CompTIA Advanced Security Practitioner (CASP) Questions and Answers
The audit team was only provided the physical and logical addresses of the network without any type of access credentials.
Which of the following methods should the audit team use to gain initial access during the security assessment? (Choose two.)
A vendor develops a mobile application for global customers. The mobile application supports advanced encryption of data between the source (the mobile device) and the destination (the organization’s ERP system).
As part of the vendor’s compliance program, which of the following would be important to take into account?
A security administrator is updating a company’s SCADA authentication system with a new application. To ensure interoperability between the legacy system and the new application, which of the following stakeholders should be involved in the configuration process before deployment? (Choose two.)
A cybersecurity analyst is hired to review the security the posture of a company. The cybersecurity analyst notice a very high network bandwidth consumption due to SYN floods from a small number of IP addresses. Which of the following would be the BEST action to take to support incident response?
A core router was manipulated by a credentialed bypass to send all network traffic through a secondary router under the control of an unauthorized user connected to the network by WiFi.
Which of the following would BEST reduce the risk of this attack type occurring?
An external red team is brought into an organization to perform a penetration test of a new network-based application. The organization deploying the network application wants the red team to act like remote, external attackers, and instructs the team to use a black-box approach. Which of the following is the BEST methodology for the red team to follow?
A company recently implemented a new cloud storage solution and installed the required synchronization client on all company devices. A few months later, a breach of sensitive data was discovered. Root cause analysis shows the data breach happened from a lost personal mobile device.
Which of the following controls can the organization implement to reduce the risk of similar breaches?
A security engineer is working to secure an organization’s VMs. While reviewing the workflow for creating VMs on demand, the engineer raises a concern about the integrity of the secure boot process of the VM guest.
Which of the following would BEST address this concern?
A security engineer is assessing a new IoT product. The product interfaces with the ODBII port of a vehicle and uses a Bluetooth connection to relay data to an onboard data logger located in the vehicle. The data logger can only transfer data over a custom USB cable. The engineer suspects a relay attack is possible against the cryptographic implementation used to secure messages between segments of the system. Which of the following tools should the engineer use to confirm the analysis?
A Chief Information Security Officer (CISO) is working with a consultant to perform a gap assessment prior to an upcoming audit. It is determined during the assessment that the organization lacks controls to effectively assess regulatory compliance by third-party service providers. Which of the following should be revised to address this gap?
A global company has decided to implement a cross-platform baseline of security settings for all company laptops. A security engineer is planning and executing the project. Which of the following should the security engineer recommend?
A video-game developer has received reports of players who are cheating. All game players each have five capabilities that are ranked on a scale of 1 to 10 points, with 10 total points available for balance. Players can move these points between capabilities at any time The programming logic is as follows:
• A player asks to move points from one capability to another
• The source capability must have enough points to allow the move
• The destination capability must not exceed 10 after the move
• The move from source capability to destination capability is then completed
The time stamps of the game logs show each step of the transfer process takes about 900ms However, the time stamps of the cheating players show capability transfers at the exact same time. The cheating players have 10 points in multiple capabilities. Which of the following is MOST likely being exploited to allow these capability transfers?
During a routine network scan, a security administrator discovered an unidentified service running on a new embedded and unmanaged HVAC controller, which is used to monitor the company's datacenter
Port state
161/UDP open
162/UDP open
163/TCP open
The enterprise monitoring service requires SNMP and SNMPTRAP connectivity to operate. Which of the following should the security administrator implement to harden the system?
A regional transportation and logistics company recently hired its first Chief Information Security Officer (CISO). The CISO’s first project after onboarding involved performing a vulnerability assessment against the company’s public facing network. The completed scan found a legacy collaboration platform application with a critically rated vulnerability. While discussing this issue with the line of business, the CISO learns the vulnerable application cannot be updated without the company incurring significant losses due to downtime or new software purchases.
Which of the following BEST addresses these concerns?
A company is moving all of its web applications to an SSO configuration using SAML. Some employees report that when signing in to an application, they get an error message on the login screen after entering their username and password, and are denied access. When they access another system that has been converted to the new SSO authentication model, they are able to authenticate successfully without being prompted for login.
Which of the following is MOST likely the issue?
