CASP ? 121-150

30 Questions

Settings
CASP Quizzes & Trivia

Casp? 121-150


Questions and Answers
  • 1. 
    121. A software vendor has had several zero-day attacks against its software, due to previously unknown security defects being exploited by attackers. The attackers have been able to perform operations at the same security level as the trusted application. The vendor product management team has decided to re-design the application with security as a priority. Which of the following is a design principle that should be used to BEST prevent these types of attacks?
    • A. 

      Application sandboxing

    • B. 

      Input validation

    • C. 

      Penetration testing

    • D. 

      Code reviews

  • 2. 
    122. A new vendor product has been acquired to replace a legacy perimeter security product. There are significant time constraints due to the existing solution nearing end-of-life with no options for extended support. It has been emphasized that only essential activities be performed. Which of the following sequences BEST describes the order of activities when balancing security posture and time constraints?
    • A. 

      Install the new solution, migrate to the new solution, and test the new solution.

    • B. 

      Purchase the new solution, test the new solution, and migrate to the new solution.

    • C. 

      Decommission the old solution, install the new solution, and test the new solution.

    • D. 

      Test the new solution, migrate to the new solution, and decommission the old solution.

  • 3. 
    123. Within an organization, there is a known lack of governance for solution designs. As a result there are inconsistencies and varying levels of quality for the artifacts that are produced. Which of the following will help BEST improve this situation?
    • A. 

      Ensure that those producing solution artifacts are reminded at the next team meeting that quality is important.

    • B. 

      Introduce a peer review process that is mandatory before a document can be officially made final.

    • C. 

      Introduce a peer review and presentation process that includes a review board with representation from relevant disciplines.

    • D. 

      Ensure that appropriate representation from each relevant discipline approves of the solution documents before official approval.

  • 4. 
    124. During a specific incident response and recovery process action, the response team determines that it must first speak to the person ultimately responsible for the data. With whom should the response team speak FIRST?
    • A. 

      Data User

    • B. 

      Data Owner

    • C. 

      Business Owner

    • D. 

      Data Custodian

  • 5. 
    125. A growing corporation is responding to the needs of its employees to access corporate email and other resources while traveling. The company is implementing remote access for company laptops. Which of the following security systems should be implemented for remote access? (Select TWO).
    • A. 

      Virtual Private Network

    • B. 

      Secure Sockets Layer for web servers

    • C. 

      Network monitoring

    • D. 

      Multifactor authentication for users

    • E. 

      Full disk encryption

    • F. 

      Intrusion detection systems

  • 6. 
    126. In order to reduce cost and improve employee satisfaction, a large corporation has decided to allow personal communication devices to access email and to remotely connect to the corporate network. Which of the following security measures should the IT organization implement? (Select TWO).
    • A. 

      A device lockdown according to policies

    • B. 

      An IDS on the internal networks

    • C. 

      A data disclosure policy

    • D. 

      A privacy policy

    • E. 

      Encrypt data in transit for remote access

  • 7. 
    127. A storage administrator would like to make storage available to some hosts and unavailable to other hosts. Which of the following would be used?
    • A. 

      LUN masking

    • B. 

      Deduplication

    • C. 

      Multipathing

    • D. 

      Snapshots

  • 8. 
    128. Which of the following is a security advantage of single sign-on? (Select TWO).
    • A. 

      Users only have to remember one password.

    • B. 

      Applications need to validate authentication tokens.

    • C. 

      Authentication is secured by the certificate authority.

    • D. 

      Less time and complexity removing user access.

    • E. 

      All password transactions are encrypted.

  • 9. 
    129. After a system update causes significant downtime, the Chief Information Security Officer (CISO) asks the IT manager who was responsible for the update. The IT manager responds that it is impossible to know who did the update since five different people have administrative access. How should the IT manager increase accountability to prevent this situation from reoccurring? (Select TWO).
    • A. 

      Implement an enforceable change management system.

    • B. 

      Implement a software development life cycle policy.

    • C. 

      Enable user level auditing on all servers.

    • D. 

      Implement a federated identity management system.

    • E. 

      Configure automatic updates on all servers.

  • 10. 
    130. Company A is purchasing Company B, and will import all of Company B’s users into its authentication system. Company A uses 802.1x with a RADIUS server, while Company B uses a captive SSL portal with an LDAP backend. Which of the following is the BEST way to integrate these two networks?
    • A. 

