CAS-004 Exam Dumps | A company suspects a web server may have been infiltrated by a rival corporation. The security engineer

<< Prev Question Next Question >>

Question 30/245

A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:

The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:

Which of the following is an appropriate security control the company should implement?

A. Restrict directory permission to read-only access.

B. Use server-side processing to avoid XSS vulnerabilities in path input.

C. Separate the items in the system call to prevent command injection.

D. Parameterize a query in the path variable to prevent SQL injection.

Question List (245q): Question 1: A recent data breach stemmed from unauthorized access to an ...; Question 2: A security engineer needs 10 implement a CASB to secure empl...; Question 3: A networking team was asked to provide secure remote access ...; Question 4: A developer needs to implement PKI in an autonomous vehicle'...; Question 5: Device event logs sources from MDM software as follows: (Exh...; Question 6: A company created an external application for its customers....; Question 7: A security engineer has learned that terminated employees' a...; Question 8: An organization needs to classify its systems and data in ac...; Question 9: A company undergoing digital transformation is reviewing the...; Question 10: An enterprise is undergoing an audit to review change manage...; Question 11: A security engineer has been informed by the firewall team t...; Question 12: An analyst determined that the current process for manually ...; Question 13: An attacker infiltrated an electricity-generation site and d...; Question 14: A company recently deployed a SIEM and began importing logs ...; Question 15: A security analyst discovered that the company's WAF was not...; Question 16: When implementing serverless computing an organization must ...; Question 17: A security technician is trying to connect a remote site to ...; Question 18: A company plans to build an entirely remote workforce that u...; Question 19: A security engineer performed an assessment on a recently de...; Question 20: An organization's assessment of a third-party, non-critical ...; Question 21: A company has decided to purchase a license for software tha...; Question 22: In a cloud environment, the provider offers relief to an org...; Question 23: During a recent security incident investigation, a security ...; Question 24: The goal of a Chief information Security Officer (CISO) prov...; Question 25: A DNS forward lookup zone named complia.org must: * Ensure t...; Question 26: Ransomware encrypted the entire human resources fileshare fo...; Question 27: An employee's device was missing for 96 hours before being r...; Question 28: Law enforcement officials informed an organization that an i...; Question 29: A forensics investigator is analyzing an executable file ext...; Question 30: A company suspects a web server may have been infiltrated by...; Question 31: A security consultant has been asked to identify a simple, s...; Question 32: A new web server must comply with new secure-by-design princ...; Question 33: A software developer must choose encryption algorithms to se...; Question 34: An organization's finance system was recently attacked. A fo...; Question 35: A security researcher identified the following messages whil...; Question 36: A developer wants to maintain integrity to each module of a ...; Question 37: A security engineer is working for a service provider and an...; Question 38: An analyst reviews the following output collected during the...; Question 39: A security administrator wants to enable a feature that woul...; Question 40: A forensic investigator would use the foremost command for:...; Question 41: A SIEM generated an alert after a third-party database admin...; Question 42: An e-commerce company is running a web server on premises, a...; Question 43: As part of its risk strategy, a company is considering buyin...; Question 44: A company is moving most of its customer-facing production s...; Question 45: After investigating a recent security incident, a SOC analys...; Question 46: A security consultant is designing an infrastructure securit...; Question 47: A company that provides services to clients who work with hi...; Question 48: A security team received a regulatory notice asking for info...; Question 49: Over the last 90 days, many storage services has been expose...; Question 50: An energy company is required to report the average pressure...; Question 51: Which of the following BEST sets expectation between the sec...; Question 52: An IT department is currently working to implement an enterp...; Question 53: A security engineer is concerned about the threat of side-ch...; Question 54: An application security engineer is performing a vulnerabili...; Question 55: A Chief Information Officer is considering migrating all com...; Question 56: A home automation company just purchased and installed tools...; Question 57: A software development company is building a new mobile appl...; Question 58: A security analyst runs a vulnerability scan on a network ad...; Question 59: A security analyst is reviewing the following output from a ...; Question 60: A company just released a new video card. Due to limited sup...; Question 61: A security engineer has been asked to close all non-secure c...; Question 62: Which of the following is the primary reason that a risk pra...; Question 63: A high-severity vulnerability was found on a web application...; Question 64: The CI/CD pipeline requires code to have close to zero defec...; Question 65: A network administrator for a completely air-gapped and clos...; Question 66: An internal security assessor identified large gaps in a com...; Question 67: A large organization is planning to migrate from on premises...; Question 68: A junior developer is informed about the impact of new malwa...; Question 69: Ann, a CIRT member, is conducting incident response activiti...; Question 70: An organization does not have visibility into when company-o...; Question 71: An ISP is receiving reports from a portion of its customers ...; Question 72: A security analyst is reviewing the following output: (Exhib...; Question 73: A security architect works for a manufacturing organization ...; Question 74: The general counsel at an organization has received written ...; Question 75: A university issues badges through a homegrown identity mana...; Question 76: A security manager has written an incident response playbook...; Question 77: A developer is creating a new mobile