A software developer needs to perform code-execution testing, black-box testing, and nonfunctional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting?

A.

Verification

B.

Validation

C.

Normalization

D.

Staging

A root cause analysis reveals that a web application outage was caused by one of the company’s developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent the issue from reoccurring?

A.

CASB

B.

SWG

C.

Containerization

D.

Automated failover

A security engineer needs to Implement the following requirements:
• All Layer 2 switches should leverage Active Directory tor authentication.
• All Layer 2 switches should use local fallback authentication If Active Directory Is offline.
• All Layer 2 switches are not the same and are manufactured by several vendors.
Which of the following actions should the engineer take to meet these requirements?
(Select TWO).

A.

Implement RADIUS.

B.

Configure AAA on the switch with local login as secondary.

C.

Configure port security on the switch with the secondary login method.

D.

Implement TACACS+

E.

Enable the local firewall on the Active Directory server.

F.

Implement a DHCP server.

MOST likely trying to protect against.

A.

Loss of proprietary information

B.

Damage to the company’s reputation

C.

Social engineering

D.

Credential exposure

Which of the following environments minimizes end-user disruption and is MOST likely to
be used to assess the impacts of any database migrations or major system changes by
using the final version of the code?

A.

Staging

B.

Test

C.

Production

D.

Development

A security analyst is performing a packet capture on a series of SOAP HTTP requests for a
security assessment. The analyst redirects the output to a file After the capture is complete,
the analyst needs to review the first transactions quickly and then search the entire series
of requests for a particular string Which of the following would be BEST to use to
accomplish the task? (Select TWO).

A.

head

B.

Tcpdump

C.

grep

D.

rail

E.

curl

F.

F. openssi

G.

dd

A security engineer at an offline government facility is concerned about the validity of an
SSL certificate. The engineer wants to perform the fastest check with the least delay to
determine if the certificate has been revoked. Which of the following would BEST these
requirement?

A.

RA

B.

OCSP

C.

CRL

D.

CSR

The Chief Financial Officer (CFO) of an insurance company received an email from Ann, the company’s Chief Executive Officer (CEO), requesting a transfer of $10,000 to an account. The email states Ann is on vacation and has lost her purse, containing cash and credit cards. Which of the following social-engineering techniques is the attacker using?

A.

Phishing

B.

Whaling

C.

Typo squatting

D.

Pharming

An engineer wants to access sensitive data from a corporate-owned mobile device.
Personal data is not allowed on the device. Which of the following MDM configurations
must be considered when the engineer travels for business?

A.

Screen locks

B.

Application management

C.

Geofencing

D.

Containerization

A security analyst sees the following log output while reviewing web logs:
Which of the following mitigation strategies would be BEST to prevent this attack from
being successful?

A.

Secure cookies

B.

Input validation

C.

Code signing

D.

Stored procedures

Which of the following would be BEST to establish between organizations that have agreed cooperate and are engaged in early discussion to define the responsibilities of each party, but do not want to establish a contractually binding agreement?

A.

An SLA

B.

AnNDA

C.

ABPA

D.

AnMOU

A security analyst is reviewing a new website that will soon be made publicly available. The analyst sees the following in the URL:
http://dev-site.comptia.org/home/show.php?sessionID=77276554&loc=usThe analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is able to browse the website with the following
URL:
http://dev-site.comptia.org/home/show.php?sessionID=98988475&loc=us
Which of the following application attacks is being tested?

A.

Pass-the-hash

B.

Session replay

C.

Object deference

D.

Cross-site request forgery