[Dec 28, 2024] CompTIA CAS-004 Exam Dumps Files, Q1/501: A security analyst discovered that the company's WAF was not properly configured. The main web server

Join the discussion

Question 1/501

A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:
(&(objectClass=*)(objectClass=*))(&(objectClass=void)(type=admin))
Which of the following would BEST mitigate this vulnerability?

A. Network intrusion prevention

B. Data encoding

C. Input validation

D. CAPTCHA

Add Comments

Other Question (501q): Q1. A security analyst discovered that the company's WAF was not properly configured. The main...; Q2. A company recently experienced a security incident in which its domain controllers were th...; Q3. An administrator at a software development company would like to protect the integrity Of ...; Q4. A security administrator wants to detect a potential forged sender claim in tt-e envelope ...; Q5. A company wants to securely manage the APIs that were developed for its in-house applicati...; Q6. A company wants to protect its intellectual property from theft. The company has already a...; Q7. A new web server must comply with new secure-by-design principles and PCI DSS. This includ...; Q8. A security consultant needs to set up wireless security for a small office that does not h...; Q9. A security engineer is reviewing a record of events after a recent data breach incident th...; Q10. A security architect works for a manufacturing organization that has many different branch...; Q11. A new, online file hosting service is being offered. The service has the following securit...; Q12. A software development company wants to ensure that users can confirm the software is legi...; Q13. A security architect is tasked with scoping a penetration test that will start next month....; Q14. Which of the following technologies would benefit the most from the use of biometric reade...; Q15. Company A is merging with Company B Company A is a small, local company Company B has a la...; Q16. Which of the following is required for an organization to meet the ISO 27018 standard?...; Q17. A consultant is planning an assessment of a customer-developed system. The system consists...; Q18. A security analyst is investigating a possible buffer overflow attack. The following outpu...; Q19. A security consultant is designing an infrastructure security solution for a client compan...; Q20. An organization is facing budget constraints The Chief Technology Officer (CTO) wants to a...; Q21. A cybersecurity analyst created the following tables to help determine the maximum budget ...; Q22. An application server was recently upgraded to prefer TLS 1.3, and now users are unable to...; Q23. A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot ph...; Q24. Given the following log snippet from a web server: (Exhibit) Which of the following BEST d...; Q25. A new web server must comply with new secure-by-design principles and PCI DSS. This includ...; Q26. A security engineer was auditing an organization's current software development practice a...; Q27. A company hosts a large amount of data in blob storage for its customers. The company rece...; Q28. A security engineer at a company is designing a system to mitigate recent setbacks caused ...; Q29. An organization is prioritizing efforts to remediate or mitigate risks identified during t...; Q30. Leveraging cryptographic solutions to protect data that is in use ensures the data is encr...; Q31. Which of the following should an organization implement to prevent unauthorized API key sh...; Q32. A systems engineer needs to develop a solution that uses digital certificates to allow aut...; Q33. A DNS forward lookup zone named complia.org must: * Ensure the DNS is protected from on-pa...; Q34. A security engineer needs to recommend a solution that will meet the following requirement...; Q35. A financial institution would like to store its customer data in a cloud but still allow t...; Q36. A help desk technician just informed the security department that a user downloaded a susp...; Q37. An organization is establishing a new software assurance program to vet applications befor...; Q38. A company undergoing digital transformation is reviewing the resiliency of a CSP and is co...; Q39. An administrator at a software development company would like to protect the integrity of ...; Q40. A cloud security architect has been tasked with finding a solution for hardening VMS. The ...; Q41. A health company has reached the physical and computing capabilities in its datacenter, bu...; Q42. Which of the following are risks associated with vendor lock-in? (Choose two.)...; Q43. After a cybersecurity incident, a judge found that a company did not conduct a proper fore...; Q44. A company is concerned about disgruntled employees transferring its intellectual property ...; Q45. A university issues badges through a homegrown identity management system to all staff and...; Q46. A security architect for a large, multinational manufacturer needs to design and implement...; Q47. Which of the following are risks associated with vendor lock-in? (Choose two.)...; Q48. A security analyst is reviewing network connectivity on a Linux workstation and examining ...; Q49. Over the last 90 days, many storage services has been exposed in the cloud services enviro...; Q50. An analyst received a list of IOCs from a government agency. The attack has the following ...; Q51. A vulnerability assessment endpoint generated a report of the latest findings. A security ...; Q52. A security engineer is trying to identify instances of a vulnerability in an internally de...; Q53. A company is outsourcing to an MSSP that performs managed detection and response services....; Q54. A security architect is reviewing the following proposed corporate firewall architecture a...; Q55. During a system penetration test, a security engineer successfully gained access to a shel...; Q56. Due to locality and budget constraints, an organization's satellite office has a lower ban...; Q57. A security analyst is performing a vulnerability assessment on behalf of a client. The ana...; Q58. An organization is planning for disaster recovery and continuity of operations. INSTRUCTIO...; Q59. An enterprise is undergoing an audit to review change management activities