application for a compa...; Question 78: A security engineer needs to implement a solution to increas...; Question 79: A company's BIA indicates that any loss of more than one hou...; Question 80: While investigating a security event, an analyst finds evide...; Question 81: A company that uses AD is migrating services from LDAP to se...; Question 82: A disaster recovery team learned of several mistakes that we...; Question 83: An organization recently recovered from an attack that featu...; Question 84: PKI can be used to support security requirements in the chan...; Question 85: A security engineer is reviewing metrics for a series of bug...; Question 86: A security engineer is trying to identify instances of a vul...; Question 87: During the development process, the team identifies major co...; Question 88: Which of the following is record-level encryption commonly u...; Question 89: To bring digital evidence in a court of law the evidence mus...; Question 90: A company processes data subject to NDAs with partners that ...; Question 91: A SOC analyst is reviewing malicious activity on an external...; Question 92: A company is on a deadline to roll out an entire CRM platfor...; Question 93: A small bank is evaluating different methods to address and ...; Question 94: A hospitality company experienced a data breach that include...; Question 95: A security engineer is creating a single CSR for the followi...; Question 96: A mobile device hardware manufacturer receives the following...; Question 97: Users are reporting intermittent access issues with & ne...; Question 98: A security engineer needs to ensure production containers ar...; Question 99: A software developer created an application for a large, mul...; Question 100: A shipping company that is trying to eliminate entire classe...; Question 101: A cybersecurity analyst discovered a private key that could ...; Question 102: Which of the following is the best reason for obtaining file...; Question 103: A security engineer needs to implement a cost-effective auth...; Question 104: A security architect must mitigate the risks from what is su...; Question 105: A security solution uses a sandbox environment to execute ze...; Question 106: A security analyst needs to recommend a remediation to the f...; Question 107: An organization is assessing the security posture of a new S...; Question 108: The Chief Information Security Officer (CISO) is working wit...; Question 109: The Chief information Officer (CIO) asks the system administ...; Question 110: An organization is moving its intellectual property data fro...; Question 111: Signed applications reduce risks by:...; Question 112: An organization established an agreement with a partner comp...; Question 113: A company is deploying multiple VPNs to support supplier con...; Question 114: An organization's hunt team thinks a persistent threats exis...; Question 115: A security consultant has been asked to recommend a secure n...; Question 116: A company's product site recently had failed API calls, resu...; Question 117: A business stores personal client data of individuals residi...; Question 118: An organization is designing a network architecture that mus...; Question 119: A user forwarded a suspicious email to a security analyst fo...; Question 120: A SOC analyst received an alert about a potential compromise...; Question 121: A company recently deployed new servers to create an additio...; Question 122: A new requirement for legislators has forced a government se...; Question 123: A security analyst is reviewing the following vulnerability ...; Question 124: A security engineer is performing a threat modeling procedur...; Question 125: A pharmaceutical company uses a cloud provider to host thous...; Question 126: A company Invested a total of $10 million lor a new storage ...; Question 127: A company recently acquired a SaaS provider and needs to int...; Question 128: A security architect examines a section of code and discover...; Question 129: Some end users of an e-commerce website are reporting a dela...; Question 130: As part of the customer registration process to access a new...; Question 131: A company has a website with a huge database. The company wa...; Question 132: An accounting team member received a voicemail message from ...; Question 133: A software company wants to build a platform by integrating ...; Question 134: A company requires a task to be carried by more than one per...; Question 135: A security administrator is trying to securely provide publi...; Question 136: A company's Chief Information Security Officer is concerned ...; Question 137: An administrator at a software development company would lik...; Question 138: A company's Chief Information Officer wants to Implement IDS...; Question 139: The Chief information Officer (CIO) wants to implement enter...; Question 140: In order to authenticate employees who, call in remotely, a ...; Question 141: A security engineer needs to recommend a solution that will ...; Question 142: During a review of events, a security analyst notes that sev...; Question 143: Which of the following technologies would benefit the most f...; Question 144: In support of disaster recovery objectives, a third party ag...; Question 145: A company purchased Burp Suite licenses this year for each a...; Question 146: A security engineer is re-architecting a network environment...; Question 147: A security analyst wants to keep track of alt outbound web c...; Question 148: A security analyst is participating in a risk assessment and...; Question 149: A company moved its on-premises services to the cloud. Altho...; Question 150: A cloud security architect has been tasked with selecting th...; Question 151: The Chief information Security Officer (CISO) of a small loc...; Question 152: A company's SOC has received threat intelligence about an ac...; Question 153: A user logged in to a web application. Later, a SOC analyst ...; Question 154: A security analyst discovered that the company's WAF was not...; Question 155: An IPSec solution is being deployed. The configuration files...; Question 156: An IT director is working on a solution to meet the challeng...; Question 157: A company's claims processed department has a mobile workfor...; Question 158: A systems administrator is preparing to run a vulnerability ...; Question 159: Immediately following the report of a potential breach, a se...; Question 160: A Chief Information Security Officer is concerned about the ...; Question 161: A company in the financial sector receives a substantial num...; Question 162: The security analyst