Название: CASP+ CompTIA Advanced Security Practitioner Practice Tests
Автор: Nadean H. Tanner
Издательство: John Wiley & Sons Limited
Жанр: Зарубежная компьютерная литература
isbn: 9781119813064
isbn:
193 You visit a website that requires credentials to log in. Besides providing the option of a username and password, you are also given the option to log in using your Facebook credentials. What type of authentication scheme is used?SAMLOAuthClosedIDOpenID
194 You need to find a web-based language that is used to exchange security information with single sign-on (SSO). Which of the following is the best language to use?SOAPKerberosSAML/ShibbolethAPI
195 Your IT manager wants to move from a centralized access control methodology to a decentralized access control methodology. You need a router that authenticates users from a locally stored database. This requires subjects to be added individually to the local database for access, which creates a security domain, or sphere of trust. What best describes this type of administration?Decentralized access control requires more administrative work.Decentralized access control creates a bottleneck.Decentralized access control requires a single authorization server.Decentralized access control stores all the users in the same administrative location using RADIUS.
196 The CISO is researching ways to reduce risk associated with the separation of duties. In the case where one person is not available, another needs to be able to perform all the duties of their co-workers. What should the CISO implement to reduce risk?Mandatory requirement of a shared account for administrative purposesAudit of all ongoing administration activitiesSeparation of duties to ensure no single administrator has accessRole-based security on the primary role and provisional access to the secondary role on a case-by-case basis
197 You implement mandatory access control for your secure data storage system. You change default passwords and enforce the use of strong passwords. What else should you do to make this storage system even more secure?Multifactor authenticationMultifactor authorizationIdentificationVerification
198 Your data owner must assign classifications to information assets and ensure regulation compliance. Which of these other criteria is determined by a data owner?AuthorizationAuthenticationVerificationValidation
199 As a security specialist for your organization, you are increasingly concerned about strong endpoint controls of developers' workstations as well as access control of servers running developer tools. Which of these is not a benefit of an attribute-based access control (ABAC) scheme?Helping meet security goals and standardsEnsuring only authorized users have access to code repositoriesHaving runtime self-protection controlsSafeguarding system integrity
200 As a security administrator at a high-security governmental agency, you rely on some assets running high-end customized legacy software. What type of access control do you implement to protect your organization?DACRBACMACABAC
201 Your organization needs an AAA server to support the users accessing the corporate network via a VPN. Which of the following will be used to provide AAA services?RADIUSL2TPLDAPAD
202 Your network administrator wants to use an authentication protocol to encrypt usernames and passwords on all Cisco devices. What is the best option for them to use?RADIUSDIAMETERCHAPTACACS+
203 Your company currently uses Kerberos authentication protocols and tickets to prove identity. You are looking for another means of authentication because Kerberos has several potential vulnerabilities, the biggest being which of the following?Single point of failureDynamic passwordsLimited read/write cyclesConsensus
204 You need an authorization framework that gives a third-party application access to resources without providing the owners' credentials to the application. Which of these is your best option?MACEAPSAMLOAuth
205 You need develop a security logging process for your mission-critical servers to hold users accountable for their actions on a system after they log in. What is this called?AuthorizationAuthentication2 -step verificationAccountability
206 Your credit card company identified that customers' top transaction on the web portal is resetting passwords. Many users forget their secret questions, so customers are calling to talk to tech support. You want to develop single-factor authentication to cut down on the overhead of the current solution. What solution do you suggest?Push notificationIn-band certificate or tokenLogin with third-party social media accountsSMS message to a customer's mobile number with an expiring OTP
207 Your CISO wants to implement a solution within the organization where employees are required to authenticate once and then permitted to access the various computer systems they are authorized to access. The organization uses primarily Microsoft products. Which solution is best suited for this organization?KerberosSSLHOTPTOTP
208 Your organization is upgrading computers. The new computers include a chipset on the motherboard that is used to store encryption keys. What is this chipset called?EKCTPMESMRSA
209 You are logged into a website. While performing activities within the website, you access a third-party application. The application asks you if it can access your profile data as part of its process. What technology is this process describing?AttestationOAuthJWTCookies
210 You are setting up a new virtual machine. What type of virtualization should you use to coordinate instructions directly to the CPU?Type B.Type 1.Type 2.No VM directly sends instructions to the CPU.
211 Your organization must perform vast amounts of computations of big data overnight. To minimize TCO, you rely on elastic cloud services. The virtual machines and containers are created and destroyed nightly. What is the biggest risk to confidentiality?Data center distributionEncryptionPhysical loss of control of assetsData scraping
212 Your DevOps team decided to use containers because they allow running applications on any hardware. What is the first thing your team should do to have a secure container environment?Install IPS.Lock down Kubernetes and monitor registries.Configure antimalware and traffic filtering.Disable services that are not required and install monitoring tools.
213 You work in information security for a stock trading organization. You have been tasked with reducing cost and managing employee workstations. One of the biggest concerns is how to prevent employees from copying data to any external storage. Which of the following best manages this situation?Move all operations to the cloud and disable VPN.Implement server virtualization and move critical applications to the server.Use VDI and disable hardware and storage mapping from a thin client.Encrypt all sensitive data at rest and in transit.
214 You are exploring the best option for your team to read data that was written onto storage material by a device you do not have access to, and the backup device has been broken. Which of the following is the best option for this?Type 1 hypervisorType 2 hypervisorEmulationPaaS
215 You are a security architect building out a new hardware-based VM. Which of the following would least likely threaten your new virtualized environment?Patching and maintenanceVM sprawlOversight and responsibilityFaster provisioning and disaster recovery
216 GPS is built into cell phones and cameras, enabling coordinated longitude and latitude to be embedded in a machine-readable format as part of a picture or in apps and games. Besides physical coordinates of longitude and latitude, which of these will not be embedded in the metadata of a photo taken with a cell phone?Names of businesses that are near your locationElevationBearingPhone number
217 Your CISO asked you to help review data protection, system configurations, and hardening guides that were developed for cloud deployment. He would like you to make a list of goals for security improvement based on your current deployment. What is the best source of information to help you build this list?Pentesting reportsCVE databaseImplementation guidesSecurity assessment reports
218 Management of your hosted СКАЧАТЬ