Can You Pass This CompTIA CASP Certification Test? Trivia Quiz

1. 68. A web administrator develops a web form for users to respond to the company via a web page. Which of the following should be practiced to avoid a security risk?

SQL injection

XSS scripting

Click jacking

Input validation

Input validation should be practiced to avoid a security risk. Input validation is the process of ensuring that the data entered by users through a web form is valid and meets the required criteria. It helps to prevent malicious data or code from being submitted, thereby reducing the risk of security vulnerabilities such as SQL injection, XSS scripting, and clickjacking. By validating user input, the web administrator can ensure that only safe and expected data is accepted, enhancing the overall security of the web form and protecting against potential attacks.

Explanation

Input validation should be practiced to avoid a security risk. Input validation is the process of ensuring that the data entered by users through a web form is valid and meets the required criteria. It helps to prevent malicious data or code from being submitted, thereby reducing the risk of security vulnerabilities such as SQL injection, XSS scripting, and clickjacking. By validating user input, the web administrator can ensure that only safe and expected data is accepted, enhancing the overall security of the web form and protecting against potential attacks.

2. 74. Within a large organization, the corporate security policy states that personal electronic devices are not allowed to be placed on the company network. There is considerable pressure from the company board to allow smartphones to connect and synchronize email and calendar items of board members and company executives. Which of the following options BEST balances the security and usability requirements of the executive management team?

The option of reviewing the security policy and performing a risk evaluation is the best choice because it takes into consideration both the security and usability requirements of the executive management team. By evaluating the devices that can be centrally managed, remotely disabled, and have device-level encryption, the organization can ensure that the personal devices used by the board members and executives meet the necessary security standards. This option allows for convenient access while still maintaining the security of sensitive data.

Explanation

The option of reviewing the security policy and performing a risk evaluation is the best choice because it takes into consideration both the security and usability requirements of the executive management team. By evaluating the devices that can be centrally managed, remotely disabled, and have device-level encryption, the organization can ensure that the personal devices used by the board members and executives meet the necessary security standards. This option allows for convenient access while still maintaining the security of sensitive data.

3. 69. A user reports that the workstation's mouse pointer is moving and files are opening automatically. Which of the following should the user perform?

Unplug the network cable to avoid network activity.

Reboot the workstation to see if problem occurs again.

Turn off the computer to avoid any more issues.

Contact the incident response team for direction.

The correct answer is to contact the incident response team for direction. This is the most appropriate action to take when experiencing unusual behavior on a workstation, such as the mouse pointer moving and files opening automatically. The incident response team specializes in handling security incidents and can provide guidance on how to address the issue effectively. Unplugging the network cable may not necessarily resolve the problem, as it could be caused by malware or other internal factors. Rebooting the workstation or turning off the computer may not provide a long-term solution or prevent future occurrences.

Explanation

The correct answer is to contact the incident response team for direction. This is the most appropriate action to take when experiencing unusual behavior on a workstation, such as the mouse pointer moving and files opening automatically. The incident response team specializes in handling security incidents and can provide guidance on how to address the issue effectively. Unplugging the network cable may not necessarily resolve the problem, as it could be caused by malware or other internal factors. Rebooting the workstation or turning off the computer may not provide a long-term solution or prevent future occurrences.

4. 70. A system designer needs to factor in CIA requirements for a new SAN. Which of the CIA requirements is BEST met by multipathing?

Confidentiality

Authentication

Integrity

Availability

Multipathing is a technique used in storage area networks (SANs) to provide redundancy and fault tolerance. By using multiple paths between the server and storage devices, multipathing ensures that data can still be accessed even if one path fails. This improves the availability of the system, as it reduces the risk of downtime and data loss. Therefore, multipathing is the best way to meet the availability requirement of the CIA (Confidentiality, Integrity, and Availability) triad for a new SAN.

Explanation

Multipathing is a technique used in storage area networks (SANs) to provide redundancy and fault tolerance. By using multiple paths between the server and storage devices, multipathing ensures that data can still be accessed even if one path fails. This improves the availability of the system, as it reduces the risk of downtime and data loss. Therefore, multipathing is the best way to meet the availability requirement of the CIA (Confidentiality, Integrity, and Availability) triad for a new SAN.

5. 76. Which of the following BEST defines the term e-discovery?

A product that provides IT-specific governance, risk management, and compliance.

