Nadean H. Tanner - CASP+ CompTIA Advanced Security Practitioner Practice Tests

27 Your network administrator, George, reaches out to you to investigate why your e-commerce site went down twice in the past three days. Everything looks good on your network, so you reach out to your ISP. You suspect an attacker set up botnets that flood your DNS server with invalid requests. You find this out by examining your external logging service. What is this type of attack called?DDoSSpammingIP spoofingContainerization

28 Aaron's end users are having difficulty signing into the network. The investigation of the situation leads him to believe it is which type of attack?Port scanningDDoSPass-the-hashTrojan

29 A network engineer must configure a router on the network remotely. What protocol should be used to ensure a secure connection?TelnetFTPHTTPSSH

30 Ian has joined a company that licenses a third party's software and email service that is delivered to end users through a browser. What type of organization does Ian work for?IaaSSaaSPaaSBaaS

31 You are a security analyst with an enterprise global financial organization. The company just experienced an advanced persistent threat (APT) type of attack that was traced to ransomware delivered to end users via a phishing campaign. One of your IT analysts forwarded the email to the phishing@mycompany.comaddress. You want to rip open the ransomware to see what it does and what asset it touches. What do you build?Cloud sandboxA containerSLAA hypervisor

32 Cody configured the application programming interface (API) connection between your web application that manages retail transactions and your bank. This connection must be as secure as possible. Because the API connection will handle financial transactions, what is the best choice for securing the API if it is well designed?SOAPHTTPSRESTXML

33 Aniket is looking for a web server to process requests sent by XML. What is the best technology to use for this?RESTSOAPAjaxXSS

34 The Cisco switch port you are using for traffic analysis and troubleshooting has a dedicated SPAN port that is in an “error-disabled state”; what is the procedure to reenable it after you enter privilege exec mode?Issue the no shutdown command on the error-disabled interface.Issue the shutdown and then the no shutdown command on the error-disabled interface.Issue the no error command on the error-disabled interface.Issue the no error-disable command on the error-disabled interface.

35 You were asked to recommend a solution to intercept and mirror network traffic and analyze its content for malicious activity while not interacting with the host computer. Of the following, which is the best solution?System scannerApplication scannerActive vulnerability scannerPassive vulnerability scanner

36 One of Robert's objectives and key results (OKRs) for the upcoming year is to modernize the IT strategy by adopting a virtual cloud and taking advantage of new features and storage. He understands that once intellectual property is in the cloud, he could have less visibility and control as a consumer. What else is a major security concern for important data stored in the public cloud versus a private cloud?Cost effectivenessElastic useBeing on demandData remnants

37 Your news organization is dealing with a recent defacement of your website and secure web server. The server was compromised around a three-day holiday weekend while most of the IT staff was not at work. The network diagram, in the order from the outside in, consists of the Internet, firewall, IDS, SSL accelerator, web server farm, internal firewall, and internal network. You attempt a forensic analysis, but all the web server logs have been deleted, and the internal firewall logs show no activity. As the security administrator, what do you do?Review sensor placement and examine the external firewall logs to find the attack.Review the IDS logs to determine the source of the attack.Correlate all the logs from all the devices to find where the organization was compromised.Reconfigure the network and put the IDS between the SSL accelerator and server farm to better determine the cause of future attacks.

38 After merging with a newly acquired company, Gavin comes to work Monday morning to find a metamorphic worm from the newly acquired network spreading through the parent organization. The security administrator isolated the worm using a network traffic access point (TAP) mirroring all the new network traffic and found it spreading on TCP port 445. What does Gavin advise the administrator to do to immediately to minimize the attack?Run Wireshark to watch for traffic on TCP port 445.Update antivirus software and scan the entire enterprise.Check the SIEM for alerts for any asset with TCP port 445 open.Deploy an ACL to all HIPS: DENY-TCP-ANY-ANY-445.

39 Jonathan is a senior architect who has submitted budget requests to the CISO to upgrade their security landscape. One item to purchase in the new year is a security information and event management (SIEM) system. What is the primary function of a SIEM tool?Blocking malicious users and trafficMonitoring the networkAutomating DNS serversMonitoring servers

40 Janet has critical files and intellectual property on several filesystems and needs to be alerted if these files are altered by either trusted insiders abusing their privilege or malware. What should she implement?FIMPCIDNSTCP

41 You are configuring SNMP on a Windows server. You have found that you are currently running SNMPv2c. Why would you want to upgrade to SNMPv3?Cryptographic security systemParty-based security systemEasier to set upSupports UDP

42 Victor is employed in a high-risk geographically diverse environment heavily using Cisco IOS. Which of these are not key service advantages of NetFlow?Peer-to-peer tunneling encryptionNetwork traffic accounting and usage-based billingNetwork planning and securityDoS monitoring capabilities

43 One of your managers asked you to research data loss prevention techniques to protect data so that cyber attackers cannot monetize the stolen data. What DLP do you recommend?Encryption and tokenizationHIPAA and PCII&AM managementNIST frameworks

44 Eddie is looking for an antivirus detection tool that uses a rule or weight-based system to determine how much danger a program function could be. What type of antivirus does he need?BehavioralSignature basedHeuristicAutomated

45 Simon's organization has endpoints that are considered low-priority systems. Even though they are considered low priority, they still must be protected from malicious code capable of destroying data and corrupting systems. Malicious code is capable of infecting files but generally needs help moving from one system to another. What type of security product protects systems from this type of malicious code only?AntimalwareAntispywareAntivirusAnti-adware

46 An employee downloads a video of someone stealing a package off their porch from their smart doorbell. How do you mitigate the risk of storing that type of data on your business network?Implementing a security policy and awarenessPerforming auditsMonitoring networks for certain file typesUsing third-party threat intelligence reports

47 You conduct a security assessment and find legacy systems with vital business processes using standard Telnet protocols. What should you do to mitigate the risk?Migrate from IPv4 to IPv6.Install PuTTY.Move the system to a secure VLAN.Unplug the system until a replacement can be ordered.

48 Your hospital just merged with another hospital in another state that falls under a different legal jurisdiction. You are tasked with improving network security. Your CISO suggests data isolation by blocking communication between the two hospitals. How do you accomplish this?Implementing HIDSBuilding gateway firewallsConfiguring ERPCreating network microsegmentation

49 Your company grew to a point where a screened host firewall solution is no longer viable. IT wants to move to a screened subnet solution. Which of the following is considered a type of screened subnet?LANDMZEgressWAN