A security appliance vendor is reviewing an RFP that is requesting solutions for the defense of a set of web-based applications. This RFP is from a financial institution with very strict performance requirements. The vendor would like to respond with its solutions.
Before responding, which of the following factors is MOST likely to have an adverse effect on the vendor’s qualifications?
A technician uses an old SSL server due to budget constraints and discovers performance degrades dramatically after enabling PFS The technician cannot determine why performance degraded so dramatically A newer version of the SSL server does not suffer the same performance degradation. Performance rather than security is the main priority for the technician
The system specifications and configuration of each system are listed below:
Which of the following is MOST likely the cause of the degradation in performance and should be changed?
A laptop is recovered a few days after it was stolen.
Which of the following should be verified during incident response activities to determine the possible impact of the incident?
A security consultant is performing a penetration test on and wants to discover the DNS administrator’s email address to use in a later social engineering attack. The information listed with the DNS registrar is private. Which of the following commands will also disclose the email address?
A security administrator is concerned about employees connecting their personal devices to the company network. Doing so is against company policy. The network does not have a NAC solution. The company uses a GPO that disables the firewall on all company-owned devices while they are connected to the internal network Additionally, all company-owned devices implement a standard naming convention that uses the device's serial number. The security administrator wants to identify active personal devices and write a custom script to disconnect them from the network Which of the following should the script use to BEST accomplish this task?
Ann, a retiring employee, cleaned out her desk. The next day, Ann’s manager notices company equipment that was supposed to remain at her desk is now missing.
Which of the following would reduce the risk of this occurring in the future?
A penetration tester is trying to gain access to a remote system. The tester is able to see the secure login page and knows one user account and email address, but has not yet discovered a password.
Which of the following would be the EASIEST method of obtaining a password for the known account?
A corporate forensic investigator has been asked to acquire five forensic images of an employee database application. There are three images to capture in the United States, one in the United Kingdom, and one in Germany. Upon completing the work, the forensics investigator saves the images to a local workstation. Which of the following types of concerns should the forensic investigator have about this work assignment?
An engineer is reviewing the security architecture for an enterprise network. During the review, the engineer notices an undocumented node on the network. Which of the following approaches can be utilized to determine how this node operates? (Choose two.)
A Chief Information Security Officer (CISO) needs to establish a KRI for a particular system. The system holds archives of contracts that are no longer in use. The contracts contain intellectual property and have a data classification of non-public. Which of the following be the BEST risk indicator for this system?
A technician is reviewing the following log:
Which of the following tools should the organization implement to reduce the highest risk identified in this log?
A new corporate policy requires that all employees have access to corporate resources on personal mobile devices The information assurance manager is concerned about the potential for inadvertent and malicious data disclosure if a device is lost, while users are concerned about corporate overreach. Which of the following controls would address these concerns and should be reflected in the company's mobile device policy?
Following the merger of two large companies the newly combined security team is overwhelmed by the volume of logs flowing from the IT systems The company's data retention schedule complicates the issue by requiring detailed logs to be collected and available for months. Which of the following designs BEST meets the company's security and retention requirement?
A hospital is deploying new imaging softwares that requires a web server for access to image for both local and remote users. The web server allows user authentication via secure LDAP. The information security officer wants to ensure the server does not allow unencrypted access to the imaging server by using Nmap to gather additional information. Given the following.
* The imaging server IP is 192.168.101.24
* The domain controller IP is 192.168.100.1
* The client machine IP is 192.168.200.37
Which of the following should be used to confirm this is the only open post on the web server?
A penetration tester is given an assignment lo gain physical access to a secure facility with perimeter cameras. The secure facility does not accept visitors and entry is available only through a door protected by an RFID key and a guard stationed inside the door Which of the following would be BEST for the penetration tester to attempt?
A company recently experienced a period of rapid growth, and it now needs to move to a more scalable cloud-based solution Historically. salespeople have maintained separate systems for information on competing customers to prevent the inadvertent disclosure of one customer's information to another customer Which of the following would be the BEST method to provide secure data separation?
The Chief Financial Officer (CFO) of an organization wants the IT department to add the CFO's account to the domain administrator group The IT department thinks this is risky and wants support from the security manager before proceeding. Which of the following BEST supports the argument against providing the CFO with domain administrator access?
