Casp ? 121-150

1. 127. A storage administrator would like to make storage available to some hosts and unavailable to other hosts. Which of the following would be used?

LUN masking

Deduplication

Multipathing

Snapshots

2. 124. During a specific incident response and recovery process action, the response team determines that it must first speak to the person ultimately responsible for the data. With whom should the response team speak FIRST?

Data User

Data Owner

Business Owner

Data Custodian

3. 122. A new vendor product has been acquired to replace a legacy perimeter security product. There are significant time constraints due to the existing solution nearing end-of-life with no options for extended support. It has been emphasized that only essential activities be performed. Which of the following sequences BEST describes the order of activities when balancing security posture and time constraints?

Install the new solution, migrate to the new solution, and test the new solution.

Purchase the new solution, test the new solution, and migrate to the new solution.

Decommission the old solution, install the new solution, and test the new solution.

Test the new solution, migrate to the new solution, and decommission the old solution.

4. 131. A company has a legacy virtual cluster which was added to the datacenter after a small company was acquired. All VMs on the cluster use the same virtual network interface to connect to the corporate data center LAN. Some of the virtual machines on the cluster process customer data, some process company financial data, and others act as externally facing web servers. Which of the following security risks can result from the configuration in this scenario?

Visibility on the traffic between the virtual machines can impact confidentiality

NIC utilization can exceed 50 percent and impact availability

Shared virtual switches can negatively impact the integrity of network packets

Additional overhead from network bridging can affect availability

5. 137. The increasing complexity of attacks on corporate networks is a direct result of more and more corporate employees connecting to corporate networks with mobile and personal devices. In most cases simply banning these connections and devices is not practical because they support necessary business needs. Which of the following are typical risks and mitigations associated with this new trend?

6. 133. An administrator is troubleshooting availability issues on a FCoE based storage array that uses deduplication. An administrator has access to the raw data from the SAN and wants to restore the data to different hardware. Which of the following issues may potentially occur?

The existing SAN may be read-only.

The existing SAN used LUN masking.

The new SAN is not FCoE based.

The data may not be in a usable format.

7. 143. A bank has just outsourced the security department to a consulting firm, but retained the security architecture group. A few months into the contract the bank discovers that the consulting firm has sub-contracted some of the security functions to another provider. Management is pressuring the sourcing manager to ensure adequate protections are in place to insulate the bank from legal and service exposures. Which of the following is the MOST appropriate action to take?

Directly establish another separate service contract with the sub-contractor to limit the riskexposure and legal implications.

Ensure the consulting firm has service agreements with the sub-contractor; if the agreementdoes not exist, exit the contract when possible.

Terminate the contract immediately and bring the security department in-house again to reducelegal and regulatory exposure.

8. Company XYZ has invested an increasing amount in security due to the changing threat landscape. The company is going through a cost cutting exercise and the Chief Financial Officer (CFO) has queried the security budget allocated to the Chief Information Security Officer (CISO). At the same time, the CISO is actively promoting business cases for additional funding to support new initiatives. These initiatives will mitigate several security incidents that have occurred due to ineffective controls. A security advisor is engaged to assess the current controls framework and to provide recommendations on whether preventative, detective, or corrective controls should be implemented. How should the security advisor respond when explaining which controls to implement?

9. 128. Which of the following is a security advantage of single sign-on? (Select TWO).

Users only have to remember one password.

Applications need to validate authentication tokens.

Authentication is secured by the certificate authority.

Less time and complexity removing user access.

All password transactions are encrypted.

Submit

10. 147. A newly-hired Chief Information Security Officer (CISO) is faced with improving security for a company with low morale and numerous disgruntled employees. After reviewing the situation for several weeks the CISO publishes a more comprehensive security policy with associated standards. Which of the following issues could be addressed through the use of technical controls specified in the new security policy?

Employees publishing negative information and stories about company management on socialnetwork sites and blogs.

An employee remotely configuring the email server at a relative’s company during work hours.

Employees posting negative comments about the company from personal phones and PDAs.

External parties cloning some of the company’s externally facing web pages and creating lookalikesites.

11. 132. A user on a virtual machine downloads a large file using a popular peer-to-peer torrent program. The user is unable to execute the program on their VM. A security administrator scans the VM and detects a virus in the program. The administrator reviews the hypervisor logs and correlates several access attempts to the time of execution of the virus. Which of the following is the MOST likely explanation for this behavior?

The hypervisor host does not have hardware acceleration enabled and does not allow DEP.

The virus scanner on the VM changes file extensions of all programs downloaded via P2P toprevent execution.

The virtual machine is configured to require administrator rights to execute all programs.

The virus is trying to access a virtual device which the hypervisor is configured to restrict.

12. 130. Company A is purchasing Company B, and will import all of Company B's users into its authentication system. Company A uses 802.1x with a RADIUS server, while Company B uses a captive SSL portal with an LDAP backend. Which of the following is the BEST way to integrate these two networks?

