최신 CAS-004 무료덤프 - CompTIA Advanced Security Practitioner (CASP+)
A security analyst and a DevOps engineer are working together to address configuration drifts in highly scalable systems that are leading to increased vulnerability findings. Which of the following recommendations would be best to eliminate this issue?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
A new VM server (Web Server C) was spun up in the cloud and added to the load balancer to an existing web application (Application A) that does not require internet access. Sales users are reporting intermittent issues with this application when processing orders that require access to the warehouse department.
Given the following information:
- Firewall rules: Existing rules do not account for Web Server C's IP
address (10.2.0.92).
- Application A Security Group: Inbound rules and outbound rules are
insufficient for the new server.
The security team wants to minimize the firewall rule set by avoiding specific host rules whenever possible. Which of the following actions must be taken to resolve the issue and meet the security team's requirements?
Given the following information:
- Firewall rules: Existing rules do not account for Web Server C's IP
address (10.2.0.92).
- Application A Security Group: Inbound rules and outbound rules are
insufficient for the new server.
The security team wants to minimize the firewall rule set by avoiding specific host rules whenever possible. Which of the following actions must be taken to resolve the issue and meet the security team's requirements?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
A security engineer is implementing DLP. Which of the following should the security engineer include in the overall DLP strategy?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions. Which of the following types of information could be drawn from such participation?
정답: E
During a network defense engagement, a red team is able to edit the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Us er Shell Folders Which of the following tools is the red team using to perform this action?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Us er Shell Folders Which of the following tools is the red team using to perform this action?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
A mobile device hardware manufacturer receives the following requirements from a company that wants to produce and sell a new mobile platform:
- The platform should store biometric data.
- The platform should prevent unapproved firmware from being loaded.
- A tamper-resistant, hardware-based counter should track if unapproved firmware was loaded.
Which of the following should the hardware manufacturer implement? (Select three).
- The platform should store biometric data.
- The platform should prevent unapproved firmware from being loaded.
- A tamper-resistant, hardware-based counter should track if unapproved firmware was loaded.
Which of the following should the hardware manufacturer implement? (Select three).
정답: A,D,F
설명: (DumpTOP 회원만 볼 수 있음)
A cloud security architect has been tasked with finding a solution for hardening VMs. The solution must meet the following requirements:
- Data needs to be stored outside of the VMs.
- No unauthorized modifications to the VMs are allowed.
- If a change needs to be done, a new VM needs to be deployed.
Which of the following is the best solution?
- Data needs to be stored outside of the VMs.
- No unauthorized modifications to the VMs are allowed.
- If a change needs to be done, a new VM needs to be deployed.
Which of the following is the best solution?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:
1. The network supports core applications that have 99.99% uptime.
2. Configuration updates to the SD-WAN routers can only be initiated
from the management service.
3. Documents downloaded from websites must be scanned for malware.
Which of the following solutions should the network architect implement to meet the requirements?
1. The network supports core applications that have 99.99% uptime.
2. Configuration updates to the SD-WAN routers can only be initiated
from the management service.
3. Documents downloaded from websites must be scanned for malware.
Which of the following solutions should the network architect implement to meet the requirements?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
In support of disaster recovery objectives, a third party agreed to provide 99.999% uptime.
Recently, a hardware failure impacted a firewall without service degradation. Which of the following resiliency concepts was most likely in place?
Recently, a hardware failure impacted a firewall without service degradation. Which of the following resiliency concepts was most likely in place?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders. Which of the following techniques would the company use to evaluate data confidentiality controls?
정답: A
A user experiences an HTTPS connection error when trying to access an Internet banking website from a corporate laptop. The user then opens a browser on a mobile phone and is able to access the same Internet banking website without issue. Which of the following security configurations is MOST likely the cause of the error?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
A third-party organization has implemented a system that allows it to analyze customers' data and deliver analysis results without being able to see the raw data. Which of the following is the organization implementing?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
A small firm's newly created website has several design flaws.
The developer created the website to be fully compatible with ActiveX scripts in order to use various digital certificates and trusting certificate authorities.
However, vulnerability testing indicates sandboxes were enabled, which restricts the code's access to resources within the user's computer.
Which of the following is the MOST likely cause of the error"?
The developer created the website to be fully compatible with ActiveX scripts in order to use various digital certificates and trusting certificate authorities.
However, vulnerability testing indicates sandboxes were enabled, which restricts the code's access to resources within the user's computer.
Which of the following is the MOST likely cause of the error"?
정답: C
An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:
- Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of
Privilege
- SSL Medium Strength Cipher Suites Supported
- Vulnerability in DNS Resolution Could Allow Remote Code Execution
- SMB Host SIDs allows Local User Enumeration
Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?
- Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of
Privilege
- SSL Medium Strength Cipher Suites Supported
- Vulnerability in DNS Resolution Could Allow Remote Code Execution
- SMB Host SIDs allows Local User Enumeration
Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?
정답: A
A digital forensics expert has obtained an ARM binary suspected of including malicious behavior.
The expert would like to trace and analyze the ARM binary's execution. Which of the following tools would BEST support this effort?
The expert would like to trace and analyze the ARM binary's execution. Which of the following tools would BEST support this effort?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)