when promoting...; Q60. A remote user reports the inability to authenticate to the VPN concentrator. During troubl...; Q61. An organization is implementing a new identity and access management architecture with the...; Q62. A security researcher detonated some malware in a lab environment and identified the follo...; Q63. In order to authenticate employees who, call in remotely, a company's help desk staff must...; Q64. An energy company is required to report the average pressure of natural gas used over the ...; Q65. A security architect was asked to modify an existing internal network design to accommodat...; Q66. A digital forensics expert has obtained an ARM binary suspected of including malicious beh...; Q67. A cloud security architect has been tasked with selecting the appropriate solution given t...; Q68. A security analyst notices a number of SIEM events that show the following activity: (Exhi...; Q69. A security engineer is implementing a server-side TLS configuration that provides forward ...; Q70. A company's finance department acquired a new payment system that exports data to an unenc...; Q71. A cybersecurity analyst created the following tables to help determine the maximum budget ...; Q72. A security engineer has been asked to close all non-secure connections from the corporate ...; Q73. A security analyst discovered that a database administrator's workstation was compromised ...; Q74. A company wants to protect its intellectual property from theft. The company has already a...; Q75. A new mandate by the corporate security team requires that all endpoints must meet a secur...; Q76. An employee decides to log into an authorized system. The system does not prompt the emplo...; Q77. An organization is developing a disaster recovery plan that requires data to be backed up ...; Q78. A security analyst observes the following while looking through network traffic in a compa...; Q79. A security analyst has been tasked with providing key information in the risk register. Wh...; Q80. A software developer is working on a piece of code required by a new software package. The...; Q81. A cloud security architect has been tasked with selecting the appropriate solution given t...; Q82. A security architect is tasked with scoping a penetration test that will start next month....; Q83. Ransomware encrypted the entire human resources fileshare for a large financial institutio...; Q84. An energy company is required to report the average pressure of natural gas used over the ...; Q85. A security researcher has been given an executable that was captured by a honeypot. Which ...; Q86. A user from the sales department opened a suspicious file attachment. The sales department...; Q87. A review of the past year's attack patterns shows that attackers stopped reconnaissance af...; Q88. An organization's assessment of a third-party, non-critical vendor reveals that the vendor...; Q89. A security administrator receives reports that several workstations are unable to access r...; Q90. An organization is implementing a new identity and access management architecture with the...; Q91. An organization established an agreement with a partner company for specialized help desk ...; Q92. A security is assisting the marketing department with ensuring the security of the organiz...; Q93. An application security engineer is performing a vulnerability assessment against a new we...; Q94. A security analyst is investigating a possible buffer overflow attack. The following outpu...; Q95. A security solution uses a sandbox environment to execute zero-day software and collect in...; Q96. The management team at a company with a large, aging server environment is conducting a se...; Q97. A mobile device hardware manufacturer receives the following requirements from a company t...; Q98. A security architect is implementing a web application that uses a database back end. Prio...; Q99. A security analyst discovered that the company's WAF was not properly configured. The main...; Q100. A security engineer discovers a PC may have been breached and accessed by an outside agent...; Q101. A company created an external, PHP-based web application for its customers. A security res...; Q102. (Exhibit); Q103. SIMULATION You are a security analyst tasked with interpreting an Nmap scan output from co...; Q104. A company created an external application for its customers. A security researcher now rep...; Q105. In a cloud environment, the provider offers relief to an organization's teams by sharing i...; Q106. A company wants to quantify and communicate the effectiveness of its security controls but...; Q107. Which of the following describes the system responsible for storing private encryption/dec...; Q108. After a server was compromised an incident responder looks at log files to determine the a...; Q109. A third-party organization has implemented a system that allows it to analyze customers' d...; Q110. A developer implement the following code snippet. (Exhibit) Which of the following vulnera...; Q111. Which of the following may indicate a configuration item has reached end-of-life?...; Q112. A security analyst is researching containerization concepts for an organization. The analy...; Q113. A global organization's Chief Information Security Officer (CISO) has been asked to analyz...; Q114. A security architect must mitigate the risks from what is suspected to be an exposed, priv...; Q115. Due to locality and budget constraints, an organization's satellite office has a lower ban...; Q116. The Chief Security Officer (CSO) requested the security team implement technical controls ...; Q117. (Exhibit) An organization is planning for disaster recovery and continuity of operations. ...; Q118. An organization is designing a network architecture that must meet the following requireme...; Q119. An organization wants to perform a scan of all its systems against best practice security ...; Q120. An e-commerce company that provides payment gateways is concerned about the growing expens...; Q121. A security analyst is reviewing SIEM events and is uncertain how to handle a particular ev...; Q122. A network administrator for a completely air-gapped and closed system has noticed that ano...; Q123. A company's Chief Information Security Officer is