A company's Chief Information Security Officer (CISO) is working with the product owners to perform a business impact assessment. The product owners provide feedback related to the critically of various business processes, personal, and technologies. Transitioning into risk assessment activities, which of the following types of information should the CISO require to determine the proper risk ranking? (Select TWO).
A security analyst has received the following requirements for the implementation of enterprise credential management software.
• The software must have traceability back to an individual
• Credentials must remain unknown to the vendor at all times
• There must be forced credential changes upon ID checkout
• Complexity requirements must be enforced.
• The software must be quickly and easily scalable with max mum availability
Which of the following vendor configurations would BEST meet these requirements?
A security analyst is reviewing weekly email reports and finds an average of 1.000 emails received daily from the internal security alert email address. Which of the following should be implemented?
A security analyst is comparing two virtual servers that were bum from the same image and patched at the same regular intervals Server A is used to host a public-facing website, and Server B runs accounting software inside the firewalled accounting network. The analyst runs the same command and obtains the following output from Server A and Server B. respectively:
Which of the following will the analyst most likely use NEXT?
A researcher is working to identify what appears to be a new variant of an existing piece of malware commonly used in ransomware attacks While it is not identical to the malware previously evaluated. it has a number of similarities including language, payload. and algorithms. Which of the following would help the researcher safely compare the code base of the two variants?
A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP. Block is an except of output from the troubleshooting session:
Which of the following BEST explains why secure LDAP is not working? (Select TWO.)
A small firm's newly created website has several design flaws The developer created the website to be fully compatible with ActiveX scripts in order to use various digital certificates and trusting certificate authorities. However, vulnerability testing indicates sandboxes were enabled, which restricts the code's access to resources within the user's computer. Which of the following is the MOST likely cause of the error"?
A network service on a production system keeps crashing at random times. The systems administrator suspects a bug in the listener is causing the service to crash, resuming in the a DoS. Which the service crashes, a core dump is left in the /tmp directory. Which of the following tools can the systems administrator use to reproduction these symptoms?
A SaaS provider decides to offer data storage as a service. For simplicity, the company wants to make the service available over industry standard APIs, routable over the public Internet. Which of the following controls offers the MOST protection to the company and its customers' information?
A security engineer is making certain URLs from an internal application available on the Internet The development team requires the following
• The URLs are accessible only from internal IP addresses
• Certain countries are restricted
• TLS is implemented.
• System users transparently access internal application services in a round robin to maximize performance
Which of the following should the security engineer deploy7
A security administrator wants to implement an MDM solution to secure access to company email and files in a BYOD environment. The solution must support the following requirements:
* Company administrators should not have access to employees' personal information.
* A rooted or jailbroken device should not have access to company sensitive information.
Which of the following BEST addresses the associated risks?
The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?
Users have reported that an internally developed web application is acting erratically, and the response output is inconsistent. The issue began after a web application dependency patch was applied to improve security. Which of the following would be the MOST appropriate tool to help identify the issue?
While traveling to another state, the Chief Financial (CFO) forgot to submit payroll for the company. The CFO quickly gained to the corporate through the high-speed wireless network provided by the hotel and completed the desk. Upon returning from the business trip, the CFO was told no one received their weekly pay due to a malware on attack on the system. Which of the following is the MOST likely of the security breach?
A vulnerability scan with the latest definitions was performed across Sites A and B.
Match each relevant finding to the affected host-After associating the finding with the appropriate host(s), click the host to select the appropriate corrective action for that finding.
Which of the following risks does expanding business into a foreign country carry?
Confidential information related to Application A. Application B and Project X appears to have been leaked to a competitor. After consulting with the legal team, the IR team is advised to take immediate action to preserve evidence for possible litigation and criminal charges.
While reviewing the rights and group ownership of the data involved in the breach, the IR team inspects the following distribution group access lists:
Which of the following actions should the IR team take FIRST?
An organization relies heavily on third-party mobile applications for official use within a BYOD deployment scheme. An excerpt from an approved text-based-chat client application AndroidManifest.xml is as follows:
Which of the following would restrict application permissions while minimizing the impact to normal device operations?
A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?
