CompTIA Advanced Security Practitioner Topic 4
Question #: 151
Topic #: 1
A security analyst is evaluating the security of an online customer banking system. The analyst has a 12-character password for the test account. At the login screen, the analyst is asked to enter the third, eighth, and eleventh characters of the password. Which of the following describes why this request is a security concern? (Choose two.)
A. The request is evidence that the password is more open to being captured via a keylogger.
B. The request proves that salt has not been added to the password hash, thus making it vulnerable to rainbow tables.
C. The request proves the password is encoded rather than encrypted and thus less secure as it can be easily reversed.
D. The request proves a potential attacker only needs to be able to guess or brute force three characters rather than 12 characters of the password.
E. The request proves the password is stored in a reversible format, making it readable by anyone at the bank who is given access.
F. The request proves the password must be in cleartext during transit, making it open to on-path attacks.
Hint Answer: DE
Question #: 152
Topic #: 1
A company launched a new service and created a landing page within its website network for users to access the service. Per company policy, all websites must utilize encryption for any authentication pages. A junior network administrator proceeded to use an outdated procedure to order new certificates. Afterward, customers are reporting the following error when accessing a new web page: NET:ERR_CERT_COMMON_NAME_INVALID. Which of the following BEST describes what the administrator should do NEXT?
A. Request a new certificate with the correct subject alternative name that includes the new websites.
B. Request a new certificate with the correct organizational unit for the company’s website.
C. Request a new certificate with a stronger encryption strength and the latest cipher suite.
D. Request a new certificate with the same information but including the old certificate on the CRL.
Hint Answer: A
Question #: 153
Topic #: 1
A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:
As part of the triage process, which of the following is the FIRST step the analyst should take?
A. Block the email address carl.b@comptia1.com, as it is sending spam to subject matter experts.
B. Validate the final ג€Receivedג€ header against the DNS entry of the domain.
C. Compare the ג€Return-Pathג€ and ג€Receivedג€ fields.
D. Ignore the emails, as SPF validation is successful, and it is a false positive.
Hint Answer: B
Question #: 154
Topic #: 1
Which of the following is the BEST disaster recovery solution when resources are running in a cloud environment?
A. Remote provider BCDR
B. Cloud provider BCDR
C. Alternative provider BCDR
D. Primary provider BCDR
Hint Answer: B
Question #: 155
Topic #: 1
An auditor is reviewing the logs from a web application to determine the source of an incident. The web application architecture includes an Internet-accessible application load balancer, a number of web servers in a private subnet, application servers, and one database server in a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets:
Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?
A. Enable the X-Forwarded-For header at the load balancer.
B. Install a software-based HIDS on the application servers.
C. Install a certificate signed by a trusted CA.
D. Use stored procedures on the database server.
E. Store the value of the $_SERVER[‘REMOTE_ADDR’] received by the web servers.
Hint Answer: A
Question #: 156
Topic #: 1
Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?
A. IaaS
B. SaaS
C. FaaS
D. PaaS
Hint Answer: D
Question #: 157
Topic #: 1
A security analyst needs to recommend a remediation to the following threat:
Which of the following actions should the security analyst propose to prevent this successful exploitation?
A. Patch the system.
B. Update the antivirus.
C. Install a host-based firewall.
D. Enable TLS 1.2.
Hint Answer: A
Question #: 158
Topic #: 1
An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them. Which of the following is the BEST design option to optimize security?
A. Limit access to the system using a jump box.
B. Place the new system and legacy system on separate VLANs.
C. Deploy the legacy application on an air-gapped system.
D. Implement MFA to access the legacy system.
Hint Answer: B
Question #: 159
Topic #: 1
An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation.
The environment has back-to-back firewalls separating the corporate and OT systems. Which of the following is the MOST likely security consequence of this attack?
A. A turbine would overheat and cause physical harm.
B. The engineers would need to go to the historian.
C. The SCADA equipment could not be maintained.
D. Data would be exfiltrated through the data diodes.
Hint Answer: C
Question #: 160
Topic #: 1
Which of the following is required for an organization to meet the ISO 27018 standard?