concerned that the company's proposed mo...; Q124. A security auditor needs to review the manner in which an entertainment device operates. T...; Q125. An enterprise is deploying APIs that utilize a private key and a public key to ensure the ...; Q126. A security engineer notices the company website allows users following example: hitps://my...; Q127. An organization is planning for disaster recovery and continuity of operations. INSTRUCTIO...; Q128. A product development team has submitted code snippets for review prior to release. INSTRU...; Q129. A security engineer was auditing an organization's current software development practice a...; Q130. A security analyst notices a number of SIEM events that show the following activity: (Exhi...; Q131. Clients are reporting slowness when attempting to access a series of load-balanced APIs th...; Q132. A company underwent an audit in which the following issues were enumerated: * Insufficient...; Q133. A small company recently developed prototype technology for a military program. The compan...; Q134. A security team received a regulatory notice asking for information regarding collusion an...; Q135. A security manager is determining the best DLP solution for an enterprise. A list of requi...; Q136. After installing an unapproved application on a personal device, a Chief Executive Officer...; Q137. A company is moving most of its customer-facing production systems to the cloud-facing pro...; Q138. A security administrator wants to detect a potential forged sender claim in tt-e envelope ...; Q139. A security analyst is investigating a series of suspicious emails by employees to the secu...; Q140. A security engineer has been asked to close all non-secure connections from the corporate ...; Q141. SIMULATION You are a security analyst tasked with interpreting an Nmap scan output from co...; Q142. A Chief Information Officer is considering migrating all company data to the cloud to save...; Q143. A security analyst is reading the results of a successful exploit that was recently conduc...; Q144. A developer wants to maintain integrity to each module of a program and ensure the code ca...; Q145. A developer wants to maintain integrity to each module of a program and ensure the code ca...; Q146. Ann, a CIRT member, is conducting incident response activities on a network that consists ...; Q147. Which of the following is a benefit of using steganalysis techniques in forensic response?...; Q148. Company A is establishing a contractual with Company B. The terms of the agreement are for...; Q149. A small bank is evaluating different methods to address and resolve the following requirem...; Q150. A company is migrating its data center to the cloud. Some hosts had been previously isolat...; Q151. During a recent security incident investigation, a security analyst mistakenly turned off ...; Q152. A company wants to use a process to embed a sign of ownership covertly inside a proprietar...; Q153. Users are reporting intermittent access issues with a new cloud application that was recen...; Q154. A security administrator wants to allow external organizations to cryptographically valida...; Q155. In preparation for the holiday season, a company redesigned the system that manages retail...; Q156. A major broadcasting company that requires continuous availability to streaming content ne...; Q157. A security engineer at a company is designing a system to mitigate recent setbacks caused ...; Q158. An organization recently started processing, transmitting, and storing its customers' cred...; Q159. A company plans to build an entirely remote workforce that utilizes a cloud-based infrastr...; Q160. A security architect is designing a solution for a new customer who requires significant s...; Q161. A company's product site recently had failed API calls, resulting in customers being unabl...; Q162. A product development team has submitted code snippets for review prior to release. INSTRU...; Q163. A network administrator for a completely air-gapped and closed system has noticed that ano...; Q164. A company processes data subject to NDAs with partners that define the processing and stor...; Q165. An organization is planning for disaster recovery and continuity of operations. INSTRUCTIO...; Q166. A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot ph...; Q167. A security manager wants to transition the organization to a zero trust architecture. To m...; Q168. A security architect is implementing a web application that uses a database back end. Prio...; Q169. An application developer is including third-party background security fixes in an applicat...; Q170. An organization is planning for disaster recovery and continuity of operations. INSTRUCTIO...; Q171. A security engineer needs to implement a cost-effective authentication scheme for a new we...; Q172. A user forwarded a suspicious email to a security analyst for review. The analyst examined...; Q173. A company is in the process of refreshing its entire infrastructure The company has a busi...; Q174. A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier ...; Q175. A company is looking at sending historical backups containing customer PII to a cloud serv...; Q176. A security analyst is investigating a series of suspicious emails by employees to the secu...; Q177. Following a recent security incident on a web server the security analyst takes HTTP traff...; Q178. An application server was recently upgraded to prefer TLS 1.3, and now users are unable to...; Q179. A company that all mobile devices be encrypted, commensurate with the full disk encryption...; Q180. Which of the following is the BEST disaster recovery solution when resources are running i...; Q181. While investigating a security event, an analyst finds evidence that a user opened an emai...; Q182. Users are claiming that a web server is not accessible. A security engineer is unable to v...; Q183. An organization's finance system was recently attacked. A forensic analyst is reviewing th...; Q184. In a cloud environment, the provider offers relief to an organization's teams by sharing i...; Q185. A penetration tester is trying to gain access to a remote system. The tester is able to se...; Q186. A bank hired a security architect to improve its security measures