Mock Exam B - Casp certification resources

#1. Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs. Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?

Implement input validation on the API.

Implement rate limiting on the API

Implement OAuth 2.0 on the API.

Implement geo-blocking on the WAF

#2. A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line. Which of the following commands would be the BEST to run to view only active Internet connections?

sudo netstat -pnut -w | column -t -s $'\w'

sudo netstat -antu | grep "LISTEN" | awk '{print$5}'

sudo netstat -plntu | grep -v "Foreign Address"

sudo netstat -alt -p | grep "ESTABLISHED"

sudo netstat -pnut | grep -P ^tcp

#3. company provides guest WiFi access to the internet and physically separates the guest network from the company's internal WIFI. Due to a recent incident in which an attacker gained access to the company's internal WIFI, the company plans to configure WPA2 Enterprise in an EAP- TLS configuration. Which of the following must be installed on authorized hosts for this new configuration to work properly?

PKI certificates

Active Directory GPOs

Host-based firewall

NAC persistent agent

#4. company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security. Which of the following encryption methods should the cloud security engineer select during the implementation phase?

Proxy-based

Storage-based

Instance-based

Array controller-based

#5. The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually. Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?

Gray-box testing

Blue-learn exercises

Red-team hunting

Black-box testing

White-box testing

#6. Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

Asymmetric cryptography

Quantum computing

Lattice-based cryptography

Homomorphic encryption

Homomorphic encryption allows the processing of data without needing to de-crypt the data. see the following link https://en.wikipedia.org/wiki/Homomorphic_encryption

#7. A financial institution hosts Information Systems that currently employ the following controls: (see exhibit). An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

Implement file integrity monitoring with automated alerts on the servers

Require more than one approver for all change management requests

Disable automatic patch update capabilities on the servers

Enhanced audit logging on the jump servers and ship the logs to the SIEM.

#8. A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?

Delete all PHI from the network until the legal department is consulted.

Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2.

Consult the legal department to determine the legal requirements.

Take an MD5 hash of the server.

#9. A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all activity the for the time surrounding the incident and has all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should the analyst use NEXT?

Software Decomplier

Log reduction and analysis tool

Static code analysis

Network enumerator

This answer is a bit subjective. the term “obfuscated” within the code suggests it exists within a compiled code module.

#10. A security engineer needs to recommend a solution that will meet the following requirements: (see exhibit). Which of the following solutions should the security engineer recommend to address these requirements?

WAF

DLP

CASB

SWG

#11. A cybersecurity analyst receives a ticket that indicates a potential incident is occurring. There has been a large increase in the number of log files, generated by a website containing a ''Contact US'' form. The analyst must determine if the increase in website traffic is due to a recent marketing campaign of if this is a potential incident. Which of the following would BEST assist the analyst?

Ensuring proper input validation is configured on the ''Contact US'' form

Running the website log files through a log reduction and analysis tool

Deploy a WAF in front of the public website

Checking for new rules from the inbound network IPS vendor

#12. vulnerability analyst identified a zero-day vulnerability in a company's internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one. Which of the following would be BEST suited to meet these requirements?

CPE

OVAL

ARF

ISACs

#13. A customer reports being unable to connect to a website at www.test.com to consume services. The customer notices the web application has the following published cipher suite: (see exhibit). Which of the following is the MOST likely cause of the customer's inability to connect?

The public key should be using ECDSA.

The server name should be test.com

The default should be on port 80

Weak ciphers are being used.

AES_CBC is not supported in TLS 1.3 implementations

#14. A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization's headquarters location. The solution must also have the lowest power requirement on the CA. Which of the following is the BEST solution?

Send the new CRLs by using GPO

Use Delta CRLs at the branches

Deploy an RA on each branch office

Configure clients to use OCSP

#15. An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial patches against a recent exploit that could gain root access. Which of the following describes the administrator's discovery?

A breach

A threat

A risk

A vulnerability

#16. A security engineer estimates the company's popular web application experiences 100 attempted breaches per day. In the past four years, the company's data has been breached two times. Which of the following should the engineer report as the ARO for successful breaches?

0.5

50

36,500

8

ARO (annual Rate of Occurrence) represents the number of security incidents recorded in one year. So 4 events over a 2 year period = 2/4 = 0.5

#17. A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests: (see exhibit). Which of the following would BEST mitigate this vulnerability?

Input validation

Data encoding

CAPTCHA

Network intrusion prevention

This is a directory traversal attack. see the link for more informationhttps://portswigger.net/web-security/file-path-traversal

#18. A company's SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign. Which of the following should the company use to make this determination?

The Cyber Kill Chain

Threat hunting

A system penetration test

Log analysis within the SIEM tool

#19. A CISO for an energy supplier, must decide what is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?

Enforcing protocol conformance for messages

Ensuring non-repudiation of messages

Assuring the integrity of messages

Importing the availability of messages

#20. A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One system will be upgraded in six months, and two are not expected to be upgraded or removed from the network. Which of the following processes should be followed?

Provide a business justification to avoid the risk

Establish a risk matrix

Inherit the risk for six months

Provide a business justification for a risk exception

#21. Which of the following BEST sets expectation between the security team and business units within an organization?

Risk assessment

Business impact analysis

Business partnership agreement

Services level agreement

Memorandum of understanding

#22. A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks. Which of the following sources could the architect consult to address this security concern?

IEEE

SDLC

OWASP

OVAL

#23. company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company's Chief Financial Officer loses a phone multiple times a year. Which of the following will MOST likely secure the data on the lost device?

Require a VPN to be active to access company data.

Set up different profiles based on the person's risk.

Remotely wipe the device.

Require MFA to access company applications.

#24. A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system: (see exhibit). Which of the following vendor solutions would best meet the budget needs of the business?

Ironcloud

Spamblock

Cloudfire

Mailclean

A business will use ROI calculations to determine the best cost solution. Cloudfire would represent a cost of $19000 per annum (the cheapest solution)

#25. A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online. Which of the following be the FIRST step taken by the team?

Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients

Have each business unit conduct a BIA and categories the application according to the cumulative data gathered

Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events

Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

#26. A cybersecurity engineer must analyze a system for vulnerabilities. The tool created an OVAL Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form? (Select TWO)

Select all that apply:

Event Viewer

XML style sheet

SCAP tool

OOXML editor

Text editor

Debugging utility

XML is used to define the settings that will be analysed (the checklist)and OVAL (Open vulnerability assessment language) is used to display results. Security Content Automation Protocol (SCAP) uses these industry standards.

#27. A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed. Which of the following will allow the inspection of the data without multiple certificate deployments ?

Include all available cipher suites

Create a wildcard certificate

Implement certificate pinning

Use a third-party CA

#28. Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?

Leave the current backup schedule intact and make the human resources fileshare read-only.

Leave the current backup schedule intact and pay the ransom to decrypt the data.

Decrease the frequency of backups and pay the ransom to decrypt the data.

Increase the frequency of backups and create SIEM alerts for IOCs.

The RPO is not currently being met, it should be 24 hours but is currently set for 48 hours. We also need to know about these incidents in a more timely manner.

#29. A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites. The technician will define this threat as:

an on-path attack

an advanced persistent threat

a decrypting RSA using obsolete and weakened encryption attack

a zero-day attack

#30. A Chief Information Officer is considering migrating all company data to the cloud to save money on expensive SAN storage. Which of the following is a security concern that will MOST likely need to be addressed during migration?

Data dispersion

Data exposure

Latency

Data loss