A security analyst receives an email from a peer that includes a sample of code from a piece of malware found
in an application running in the organization’s staging environment. During the incident response process, it is
determined the code was introduced into the environment as a result of a compromised laptop being used to
harvest credentials and access the organization’s code repository. While the laptop itself was not used to
access the code repository, an attacker was able to leverage the harvested credentials from another system in
the development environment to bypass the ACLs limiting access to the repositories. Which of the following
controls MOST likely would have interrupted the kill chain in this attack?
A cloud architect is moving a distributed system to an external cloud environment. The company must be able to
•Administer the server software at OS and application levels
• Show the data being stored is physically separated from other tenants
• Provide remote connectivity for MSSPs
Which of the following configurations and architectures would BEST support these requirements?
A security analyst must carry out the incident response plan for a specific targeted attack that was detected by the security operations center. The director of network security wants to ensure this type of attack cannot be executed again in the environment. Which of the following should the analyst present to the director to BEST meet the director's goal?
An organization is a subsidiary of a larger firm that provides managed IT and human resources controls to the subsidiary. The subsidiary determines the contract in place between the two firms does not define and apply terms appropriate relating to the controls provided by the larger firm. Which of the following would be MOST appropriate for both firms to formally document the controls to be provided? (Select TWO.)
Which of the following is the BEST way for a company to begin understanding product-based solutions to mitigate a known risk?
A security technician wants to learn about the latest zero-day threats and newly discovered vulnerabilities but does not have the budget to purchase a commercial threat intelligence service. Which of the following would BEST meet the needs of the security technician? (Select TWO)
A security auditor needs to review the manner in which an entertainment device operates. The auditor is analyzing the output of a port scanning tool to determine the next steps in the security review. Given the following log output.
The best option for the auditor to use NEXT is:
A company is planning to undergo a P2V project to improve resource utilisation redundancy, and failover across its two datacenters A consultant has provided a private cloud design that uses a specific Type 1 hypervisor based on Linux. The security manager is concerned about the integrity of the hypervisor Which of the following should the consultant suggest to address the security manager's concerns?
A factory-floor system uses critical legacy, and unsupported application software to enable factory operations A latent vulnerability was recently exposed, which permitted attackers to send a specific string of characters followed by arbitrary code for execution Patches are unavailable, as the manufacturer is no longer m business Which of the following would be the BEST approach the company should take to mitigate the risk of this vulnerability and other latent vulnerability exploits'' (Select TWO)
Which of the following is a major goal of stakeholder engagement?
A company wants to analyze internal network traffic for IOCs. The security solution consists of a network collector appliance and a separate server which security analysts access via a browser to visualize and review the alerts generated from the network traffic. The company uses a collapsed core operating at Layer 2 at 100Gbps. The server win be placed in the datacenter. Which of the following architectures should be used to ensure the solution can provide visibility into all the company's internal network traffic including DNS and URL requests without impacting network traffic flow?
A large organization suffers a data breach after one staff member inadvertently shares a document on a corporate-approved, file-sharing, cloud-collaboration service. The security administrator must implement controls to reduce the likelihood of a similar event, via another channel, from occurring again. The controls also must assist with early detection and remediation should the event reoccur.
The organization has the following enterprise constraints:
1. On-premises proxies are used to control access to websites.
2 Some staff work remotely from home and connect directly to the Internet without a VPN.
3. Corporate firewalls send logs to a central log aggregator.
4. More than 40,000 staff members are distributed across two core buildings and 100 small branches.
Which of the following would BEST meet the requirements? (Select THREE).
A security analyst is examining threats with the following code function:
Which of the following threats should the security analyst report1?
An attacker has discovered an organization's web server is vulnerability to Shellshock. The attack runs the following command on a Linux box against the server:
Which of the following BEST describes how to prevent the attack?
A system integrator wants to assess the security of the application binaries delivered by its subcontracted vendors. The vendors do not deliver source code as a part of their contract Which of the Mowing techniques can the integrator use to accomplish the objective? (Select TWO)
A security team wants to keep up with emerging threats more efficiently by automating NIDS signature development and deployment Which of the following approaches, would BEST support this objective?
A security officer is reviewing the following evidence associated with a recent penetration test:
The lest results show this host is vulnerable. The security officer investigates further and determines device was connected to the network by a user without permission. Which of the following is the MOST appropriate recommendation for the security officer to make?