against the latest thre...; Q187. A hospital is using a functional magnetic resonance imaging (fMRI) scanner, which is contr...; Q188. A software company is developing an application in which data must be encrypted with a cip...; Q189. Company A acquired Company B. During an initial assessment, the companies discover they ar...; Q190. As part of its risk strategy, a company is considering buying insurance for cybersecurity ...; Q191. A home automation company just purchased and installed tools for its SOC to enable inciden...; Q192. A developer wants to maintain integrity to each module of a program and ensure the code ca...; Q193. Company A is establishing a contractual with Company B. The terms of the agreement are for...; Q194. An multinational organization was hacked, and the incident response team's timely action p...; Q195. A security architect updated the security policy to require a proper way to verify that pa...; Q196. A security analyst is reviewing SIEM events and is uncertain how to handle a particular ev...; Q197. Which of the following is record-level encryption commonly used to do?...; Q198. A significant weather event caused all systems to fail over to the disaster recovery site ...; Q199. A security engineer needs to implement a solution to increase the security posture of user...; Q200. A security engineer wants to introduce key stretching techniques to the account database t...; Q201. A developer is creating a new mobile application for a company. The application uses REST ...; Q202. An e-commerce company is running a web server on premises, and the resource utilization is...; Q203. A cybersecurity analyst created the following tables to help determine the maximum budget ...; Q204. The Chief Information Security Officer is concerned about the possibility of employees dow...; Q205. A security is assisting the marketing department with ensuring the security of the organiz...; Q206. As part of the customer registration process to access a new bank account, customers are r...; Q207. A consultant needs access to a customer's cloud environment. The customer wants to enforce...; Q208. The Chief Information Security Officer (CISO) of a company that has highly sensitive corpo...; Q209. Device event logs sources from MDM software as follows: (Exhibit) Which of the following s...; Q210. A security engineer has been asked to close all non-secure connections from the corporate ...; Q211. Ann, a retiring employee, cleaned out her desk. The next day, Ann's manager notices compan...; Q212. A company recently acquired a SaaS provider and needs to integrate its platform into the c...; Q213. A security is assisting the marketing department with ensuring the security of the organiz...; Q214. An organization is planning for disaster recovery and continuity of operations. INSTRUCTIO...; Q215. In a cloud environment, the provider offers relief to an organization's teams by sharing i...; Q216. A developer is creating a new mobile application for a company. The application uses REST ...; Q217. A cloud security architect has been tasked with finding a solution for hardening VMS. The ...; Q218. A security analyst is reviewing network connectivity on a Linux workstation and examining ...; Q219. A security architect Is analyzing an old application that is not covered for maintenance a...; Q220. A threat hunting team receives a report about possible APT activity in the network. Which ...; Q221. A security engineer needs to review the configurations of several devices on the network t...; Q222. A healthcare system recently suffered from a ransomware incident As a result the board of ...; Q223. A security architect updated the security policy to require a proper way to verify that pa...; Q224. An organization is preparing to migrate its production environment systems from an on-prem...; Q225. A security analyst at a global financial firm was reviewing the design of a cloud-based sy...; Q226. A threat hunting team receives a report about possible APT activity in the network. Which ...; Q227. The primary advantage of an organization creating and maintaining a vendor risk registry i...; Q228. A security analyst discovered that the company's WAF was not properly configured. The main...; Q229. A security analyst is reviewing the following output: (Exhibit) Which of the following wou...; Q230. An engineering team has deployed a new VPN service that requires client certificates to be...; Q231. A security analyst is using data provided from a recent penetration test to calculate CVSS...; Q232. A SOC analyst is reviewing malicious activity on an external, exposed web server. During t...; Q233. An organization is planning for disaster recovery and continuity of operations. INSTRUCTIO...; Q234. A vulnerability scanner detected an obsolete version of an open-source file-sharing applic...; Q235. A security analyst is reviewing a new IOC in which data is injected into an online process...; Q236. A software company is developing an application in which data must be encrypted with a cip...; Q237. A security consultant has been asked to identify a simple, secure solution for a small bus...; Q238. A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS so...; Q239. A company created an external application for its customers. A security researcher now rep...; Q240. A security analyst is reviewing the following vulnerability assessment report: (Exhibit) W...; Q241. A company is looking for a solution to hide data stored in databases. The solution must me...; Q242. A small company needs to reduce its operating costs. vendors have proposed solutions, whic...; Q243. A third-party organization has implemented a system that allows it to analyze customers' d...; Q244. An organization is developing a disaster recovery plan that requires data to be backed up ...; Q245. A security analyst notices a number of SIEM events that show the following activity: (Exhi...; Q246. A company wants to refactor a monolithic application to take advantage of cloud native ser...; Q247. A cybersecurity analyst created the following tables to help determine the maximum budget ...; Q248. A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan fo...; Q249. The Chief Information Security Officer (CISO) of an organization is concerned with the tra...; Q250. The