A form of reconnaissance used by penetration testers to discover listening hosts.

A synonymous term for computer emergency response and incident handling.

A process of producing electronically stored information for use as evidence.

The term e-discovery refers to the process of producing electronically stored information (ESI) for use as evidence. This involves identifying, collecting, and preserving relevant electronic data that may be used in legal proceedings. E-discovery is commonly used in litigation, investigations, and regulatory compliance. It allows parties to access and analyze digital information, such as emails, documents, databases, and social media posts, to support their case or defense. This definition aligns with the understanding and application of e-discovery in the legal field.

Explanation

The term e-discovery refers to the process of producing electronically stored information (ESI) for use as evidence. This involves identifying, collecting, and preserving relevant electronic data that may be used in legal proceedings. E-discovery is commonly used in litigation, investigations, and regulatory compliance. It allows parties to access and analyze digital information, such as emails, documents, databases, and social media posts, to support their case or defense. This definition aligns with the understanding and application of e-discovery in the legal field.

6. 83. A project has been established in a large bank to develop a new secure online banking platform. Half way through the development it was discovered that a key piece of software used as part of the base platform is now susceptible to recently published exploits. Who should be contacted FIRST by the project team to discuss potential changes to the platform requirements?

Engineers

Facilities Manager

Stakeholders

Human Resources

The project team should contact the stakeholders first to discuss potential changes to the platform requirements. As stakeholders have a vested interest in the project's success and are directly affected by any changes, their input and approval are crucial. By involving stakeholders early on, the project team can ensure that any necessary changes align with their expectations and requirements, minimizing potential disruptions and ensuring a successful outcome for the project.

Explanation

The project team should contact the stakeholders first to discuss potential changes to the platform requirements. As stakeholders have a vested interest in the project's success and are directly affected by any changes, their input and approval are crucial. By involving stakeholders early on, the project team can ensure that any necessary changes align with their expectations and requirements, minimizing potential disruptions and ensuring a successful outcome for the project.

7. 64. The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and connected it to the internal network. The CEO proceeded to download sensitive financial documents through their email. The device was then lost in transit to a conference. The CEO notified the company helpdesk about the lost device and another one was shipped out, after which the helpdesk ticket was closed stating the issue was resolved. This data breach was not properly reported due to insufficient training surrounding which of the following processes?

E-Discovery

Data handling

Incident response

Data recovery and storage

The correct answer is "Incident response." In this scenario, the CEO's lost mobile device resulted in a data breach, but the incident was not properly reported. Incident response refers to the process of handling and addressing security incidents, including reporting and documenting them. In this case, the lack of training surrounding incident response led to the failure to report the data breach appropriately.

Explanation

The correct answer is "Incident response." In this scenario, the CEO's lost mobile device resulted in a data breach, but the incident was not properly reported. Incident response refers to the process of handling and addressing security incidents, including reporting and documenting them. In this case, the lack of training surrounding incident response led to the failure to report the data breach appropriately.

8. 77. A new project initiative involves replacing a legacy core HR system, and is expected to touch many major operational systems in the company. A security administrator is engaged in the project to provide security consulting advice. In addition, there are database, network, application, HR, and transformation management consultants engaged on the project as well. The administrator has established the security requirements. Which of the following is the NEXT logical step?

Document the security requirements in an email and move on to the next most urgent task.

Organize for a requirements workshop with the non-technical project members, being the HRand transformation management consultants.

Communicate the security requirements with all stakeholders for discussion and buy-in.

Organize for a requirements workshop with the technical project members, being the database,network, and application consultants.

The next logical step would be to communicate the security requirements with all stakeholders for discussion and buy-in. This ensures that all relevant parties are aware of the security requirements and have the opportunity to provide input and express any concerns. It also allows for a collaborative approach in which all stakeholders can work together to ensure that the security requirements are effectively implemented and integrated into the project. This step helps to create a shared understanding and agreement on the security requirements, which is crucial for the success of the project.

Explanation

The next logical step would be to communicate the security requirements with all stakeholders for discussion and buy-in. This ensures that all relevant parties are aware of the security requirements and have the opportunity to provide input and express any concerns. It also allows for a collaborative approach in which all stakeholders can work together to ensure that the security requirements are effectively implemented and integrated into the project. This step helps to create a shared understanding and agreement on the security requirements, which is crucial for the success of the project.