      Enable RADIUS and end point security on Company B’s network devices.

    • B. 

      Enable LDAP authentication on Company A’s network devices.

    • C. 

      Enable LDAP/TLS authentication on Company A’s network devices.

    • D. 

      Enable 802.1x on Company B’s network devices.

  • 11. 
    131. A company has a legacy virtual cluster which was added to the datacenter after a small company was acquired. All VMs on the cluster use the same virtual network interface to connect to the corporate data center LAN. Some of the virtual machines on the cluster process customer data, some process company financial data, and others act as externally facing web servers. Which of the following security risks can result from the configuration in this scenario?
    • A. 

      Visibility on the traffic between the virtual machines can impact confidentiality

    • B. 

      NIC utilization can exceed 50 percent and impact availability

    • C. 

      Shared virtual switches can negatively impact the integrity of network packets

    • D. 

      Additional overhead from network bridging can affect availability

  • 12. 
    132. A user on a virtual machine downloads a large file using a popular peer-to-peer torrent program. The user is unable to execute the program on their VM. A security administrator scans the VM and detects a virus in the program. The administrator reviews the hypervisor logs and correlates several access attempts to the time of execution of the virus. Which of the following is the MOST likely explanation for this behavior?
    • A. 

      The hypervisor host does not have hardware acceleration enabled and does not allow DEP.

    • B. 

      The virus scanner on the VM changes file extensions of all programs downloaded via P2P to prevent execution.

    • C. 

      The virtual machine is configured to require administrator rights to execute all programs.

    • D. 

      The virus is trying to access a virtual device which the hypervisor is configured to restrict.

  • 13. 
    133. An administrator is troubleshooting availability issues on a FCoE based storage array that uses deduplication. An administrator has access to the raw data from the SAN and wants to restore the data to different hardware. Which of the following issues may potentially occur?
    • A. 

      The existing SAN may be read-only.

    • B. 

      The existing SAN used LUN masking.

    • C. 

      The new SAN is not FCoE based.

    • D. 

      The data may not be in a usable format.

  • 14. 
    134. The security administrator has noticed a range of network problems affecting the proxy server. Based on reviewing the logs, the administrator notices that the firewall is being targeted with various web attacks at the same time that the network problems are occurring. Which of the following strategies would be MOST effective in conducting an in-depth assessment and remediation of the problems?
    • A. 

      1. Deploy an HTTP interceptor on the switch span port; 2. Adjust the external facing NIDS; 3. Reconfigure the firewall ACLs to block the all traffic above port 2000; 4. Verify the proxy server is configured correctly and hardened; 5. Review the logs weekly in the future.

    • B. 

      1. Deploy a protocol analyzer on the switch span port; 2. Adjust the internal HIDS; 3. Reconfigure the firewall ACLs to block outbound HTTP traffic; 4. Reboot the proxy server; 5. Continue to monitor the network.

    • C. 

      1. Deploy a protocol analyzer on the switch span port; 2. Adjust the external facing IPS; 3. Reconfigure the firewall ACLs to block unnecessary ports; 4. Verify the proxy server is configured correctly and hardened; 5. Continue to monitor the network.

    • D. 

      1. Deploy a network fuzzer on the switch span port; 2. Adjust the external facing IPS; 3. Reconfigure the proxy server to block the attacks; 4. Verify the firewall is configured correctly and hardened.

  • 15. 
    135. Company A is merging with Company B. Company B uses mostly hosted services from an outside vendor, while Company A uses mostly in-house products. The project manager of the merger states the merged systems should meet these goals: Ability to customize systems per department Quick implementation along with an immediate ROI The internal IT team having administrative level control over all products The project manager states the in-house services are the best solution. Because of staff shortages, the senior security administrator argues that security will be best maintained by continuing to use outsourced services. Which of the following solutions BEST solves the disagreement?
    • A. 

      Raise the issue to the Chief Executive Officer (CEO) to escalate the decision to senior management with the recommendation to continue the outsourcing of all IT services.

    • B. 

      Calculate the time to deploy and support the in-sourced systems accounting for the staff shortage and compare the costs to the ROI costs minus outsourcing costs. Present the document numbers to management for a final decision.

    • C. 

