Nadean H. Tanner - CASP+ CompTIA Advanced Security Practitioner Practice Tests

135 You have been asked to make a change to software code. What type of testing do you complete to make sure program inputs and outputs are correct and everything functions as it's supposed to?White boxBlack hatCode reviewRegression

136 You are conducting a unit test on a new piece of software. By looking at an individual program, how do you ensure that each module behaves as it should?Input/outputBIOSProcesses runningServices running

137 Christopher is a software developer, and as part of the testing phase in the SDLC, he will need to ensure that an application is handling errors correctly. What is the best tool for him to use in this situation?FuzzerComplianceAccess controlIntegration testing

138 Your IT group is modernizing and adopting a DevSecOps approach, making everyone responsible for security. Traditionally, storage and security were separate disciplines inside IT as a whole. As a security analyst, what is your primary concern of data at rest?EncryptionAuthenticationInfrastructureAuthorization

139 As a software developer, Brian is extremely frustrated with a customer who keeps calling him on the phone and leaving messages to make changes to the software. What approach should Brian take with this customer to make the development process easier?Change controlIncrease securityAppraise senior managementProvide detailed documentation

140 Jackie is a software engineer and inherently prefers to use a flexible framework that enables software development to evolve with teamwork and feedback. What type of software development model would this be called?PrototypingCeremonyAgileRadical

141 You are working on a high-risk software development project that is large, the releases are to be frequent, and the requirements are complex. The waterfall and agile models are too simple. What software development model would you opt for?FunctionalCost estimationContinuous deliverySpiral

142 You are a software engineer and need to use a software development process that follows an extremely strict predetermined path through a set of phases. What type of method is this called?AgileWaterfallAdaptableVerifiable

143 The SDLC phases are part of a bigger process known as the system life cycle (SLC). The SLC has two phases after the implementation phase of the SDLC that address postinstallation and future changes. What are they called?Operations, maintenance, revisions, and replacementReplacement, crepitation, evaluation, and versioningValidation, verification, authentication, and monitoringRevisions, discovery, compliance, and functionality

144 You are using continuous integration/continuous delivery methodology involving different members of your team while developing a new application. You meet every day after lunch to review, which can mean multiple integrations every day. What are the security implications of using CI/CD?There are no security issues.Errors will not need to be fixed because the next integration will fix them.Encryption will be impossible because of timing.Errors can be handled as soon as possible.

145 IT security is a rapidly evolving field. As a software engineer, you need to stay current on industry trends and potential impact on an enterprise. Many of these changes will lead to you adopting which of the following?Best practicesDigital threatsAntivirus programsNIST

146 You perform a security audit to find out whether any IoT devices on your network are publicly accessible. What website would you use to find this type of information?ShodanOWASPVirusTotalMaltego

147 During a web application security assessment, Kevin needs to grab the basic architecture to identify the framework used. He grabbed the HTTP header banner using Netcat, which gives you the application name, software version, and web server information. What activity did he just perform?FingerprintingAuthenticationAuthorizationCode review

148 Many of your corporate users are using mobile laptop computers to perform their work remotely. Security is concerned that confidential data residing on these laptops may be disclosed and leaked to the public. What methodology best helps prevent the loss of such data?DLPHIPSNIDSNIPS

149 Your CISO, Karen, is concerned that all employees can use personal USB storage devices on the company's computers. She is concerned about malware introduction to the corporate environment and that data loss is possible if this practice continues. She wants to manage who can use USB storage devices on the company's computers. Which of the following actions should be used to implement this constraint?Replacing all computers with those that do not have USB portsPlacing glue in the computers' USB portsCutting the computers' USB cablesConfiguring a Group Policy within Microsoft Active Directory to manage USB storage device use on those computers

150 Many organizations prepare for highly technical attacks and forget about the simple low-tech means of gathering information. Dumpster diving can be useful in gaining access to unauthorized information. Which of these is the easiest to implement for reducing your company's dumpster-diving risk?Data classification and printer restrictions of intellectual property.Purchase shredders for the copy rooms.Create policies and procedures for document shredding.Employ an intern to shred all printed documentation.

151 Your organization decided to move away from dedicated computers on the desktop and move to a virtual desktop environment. The desktop image resides on a server within a virtual machine and is accessed via a desktop client over the network. Which of the following is being described?VPNVDIVNCRDP

152 Using Microsoft Network Monitor, you have captured traffic on TCP port 3389. Your security policy states that port 3389 is not to be used. What client-server protocol is probably running over this port?SNMPRDPPuTTYFTP

153 Your organization is pressured by both the company board and employees to allow personal devices on the network. They asked for email and calendar items to be synced between the company ecosystem and their BYOD. Which of the following best balances security and usability?Allowing access for the management team only because they have a need for convenient accessNot allowing any access between a BYOD device and the corporate network, only cloud applicationsOnly allowing certain types of devices that can be centrally managedReviewing security policy and performing a risk evaluation focused on central management, including the remote wipe and encryption of sensitive data and training users on privacy

154 Nathan is tasked with writing the security viewpoint of a new program that his organization is starting. Which of the following techniques make this a repeatable process and can be used for creating the best security architecture?Data classification, CIA triad, minimum security required, and risk analysisHistorical documentation, continuous monitoring, and mitigation of high risksImplementation of proper controls, performance of qualitative analysis, and continuous monitoringRisk analysis; avoidance of critical risks, threats, and vulnerabilities; and the transference of medium risk

155 You deployed more than half of your enterprise into the cloud, but you still have concerns about data loss, unauthorized access, and encryption. What continues to be the vulnerability in cloud infrastructure that leads to the most breaches?MisconfigurationSIEMSaaSMachine learning

156 Your company generates documents intended for public viewing. While your company wants to make these document public, it stills wants to prove the documents originated from the company. How can these documents be marked in such a way that information about their origin is maintained while not distorting the visual contents of the documents?BlowfishSteganographic watermarkingDigital signaturesPKI

157 Charlie works for a publisher and has been tasked with protecting the electronic media they produce. This will help ensure they receive the revenue for the product they produce. What is Charlie going to implement?Single point-of-failureDigital rights managementSeparate of dutiesMandatory vacations