9. 84. The IT department of a large telecommunications company has developed and finalized a set of security solutions and policies which have been approved by upper management for deployment within the company. During the development of the security solutions and policies, the FIRST thing the IT department should have done was:

Discuss requirements with stakeholders from the various internal departments.active hostile threats.

The IT department should have first discussed the requirements with stakeholders from the various internal departments. This is important because different departments within the company may have different security needs and concerns. By involving stakeholders early on, the IT department can gather information about specific requirements and ensure that the security solutions and policies align with the needs of the different departments. This collaborative approach helps in developing effective security solutions that address the specific concerns of the company as a whole.

Explanation

The IT department should have first discussed the requirements with stakeholders from the various internal departments. This is important because different departments within the company may have different security needs and concerns. By involving stakeholders early on, the IT department can gather information about specific requirements and ensure that the security solutions and policies align with the needs of the different departments. This collaborative approach helps in developing effective security solutions that address the specific concerns of the company as a whole.

10. 71. An internal employee has sold a copy of the production customer database that was being used for upgrade testing to outside parties via HTTP file upload. The Chief Information Officer (CIO) has resigned and the Chief Executive Officer (CEO) has tasked the incoming CIO with putting effective controls in place to help prevent this from occurring again in the future. Which of the following controls is the MOST effective in preventing this threat from re-occurring?

Network-based intrusion prevention system

Data loss prevention

Host-based intrusion detection system

Web application firewall

Data loss prevention is the most effective control in preventing the threat of selling sensitive data to outside parties. Data loss prevention solutions help identify, monitor, and protect sensitive data from unauthorized access, use, or transmission. By implementing data loss prevention measures, the organization can establish policies and rules to prevent employees from exporting or sharing sensitive data without proper authorization. This control can help detect and prevent similar incidents in the future, ensuring the security and confidentiality of sensitive information.

Explanation

Data loss prevention is the most effective control in preventing the threat of selling sensitive data to outside parties. Data loss prevention solutions help identify, monitor, and protect sensitive data from unauthorized access, use, or transmission. By implementing data loss prevention measures, the organization can establish policies and rules to prevent employees from exporting or sharing sensitive data without proper authorization. This control can help detect and prevent similar incidents in the future, ensuring the security and confidentiality of sensitive information.

11. 80. The Chief Executive Officer (CEO) has decided to outsource systems which are not core business functions; however, a recent review by the risk officer has indicated that core business functions are dependent on the outsourced systems. The risk officer has requested that the IT department calculates the priority of restoration for all systems and applications under the new business model. Which of the following is the BEST tool to achieve this?

Business impact analysis

Annualized loss expectancy analysis

TCO analysis

Residual risk and gap analysis

Business impact analysis is the best tool to determine the priority of restoration for systems and applications under the new business model. It helps identify the criticality of each system and application by assessing their impact on core business functions. By conducting a business impact analysis, the IT department can prioritize the restoration of systems based on their importance to the core business operations, ensuring that critical functions are restored first.

Explanation

Business impact analysis is the best tool to determine the priority of restoration for systems and applications under the new business model. It helps identify the criticality of each system and application by assessing their impact on core business functions. By conducting a business impact analysis, the IT department can prioritize the restoration of systems based on their importance to the core business operations, ensuring that critical functions are restored first.

12. 65. An employee was terminated and promptly escorted to their exit interview, after which the employee left the building. It was later discovered that this employee had started a consulting business using screen shots of their work at the company which included live customer data. This information had been removed through the use of a USB device. After this incident, it was determined a process review must be conducted to ensure this issue does not recur. Which of the following business areas should primarily be involved in this discussion? (Select TWO).

Database Administrator

Human Resources

Finance

Network Administrator

IT Management

The Human Resources department should be involved in the discussion because they are responsible for employee termination and ensuring that employees do not take company data when they leave. They can review and improve the exit interview process to prevent similar incidents in the future. IT Management should also be involved as they oversee the company's technology infrastructure and can implement measures to prevent unauthorized data transfers, such as restricting the use of USB devices.

Explanation

The Human Resources department should be involved in the discussion because they are responsible for employee termination and ensuring that employees do not take company data when they leave. They can review and improve the exit interview process to prevent similar incidents in the future. IT Management should also be involved as they oversee the company's technology infrastructure and can implement measures to prevent unauthorized data transfers, such as restricting the use of USB devices.