      Perform a detailed cost benefit analysis of outsourcing vs. in-sourcing the IT systems and review the system documentation to assess the ROI of in-sourcing. Select COTS products to eliminate development time to meet the ROI goals.

    • D. 

      Arrange a meeting between the project manager and the senior security administrator to review the requirements and determine how critical all the requirements are.

  • 16. 
    The new security policy states that only authorized software will be allowed on the corporate network and all personally owned equipment needs to be configured by the IT security staff before being allowed on the network. The security administrator creates standard images with all the required software and proper security controls. These images are required to be loaded on all personally owned equipment prior to connecting to the corporate network. These measures ensure compliance with the new security policy. Which of the following security risks still needs to be addressed in this scenario?
    • A. 

      An employee copying gigabytes of personal video files from the employee’s personal laptop to their company desktop to share files.

    • B. 

      An employee connecting their personal laptop to use a non-company endorsed accounting application that the employee used at a previous company.

    • C. 

      An employee using a corporate FTP application to transfer customer lists and other proprietary files to an external computer and selling them to a competitor.

    • D. 

      An employee accidentally infecting the network with a virus by connecting a USB drive to the employee’s personal laptop.

  • 17. 
    137. The increasing complexity of attacks on corporate networks is a direct result of more and more corporate employees connecting to corporate networks with mobile and personal devices. In most cases simply banning these connections and devices is not practical because they support necessary business needs. Which of the following are typical risks and mitigations associated with this new trend?
    • A. 

      Risks: Data leakage, lost data on destroyed mobile devices, smaller network attack surface, prohibitive telecommunications costs Mitigations: Device Encryptions, lock screens, certificate based authentication, corporate telecom plans

    • B. 

      Risks: Confidentiality leaks through cell conversations, availability of remote corporate data, integrity of data stored on the devices Mitigations: Cellular privacy extensions, mobile VPN clients, over-the-air backups.

    • C. 

      Risks: Data exfiltration, loss of data via stolen mobile devices, increased data leakage at the network edge Mitigations: Remote data wipe capabilities, implementing corporate security on personally owned devices

    • D. 

      Risks: Theft of mobile devices, unsanctioned applications, minimal device storage, call quality Mitigations: GPS tracking, centralized approved application deployment, over-the-air backups, QoS implementation

  • 18. 
    138. A security engineer at a major financial institution is prototyping multiple secure network configurations. The testing is focused on understanding the impact each potential design will have on the three major security tenants of the network. All designs must take into account the stringent compliance and reporting requirements for most worldwide financial institutions. Which of the following is the BEST list of security lifecycle related concerns related to deploying the final design?
    • A. 

      Decommissioning the existing network smoothly, implementing maintenance and operations procedures for the new network in advance, and ensuring compliance with applicable regulations and laws.

    • B. 

      Interoperability with the Security Administration Remote Access protocol, integrity of the data at rest, overall network availability, and compliance with corporate and government regulations and policies.

    • C. 

      Resistance of the new network design to DDoS attacks, ability to ensure confidentiality of all data in transit, security of change management processes and procedures, and resilience of the firewalls to power fluctuations.

    • D. 

      Decommissioning plan for the new network, proper disposal protocols for the existing network equipment, transitioning operations to the new network on day one, and ensuring compliance with corporate data retention policies.

    • E. 

      Ensuring smooth transition of maintenance resources to support the new network, updating all whole disk encryption keys to be compatible with IPv6, and maximizing profits for bank shareholders.

  • 19. 
    139. The sales staff at a software development company has received the following requirements from a customer: “We need the system to notify us in advance of all software errors and report all outages”. Which of the following BEST conveys these customer requirements to the software development team to understand and implement?
    • A. 

      The system shall send a status message to a network monitoring console every five seconds while in an error state and the system should email the administrator when the number of input errors exceeds five.

    • B. 

      The system shall alert the administrator upon the loss of network communications and when error flags are thrown.

    • C. 

      The system shall email the administrator when processing deviates from expected conditions and the system shall send a heartbeat message to a monitoring console every second while in normal operations.

    • D. 

      The system shall email the administrator when an error condition is detected and a flag is thrown and the system shall send an email to the administrator when network communications are disrupted.