An extensive third-party audit reveals a number of weaknesses m a company's endpoint security posture. The most significant issues are as follows:
Which of the following endpoint security solutions mitigate the GREATEST amount of risk?
Company policy mandates the secure disposal of sensitive data at the end of the useful lifespan of IT equipment. The IT department donates old devices to charity and recycles truly obsolete equipment In addition to deleting workstations from the systems responsible for monitoring network connections which of the following actions should the company implement? (Select TWO)
The latest security scan of a web application reported multiple high vulnerabilities in session management Which of the following is the BEST way to mitigate the issue?
A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form? (Select TWO.)
A developer is writing a new mobile application that employees will use to connect to an Internet-facing sensitive system The security team is concerned with MITM attacks against the encrypted application traffic aimed at intercepting and decrypting sensitive information from the server to the mobile client. Which of the following should the developer implement to address the security team's concerns? (Select TWO).
A small company is implementing a new technology that promises greater performance but does not abide by accepted RFCs. Which of the following should the company do to ensure the risks associated with Implementing the standard-violating technology is addressed?
A line-of-business manager has deeded in conjunction with the IT and legal departments, that outsourcing a specific function to a third-party vendor would be the best course of action for the business to increase efficiency and profit Which of the following should the Chief Security Officer (CSO) perform before signing off on the third-party vendor?
A consulting firm is performing RD on a machine teaming system to characterize a network environment for new clients rapidly. The goal is to be able to label service/consumer behaviors to establish a "normal baseline. Which of tie following represents the GREATEST limiting factor toward successful deployment of this new machine learning system?
The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually. Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?
Historical information shows that a small aerospace R&D company has a lack of user security awareness and is susceptible to nation-state social-engineering attacks and zero-day exploits. A network engineer advises the Chief Information Security Officer (CISO) to invest m a next-generation firewall to guard against incoming traffic and allow for the development of ACLs for new sessions Which of the following is the FIRST course of action for the CISO to take?
A company recently migrated to a SaaS-based email solution. The solution is configured as follows.
• Passwords are synced to the cloud to allow for SSO
• Cloud-based antivirus is enabled
• Cloud-based anti-spam is enabled
• Subscription-based blacklist is enabled
Although the above controls are enabled, the company's security administrator is unable to detect an account compromise caused by phishing attacks in a timely fashion because email logs are not immediately available to review. Which of the following would allow the company to gam additional visibility and reduce additional costs? (Select TWO)
A development team is testing an in-house-developed application for bugs. During the test, the application crashes several times due to null pointer exceptions. Which of the following tools, if integrated into an IDE during coding, would identify these bugs routinely?
A penetration test is being scoped for a set of web services with API endpoints. The APIs will be hosted on existing web application servers. Some of the new APIs will be available to unauthenticated users, but some will only be available to authenticated users. Which of the following tools or activities would the penetration tester MOST likely use or do during the engagement? (Select TWO.)
A government organization operates and maintains several ICS environments. The categorization of one of the ICS environments led to a moderate baseline. The organization has complied a set of applicable security controls based on this categorization.
Given that this is a unique environment, which of the following should the organization do NEXT to determine if other security controls should be considered?
A Chief Security Officer (CSO) is reviewing the organization’s incident response report from a recent incident. The details of the event indicate:
- A user received a phishing email that appeared to be a report from the organization’s CRM tool.
- The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool.
- The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials.
- Several weeks later, the user reported anomalous activity within the CRM tool.
- Following an investigation, it was determined the account was compromised and an attacker in another country has gained access to the CRM tool.
- Following identification of corrupted data and successful recovery from the incident, a lessons learned activity was to be led by the CSO.
Which of the following would MOST likely have allowed the user to more quickly identify the unauthorized use of credentials by the attacker?
A technician is configuring security options on the mobile device manager for users who often utilize public Internet connections while travelling. After ensuring that full disk encryption is enabled, which of the following security measures should the technician take? (Choose two.)
A security engineer is attempting to convey the importance of including job rotation in a company’s standard security policies. Which of the following would be the BEST justification?