principal security analyst for a global manufacturer is investigating a security incid...; Q251. Leveraging cryptographic solutions to protect data that is in use ensures the data is encr...; Q252. A security analyst is investigating a possible buffer overflow attack. The following outpu...; Q253. Two companies that recently merged would like to unify application access between the comp...; Q254. An engineering team is developing and deploying a fleet of mobile devices to be used for s...; Q255. A company's SOC has received threat intelligence about an active campaign utilizing a spec...; Q256. An analyst execute a vulnerability scan against an internet-facing DNS server and receives...; Q257. An architectural firm is working with its security team to ensure that any draft images th...; Q258. A company has hired a security architect to address several service outages on the endpoin...; Q259. A security administrator is setting up a virtualization solution that needs to run service...; Q260. An auditor Is reviewing the logs from a web application to determine the source of an Inci...; Q261. A company launched a new service and created a landing page within its website network for...; Q262. A significant weather event caused all systems to fail over to the disaster recovery site ...; Q263. A junior developer is informed about the impact of new malware on an Advanced RISC Machine...; Q264. A security engineer is assessing the security controls of loT systems that are no longer s...; Q265. A security engineer is hardening a company's multihomed SFTP server. When scanning a publi...; Q266. A developer wants to maintain integrity to each module of a program and ensure the code ca...; Q267. An e-commerce company is running a web server on premises, and the resource utilization is...; Q268. An organization is designing a MAC scheme (or critical servers running GNU/Linux. The secu...; Q269. Which of the following attacks can be mitigated by proper data retention policies?...; Q270. An loT device implements an encryption module built within its SoC where the asymmetric pr...; Q271. Which of the following is the MOST important security objective when applying cryptography...; Q272. A software development company is building a new mobile application for its social media p...; Q273. Clients are reporting slowness when attempting to access a series of load-balanced APIs th...; Q274. A security engineer is reviewing a record of events after a recent data breach incident th...; Q275. A security analyst receives an alert from the SIEM regarding unusual activity on an author...; Q276. A security analyst is reviewing network connectivity on a Linux workstation and examining ...; Q277. A development team created a mobile application that contacts a company's back-end APIs ho...; Q278. An analyst execute a vulnerability scan against an internet-facing DNS server and receives...; Q279. Which of the following is a benefit of using steganalysis techniques in forensic response?...; Q280. A company has decided that only administrators are permitted to use PowerShell on their Wi...; Q281. A pharmaceutical company was recently compromised by ransomware. Given the following EDR o...; Q282. A network administrator receives a ticket regarding an error from a remote worker who is t...; Q283. An organization recently experienced a ransomware attack. The security team leader is conc...; Q284. A company is preparing to deploy a global service. Which of the following must the company...; Q285. A security analyst discovered that the company's WAF was not properly configured. The main...; Q286. A security engineer is creating a single CSR for the following web server hostnames: * www...; Q287. A security architect was asked to modify an existing internal network design to accommodat...; Q288. An organization is referencing NIST best practices for BCP creation while reviewing curren...; Q289. A systems administrator was given the following IOC to detect the presence of a malicious ...; Q290. A health company has reached the physical and computing capabilities in its datacenter, bu...; Q291. Company A acquired Company B. During an audit, a security engineer found Company B's envir...; Q292. The analyst should implement every solution one at a time in a virtual lab, running an att...; Q293. A security analyst is using data provided from a recent penetration test to calculate CVSS...; Q294. A manufacturing company's security engineer is concerned a remote actor may be able to acc...; Q295. A company has decided that only administrators are permitted to use PowerShell on their Wi...; Q296. An organization implemented a secure boot on its most critical application servers which p...; Q297. An organization is designing a network architecture that must meet the following requireme...; Q298. An organization's finance system was recently attacked. A forensic analyst is reviewing th...; Q299. Company A acquired Company . During an audit, a security engineer found Company B's enviro...; Q300. A large number of emails have been reported, and a security analyst is reviewing the follo...; Q301. A security analyst is investigating a series of suspicious emails by employees to the secu...; Q302. A company is moving most of its customer-facing production systems to the cloud-facing pro...; Q303. A security analyst detected a malicious PowerShell attack on a single server. The malware ...; Q304. A CSP, which wants to compete in the market, has been approaching companies in an attempt ...; Q305. A health company has reached the physical and computing capabilities in its datacenter, bu...; Q306. A city government's IT director was notified by the city council that the following cybers...; Q307. A company is looking to fortify its cybersecurity defenses and is focusing on its network ...; Q308. A user in the finance department uses a laptop to store a spreadsheet that contains confid...; Q309. A hospitality company experienced a data breach that included customer Pll. The hacker use...; Q310. A security analyst notices a number of SIEM events that show the following activity: (Exhi...; Q311. A security manager needed to protect a high-security data center, so the manager installed...; Q312. A security administrator was informed that a server