CompTIA CAS-005 Practice Test - Questions Answers, Page 19

A senior security engineer flags the following log file snippet as having likely facilitated an attacker's lateral movement in a recent breach:

qry_source: 19.27.214.22 TCP/53

qry_dest: 199.105.22.13 TCP/53

qry_type: AXFR

| in comptia.org

------------ directoryserver1 A 10.80.8.10

------------ directoryserver2 A 10.80.8.11

------------ directoryserver3 A 10.80.8.12

------------ internal-dns A 10.80.9.1

----------- www-int A 10.80.9.3

------------ fshare A 10.80.9.4

------------ sip A 10.80.9.5

------------ msn-crit-apcs A 10.81.22.33

Which of the following solutions, if implemented, would mitigate the risk of this issue reoccurring?

Which of the following best describes the reason a network architect would enable forward secrecy on all VPN tunnels?

During a periodic internal audit, a company identifies a few new, critical security controls that are missing. The company has a mature risk management program in place, and the following requirements must be met:

The stakeholders should be able to see all the risks.

The risks need to have someone accountable for them.

Which of the following actions should the GRC analyst take next?

A security engineer must ensure that sensitive corporate information is not exposed if a company laptop is stolen. Which of the following actions best addresses this requirement?

An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the least amount of downtime. Which of the following should the analyst perform?

An organization is researching the automation capabilities for systems within an OT network. A security analyst wants to assist with creating secure coding practices and would like to learn about the programming languages used on the PLCs. Which of the following programming languages is the most relevant for PLCs?

A security engineer is implementing a code signing requirement for all code developed by the organization. Currently, the PKI only generates website certificates. Which of the following steps should the engineer perform first?

Which of the following are risks associated with vendor lock-in? (Select two).

An auditor is reviewing the logs from a web application to determine the source of an incident. The web application architecture includes an internet-accessible application load balancer, a number of web servers in a private subnet, application servers, and one database server in a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets:

Web server logs:

192.168.1.10 - - [24/Oct/2020 11:24:34 +05:00] 'GET /bin/bash' HTTP/1.1' 200 453 Safari/536.36

192.168.1.10 - - [24/Oct/2020 11:24:35 +05:00] 'GET / HTTP/1.1' 200 453 Safari/536.36

Application server logs:

24/Oct/2020 11:24:34 +05:00 - 192.168.2.11 - request does not match a known local user. Querying DB

24/Oct/2020 11:24:35 +05:00 - 192.168.2.12 - root path. Begin processing

Database server logs:

24/Oct/2020 11:24:34 +05:00 [Warning] 'option read_buffer_size1 unassigned value 0 adjusted to 2048

24/Oct/2020 11:24:35 +05:00 [Warning] CA certificate ca.pem is self-signed.

Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?