Nadean H. Tanner - CASP+ CompTIA Advanced Security Practitioner Practice Tests

91 One of the biggest issues your CISO has with migrating to more cloud environments is the process of acquiring and releasing resources. Technical as well as operational issues are associated with these processes. What type of procedure documentation should you create to help with this?How to authenticate and authorizeHow to dynamically provision and deprovisionHow to use SaaS, IaaS, and PaaSHow to build a Type 2 hypervisor

92 You have received an RFQ response from a software company, which makes a tool that will allow you to record all changes in a single change management tool. This tool will track scheduling change, implementing change, the cost of change, and reporting. What type of software is this called?Vulnerability managementChange controlSecurity information and event managementAutomation

93 You are investigating a new tool that helps identify, analyze, and report on threats in real time based mostly on logs. What is the best solution?SOARAntivirusXSSPort scanner

94 Steve is a software developer for a large retail organization. His CISO returned from a large conference and asked him to clarify exactly what the benefit of a container in software development is over virtual machines. Which of these is the best succinct answer?In a VM, hardware is virtualized to run multiple OS instances. Containers virtualize an OS to run multiple workloads on a single OS instance using a container engine.In a container, hardware is virtualized to run a single OS, where a VM can run multiple applications across multiple assets with a single OS.A VM is virtualized technology, but a container is not.A container is the same thing as a virtual machine, just smaller in size.

95 As a leader in your organization in DevOps, you want to convince your CISO to move toward containerization. Which of these is not an advantage to using containers over VMs?Reduced and simplified security updatesLess code to transfer, migrate, and uploadQuicker spinning up applicationsLarge file size of snapshots

96 At the latest IT department meeting, a discussion on the best virtual methodology centered around using VMs versus containers. Which of these statements best aligns with those two models?VMs are better for lightweight native performance, whereas containers are better for heavyweight limited performance.VMs are for running applications that need all the OS has to offer, whereas containers are better when maximizing number of applications on minimal resources.VMs share the host OS, whereas containers run on their own OS.Containers are fully isolated and more secure, whereas VMs use process-level isolation.

97 Ross is a security manager looking to improve security and performance of his unified communications (UC) server. Which of the following options might help with decreasing the attack surface?Adding more usersAdding more devicesTurning off unused servicesEase of setup

98 After analyzing traffic flows on the network, your department noticed that many internal users access the same resources on the Internet. This activity utilizes a lot of Internet bandwidth. Your department decides to implement a solution that can cache this type of traffic the first time it is requested and serve it to the internal users as requested, thereby reducing the Internet bandwidth used for accessing this traffic. Which solution best accomplishes this task?ProxyPacket filter firewallWAFIPS

99 You were asked to recommend a technology that will lessen the impact of a DDoS attack on your CDN. Which of the following is the best technology?HIDSPacket filter firewallProxyLoad balancing

100 Luke's company started upgrading the computers in your organization. As a security professional, you recommend creating a standard image for all computers with a set level of security configured. What is this process called?Configuration baseliningImagingDuplicationGhosting

101 Lydia is a security administrator, and her hospital's security policy states that wearable technology and IoT devices are not allowed in secure areas where patient information is discussed. Wearable devices are designed to be worn by one individual, but some are quite powerful with artificial intelligence. Why is this a concern?Danger of eavesdropping and compliance violationsInsurance premiums going upMalpractice and litigationChain of custody of evidence

102 Mark is evaluating cloud storage providers and gives each a product evaluation form. Which of these is not the best practice for a cloud service provider?Strict initial registration and validationSystem event and network traffic monitoringUtilization of weak encryption algorithmsIncident response processes that help BCP

103 Containerization provides many benefits in flexibility and faster application development. Which of the following statements is false?Containers share the host OS's kernel during runtime.Containers do not need to fully emulate an OS to work.One physical server running five containers needs only one OS.Containers are pure sandboxes just like VMs are.

104 Hector has a team that replaced version 1.2 of software with 2.0. The newest version has a completely different interface in addition to updates. What is this called?VersioningCoding integrationSecure codingVulnerability assessment

105 Greg is a security researcher for a cybersecurity company. He is currently examining a third-party vendor and finds a way to use SQLi to deface their web server due to a missing patch in the company's web application. What is the threat of doing business with this organization?Web defacementUnpatched applicationsAttackersEducation awareness

106 Your CISO decided to implement an overarching enterprise mobility management (EMM) strategy. She wants to ensure that sensitive corporate data is not compromised by the employees' apps on their mobile devices. Which of these will implement that best?App config through IDCApp wrapping through SDKOpen source through APIPlatform DevOps

107 You are a web developer who needs to secure API keys in a client-side JavaScript application created for your hospital. What is the best way to accomplish this task quickly and efficiently?Disable API access and use a hash of the key.Set API access and a secret key pair.Curl a request with an -H -o option.Set a RESTful request with access pairs.

108 Mitchell wants to enhance his overall security and compliance to protect his company more carefully. He engages his security team to examine enterprise application integration, data integration, message-oriented middleware (MOM), object request brokers (ORBs), and the enterprise service bus (ESB). He also wants to prioritize which web applications should be secured first and how they will be tested. What do you need to sit down with your IT security team and build?Web application security planWeb application–level attack listBusiness logic justificationsContainer security

109 Edwin's board of directors want to perform quarterly security testing. As CISO of a financial institution, he must form a plan specifically for the development of this test that includes software assurance. This test must have a low risk of impacting system stability because the company is in production. The suggestion was made to outsource this to a third party. The board of directors argue that a third party will not be as knowledgeable as the development team. What will satisfy the board of directors?Gray-box testing by a major consulting firmBlack-box testing by a major external consulting firmGray-box testing by the development and security assurance teamsWhite-box testing by the development and security assurance teams

110 Trent is a security analyst for a financial organization and conducting a review of data management policies. After a complete review, he found settings disabled permitting developers to download supporting but trusted software. You submitted the recommendation that developers have a separate process to manually download software that should be vetted before its use. What process will support this recommendation?NIPSDigitally signed applicationsSandboxingPCI compliance