unexpectedly rebooted. The administrat...; Q313. A SOC analyst is reviewing malicious activity on an external, exposed web server. During t...; Q314. A security administrator has been tasked with hardening a domain controller against latera...; Q315. After a security incident, a network security engineer discovers that a portion of the com...; Q316. A junior developer is informed about the impact of new malware on an Advanced RISC Machine...; Q317. An administrator at a software development company would like to protect the integrity Of ...; Q318. A business stores personal client data of individuals residing in the EU in order to proce...; Q319. A high-severity vulnerability was found on a web application and introduced to the enterpr...; Q320. A company wants to improve the security of its web applications that are running on in-hou...; Q321. An organization developed a containerized application. The organization wants to run the a...; Q322. An organization wants to perform a scan of all its systems against best practice security ...; Q323. Which of the following technologies would benefit the most from the use of biometric reade...; Q324. A developer wants to develop a secure external-facing web application. The developer is lo...; Q325. An organization wants to perform a scan of all its systems against best practice security ...; Q326. A high-severity vulnerability was found on a web application and introduced to the enterpr...; Q327. A company's SOC has received threat intelligence about an active campaign utilizing a spec...; Q328. A municipal department receives telemetry data from a third-party provider The server coll...; Q329. A security engineer thinks the development team has been hard-coding sensitive environment...; Q330. Ransomware encrypted the entire human resources fileshare for a large financial institutio...; Q331. A company would like to obfuscate PII data accessed by an application that is housed in a ...; Q332. A cybersecurity analyst discovered a private key that could have been exposed. Which of th...; Q333. A company uses AD and RADIUS to authenticate VPN and WiFi connections. The Chief Informati...; Q334. An administrator at a software development company would like to protect the integrity of ...; Q335. A software developer was just informed by the security team that the company's product has...; Q336. A security analyst receives an alert from the SIEM regarding unusual activity on an author...; Q337. A security engineer needs to review the configurations of several devices on the network t...; Q338. A web service provider has just taken on a very large contract that comes with requirement...; Q339. A systems administrator is in the process of hardening the host systems before connecting ...; Q340. A security team received a regulatory notice asking for information regarding collusion an...; Q341. An attacker exploited an unpatched vulnerability in a web framework, and then used an appl...; Q342. The Chief information Officer (CIO) of a large bank, which uses multiple third-party organ...; Q343. SIMULATION You are a security analyst tasked with interpreting an Nmap scan output from co...; Q344. A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implemen...; Q345. A security engineer is reviewing a record of events after a recent data breach incident th...; Q346. A security analyst needs to recommend a remediation to the following threat: (Exhibit) Whi...; Q347. A software assurance analyst reviews an SSH daemon's source code and sees the following: (...; Q348. The Chief information Officer (CIO) asks the system administrator to improve email securit...; Q349. Due to adverse events, a medium-sized corporation suffered a major operational disruption ...; Q350. A mobile application developer is creating a global, highly scalable, secure chat applicat...; Q351. A security architect is designing a solution for a new customer who requires significant s...; Q352. A security engineer thinks the development team has been hard-coding sensitive environment...; Q353. An organization is in frequent litigation and has a large number of legal holds. Which of ...; Q354. While investigating a security event, an analyst finds evidence that a user opened an emai...; Q355. A business wants to migrate its workloads from an exclusively on-premises IT infrastructur...; Q356. A recent data breach revealed that a company has a number of files containing customer dat...; Q357. Given the following log snippet from a web server: (Exhibit) Which of the following BEST d...; Q358. A software house is developing a new application. The application has the following requir...; Q359. An attacker infiltrated the code base of a hardware manufacturer and inserted malware befo...; Q360. A threat analyst notices the following URL while going through the HTTP logs. (Exhibit) Wh...; Q361. A company has received threat intelligence about bad routes being advertised. The company ...; Q362. An organization's finance system was recently attacked. A forensic analyst is reviewing th...; Q363. Which of the following describes the system responsible for storing private encryption/dec...; Q364. Device event logs sources from MDM software as follows: (Exhibit) Which of the following s...; Q365. A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implemen...; Q366. The principal security analyst for a global manufacturer is investigating a security incid...; Q367. A large number of emails have been reported, and a security analyst is reviewing the follo...; Q368. A network administrator who manages a Linux web server notices the following traffic: http...; Q369. An energy company is required to report the average pressure of natural gas used over the ...; Q370. A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. R...; Q371. When implementing serverless computing an organization must still account for:...; Q372. Which of the following is the MOST important cloud-specific risk from the CSP's viewpoint?...; Q373. (Exhibit); Q374. A systems administrator was given the following IOC to detect the presence of a malicious ...; Q375. A company suspects a web server may have been infiltrated by a rival corporation. The secu...; Q376. A junior developer is informed about the impact of new malware on an Advanced RISC