CASP+ CompTIA Advanced Security Practitioner Practice Tests. Nadean H. Tanner
Чтение книги онлайн.

Читать онлайн книгу CASP+ CompTIA Advanced Security Practitioner Practice Tests - Nadean H. Tanner страница 11

СКАЧАТЬ Your department decides to implement a solution that can cache this type of traffic the first time it is requested and serve it to the internal users as requested, thereby reducing the Internet bandwidth used for accessing this traffic. Which solution best accomplishes this task?ProxyPacket filter firewallWAFIPS

      99 You were asked to recommend a technology that will lessen the impact of a DDoS attack on your CDN. Which of the following is the best technology?HIDSPacket filter firewallProxyLoad balancing

      100 Luke's company started upgrading the computers in your organization. As a security professional, you recommend creating a standard image for all computers with a set level of security configured. What is this process called?Configuration baseliningImagingDuplicationGhosting

      101 Lydia is a security administrator, and her hospital's security policy states that wearable technology and IoT devices are not allowed in secure areas where patient information is discussed. Wearable devices are designed to be worn by one individual, but some are quite powerful with artificial intelligence. Why is this a concern?Danger of eavesdropping and compliance violationsInsurance premiums going upMalpractice and litigationChain of custody of evidence

      102 Mark is evaluating cloud storage providers and gives each a product evaluation form. Which of these is not the best practice for a cloud service provider?Strict initial registration and validationSystem event and network traffic monitoringUtilization of weak encryption algorithmsIncident response processes that help BCP

      103 Containerization provides many benefits in flexibility and faster application development. Which of the following statements is false?Containers share the host OS's kernel during runtime.Containers do not need to fully emulate an OS to work.One physical server running five containers needs only one OS.Containers are pure sandboxes just like VMs are.

      104 Hector has a team that replaced version 1.2 of software with 2.0. The newest version has a completely different interface in addition to updates. What is this called?VersioningCoding integrationSecure codingVulnerability assessment

      105 Greg is a security researcher for a cybersecurity company. He is currently examining a third-party vendor and finds a way to use SQLi to deface their web server due to a missing patch in the company's web application. What is the threat of doing business with this organization?Web defacementUnpatched applicationsAttackersEducation awareness

      106 Your CISO decided to implement an overarching enterprise mobility management (EMM) strategy. She wants to ensure that sensitive corporate data is not compromised by the employees' apps on their mobile devices. Which of these will implement that best?App config through IDCApp wrapping through SDKOpen source through APIPlatform DevOps

      107 You are a web developer who needs to secure API keys in a client-side JavaScript application created for your hospital. What is the best way to accomplish this task quickly and efficiently?Disable API access and use a hash of the key.Set API access and a secret key pair.Curl a request with an -H -o option.Set a RESTful request with access pairs.

      108 Mitchell wants to enhance his overall security and compliance to protect his company more carefully. He engages his security team to examine enterprise application integration, data integration, message-oriented middleware (MOM), object request brokers (ORBs), and the enterprise service bus (ESB). He also wants to prioritize which web applications should be secured first and how they will be tested. What do you need to sit down with your IT security team and build?Web application security planWeb application–level attack listBusiness logic justificationsContainer security

      109 Edwin's board of directors want to perform quarterly security testing. As CISO of a financial institution, he must form a plan specifically for the development of this test that includes software assurance. This test must have a low risk of impacting system stability because the company is in production. The suggestion was made to outsource this to a third party. The board of directors argue that a third party will not be as knowledgeable as the development team. What will satisfy the board of directors?Gray-box testing by a major consulting firmBlack-box testing by a major external consulting firmGray-box testing by the development and security assurance teamsWhite-box testing by the development and security assurance teams

      110 Trent is a security analyst for a financial organization and conducting a review of data management policies. After a complete review, he found settings disabled permitting developers to download supporting but trusted software. You submitted the recommendation that developers have a separate process to manually download software that should be vetted before its use. What process will support this recommendation?NIPSDigitally signed applicationsSandboxingPCI compliance

      111 Tiffany runs an organization that is blending its development team with the operations team because of the speed applications are being rolled out. Applications change with new services required in production, so she has undertaken the challenge of eliminating those silos of development and operations. What is this called?IncrementalDevOpsAgileWaterfall

      112 Shelby is working for a software developer developing web applications for an international financial enterprise. She has also been tasked with building the rule set that governs the interaction between an end user and the web application linking authentication and access. What type of rule set is this?Session managementSecure cookiesJava flagsStateless firewall

      113 Your software developer has a custom ROM for Android and wants to further customize it for mobile device use in your healthcare network. Android is an open source operating system, but your developer experiences difficulties uploading the new ROM to a test device even using validated third-party libraries for development. What does he need to unlock before uploading the new ROM?BootloaderBIOSFIFOTPM

      114 Angel needs to provide software code for users to download. You want the users to be able to verify that the software has not changed or become corrupted. How might you provide this verification?Code signing.Script signing.The user can attempt to install and run the program. If it installs and operates properly, it hasn't been altered.Have the user authenticate first. If the user is authenticated, the software they download must be genuine.

      115 You are creating a web application security plan and need to do white-box security testing on source code to find vulnerabilities earlier in the SDLC. If you can find vulnerabilities earlier in the process, they are cheaper to fix. What type of testing do you need to do?SASTCASTDASTFAST

      116 You are creating a web application security plan and need to do black-box security testing on a running application. What type of testing do you need to do?SASTCASTDASTIAST

      117 You had your internal team do an analysis on compiled binaries to find errors in mobile and desktop applications. You would like an external agency to test them as well. Which of these tests best suits this need?DASTVASTIASTSAST

      118 Craig's newly formed IT team is investigating cloud computing models. He wants to use a cloud computing model that is orchestrated as an integrated infrastructure environment. Apps and data can share resources based on business and technical policies. Which of the following is the best choice for this situation?PublicPrivateAgnosticHybrid

      119 You have been newly hired as a CISO for a governmental contractor. One of your first conversations with the CEO is to review requirements for recovery time and recovery point objectives, and enterprise resource planning (ERP). Who should you bring to the round table to discuss metrics surrounding your RTO/RPO?Board of directorsChief financial officerData owners and custodiansBusiness unit managers and directors

      120 Which of the following is a use case for configuration management software?Incident remediationContinuanceAsset managementCollaboration

      121 You have been analyzing the backup schedule for a CMDB. Your CIO has said the company has an RPO of 48 hours. What is the minimum backup schedule for the CMDB?24 hours6 hours48 hours12 hours

      122 Your СКАЧАТЬ