  • 20. 
    140. A programming team is deploying a new PHP module to be run on a Solaris 10 server with trusted extensions. The server is configured with three zones, a management zone, a customer zone, and a backend zone. The security model is constructed so that only programs in the management zone can communicate data between the zones. After installation of the new PHP module, which handles on-line customer payments, it is not functioning correctly. Which of the following is the MOST likely cause of this problem?
    • A. 

      The PHP module is written to transfer data from the customer zone to the management zone, and then from the management zone to the backend zone.

    • B. 

      The iptables configuration is not configured correctly to permit zone to zone communications between the customer and backend zones.

    • C. 

      The PHP module was installed in the management zone, but is trying to call a routine in the customer zone to transfer data directly to a MySQL database in the backend zone.

    • D. 

      The ipfilters configuration is configured to disallow loopback traffic between the physical NICs associated with each zone.

  • 21. 
    141. Company XYZ is selling its manufacturing business consisting of one plant to a competitor, Company QRS. All of the people will become QRS employees, but will retain permissions to plantspecific information and resources for one month. To ease the transition, Company QRS also connected the plant and employees to the Company QRS network. Which of the following threats is the HIGHEST risk to Company XYZ?
    • A. 

      Malware originating from Company XYZ’s network

    • B. 

      Co-mingling of company networks

    • C. 

      Lack of an IPSec connection between the two networks

    • D. 

      Loss of proprietary plant information

  • 22. 
    142. Company ABC has grown yearly through mergers and acquisitions. This has led to over 200 internal custom web applications having standalone identity stores. In order to reduce costs and improve operational efficiencies a project has been initiated to implement a centralized security infrastructure. The requirements are as follows: Reduce costs Improve efficiencies and time to market Manageable Accurate identity information Standardize on authentication and authorization Ensure a reusable model with standard integration patterns Which of the following security solution options will BEST meet the above requirements? (Select THREE).
    • A. 

      Build an organization-wide fine grained access control model stored in a centralized policy data store.

    • B. 

      Implement self service provisioning of identity information, coarse grained, and fine grained access control.

    • C. 

      Implement a web access control agent based model with a centralized directory model providing coarse grained access control and single sign-on capabilities.

    • D. 

      Implement a web access controlled reverse proxy and centralized directory model providing coarse grained access control and single sign-on capabilities.

    • E. 

      Implement automated provisioning of identity information; coarse grained, and fine grained access control.

    • F. 

      Move each of the applications individual fine grained access control models into a centralized directory with fine grained access control.

    • G. 

      Implement a web access control forward proxy and centralized directory model, providing coarse grained access control, and single sign-on capabilities.

  • 23. 
    143. A bank has just outsourced the security department to a consulting firm, but retained the security architecture group. A few months into the contract the bank discovers that the consulting firm has sub-contracted some of the security functions to another provider. Management is pressuring the sourcing manager to ensure adequate protections are in place to insulate the bank from legal and service exposures. Which of the following is the MOST appropriate action to take?
    • A. 

      Directly establish another separate service contract with the sub-contractor to limit the risk exposure and legal implications.

    • B. 

      Ensure the consulting firm has service agreements with the sub-contractor; if the agreement does not exist, exit the contract when possible.

    • C. 

      Log it as a risk in the business risk register and pass the risk to the consulting firm for acceptance and responsibility.

    • D. 

      Terminate the contract immediately and bring the security department in-house again to reduce legal and regulatory exposure.

  • 24. 
    Company XYZ has invested an increasing amount in security due to the changing threat landscape. The company is going through a cost cutting exercise and the Chief Financial Officer (CFO) has queried the security budget allocated to the Chief Information Security Officer (CISO). At the same time, the CISO is actively promoting business cases for additional funding to support new initiatives. These initiatives will mitigate several security incidents that have occurred due to ineffective controls. A security advisor is engaged to assess the current controls framework and to provide recommendations on whether preventative, detective, or corrective controls should be implemented. How should the security advisor respond when explaining which controls to implement?
    • A. 

      Preventative controls are useful before an event occurs, detective controls are useful during an event, and corrective controls are useful after an event has occurred. A combination of controls can be used.

    • B. 

      Corrective controls are more costly to implement, but are only needed for real attacks or high value assets; therefore, controls should only be put in place after a real attack has occurred.

    • C. 

      Detective controls are less costly to implement than preventative controls; therefore, they should be encouraged wherever possible. Corrective controls are used during an event or security incident. Preventative controls are hard to achieve in practice due to current market offerings.