Machine...; Q377. A security architect needs to implement a CASB solution for an organization with a highly ...; Q378. An organization's existing infrastructure includes site-to-site VPNs between datacenters. ...; Q379. A security consultant is conducting a penetration test against a customer enterprise local...; Q380. An organization recently recovered from an attack that featured an adversary injecting Mal...; Q381. A security analyst needs to recommend a remediation to the following threat: (Exhibit) Whi...; Q382. A security compliance requirement states that specific environments that handle sensitive ...; Q383. A company undergoing digital transformation is reviewing the resiliency of a CSP and is co...; Q384. A security analyst is performing a vulnerability assessment on behalf of a client. The ana...; Q385. A customer reports being unable to connect to a website at www.test.com to consume service...; Q386. An organization is developing a disaster recovery plan that requires data to be backed up ...; Q387. A security engineer needs 10 implement a CASB to secure employee user web traffic. A Key r...; Q388. A company has moved its sensitive workloads lo the cloud and needs to ensure high availabi...; Q389. An e-commerce company is running a web server on premises, and the resource utilization is...; Q390. An analyst reviews the following output collected during the execution of a web applicatio...; Q391. A software developer has been tasked with creating a unique threat detection mechanism tha...; Q392. A high-severity vulnerability was found on a web application and introduced to the enterpr...; Q393. Which of the following is a security concern for DNP3?...; Q394. A security analyst has been provided the following partial Snort IDS rule to review and ad...; Q395. After a security incident, a network security engineer discovers that a portion of the com...; Q396. An analyst determined that the current process for manually handling phishing attacks with...; Q397. A security analyst needs to recommend a remediation to the following threat: (Exhibit) Whi...; Q398. SIMULATION You are a security analyst tasked with interpreting an Nmap scan output from co...; Q399. Users are claiming that a web server is not accessible. A security engineer logs for the s...; Q400. A company is implementing SSL inspection. During the next six months, multiple web applica...; Q401. A security architect for a large, multinational manufacturer needs to design and implement...; Q402. A networking team asked a security administrator to enable Flash on its web browser. The n...; Q403. A security analyst is reviewing the following output: (Exhibit) Which of the following wou...; Q404. An organization recently experienced a ransomware attack. The security team leader is conc...; Q405. An organization recently experienced a ransomware attack. The security team leader is conc...; Q406. A security engineer has been informed by the firewall team that a specific Windows worksta...; Q407. A security analyst sees that a hacker has discovered some keys and they are being made ava...; Q408. A security architect updated the security policy to require a proper way to verify that pa...; Q409. A client is adding scope to a project. Which of the following processes should be used whe...; Q410. A security analyst is reviewing the following vulnerability assessment report: (Exhibit) W...; Q411. A company has moved its sensitive workloads to the cloud and needs to ensure high availabi...; Q412. A company publishes several APIs for customers and is required to use keys to segregate cu...; Q413. A threat analyst notices the following URL while going through the HTTP logs. http://www.s...; Q414. A technician uses an old SSL server due to budget constraints and discovers performance de...; Q415. A security engineer has been asked to close all non-secure connections from the corporate ...; Q416. A server in a manufacturing environment is running an end-of-life operating system. The vu...; Q417. A security researcher identified the following messages while testing a web application: (...; Q418. A company publishes several APIs for customers and is required to use keys to segregate cu...; Q419. An organization requires a contractual document that includes * An overview of what is cov...; Q420. Which of the following is the MOST important cloud-specific risk from the CSP's viewpoint?...; Q421. A cybersecurity analyst discovered a private key that could have been exposed. Which of th...; Q422. A company is migrating from company-owned phones to a BYOD strategy for mobile devices. Th...; Q423. After analyzing code, two developers al a company bring these samples to the security oper...; Q424. A security analyst is investigating a possible buffer overflow attack. The following outpu...; Q425. Which of the following should be established when configuring a mobile device to protect u...; Q426. A product development team has submitted code snippets for review prior to release. INSTRU...; Q427. A large number of emails have been reported, and a security analyst is reviewing the follo...; Q428. An internal security assessor identified large gaps in a company's IT asset inventory syst...; Q429. Which of the following protocols is a low power, low data rate that allows for the creatio...; Q430. (Exhibit) An organization is planning for disaster recovery and continuity of operations. ...; Q431. A security engineer needs to review the configurations of several devices on the network t...; Q432. An analyst has prepared several possible solutions to a successful attack on the company. ...; Q433. A company suspects a web server may have been infiltrated by a rival corporation. The secu...; Q434. Due to budget constraints, an organization created a policy that only permits vulnerabilit...; Q435. An application server was recently upgraded to prefer TLS 1.3, and now users are unable to...; Q436. The Chief Information Security Officer of a startup company has asked a security engineer ...; Q437. During a recent incident, sensitive data was disclosed and subsequently destroyed through ...; Q438. A company wants to refactor a monolithic application to take advantage of cloud native ser...; Q439. Which of the following technologies allows CSPs to add encryption across