Nadean H. Tanner - CASP+ CompTIA Advanced Security Practitioner Practice Tests

204 You need an authorization framework that gives a third-party application access to resources without providing the owners' credentials to the application. Which of these is your best option?MACEAPSAMLOAuth

205 You need develop a security logging process for your mission-critical servers to hold users accountable for their actions on a system after they log in. What is this called?AuthorizationAuthentication2 -step verificationAccountability

206 Your credit card company identified that customers' top transaction on the web portal is resetting passwords. Many users forget their secret questions, so customers are calling to talk to tech support. You want to develop single-factor authentication to cut down on the overhead of the current solution. What solution do you suggest?Push notificationIn-band certificate or tokenLogin with third-party social media accountsSMS message to a customer's mobile number with an expiring OTP

207 Your CISO wants to implement a solution within the organization where employees are required to authenticate once and then permitted to access the various computer systems they are authorized to access. The organization uses primarily Microsoft products. Which solution is best suited for this organization?KerberosSSLHOTPTOTP

208 Your organization is upgrading computers. The new computers include a chipset on the motherboard that is used to store encryption keys. What is this chipset called?EKCTPMESMRSA

209 You are logged into a website. While performing activities within the website, you access a third-party application. The application asks you if it can access your profile data as part of its process. What technology is this process describing?AttestationOAuthJWTCookies

210 You are setting up a new virtual machine. What type of virtualization should you use to coordinate instructions directly to the CPU?Type B.Type 1.Type 2.No VM directly sends instructions to the CPU.

211 Your organization must perform vast amounts of computations of big data overnight. To minimize TCO, you rely on elastic cloud services. The virtual machines and containers are created and destroyed nightly. What is the biggest risk to confidentiality?Data center distributionEncryptionPhysical loss of control of assetsData scraping

212 Your DevOps team decided to use containers because they allow running applications on any hardware. What is the first thing your team should do to have a secure container environment?Install IPS.Lock down Kubernetes and monitor registries.Configure antimalware and traffic filtering.Disable services that are not required and install monitoring tools.

213 You work in information security for a stock trading organization. You have been tasked with reducing cost and managing employee workstations. One of the biggest concerns is how to prevent employees from copying data to any external storage. Which of the following best manages this situation?Move all operations to the cloud and disable VPN.Implement server virtualization and move critical applications to the server.Use VDI and disable hardware and storage mapping from a thin client.Encrypt all sensitive data at rest and in transit.

214 You are exploring the best option for your team to read data that was written onto storage material by a device you do not have access to, and the backup device has been broken. Which of the following is the best option for this?Type 1 hypervisorType 2 hypervisorEmulationPaaS

215 You are a security architect building out a new hardware-based VM. Which of the following would least likely threaten your new virtualized environment?Patching and maintenanceVM sprawlOversight and responsibilityFaster provisioning and disaster recovery

216 GPS is built into cell phones and cameras, enabling coordinated longitude and latitude to be embedded in a machine-readable format as part of a picture or in apps and games. Besides physical coordinates of longitude and latitude, which of these will not be embedded in the metadata of a photo taken with a cell phone?Names of businesses that are near your locationElevationBearingPhone number

217 Your CISO asked you to help review data protection, system configurations, and hardening guides that were developed for cloud deployment. He would like you to make a list of goals for security improvement based on your current deployment. What is the best source of information to help you build this list?Pentesting reportsCVE databaseImplementation guidesSecurity assessment reports

218 Management of your hosted application environment requires end-to-end visibility and a high-end performance connection while monitoring for security issues. What should you consider for the most control and visibility?You should consider a provider with connections from your location directly into the applications cloud resources.You should have a private T1 line installed for this access.You should secure a VPN concentrator for this task.You should use HTTPS.

219 As the IT director of a nonprofit agency, you have been challenged at a local conference to provide technical cloud infrastructure that will be shared between several organizations like yours. Which is the best cloud partnership to form?Private cloudPublic cloudHybrid cloudCommunity cloud

220 Your objectives and key results (OKRs) being measured for this quarter include realizing the benefits of a single-tenancy cloud architecture. Which one of these results is a benefit of a single-tenancy cloud service?Security and costReliability and scalingEase of restorationMaintenance

221 With 80 percent of your enterprise in a VPC model, which of the following is not a key enabling technology?Fast WAN and automatic IP addressingHigh-performance hardwareInexpensive serversComplete control over process

222 You have a new security policy that requires backing up critical data offsite. This data must be backed up hourly. Cost is important. What method are you most likely to deploy?File storageElectronic vaultingBlock storageObject storage

223 Your current data storage solution has too many vulnerabilities that are proprietary to the manufacturer who created your storage devices. This, combined with a lack of encryption, is leading you to choose cloud storage for your database over on-premises storage. By choosing cloud storage, you will gain encryption of the data, but you will also bring in which attribute to your architecture?IdentityInfrastructureComplexityConfidentiality

224 You want to implement a technology that will verify an email originated from a particular user and that the contents of the email were not altered. Of the answers provided, which technology provides such a function?Digital signatureSymmetric encryptionAsymmetric encryptionNonrepudiation

225 Which of the following protocols could be used for exchanging information while implementing a variety of web services in your organization?SOAPHTTPSNMPASP

226 Your CISO is concerned with the secure management of cryptographic keys used within the organization. She wants to use a system where the keys are broken into parts, and each part is encrypted and stored separately by contracted third parties. What is this process called?Key objectivesKey revenueKey escrowKey isolation

227 Your VPN needs the strongest authentication possible. Your network consists of Microsoft servers. Which of the following protocols provide the most secure authentication?EAP-TLS with smart cardsSPAPCHAPLEAP

228 You own a small training business with two classrooms. Your network consists of a firewall, an enterprise-class router, a 48-port switch, 1 printer, and 18 laptops in each classroom. The laptops are reimaged once a month with a golden patched image with up-to-date antivirus and antimalware. User authentication is two-factor with passwords and smart cards. The network is configured to use IPv4. You also have a wireless hotspot for students to connect their personal mobile devices. What could you improve on for a more resilient technical security posture?Enhanced TLS controlsStronger user authenticationSufficient physical controlsIPv6