A. All PII must be encrypted.
B. All network traffic must be inspected.
C. GDPR equivalent standards must be met.
D. COBIT equivalent standards must be met.
Hint Answer: C
Question #: 161
Topic #: 1
A company invested a total of $10 million for a new storage solution installed across five on-site datacenters. Fifty percent of the cost of this investment was for solid-state storage. Due to the high rate of wear on this storage, the company is estimating that 5% will need to be replaced per year. Which of the following is the
ALE due to storage replacement?
A. $50,000
B. $125,000
C. $250,000
D. $500,000
E. $1,000,000
Hint Answer: C
Question #: 162
Topic #: 1
A security architect was asked to modify an existing internal network design to accommodate the following requirements for RDP:
✑ Enforce MFA for RDP.
✑ Ensure RDP connections are only allowed with secure ciphers.
The existing network is extremely complex and not well segmented. Because of these limitations, the company has requested that the connections not be restricted by network-level firewalls or ACLs.
Which of the following should the security architect recommend to meet these requirements?
A. Implement a reverse proxy for remote desktop with a secure cipher configuration enforced.
B. Implement a bastion host with a secure cipher configuration enforced.
C. Implement a remote desktop gateway server, enforce secure ciphers, and configure to use OTP.
D. Implement a GPO that enforces TLS cipher suites and limits remote desktop access to only VPN users.
Hint Answer: C
Question #: 163
Topic #: 1
An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:
✑ Protection from DoS attacks against its infrastructure and web applications is in place.
✑ Highly available and distributed DNS is implemented.
✑ Static content is cached in the CDN.
✑ A WAF is deployed inline and is in block mode.
✑ Multiple public clouds are utilized in an active-passive architecture.
With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?
A. The public cloud provider is applying QoS to the inbound customer traffic.
B. The API gateway endpoints are being directly targeted.
C. The site is experiencing a brute-force credential attack.
D. A DDoS attack is targeted at the CDN.
Hint Answer: B
Question #: 164
Topic #: 1
A healthcare system recently suffered from a ransomware incident. As a result, the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits, and had open RDP access to servers with personal health information. As the consultant builds the remediation plan, which of the following solutions would BEST solve these challenges?
(Choose three.)
A. SD-WAN
B. PAM
C. Remote access VPN
D. MFA
E. Network segmentation
F. BGP
G. NAC
Hint Answer: BCE
Question #: 165
Topic #: 1
A Chief Information Security Officer (CISO) is concerned that a company’s current data disposal procedures could result in data remanence. The company uses only SSDs. Which of the following would be the MOST secure way to dispose of the SSDs given the CISO’s concern?
A. Degaussing
B. Overwriting
C. Shredding
D. Formatting
E. Incinerating
Hint Answer: C
Question #: 166
Topic #: 1
The CI/CD pipeline requires code to have close to zero defects and zero vulnerabilities. The current process for any code releases into production uses two-week
Agile sprints. Which of the following would BEST meet the requirement?
A. An open-source automation server
B. A static code analyzer
C. Trusted open-source libraries
D. A single code repository for all developers
Hint Answer: B
Question #: 167
Topic #: 1
A security analyst wants to keep track of all outbound web connections from workstations. The analyst’s company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT, which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?
A. X-Forwarded-Proto
B. X-Forwarded-For
C. Cache-Control
D. Strict-Transport-Security
E. Content-Security-Policy
Hint Answer: B
Question #: 168
Topic #: 1
An HVAC contractor requested network connectivity permission to remotely support/troubleshoot equipment issues at a company location. Currently, the company does not have a process that allows vendors remote access to the corporate network. Which of the following solutions represents the BEST course of action to allow the contractor access?
A. Add the vendor’s equipment to the existing network. Give the vendor access through the standard corporate VPN.
B. Give the vendor a standard desktop PC to attach the equipment to. Give the vendor access through the standard corporate VPN.
C. Establish a certification process for the vendor. Allow certified vendors access to the VDI to monitor and maintain the HVAC equipment.
D. Create a dedicated segment with no access to the corporate network. Implement dedicated VPN hardware for vendor access.