multiple data sto...; Q440. A security operations center analyst is investigating anomalous activity between a databas...; Q441. An energy company is required to report the average pressure of natural gas used over the ...; Q442. Company A acquired Company B. During an initial assessment, the companies discover they ar...; Q443. A security analyst is reviewing the following pseudo-output snippet after running the comm...; Q444. A security administrator is trying to securely provide public access to specific data from...; Q445. An IDS was unable to detect malicious network traffic during a recent security incident, e...; Q446. A company just released a new video card. Due to limited supply and nigh demand, attackers...; Q447. A bank is working with a security architect to find the BEST solution to detect database m...; Q448. A company has decided to purchase a license for software that is used to operate a mission...; Q449. A security analyst is concerned that a malicious piece of code was downloaded on a Linux s...; Q450. In preparation for the holiday season, a company redesigned the system that manages retail...; Q451. A security engineer has been asked to close all non-secure connections from the corporate ...; Q452. A Chief Information Security Officer is concerned about the condition of the code security...; Q453. A developer wants to maintain integrity to each module of a program and ensure the code ca...; Q454. A network administrator who manages a Linux web server notices the following traffic: http...; Q455. A company with only U S -based customers wants to allow developers from another country to...; Q456. An organization is moving its intellectual property data from on premises to a CSP and wan...; Q457. A pharmaceutical company recently experienced a security breach within its customer-facing...; Q458. A security analyst is reading the results of a successful exploit that was recently conduc...; Q459. A security engineer estimates the company's popular web application experiences 100 attemp...; Q460. A cyberanalyst has been tasked with recovering PDF files from a provided image file. Which...; Q461. A developer implement the following code snippet. (Exhibit) Which of the following vulnera...; Q462. A security analyst notices a number of SIEM events that show the following activity: (Exhi...; Q463. A security manager wants to transition the organization to a zero trust architecture. To m...; Q464. A systems administrator is in the process of hardening the host systems before connecting ...; Q465. A security consultant needs to protect a network of electrical relays that are used for mo...; Q466. A company publishes several APIs for customers and is required to use keys to segregate cu...; Q467. A company processes data subject to NDAs with partners that define the processing and stor...; Q468. A company recently deployed a SIEM and began importing logs from a firewall, a file server...; Q469. A cloud architect needs to isolate the most sensitive portion of the network while maintai...; Q470. SIMULATION A product development team has submitted code snippets for review prior to rele...; Q471. A security analyst runs a vulnerability scan on a network administrator's workstation The ...; Q472. A shipping company that is trying to eliminate entire classes of threats is developing an ...; Q473. Which of the following controls primarily detects abuse of privilege but does not prevent ...; Q474. A company has decided to purchase a license for software that is used to operate a mission...; Q475. A security analyst has noticed a steady increase in the number of failed login attempts to...; Q476. Users have reported that an internally developed web application is acting erratically, an...; Q477. A security analyst wants to keep track of alt outbound web connections from workstations. ...; Q478. Which of the following describes the system responsible for storing private encryption/dec...; Q479. A Chief information Security Officer (CISO) is developing corrective-action plans based on...; Q480. A security architect is tasked with securing a new cloud-based videoconferencing and colla...; Q481. A global organization's Chief Information Security Officer (CISO) has been asked to analyz...; Q482. A large number of emails have been reported, and a security analyst is reviewing the follo...; Q483. A customer reports being unable to connect to a website at www.test.com to consume service...; Q484. A security engineer needs to implement a solution to increase the security posture of user...; Q485. A security consultant needs to protect a network of electrical relays that are used for mo...; Q486. A customer reports being unable to connect to a website at www.test.com to consume service...; Q487. A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot ph...; Q488. A security analyst for a managed service provider wants to implement the most up-to-date a...; Q489. A Chief Information Security Officer (CISO) reviewed data from a cyber exercise that exami...; Q490. A security administrator is performing an audit of a local network used by company guests ...; Q491. Which of the following BEST describes a common use case for homomorphic encryption?...; Q492. A company enlists a trusted agent to implement a way to authenticate email senders positiv...; Q493. Legal authorities notify a company that its network has been compromised for the second ti...; Q494. Which of the following is the MOST important security objective when applying cryptography...; Q495. Which of the following technologies allows CSPs to add encryption across multiple data sto...; Q496. A security analyst discovered that the company's WAF was not properly configured. The main...; Q497. A security auditor needs to review the manner in which an entertainment device operates. T...; Q498. A company Is adopting a new artificial-intelligence-based analytics SaaS solution. This Is...; Q499. A company created an external application for its customers. A security researcher now rep...; Q500. A junior developer is informed about the impact of new malware on an Advanced RISC Machine...; Q501. A company is deploying multiple VPNs to support supplier connections into its extranet app...

Join the discussion

Question 1/501

Add Comments

Download PDF File