Submit

13. 78. SDLC is being used for the commissioning of a new platform. To provide an appropriate level of assurance the security requirements that were specified at the project origin need to be carried through to implementation. Which of the following would BEST help to determine if this occurred?

Requirements workshop

Security development lifecycle (SDL)

Security requirements traceability matrix (SRTM)

Secure code review and penetration test

The Security Requirements Traceability Matrix (SRTM) would best help determine if the specified security requirements were carried through to implementation. The SRTM is a document that links each security requirement to the design, development, and testing activities that ensure its implementation. It provides a clear and organized way to track and verify that all security requirements are addressed and implemented correctly throughout the software development life cycle (SDLC). This ensures that the appropriate level of assurance is provided for the commissioning of the new platform.

Explanation

The Security Requirements Traceability Matrix (SRTM) would best help determine if the specified security requirements were carried through to implementation. The SRTM is a document that links each security requirement to the design, development, and testing activities that ensure its implementation. It provides a clear and organized way to track and verify that all security requirements are addressed and implemented correctly throughout the software development life cycle (SDLC). This ensures that the appropriate level of assurance is provided for the commissioning of the new platform.

14. 66. A technician states that workstations that are on the network in location B are unable to validate certificates, while workstations that are on the main location A's network are having no issues. Which of the following methods allows a certificate to be validated by a single server that returns the validity of that certificate?

XACML

OCSP

ACL

CRL

OCSP (Online Certificate Status Protocol) is a method that allows a certificate to be validated by a single server. When a workstation tries to validate a certificate, it sends a request to the OCSP server to check the status of the certificate. The OCSP server then responds with the validity status of the certificate, indicating whether it is valid or not. This allows workstations on the network to verify the validity of certificates without relying on location-specific servers or services. In this scenario, if workstations in location B are unable to validate certificates, implementing OCSP can help resolve the issue by providing a centralized server for certificate validation.

Explanation

OCSP (Online Certificate Status Protocol) is a method that allows a certificate to be validated by a single server. When a workstation tries to validate a certificate, it sends a request to the OCSP server to check the status of the certificate. The OCSP server then responds with the validity status of the certificate, indicating whether it is valid or not. This allows workstations on the network to verify the validity of certificates without relying on location-specific servers or services. In this scenario, if workstations in location B are unable to validate certificates, implementing OCSP can help resolve the issue by providing a centralized server for certificate validation.

15. 82. A production server has been compromised. Which of the following is the BEST way to preserve the non-volatile evidence?

Shut the server down and image the hard drive.

Remove all power sources from the server.

Install remote backup software and copy data to write-once media.

Login remotely and perform a full backup of the server.

Shutting down the server and imaging the hard drive is the best way to preserve the non-volatile evidence in this scenario. By shutting down the server, any active malicious processes can be stopped, preventing further damage or data loss. Imaging the hard drive creates a forensic copy of the entire drive, preserving the evidence in its original state. This allows for thorough analysis and investigation without altering or tampering with the original evidence.

Explanation

Shutting down the server and imaging the hard drive is the best way to preserve the non-volatile evidence in this scenario. By shutting down the server, any active malicious processes can be stopped, preventing further damage or data loss. Imaging the hard drive creates a forensic copy of the entire drive, preserving the evidence in its original state. This allows for thorough analysis and investigation without altering or tampering with the original evidence.

16. 62. The Chief Executive Officer (CEO) of a corporation decided to move all email to a cloud computing environment. The Chief Information Security Officer (CISO) was told to research the risk involved in this environment. Which of the following measures should be implemented to minimize the risk of hosting email in the cloud?

Remind users that all emails with sensitive information need be encrypted and physicallyinspect the cloud computing.

Ensure logins are over an encrypted channel and obtain an NDA and an SLA from the cloudprovider.

Ensure logins are over an encrypted channel and remind users to encrypt all emails thatcontain sensitive information.

Obtain an NDA from the cloud provider and remind users that all emails with sensitiveinformation need be encrypted.

To minimize the risk of hosting email in the cloud, it is important to ensure that logins are conducted over an encrypted channel. This helps to protect user credentials and prevent unauthorized access. Additionally, obtaining a Non-Disclosure Agreement (NDA) and a Service Level Agreement (SLA) from the cloud provider helps to establish legal protections and guarantees regarding the security and availability of the email service. By implementing these measures, the organization can enhance the security and privacy of their email communications in the cloud computing environment.