Hint Answer: D
Question #: 169
Topic #: 1
An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk?
A. SDLC attack
B. Side-load attack
C. Remote code signing
D. Supply chain attack
Hint Answer: D
Question #: 170
Topic #: 1
A company is adopting a new artificial-intelligence-based analytics SaaS solution. This is the company’s first attempt at using a SaaS solution, and a security architect has been asked to determine any future risks. Which of the following would be the GREATEST risk in adopting this solution?
A. The inability to assign access controls to comply with company policy
B. The inability to require the service provider process data in a specific country
C. The inability to obtain company data when migrating to another service
D. The inability to conduct security assessments against a service provider
Hint Answer: C
Question #: 171
Topic #: 1
A BIA of a popular online retailer identified several mission-essential functions that would take more than seven days to recover in the event of an outage. Which of the following should be considered when setting priorities for the restoration of these functions?
A. Supply chain issues
B. Revenue generation
C. Warm-site operations
D. Scheduled impacts to future projects
Hint Answer: B
Question #: 172
Topic #: 1
A software development company makes its software version available to customers from a web portal. On several occasions, hackers were able to access the software repository to change the package that is automatically published on the website. Which of the following would be the technique to ensure the software the users download is the official software released by the company?
A. Distribute the software via a third-party repository.
B. Close the web repository and deliver the software via email.
C. Email the software link to all customers.
D. Display the SHA checksum on the website.
Hint Answer: D
Question #: 173
Topic #: 1
An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely. Which of the following features of these devices MOST likely led to this decision? (Choose two.)
A. Software-backed keystore
B. Embedded cryptoprocessor
C. Hardware-backed public key storage
D. Support for stream ciphers
E. Decentralized key management
F. TPM 2.0 attestation services
Hint Answer: BC
Question #: 174
Topic #: 1
A company recently acquired a SaaS provider and needs to integrate its platform into the company’s existing infrastructure without impact to the customer’s experience. The SaaS provider does not have a mature security program. A recent vulnerability scan of the SaaS provider’s systems shows multiple critical vulnerabilities attributed to very old and outdated OSs. Which of the following solutions would prevent these vulnerabilities from being introduced into the company’s existing infrastructure?
A. Segment the systems to reduce the attack surface if an attack occurs.
B. Migrate the services to new systems with a supported and patched OS.
C. Patch the systems to the latest versions of the existing OSs.
D. Install anti-malware, HIPS, and host-based firewalls on each of the systems.
Hint Answer: B
Question #: 175
Topic #: 1
A company was recently infected by malware. During the root cause analysis, the company determined that several users were installing their own applications.
To prevent further compromises, the company has decided it will only allow authorized applications to run on its systems. Which of the following should the company implement?
A. Signing
B. Access control
C. HIPS
D. Permit listing
Hint Answer: D
Question #: 176
Topic #: 1
A security analyst is reviewing the following vulnerability assessment report:
Which of the following should be patched FIRST to minimize attacks against Internet-facing hosts?
A. Server1
B. Server2
C. Server3
D. Server4
Hint Answer: C
Question #: 177
Topic #: 1
An organization is researching the automation capabilities for systems within an OT network. A security analyst wants to assist with creating secure coding practices and would like to learn about the programming languages used on the PLCs. Which of the following programming languages is the MOST relevant for
PLCs?
A. Ladder logic
B. Rust
C. C
D. Python
E. Java
Hint Answer: A
Question #: 178
Topic #: 1
A security analyst sees that a hacker has discovered some keys and they are being made available on a public website. The security analyst is then able to successfully decrypt that data using the keys from the website. Which of the following should the security analyst recommend to protect the affected data?
A. Key rotation
B. Key revocation
C. Key escrow
D. Zeroization
E. Cryptographic obfuscation
Hint Answer: B
Question #: 179
Topic #: 1
A company would like to obfuscate PII data accessed by an application that is housed in a database to prevent unauthorized viewing. Which of the following should the company do to accomplish this goal?