A security analyst sees some suspicious entries in a log file from a web server website, which has a form that allows customers to leave feedback on the company’s products. The analyst believes a malicious actor is scanning the web form. To know which security controls to put in place, the analyst first needs to determine the type of activity occurring to design a control. Given the log below:
Which of the following is the MOST likely type of activity occurring?
Ann, a member of the finance department at a large corporation, has submitted a suspicious email she received to the information security team. The team was not expecting an email from Ann, and it contains a PDF file inside a ZIP compressed archive. The information security learn is not sure which files were opened. A security team member uses an air-gapped PC to open the ZIP and PDF, and it appears to be a social engineering attempt to deliver an exploit.
Which of the following would provide greater insight on the potential impact of this attempted attack?
The Chief Information Security Officer (CISO) has asked the security team to determine whether the organization is susceptible to a zero-day exploit utilized in the banking industry and whether attribution is possible. The CISO has asked what process would be utilized to gather the information, and then wants to apply signatureless controls to stop these kinds of attacks in the future. Which of the following are the MOST appropriate ordered steps to take to meet the CISO’s request?
A security controls assessor intends to perform a holistic configuration compliance test of networked assets. The assessor has been handed a package of definitions provided in XML format, and many of the files have two common tags within them: “” and “
A security analyst has requested network engineers integrate sFlow into the SOC’s overall monitoring picture. For this to be a useful addition to the monitoring capabilities, which of the following must be considered by the engineering team?
A security analyst is inspecting pseudocode of the following multithreaded application:
1. perform daily ETL of data
1.1 validate that yesterday’s data model file exists
1.2 validate that today’s data model file does not exist
1.2 extract yesterday’s data model
1.3 transform the format
1.4 load the transformed data into today’s data model file
1.5 exit
Which of the following security concerns is evident in the above pseudocode?
An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the final negotiations, there are a number of outstanding issues, including:
1. Indemnity clauses have identified the maximum liability
2. The data will be hosted and managed outside of the company’s geographical location
The number of users accessing the system will be small, and no sensitive data will be hosted in the solution. As the security consultant on the project, which of the following should the project’s security consultant recommend as the NEXT step?
Given the code snippet below:
Which of the following vulnerability types in the MOST concerning?
A team is at the beginning stages of designing a new enterprise-wide application. The new application will have a large database and require a capital investment in hardware. The Chief Information Officer (СIO) has directed the team to save money and reduce the reliance on the datacenter, and the vendor must specialize in hosting large databases in the cloud. Which of the following cloud-hosting options would BEST meet these needs?
To prepare for an upcoming audit, the Chief Information Security Officer (CISO) asks for all 1200 vulnerabilities on production servers to be remediated. The security engineer must determine which vulnerabilities represent real threats that can be exploited so resources can be prioritized to migrate the most dangerous risks. The CISO wants the security engineer to act in the same manner as would an external threat, while using vulnerability scan results to prioritize any actions.
Which of the following approaches is described?
The Chief Executive Officer (CEO) of a small startup company has an urgent need for a security policy and assessment to address governance, risk management, and compliance. The company has a resource-constrained IT department, but has no information security staff. The CEO has asked for this to be completed in three months.
Which of the following would be the MOST cost-effective solution to meet the company’s needs?
An organization, which handles large volumes of PII, allows mobile devices that can process, store, and transmit PII and other sensitive data to be issued to employees. Security assessors can demonstrate recovery and decryption of remnant sensitive data from device storage after MDM issues a successful wipe command. Assuming availability of the controls, which of the following would BEST protect against the loss of sensitive data in the future?
Two competing companies experienced similar attacks on their networks from various threat actors. To improve response times, the companies wish to share some threat intelligence about the sources and methods of attack.
Which of the following business documents would be BEST to document this engagement?
An enterprise is trying to secure a specific web-based application by forcing the use of multifactor authentication. Currently, the enterprise cannot change the application’s sign-in page to include an extra field. However, the web-based application supports SAML. Which of the following would BEST secure the application?
Given the following output from a security tool in Kali:
A company is not familiar with the risks associated with IPv6. The systems administrator wants to isolate IPv4 from IPv6 traffic between two different network segments. Which of the following should the company implement? (Select TWO)
An SQL database is no longer accessible online due to a recent security breach. An investigation reveals that unauthorized access to the database was possible due to an SQL injection vulnerability. To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two.)