the Chief Security Officer (CSO) for input. The CSO explains that the project team should work with the engineer to evaluate the risks associated with using the datacenter to implement:

Accepted Answer

The answer of An organization is evaluating options related to...

Question 14

A new security policy states all wireless and wired authentication must include the use of certificates when connecting to internal resources within the enterprise LAN by all employees. Which of the following should be configured to comply with the new security policy? (Choose two.)

Accepted Answer

802.1X and PKI are both certificate-based authentication protocols that can be used to comply with the new security policy.

Question 15

A company relies on an ICS to perform equipment monitoring functions that are federally mandated for operation of the facility. Fines for non-compliance could be costly. The ICS has known vulnerabilities and can no longer be patched or updated. Cyber-liability insurance cannot be obtained because insurance companies will not insure this equipment. Which of the following would be the BEST option to manage this risk to the company's production environment?

Accepted Answer

The answer of A company relies on an ICS to...

Question 16

A penetration tester is trying to gain access to a remote system. The tester is able to see the secure login page and knows one user account and email address, but has not yet discovered a password. Which of the following would be the EASIEST method of obtaining a password for the known account?

Accepted Answer

Social engineering is often the easiest method to obtain a password, as it involves manipulating people into divulging confidential information rather than relying on technical hacking skills.

Question 17

A firewall specialist has been newly assigned to participate in red team exercises and needs to ensure the skills represent real-world threats. Which of the following would be the BEST choice to help the new team member learn bleeding-edge techniques?

Accepted Answer

Attending hacking conventions is the best choice as it provides exposure to the latest techniques and trends in cybersecurity from experts and peers in the field.

Question 18

When implementing a penetration testing program, the Chief Information Security Officer (CISO) designates different organizational groups within the organization as having different responsibilities, attack vectors, and rules of engagement. First, the CISO designates a team to operate from within the corporate environment. This team is commonly referred to as:

Accepted Answer

The answer of When implementing a penetration testing program, the...

Question 19

An analyst is investigating anomalous behavior on a corporate-owned, corporate-managed mobile device with application whitelisting enabled, based on a name string. The employee to whom the device is assigned reports the approved email client is displaying warning messages that can launch browser windows and is adding unrecognized email addresses to the "compose" window. Which of the following would provide the analyst the BEST chance of understanding and characterizing the malicious behavior?

Accepted Answer

The answer of An analyst is investigating anomalous behavior on...

Question 20

A security researcher is gathering information about a recent spoke in the number of targeted attacks against multinational banks. The spike is on top of already sustained attacks against the banks. Some of the previous attacks have resulted in the loss of sensitive data, but as of yet the attackers have not successfully stolen any funds. Based on the information available to the researcher, which of the following is the MOST likely threat profile?

Accepted Answer

The answer of A security researcher is gathering information about...

Exam 3: CompTIA Advanced Security Practitioner (CASP+) CAS-003