A. Use cell-level encryption.
B. Mask the data.
C. Implement a DLP solution.
D. Utilize encryption at rest.
Hint Answer: B
Question #: 180
Topic #: 1
A security engineer needs to implement a CASB to secure employee user web traffic. A key requirement is that the relevant event data must be collected from existing on-premises infrastructure components and consumed by the CASB to expand traffic visibility. The solution must be highly resilient to network outages.
Which of the following architectural components would BEST meet these requirements?
A. Log collection
B. Reverse proxy
C. A WAF
D. API mode
Hint Answer: A
Question #: 181
Topic #: 1
A company security engineer arrives at work to face the following scenario:
1. Website defacement
2. Calls from the company president indicating the website needs to be fixed immediately because it is damaging the brand
3. A job offer from the company’s competitor
4. A security analyst’s investigative report, based on logs from the past six months, describing how lateral movement across the network from various IP addresses originating from a foreign adversary country resulted in exfiltrated data
Which of the following threat actors is MOST likely involved?
A. Organized crime
B. Script kiddie
C. APT/nation-state
D. Competitor
Hint Answer: C
Question #: 182
Topic #: 1
A company wants to improve its active protection capabilities against unknown and zero-day malware. Which of the following is the MOST secure solution?
A. NIDS
B. Application allow list
C. Sandbox detonation
D. Endpoint log collection
E. HIDS
Hint Answer: C
Question #: 183
Topic #: 1
Which of the following BEST describe the importance of maintaining chain of custody in forensic evidence collection? (Choose two.)
A. It increases the likelihood that evidence will be deemed admissible in court.
B. It authenticates personnel who come in contact with evidence after collection.
C. It ensures confidentiality and the need-to-know basis of forensically acquired evidence.
D. It attests to how recently evidence was collected by recording date/time attributes.
E. It provides automated attestation for the integrity of the collected evidence.
F. It ensures the integrity of the collected evidence.
Hint Answer: AF
Question #: 184
Topic #: 1
A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company’s web store so they can resell it on the secondary market. The company’s intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems.
Which of the following now describes the level of risk?
A. Inherent
B. Low
C. Mitigated
D. Residual
E. Transferred
Hint Answer: D
Question #: 185
Topic #: 1
A vulnerability assessment endpoint generated a report of the latest findings. A security analyst needs to review the report and create a priority list of items that must be addressed. Which of the following should the analyst use to create the list quickly?
A. Business Impact rating
B. CVE dates
C. CVSS scores
D. OVAL
Hint Answer: C
Question #: 186
Topic #: 1
An organization collects personal data from its global customers. The organization determines how that data is going to be used, why it is going to be used, and how it is manipulated for business processes. Which of the following will the organization need in order to comply with GDPR? (Choose two.)
A. Data processor
B. Data custodian
C. Data owner
D. Data steward
E. Data controller
F. Data manager
Hint Answer: AE
Question #: 187
Topic #: 1
The Chief Executive Officer (CEO) of a small wholesaler with low margins is concerned about the use of a newly developed artificial intelligence algorithm being used in the organization’s marketing tool. The tool can make automated purchasing approval decisions based on data provided by customers and collected from the Internet. Which of the following is MOST likely the concern? (Choose two.)
A. Required computing power
B. Cost to maintain
C. Customer privacy
D. Adversarial attacks
E. Information bias
F. Customer approval speed
Hint Answer: CE
Question #: 188
Topic #: 1
A company’s finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access. Which of the following risk techniques did the department use in this situation?
A. Accept
B. Avoid
C. Transfer
D. Mitigate
Hint Answer: D
Question #: 189
Topic #: 1
A security architect is given the following requirements to secure a rapidly changing enterprise with an increasingly distributed and remote workforce:
✑ Cloud-delivered services
✑ Full network security stack
✑ SaaS application security management
✑ Minimal latency for an optimal user experience
✑ Integration with the cloud IAM platform
Which of the following is the BEST solution?
A. Routing and Remote Access Service (RRAS)
B. NGFW
C. Managed Security Service Provider (MSSP)
D. SASE
Hint Answer: D
Question #: 190
Topic #: 1
A user experiences an HTTPS connection error when trying to access an Internet banking website from a corporate laptop. The user then opens a browser on a mobile phone and is able to access the same Internet banking website without issue. Which of the following security configurations is MOST likely the cause of the error?