Explanation

To minimize the risk of hosting email in the cloud, it is important to ensure that logins are conducted over an encrypted channel. This helps to protect user credentials and prevent unauthorized access. Additionally, obtaining a Non-Disclosure Agreement (NDA) and a Service Level Agreement (SLA) from the cloud provider helps to establish legal protections and guarantees regarding the security and availability of the email service. By implementing these measures, the organization can enhance the security and privacy of their email communications in the cloud computing environment.

17. 88. The Chief Information Officer (CIO) comes to the security manager and asks what can be done to reduce the potential of sensitive data being emailed out of the company. Which of the following is an active security measure to protect against this threat?

Require a digital signature on all outgoing emails.

Sanitize outgoing content.

Implement a data classification policy.

Implement a SPAM filter.

Sanitizing outgoing content is an active security measure that can help reduce the potential of sensitive data being emailed out of the company. Sanitizing refers to the process of removing or redacting sensitive information from the content before it is sent out. This can include removing personally identifiable information, financial data, or any other sensitive information that should not be shared externally. By sanitizing outgoing content, the company can ensure that sensitive data is not accidentally or intentionally included in emails, thereby reducing the risk of data breaches or unauthorized disclosures.

Explanation

Sanitizing outgoing content is an active security measure that can help reduce the potential of sensitive data being emailed out of the company. Sanitizing refers to the process of removing or redacting sensitive information from the content before it is sent out. This can include removing personally identifiable information, financial data, or any other sensitive information that should not be shared externally. By sanitizing outgoing content, the company can ensure that sensitive data is not accidentally or intentionally included in emails, thereby reducing the risk of data breaches or unauthorized disclosures.

18. 79. An IT administrator has installed new DNS name servers (Primary and Secondary), which are used to host the company MX records and resolve the web server's public address. In order to secure the zone transfer between the primary and secondary server, the administrator uses only server ACLs. Which of the following attacks could the secondary DNS server still be susceptible to?

Email spamming

IP spoofing

Clickjacking

DNS replication

The secondary DNS server could still be susceptible to IP spoofing. IP spoofing is a technique where an attacker disguises their IP address to appear as a trusted source, allowing them to bypass server ACLs and potentially gain unauthorized access to the secondary DNS server. This can lead to various security risks, such as DNS cache poisoning or redirecting legitimate traffic to malicious websites.

Explanation

The secondary DNS server could still be susceptible to IP spoofing. IP spoofing is a technique where an attacker disguises their IP address to appear as a trusted source, allowing them to bypass server ACLs and potentially gain unauthorized access to the secondary DNS server. This can lead to various security risks, such as DNS cache poisoning or redirecting legitimate traffic to malicious websites.

19. 81. A data breach occurred which impacted the HR and payroll system. It is believed that an attack from within the organization resulted in the data breach. Which of the following should be performed FIRST after the data breach occurred?

Assess system status

Restore from backup tapes

Conduct a business impact analysis

Review NIDS logs

After a data breach occurs, the first step should be to assess the system status. This involves investigating the extent of the breach, identifying the vulnerabilities that were exploited, and determining the potential damage caused. By assessing the system status, the organization can understand the immediate impact of the breach and take appropriate actions to contain and mitigate the incident. This step is crucial in order to effectively respond to the breach and prevent further damage or unauthorized access to sensitive information.

Explanation

After a data breach occurs, the first step should be to assess the system status. This involves investigating the extent of the breach, identifying the vulnerabilities that were exploited, and determining the potential damage caused. By assessing the system status, the organization can understand the immediate impact of the breach and take appropriate actions to contain and mitigate the incident. This step is crucial in order to effectively respond to the breach and prevent further damage or unauthorized access to sensitive information.

20. 86. A manufacturing company is having issues with unauthorized access and modification of the controls operating the production equipment. A communication requirement is to allow the free flow of data between all network segments at the site. Which of the following BEST remediates the issue?

Implement SCADA security measures.

Implement NIPS to prevent the unauthorized activity.

Implement an AAA solution.

Implement a firewall to restrict access to only a single management station.