    • D. 

      Always advise the use of preventative controls as this will prevent security incidents from occurring in the first place. Detective and corrective controls are redundant compensating controls and are not required if preventative controls are implemented.

  • 25. 
    145. There has been a recent security breach which has led to the release of sensitive customer information. As part of improving security and reducing the disclosure of customer data, a training company has been employed to educate staff. Which of the following should be the primary focus of the privacy compliance training program?
    • A. 

      Explain how customer data is gathered, used, disclosed, and managed.

    • B. 

      Remind staff of the company’s data handling policy and have staff sign an NDA.

    • C. 

      Focus on explaining the “how” and “why” customer data is being collected.

    • D. 

      Republish the data classification and the confidentiality policy.

  • 26. 
    146. A new malware spreads over UDP Port 8320 and several network hosts have been infected. A new security administrator has determined a possible cause, and the infected machines have been quarantined. Which of the following actions could a new security administrator take to further mitigate this issue?
    • A. 

      Limit source ports on the firewall to specific IP addresses.

    • B. 

      Add an explicit deny-all and log rule as the final entry of the firewall rulebase.

    • C. 

      Implement stateful UDP filtering on UDP ports above 1024.

    • D. 

      Configure the firewall to use IPv6 by default.

  • 27. 
    147. A newly-hired Chief Information Security Officer (CISO) is faced with improving security for a company with low morale and numerous disgruntled employees. After reviewing the situation for several weeks the CISO publishes a more comprehensive security policy with associated standards. Which of the following issues could be addressed through the use of technical controls specified in the new security policy?
    • A. 

      Employees publishing negative information and stories about company management on social network sites and blogs.

    • B. 

      An employee remotely configuring the email server at a relative’s company during work hours.

    • C. 

      Employees posting negative comments about the company from personal phones and PDAs.

    • D. 

      External parties cloning some of the company’s externally facing web pages and creating lookalike sites.

  • 28. 
    148. A small company has recently placed a newly installed DNS server on the DMZ and wants to secure it by allowing Internet hosts to query the DNS server. Since the company deploys an internal DNS server, all DNS queries to that server coming from the company network should be blocked. An IT administrator has placed the following ACL on the company firewall: Testing shows that the DNS server in the DMZ is not working. Which of the following should the administrator do to resolve the problem?
    • A. 

      Modify the SRC and DST ports of ACL 1

    • B. 

      Modify the SRC IP of ACL 1 to 0.0.0.0/32

    • C. 

      Modify the ACTION of ACL 2 to Permit

    • D. 

      Modify the PROTO of ACL 1 to TCP

  • 29. 
    149. An administrator would like to connect a server to a SAN. Which of the following processes would BEST allow for availability and access control?
    • A. 

      Install a dual port HBA on the SAN, create a LUN on the server, and enable deduplication and data snapshots.

    • B. 

      Install a multipath LUN on the server with deduplication, and enable LUN masking on the SAN.

    • C. 

      Install 2 LUNs on the server, cluster HBAs on the SAN, and enable multipath and data deduplication.

    • D. 

      Install a dual port HBA in the server; create a LUN on the SAN, and enable LUN masking and multipath.

  • 30. 
    150. A company data center provides Internet based access to email and web services. The firewall is separated into four zones: RED ZONE is an Internet zone ORANGE ZONE a Web DMZ YELLOW ZONE an email DMZ GREEN ZONE is a management interface There are 15 email servers and 10 web servers. The data center administrator plugs a laptop into the management interface to make firewall changes. The administrator would like to secure this environment but has a limited budget. Assuming each addition is an appliance, which of the following would provide the MOST appropriate placement of security solutions while minimizing the expenses?
    • A. 

      RED ZONE. none ORANGE ZONE. WAF YELLOW ZONE. SPAM Filter GREEN ZONE. none

    • B. 

      RED ZONE. Virus Scanner, SPAM Filter ORANGE ZONE. NIPS YELLOW ZONE. NIPS GREEN ZONE. NIPS

    • C. 

      RED ZONE. WAF, Virus Scanner ORANGE ZONE. NIPS YELLOW ZONE. NIPS GREEN ZONE. SPAM Filter

    • D. 

      RED ZONE. NIPS ORANGE ZONE. WAF YELLOW ZONE. Virus Scanner, SPAM Filter GREEN ZONE. none