CASP? 90-120
Transfer the risks to another internal department, who have more resources to accept the risk.
Accept the risks and log acceptance in the risk register. Once the risks have been accepted close them out.
Transfer the initial risks by outsourcing payment processing to a third party service provider.
Mitigate the risks by hiring additional IT staff with the appropriate experience and certifications.
Encrypted with a one-time password.
Stored on separate physical hosts.
Moved to the cloud.
Scanned for vulnerabilities regularly.
Implement a unified IPv6 addressing scheme on the entire network.
Conduct a penetration test of Company B’s network.
Perform a vulnerability assessment on Company B’s network.
Perform a peer code review on Company B’s application.
Each of the servers used the same EV certificate.
The servers used a wildcard certificate.
The web server was the CA for the domain.
Revoking a certificate can only be done at the domain level.
Mandatory vacation
Non-disclosure
Job rotation
Least privilege
Migrate the system to IPv6.
Migrate the system to RSH.
Move the system to a secure VLAN.
Use LDAPs for authentication.
Schedule weekly vulnerability assessments
Implement continuous log monitoring
Scan computers weekly against the baseline
Require monthly reports showing compliance with configuration and updates
{(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Moderate)}
{(Confidentiality, High), (Integrity, Low), (Availability, Low)}
{(Confidentiality, High), (Integrity, Moderate), (Availability, Low)}
{(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Low)}
Memorandum of Understanding
Interconnection Security Agreement
Operating Level Agreement
Service Level Agreement
Separation of duties.
Mandatory vacation.
Non-disclosure agreement.
Least privilege.
Have a replacement employee run the same applications as the vacationing employee.
Have a replacement employee perform tasks in a different order from the vacationing employee.
Have a replacement employee perform the job from a different workstation than the vacationing employee.
Have a replacement employee run several daily scripts developed by the vacationing employee.
Develop a memorandum of understanding on what the MSS is responsible to provide.
Create internal metrics to track MSS performance.
Establish a mutually agreed upon service level agreement.
Issue a RFP to ensure the MSS follows guidelines.
3DES - SHA
DES - MD5
Camellia - SHA
RC4 - MD5
Apply standard security policy settings to the devices.
Set up an access control system to isolate the devices from the network.
Integrate the tablets into standard remote access systems.
Develop the use case for the devices and perform a risk analysis.
Key company-key.{ algorithm hmac-rc4; secret "Hdue8du9jdknkhdoLksdlkeYEIks83K="; };
Key company-key.{ algorithm hmac-md5; secret "Hdue8du9jdknkhdoLksdlkeYEIks83K="; key company-key.{ algorithm hmac-md5; secret "Hdue8du9jdknkhdoLksdlkeYEIks83K="; }; allow transfer { 192.168.10.53; }
Key company-key.{ algorithm hmac-md5; secret "Hdue8du9jdknkhdoLksdlkeYEIks83K="; }; allow transfer { 192.168.20.53; }
Key company-key.{ algorithm hmac-rc4; secret "Hdue8du9jdknkhdoLksdlkeYEIks83K="; }; allow transfer { 192.168.10.53; } algorithm hmac-rc4; secret "Hdue8du9jdknkhdoLksdlkeYEIks83K="; }; allow transfer { 192.168.10.53; }
Line by line code review and simulation; uncovers hidden vulnerabilities and allows for behavior to be observed with minimal risk.
Technical exchange meetings with the application’s vendor; vendors have more in depth knowledge of the product.
Pilot trial; minimizes the impact to the enterprise while still providing services to enterprise users.
Full deployment with crippled features; allows for large scale testing and observation of the applications security profile.
Require each person joining the company’s social networking initiative to accept a nondisclosure agreement.
Establish a specific set of trained people that can release information on the organization’s behalf.
Require a confidential statement be attached to all information released to the social networking sites.
Establish a social media usage policy and provide training to all marketing employees.
Require the use of an unprivileged account, and a second shared account only for administrative purposes.
Require role-based security on primary role, and only provide access to secondary roles on a case-by-case basis.
Require separation of duties ensuring no single administrator has access to all systems.
Require on-going auditing of administrative activities, and evaluate against risk-based metrics.
Inappropriate administrator access
Malicious code
Internal business fraud
Regulatory compliance
A symmetric key
A PKI ticket
An X.509 certificate
An assertion ticket
Transport encryption
Authentication hashing
Digital signature
Legal mail hold
TSIG code signing
What hardware and software would work best for securing the network?
What corporate assets need to be protected?
What are the business needs of the organization?
What outside threats are most likely to compromise network security?
What is the budget for this project?
What time and resources are needed to carry out the security plan?
Avoid the risk
Transfer the risk
Accept the risk
Mitigate the risk
A system and network scan to determine if all of the systems are secure.
Implement a firewall/DMZ system between the networks.
Develop a risk analysis for the merged networks.
Conduct a complete review of the security posture of the acquired corporation.
Conduct a vulnerability assessment to determine the security posture of the new devices and the application.
Benchmark other organization’s that already encountered this type of situation and apply all relevant learning’s and industry best practices.
Work with the business to understand and classify the risk associated with the full lifecycle of the hardware and software deployment.
Develop a standard image for the new devices and migrate to a web application to eliminate locally resident data.
SystemsEngineering. Decomposing requirements Development: Secure coding standards Testing. Code stability Project Management: Stakeholder engagement Security: Secure transport Networks: Functional validation
SystemsEngineering. Decomposing requirements Development: Code stability Testing. Functional validation Project Management: Stakeholder engagement Security: Secure coding standards Networks: Secure transport
SystemsEngineering. Functional validation Development: Stakeholder engagement Testing. Code stability Project Management: Decomposing requirements Security: Secure coding standards Networks: Secure transport
SystemsEngineering. Decomposing requirements Development: Stakeholder engagement Testing. Code stability Project Management: Functional validation Security: Secure coding standards Networks: Secure transport
Create a separate SSID and WEP key to support the legacy clients and enable detection of rogue APs.
Create a separate SSID and WEP key on a new network segment and only allow required communication paths.
Create a separate SSID and require the legacy clients to connect to the wireless network using certificate-based 802.1x.
Create a separate SSID and require the use of dynamic WEP keys.
Establish VLANs for each virtual guest's NIC on the virtual switch.
Enable virtual switch layer 2 security precautions.
Only access hosts through a secure management interface.
Distribute guests to hosts by application role or trust zone.
Restrict physical and network access to the host console.
Kerberos
NTLM
RADIUS
TACACS+
TLS
HMAC
Camellia
Quiz Review Timeline (Updated): Mar 21, 2022 +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
CASP ? 241-272 END OF TEST
This CASP quiz assesses knowledge in managing diverse IT environments, securing IP cameras, single sign-on processes, and firewall management for different departments. It is...
Questions:
32 |
Attempts:
317 |
Last updated:
Mar 21, 2023
|
|
CASP ? 181-210 Network Diagrams
This CASP 181-210 quiz focuses on network security, featuring questions on application security components, vulnerabilities in code, and the setup of a Security Operations Center....
Questions:
30 |
Attempts:
437 |
Last updated:
Mar 20, 2023
|
Can You Pass This Comptia CASP Certification Test? Trivia Quiz
This quiz tests your knowledge on securing mobile devices, cloud environments, and incident response processes, tailored for those preparing for the CompTIA CASP certification. It...
Questions:
30 |
Attempts:
536 |
Last updated:
Mar 21, 2023
|
|
Wait!
Here's an interesting quiz for you.