Implementing an AAA (Authentication, Authorization, and Accounting) solution would be the best way to remediate the issue of unauthorized access and modification of controls in the manufacturing company. AAA solutions provide a comprehensive approach to network security by verifying the identity of users, determining their access privileges, and tracking their activities. This would ensure that only authorized individuals can access and modify the controls operating the production equipment, preventing any unauthorized activity.

Explanation

Implementing an AAA (Authentication, Authorization, and Accounting) solution would be the best way to remediate the issue of unauthorized access and modification of controls in the manufacturing company. AAA solutions provide a comprehensive approach to network security by verifying the identity of users, determining their access privileges, and tracking their activities. This would ensure that only authorized individuals can access and modify the controls operating the production equipment, preventing any unauthorized activity.

21. 63. The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and wants to connect it to the internal network. The Chief Information Security Officer (CISO) was told to research and recommend how to secure this device. Which of the following should be implemented, keeping in mind that the CEO has stated that this access is required?

Mitigate and Transfer

Accept and Transfer

Transfer and Avoid

Avoid and Mitigate

The CEO wants to connect the latest mobile device to the internal network, but it is important to secure this device. The best approach in this situation is to mitigate the potential risks associated with the device's connection to the network and transfer any remaining risks that cannot be fully mitigated. This means implementing security measures to reduce the likelihood and impact of potential threats, and transferring any remaining risks to another party, such as an insurance provider. This approach ensures that the CEO's access requirement is met while also prioritizing the security of the internal network.

Explanation

The CEO wants to connect the latest mobile device to the internal network, but it is important to secure this device. The best approach in this situation is to mitigate the potential risks associated with the device's connection to the network and transfer any remaining risks that cannot be fully mitigated. This means implementing security measures to reduce the likelihood and impact of potential threats, and transferring any remaining risks to another party, such as an insurance provider. This approach ensures that the CEO's access requirement is met while also prioritizing the security of the internal network.

22. 89. A company is developing a new web application for its Internet users and is following a secure coding methodology. Which of the following methods would BEST assist the developers in determining if any unknown vulnerabilities are present?

Conduct web server load tests.

Conduct static code analysis.

Conduct fuzzing attacks.

Conduct SQL injection and XSS attacks.

Conducting fuzzing attacks would be the best method to assist the developers in determining if any unknown vulnerabilities are present in the new web application. Fuzzing involves inputting invalid, unexpected, or random data into the application to test its response. By doing so, developers can identify potential vulnerabilities or weaknesses in the application's code or input validation, which could be exploited by attackers. This method helps to uncover vulnerabilities that may not be detected through other means such as web server load tests, static code analysis, or specific attacks like SQL injection and XSS.

Explanation

Conducting fuzzing attacks would be the best method to assist the developers in determining if any unknown vulnerabilities are present in the new web application. Fuzzing involves inputting invalid, unexpected, or random data into the application to test its response. By doing so, developers can identify potential vulnerabilities or weaknesses in the application's code or input validation, which could be exploited by attackers. This method helps to uncover vulnerabilities that may not be detected through other means such as web server load tests, static code analysis, or specific attacks like SQL injection and XSS.

23. 61. The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and wants to connect it to the company's internal network. The Chief Information Security Officer (CISO) was told to research and recommend how to secure this device. Which of the following recommendations should be implemented to keep the device from posing a security risk to the company?

A corporate policy to prevent sensitive information from residing on a mobile device and antivirussoftware.

Encryption of the non-volatile memory and a corporate policy to prevent sensitive informationfrom residing on a mobile device.

Encryption of the non-volatile memory and a password or PIN to access the device.

The recommendation to implement encryption of the non-volatile memory and a password or PIN to access the device is the most appropriate solution to secure the CEO's mobile device. Encryption of the non-volatile memory ensures that even if the device is lost or stolen, the data stored on it cannot be accessed without the encryption key. Adding a password or PIN provides an additional layer of protection by preventing unauthorized access to the device itself. This combination of encryption and access control helps to mitigate the risk of sensitive information being compromised.

Explanation

The recommendation to implement encryption of the non-volatile memory and a password or PIN to access the device is the most appropriate solution to secure the CEO's mobile device. Encryption of the non-volatile memory ensures that even if the device is lost or stolen, the data stored on it cannot be accessed without the encryption key. Adding a password or PIN provides an additional layer of protection by preventing unauthorized access to the device itself. This combination of encryption and access control helps to mitigate the risk of sensitive information being compromised.

