최신 CAS-004 무료덤프 - CompTIA Advanced Security Practitioner (CASP+)
The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified. Which of the following should the incident response team perform to understand the crash and prevent it in the future?
정답: A
An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment's notice.
Which of the following should the organization consider FIRST to address this requirement?
Which of the following should the organization consider FIRST to address this requirement?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
Which of the following agreements includes no penalties and can be signed by two entities that are working together toward the same goal?
정답: D
A hospital's security team recently determined its network was breached and patient data was accessed by an external entity. The Chief Information Security Officer (CISO) of the hospital approaches the executive management team with this information, reports the vulnerability that led to the breach has already been remediated, and explains the team is continuing to follow the appropriate incident response plan. The executive team is concerned about the hospital's brand reputation and asks the CISO when the incident should be disclosed to the affected patients.
Which of the following is the MOST appropriate response?
Which of the following is the MOST appropriate response?
정답: E
An investigator is attempting to determine if recent data breaches may be due to issues with a company's web server that offers news subscription services. The investigator has gathered the following data:
- Clients successfully establish TLS connections to web services
provided by the server.
- After establishing the connections, most client connections are
renegotiated.
- The renegotiated sessions use cipher suite TLS_RSA_WITH_NULL_SHA.
Which of the following is the MOST likely root cause?
- Clients successfully establish TLS connections to web services
provided by the server.
- After establishing the connections, most client connections are
renegotiated.
- The renegotiated sessions use cipher suite TLS_RSA_WITH_NULL_SHA.
Which of the following is the MOST likely root cause?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
A security manager is determining the best DLP solution for an enterprise.
A list of requirements was created to use during the source selection.
The security manager wants to confirm a solution exists for the requirements that have been defined.
Which of the following should the security manager use?
A list of requirements was created to use during the source selection.
The security manager wants to confirm a solution exists for the requirements that have been defined.
Which of the following should the security manager use?
정답: C
A security manager discovers that a system's log files contain evidence of potential criminal activity. Which of the following actions should be done next?
정답: B
A security analyst has concerns about malware on an endpoint. The malware is unable to detonate by modifying the kernel response to various system calls. As a test, the analyst modifies a Windows server to respond to system calls as if it was a Linux server. In another test, the analyst modifies the operating system to prevent the malware from identifying target files. Which of the following techniques is the analyst MOST likely using?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
A security engineer needs to recommend a solution that will meet the following requirements:
- Identify sensitive data in the provider's network
- Maintain compliance with company and regulatory guidelines
- Detect and respond to insider threats, privileged user threats, and
compromised accounts
- Enforce datacentric security, such as encryption, tokenization, and
access control
Which of the following solutions should the security engineer recommend to address these requirements?
- Identify sensitive data in the provider's network
- Maintain compliance with company and regulatory guidelines
- Detect and respond to insider threats, privileged user threats, and
compromised accounts
- Enforce datacentric security, such as encryption, tokenization, and
access control
Which of the following solutions should the security engineer recommend to address these requirements?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
A help desk technician just informed the security department that a user downloaded a suspicious file from internet explorer last night. The user confirmed accessing all the files and folders before going home from work. the next morning, the user was no longer able to boot the system and was presented a screen with a phone number. The technician then tries to boot the computer using wake-on-LAN, but the system would not come up. Which of the following explains why the computer would not boot?
정답: B
Which of the following is the best reason for obtaining file hashes from a confiscated laptop?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
A company has decided that only administrators are permitted to use PowerShell on their Windows computers. Which of the following is the BEST way for an administrator to implement this decision?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
A security architect works for a manufacturing organization that has many different branch offices.
The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization's headquarters location. The solution must also have the lowest power requirement on the CA.
Which of the following is the BEST solution?
The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization's headquarters location. The solution must also have the lowest power requirement on the CA.
Which of the following is the BEST solution?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the ICS network. A controller was restarted as part of the troubleshooting process, and the following issue was identified when the controller was restarted:
SECURE BOOT FAILED:
FIRMWARE MISMATCH EXPECTED 0xFDC479 ACTUAL 0x79F31B
During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum. Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique?
SECURE BOOT FAILED:
FIRMWARE MISMATCH EXPECTED 0xFDC479 ACTUAL 0x79F31B
During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum. Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
Which of the following indicates when a company might not be viable after a disaster?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
A senior cybersecurity engineer is solving a digital certificate issue in which the CA denied certificate issuance due to failed subject identity validation. At which of the following steps within the PKI enrollment process would the denial have occurred?
정답: C
A company's Chief Information Officer wants to implement IDS software onto the current system's architecture to provide an additional layer of security. The software must be able to monitor system activity, provide information on attempted attacks, and provide analysis of malicious activities to determine the processes or users involved.
Which of the following would provide this information?
Which of the following would provide this information?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)