discovers a new device on the company's...; Question 163: A security analyst has been tasked with providing key inform...; Question 164: A security is assisting the marketing department with ensuri...; Question 165: Which of the following should an organization implement to p...; Question 166: A security analyst receives an alert from the SIEM regarding...; Question 167: Which of the following processes involves searching and coll...; Question 168: A company has a BYOD policy and has configured remote-wiping...; Question 169: An organization decided to begin issuing corporate mobile de...; Question 170: A security engineer at a company is designing a system to mi...; Question 171: A security architect is tasked with scoping a penetration te...; Question 172: An organization is preparing to migrate its production envir...; Question 173: A company Is adopting a new artificial-intelligence-based an...; Question 174: A security manager wants to transition the organization to a...; Question 175: A hospital has fallen behind with patching known vulnerabili...; Question 176: A system administrator at a medical imaging company discover...; Question 177: A security architect Is analyzing an old application that is...; Question 178: A user from the sales department opened a suspicious file at...; Question 179: In preparation for the holiday season, a company redesigned ...; Question 180: A security analyst is investigating a possible buffer overfl...; Question 181: A developer wants to develop a secure external-facing web ap...; Question 182: A Chief Security Officer (CSO) is concerned about the number...; Question 183: A security architect updated the security policy to require ...; Question 184: A company wants to quantify and communicate the effectivenes...; Question 185: During a remodel, a company's computer equipment was moved t...; Question 186: A security consultant needs to set up wireless security for ...; Question 187: A technician is reviewing the logs and notices a large numbe...; Question 188: A software development company needs to mitigate third-party...; Question 189: An organization mat provides a SaaS solution recently experi...; Question 190: When managing and mitigating SaaS cloud vendor risk, which o...; Question 191: An organization is in frequent litigation and has a large nu...; Question 192: A large number of emails have been reported, and a security ...; Question 193: Clients are reporting slowness when attempting to access a s...; Question 194: An attack team performed a penetration test on a new smart c...; Question 195: (Exhibit) An organization is planning for disaster recovery ...; Question 196: After the latest risk assessment, the Chief Information Secu...; Question 197: In a shared responsibility model for PaaS, which of the foll...; Question 198: An organization recently experienced a ransomware attack. Th...; Question 199: A cyberanalyst has been tasked with recovering PDF files fro...; Question 200: A software development company is building a new mobile appl...; Question 201: A bank hired a security architect to improve its security me...; Question 202: A municipal department receives telemetry data from a third-...; Question 203: A security architect is given the following requirements to ...; Question 204: Company A acquired Company B. During an initial assessment, ...; Question 205: A managed security provider (MSP) is engaging with a custome...; Question 206: A network architect is designing a new SD-WAN architecture t...; Question 207: A security engineer estimates the company's popular web appl...; Question 208: A security architect for a large, multinational manufacturer...; Question 209: A security manager is creating a standard configuration acro...; Question 210: A network administrator receives a ticket regarding an error...; Question 211: A company is looking for a solution to hide data stored in d...; Question 212: A Chief information Security Officer (CISO) is developing co...; Question 213: An administrator at a software development company would lik...; Question 214: Which of the following allows computation and analysis of da...; Question 215: Based on a recent security audit, a company discovered the p...; Question 216: To save time, a company that is developing a new VPN solutio...; Question 217: The Chief information Officer (CIO) of a large bank, which u...; Question 218: Due to locality and budget constraints, an organization's sa...; Question 219: After a cybersecurity incident, a judge found that a company...; Question 220: A pharmaceutical company recently experienced a security bre...; Question 221: The information security manager at a 24-hour manufacturing ...; Question 222: Which of the following should be established when configurin...; Question 223: A significant weather event caused all systems to fail over ...; Question 224: city government's IT director was notified by the City counc...; Question 225: A company has moved its sensitive workloads lo the cloud and...; Question 226: Which of the following provides the best solution for organi...; Question 227: A security administrator needs to implement a security solut...; Question 228: Which of the following is a security concern for DNP3?...; Question 229: A company reviews the regulatory requirements associated wit...; Question 230: An attacker infiltrated the code base of a hardware manufact...; Question 231: A recent security assessment generated a recommendation to t...; Question 232: Which of the following is the BEST disaster recovery solutio...; Question 233: An investigator is attempting to determine if recent data br...; Question 234: Which of the following is required for an organization to me...; Question 235: An ASIC manufacturer wishing to best reduce downstream suppl...; Question 236: A cloud security architect has been tasked with finding a so...; Question 237: Company A is establishing a contractual with Company B. The ...; Question 238: A company is migrating from company-owned phones to a BYOD s...; Question 239: A major broadcasting company that requires continuous availa...; Question 240: Which of the following testing plans is used to discuss disa...; Question 241: A security administrator has been provided with three separa...; Question 242: An organization wants to implement an access control system ...; Question 243: A company has a website with a huge database. The company wa...; Question 244: Which of the following security features do email signatures...; Question 245: A networking team asked a security administrator to enable F...

Question 30/245

LEAVE A REPLY

Download PDF File