24. 87. A small bank is introducing online banking to its customers through its new secured website. The firewall has three interfaces: one for the Internet connection, another for the DMZ, and the other for the internal network. Which of the following will provide the MOST protection from all likely attacks on the bank?

Implement NIPS inline between the web server and the firewall.

Implement a web application firewall inline between the web server and the firewall.

Implement host intrusion prevention on all machines at the bank.

Configure the firewall policy to only allow communication with the web server using SSL.

Implementing host intrusion prevention on all machines at the bank will provide the most protection from all likely attacks on the bank. Host intrusion prevention systems monitor and analyze the behavior of individual machines to detect and prevent unauthorized access or malicious activities. By implementing this on all machines, the bank can ensure that each device is protected against potential attacks, reducing the risk of security breaches. This approach provides a comprehensive security measure across the entire network, rather than focusing on a specific point of entry or communication.

Explanation

Implementing host intrusion prevention on all machines at the bank will provide the most protection from all likely attacks on the bank. Host intrusion prevention systems monitor and analyze the behavior of individual machines to detect and prevent unauthorized access or malicious activities. By implementing this on all machines, the bank can ensure that each device is protected against potential attacks, reducing the risk of security breaches. This approach provides a comprehensive security measure across the entire network, rather than focusing on a specific point of entry or communication.

25. 67. A system administrator needs to develop a policy for when an application server is no longer needed. Which of the following policies would need to be developed?

Backup policy

De-provisioning policy

Data retention policy

Provisioning policy

A data retention policy would need to be developed when an application server is no longer needed. This policy would outline how long the data stored on the server should be retained before it is deleted or archived. It would specify the time frame for data retention based on legal, regulatory, or business requirements. This policy ensures that data is not kept longer than necessary and helps to maintain compliance with relevant data protection laws and regulations.

Explanation

A data retention policy would need to be developed when an application server is no longer needed. This policy would outline how long the data stored on the server should be retained before it is deleted or archived. It would specify the time frame for data retention based on legal, regulatory, or business requirements. This policy ensures that data is not kept longer than necessary and helps to maintain compliance with relevant data protection laws and regulations.

26. 75. A replacement CRM has had its business case approved. In preparation for a requirements workshop, an architect is working with a business analyst to ensure that appropriate security requirements have been captured. Which of the following documents BEST captures the security requirements?

Business requirements document

Requirements traceability matrix document

Use case and viewpoints document

Solution overview document

The business requirements document is the best document to capture the security requirements for a replacement CRM. This document outlines the specific needs and objectives of the business, including any security requirements that need to be addressed. It provides a comprehensive overview of the business's requirements, which allows the architect and business analyst to ensure that appropriate security measures are included in the new CRM system. The other documents listed may contain relevant information, but the business requirements document is specifically designed to capture the overall needs and requirements of the business.

Explanation

The business requirements document is the best document to capture the security requirements for a replacement CRM. This document outlines the specific needs and objectives of the business, including any security requirements that need to be addressed. It provides a comprehensive overview of the business's requirements, which allows the architect and business analyst to ensure that appropriate security measures are included in the new CRM system. The other documents listed may contain relevant information, but the business requirements document is specifically designed to capture the overall needs and requirements of the business.

27. 72. A security manager has provided a Statement of Work (SOW) to an external penetration testing firm for a web application security test. The web application starts with a very simple HTML survey form with two components: a country selection dropdown list and a submit button. The penetration testers are required to provide their test cases for this survey form in advance. In order to adequately test the input validation of the survey form, which of the following tools would be the BEST tool for the technician to use?

HTTP interceptor

Vulnerability scanner

Port scanner

Fuzzer

An HTTP interceptor would be the best tool for the technician to use in order to adequately test the input validation of the survey form. An HTTP interceptor allows the technician to intercept and modify HTTP requests and responses, which would enable them to test the input validation by manipulating the data being sent to the server. This tool would allow the technician to simulate different scenarios and test the web application's response to various inputs, helping to identify any vulnerabilities or weaknesses in the input validation process.

Explanation

An HTTP interceptor would be the best tool for the technician to use in order to adequately test the input validation of the survey form. An HTTP interceptor allows the technician to intercept and modify HTTP requests and responses, which would enable them to test the input validation by manipulating the data being sent to the server. This tool would allow the technician to simulate different scenarios and test the web application's response to various inputs, helping to identify any vulnerabilities or weaknesses in the input validation process.