A. HSTS
B. TLS 1.2
C. Certificate pinning
D. Client authentication
Hint Answer: C
Question #: 191
Topic #: 1
An organization recently recovered from an attack that featured an adversary injecting malicious logic into OS bootloaders on endpoint devices. Therefore, the organization decided to require the use of TPM for measured boot and attestation, monitoring each component from the UEFI through the full loading of OS components. Which of the following TPM structures enables this storage functionality?
A. Endorsement tickets
B. Clock/counter structures
C. Command tag structures with MAC schemes
D. Platform configuration registers
Hint Answer: D
Question #: 192
Topic #: 1
A developer wants to develop a secure, external-facing web application. The developer is looking for an online community that produces tools, methodologies, articles, and documentation in the field of web-application security. Which of the following is the BEST option?
A. ICANN
B. PCI DSS
C. OWASP
D. CSA
E. NIST
Hint Answer: C
Question #: 193
Topic #: 1
An administrator at a software development company would like to protect the integrity of the company’s applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the signature failing?
A. The NTP server is set incorrectly for the developers.
B. The CA has included the certificate in its CRL.
C. The certificate is set for the wrong key usage.
D. Each application is missing a SAN or wildcard entry on the certificate.
Hint Answer: C
Question #: 194
Topic #: 1
A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability.
Which of the following would BEST resolve and mitigate the issue? (Choose two.)
A. Deploying a WAF signature
B. Fixing the PHP code
C. Changing the web server from HTTPS to HTTP
D. Using SSLv3
E. Changing the code from PHP to ColdFusion
F. Updating the OpenSSL library
Hint Answer: BF
Question #: 195
Topic #: 1
A security engineer is reviewing a record of events after a recent data breach incident that involved the following:
✑ A hacker conducted reconnaissance and developed a footprint of the company’s Internet-facing web application assets.
✑ A vulnerability in a third-party library was exploited by the hacker, resulting in the compromise of a local account.
✑ The hacker took advantage of the account’s excessive privileges to access a data store and exfiltrate the data without detection.
Which of the following is the BEST solution to help prevent this type of attack from being successful in the future?
A. Dynamic analysis
B. Secure web gateway
C. Software composition analysis
D. User behavior analysis
E. Web application firewall
Hint Answer: C
Question #: 196
Topic #: 1
Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage. Which of the following should be created to prevent this type of issue in the future?
A. SLA
B. BIA
C. BCM
D. BCP
E. RTO
Hint Answer: D
Question #: 197
Topic #: 1
An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform?
A. Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.
B. Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.
C. Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.
D. Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.
Hint Answer: C
Question #: 198
Topic #: 1
An investigator is attempting to determine if recent data breaches may be due to issues with a company’s web server that offers news subscription services. The investigator has gathered the following data:
• Clients successfully establish TLS connections to web services provided by the server.
• After establishing the connections, most client connections are renegotiated.
• The renegotiated sessions use cipher suite TLS_RSA_WITH_NULL_SHA.
Which of the following is the MOST likely root cause?
A. The clients disallow the use of modem cipher suites.
B. The web server is misconfigured to support HTTP/1.1
C. A ransomware payload dropper has been installed.
D. An entity is performing downgrade attacks on path.
Hint Answer: D
Question #: 199
Topic #: 1
A security analyst discovered that a database administrator’s workstation was compromised by malware. After examining the logs, the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured:
Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?
A. Personal health information; Inform the human resources department of the breach and review the DLP logs.
B. Account history; Inform the relationship managers of the breach and create new accounts for the affected users.
C. Customer IDs; Inform the customer service department of the breach and work to change the account numbers.
D. PAN; Inform the legal department of the breach and look for this data in dark web monitoring.
Hint Answer: C
Question #: 200
Topic #: 1
The Chief Information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However, the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices. Which of the following should the CIO implement to achieve this goal?
A. BYOD
B. CYOD
C. COPE
D. MDM
Hint Answer: D