28. 90. An organization must comply with a new regulation that requires the organization to determine if an external attacker is able to gain access to its systems from outside the network. Which of the following should the company conduct to meet the regulation's criteria?

Conduct a compliance review

Conduct a vulnerability assessment

Conduct a full system audit

To meet the criteria of the new regulation, the organization should conduct a vulnerability assessment. A vulnerability assessment is a systematic process of identifying vulnerabilities in the organization's systems, networks, and applications. It helps to identify potential weaknesses that could be exploited by external attackers. By conducting a vulnerability assessment, the organization can proactively identify and address vulnerabilities, reducing the risk of unauthorized access to its systems from outside the network. This assessment will help the organization to comply with the regulation's requirement of determining if an external attacker can gain access to its systems.

Explanation

To meet the criteria of the new regulation, the organization should conduct a vulnerability assessment. A vulnerability assessment is a systematic process of identifying vulnerabilities in the organization's systems, networks, and applications. It helps to identify potential weaknesses that could be exploited by external attackers. By conducting a vulnerability assessment, the organization can proactively identify and address vulnerabilities, reducing the risk of unauthorized access to its systems from outside the network. This assessment will help the organization to comply with the regulation's requirement of determining if an external attacker can gain access to its systems.

29. 85. Employees have recently requested remote access to corporate email and shared drives. Remote access has never been offered; however, the need to improve productivity and rapidly responding to customer demands means staff now requires remote access. Which of the following controls will BEST protect the corporate network?

Develop a security policy that defines remote access requirements. Perform regular audits ofuser accounts and reviews of system logs.

Plan and develop security policies based on the assumption that external environments haveactive hostile threats.

Implement a DLP program to log data accessed by users connecting via remote access.Regularly perform user revalidation.

The correct answer is to plan and develop security policies based on the assumption that external environments have active hostile threats. This is the best approach because it recognizes the need to protect the corporate network from potential threats and takes proactive measures to mitigate these risks. By assuming that external environments are hostile, the organization can implement appropriate security controls and measures to safeguard against unauthorized access and data breaches. This approach also aligns with the need to improve productivity and respond rapidly to customer demands while ensuring the security of remote access to corporate email and shared drives.

Explanation

The correct answer is to plan and develop security policies based on the assumption that external environments have active hostile threats. This is the best approach because it recognizes the need to protect the corporate network from potential threats and takes proactive measures to mitigate these risks. By assuming that external environments are hostile, the organization can implement appropriate security controls and measures to safeguard against unauthorized access and data breaches. This approach also aligns with the need to improve productivity and respond rapidly to customer demands while ensuring the security of remote access to corporate email and shared drives.

30. 73. An online banking application has had its source code updated and is soon to be re-launched. The underlying infrastructure has not been changed. In order to ensure that the application has an appropriate security posture, several security-related activities are required. Which of the following security activities should be performed to provide an appropriate level of security testing coverage? (Select TWO).

Penetration test across the application with accounts of varying access levels (i.e. nonauthenticated,authenticated, and administrative users).

Code review across critical modules to ensure that security defects, Trojans, and backdoors arenot present.

Vulnerability assessment across all of the online banking servers to ascertain host andcontainer configuration lock-down and patch levels.

Fingerprinting across all of the online banking servers to ascertain open ports and services.

Black box code review across the entire code base to ensure that there are no security defectspresent.

To ensure an appropriate security posture for the online banking application, two security activities should be performed. Firstly, a penetration test should be conducted across the application using accounts of varying access levels, including non-authenticated, authenticated, and administrative users. This will help identify any vulnerabilities or weaknesses in the application's security measures. Secondly, a black box code review should be conducted across the entire code base to ensure that there are no security defects present. This will involve analyzing the code without any prior knowledge of its internal workings, allowing for a thorough examination of potential security issues.

Explanation

To ensure an appropriate security posture for the online banking application, two security activities should be performed. Firstly, a penetration test should be conducted across the application using accounts of varying access levels, including non-authenticated, authenticated, and administrative users. This will help identify any vulnerabilities or weaknesses in the application's security measures. Secondly, a black box code review should be conducted across the entire code base to ensure that there are no security defects present. This will involve analyzing the code without any prior knowledge of its internal workings, allowing for a thorough examination of potential security issues.

Submit