Enable RADIUS and end point security on Company B’s network devices.

Enable LDAP authentication on Company A’s network devices.

Enable LDAP/TLS authentication on Company A’s network devices.

Enable 802.1x on Company B’s network devices.

13. 123. Within an organization, there is a known lack of governance for solution designs. As a result there are inconsistencies and varying levels of quality for the artifacts that are produced. Which of the following will help BEST improve this situation?

Ensure that those producing solution artifacts are reminded at the next team meeting thatquality is important.

Introduce a peer review process that is mandatory before a document can be officially madefinal.

Introduce a peer review and presentation process that includes a review board withrepresentation from relevant disciplines.

Ensure that appropriate representation from each relevant discipline approves of the solutiondocuments before official approval.

14. 141. Company XYZ is selling its manufacturing business consisting of one plant to a competitor, Company QRS. All of the people will become QRS employees, but will retain permissions to plantspecific information and resources for one month. To ease the transition, Company QRS also connected the plant and employees to the Company QRS network. Which of the following threats is the HIGHEST risk to Company XYZ?

Malware originating from Company XYZ’s network

Co-mingling of company networks

Lack of an IPSec connection between the two networks

Loss of proprietary plant information

15. The new security policy states that only authorized software will be allowed on the corporate network and all personally owned equipment needs to be configured by the IT security staff before being allowed on the network. The security administrator creates standard images with all the required software and proper security controls. These images are required to be loaded on all personally owned equipment prior to connecting to the corporate network. These measures ensure compliance with the new security policy. Which of the following security risks still needs to be addressed in this scenario?

An employee copying gigabytes of personal video files from the employee’s personal laptop totheir company desktop to share files.

An employee connecting their personal laptop to use a non-company endorsed accountingapplication that the employee used at a previous company.

An employee accidentally infecting the network with a virus by connecting a USB drive to theemployee’s personal laptop.

16. 146. A new malware spreads over UDP Port 8320 and several network hosts have been infected. A new security administrator has determined a possible cause, and the infected machines have been quarantined. Which of the following actions could a new security administrator take to further mitigate this issue?

Limit source ports on the firewall to specific IP addresses.

Add an explicit deny-all and log rule as the final entry of the firewall rulebase.

Implement stateful UDP filtering on UDP ports above 1024.

Configure the firewall to use IPv6 by default.

17. 121. A software vendor has had several zero-day attacks against its software, due to previously unknown security defects being exploited by attackers. The attackers have been able to perform operations at the same security level as the trusted application. The vendor product management team has decided to re-design the application with security as a priority. Which of the following is a design principle that should be used to BEST prevent these types of attacks?

Application sandboxing

Input validation

Penetration testing

Code reviews

18. 150. A company data center provides Internet based access to email and web services. The firewall is separated into four zones: RED ZONE is an Internet zone ORANGE ZONE a Web DMZ YELLOW ZONE an email DMZ GREEN ZONE is a management interface There are 15 email servers and 10 web servers. The data center administrator plugs a laptop into the management interface to make firewall changes. The administrator would like to secure this environment but has a limited budget. Assuming each addition is an appliance, which of the following would provide the MOST appropriate placement of security solutions while minimizing the expenses?

RED ZONE. noneORANGE ZONE. WAFYELLOW ZONE. SPAM FilterGREEN ZONE. none

RED ZONE. Virus Scanner, SPAM FilterORANGE ZONE. NIPSYELLOW ZONE. NIPSGREEN ZONE. NIPS

RED ZONE. WAF, Virus ScannerORANGE ZONE. NIPSYELLOW ZONE. NIPSGREEN ZONE. SPAM Filter

RED ZONE. NIPSORANGE ZONE. WAFYELLOW ZONE. Virus Scanner, SPAM FilterGREEN ZONE. none

19. 129. After a system update causes significant downtime, the Chief Information Security Officer (CISO) asks the IT manager who was responsible for the update. The IT manager responds that it is impossible to know who did the update since five different people have administrative access. How should the IT manager increase accountability to prevent this situation from reoccurring? (Select TWO).

Implement an enforceable change management system.

Implement a software development life cycle policy.

Enable user level auditing on all servers.

Implement a federated identity management system.

Configure automatic updates on all servers.

Submit

20. 125. A growing corporation is responding to the needs of its employees to access corporate email and other resources while traveling. The company is implementing remote access for company laptops. Which of the following security systems should be implemented for remote access? (Select TWO).

Virtual Private Network

Secure Sockets Layer for web servers

Network monitoring

Multifactor authentication for users

Full disk encryption

Intrusion detection systems

Submit

21. 145. There has been a recent security breach which has led to the release of sensitive customer information. As part of improving security and reducing the disclosure of customer data, a training company has been employed to educate staff. Which of the following should be the primary focus of the privacy compliance training program?

Explain how customer data is gathered, used, disclosed, and managed.

Remind staff of the company’s data handling policy and have staff sign an NDA.

Focus on explaining the “how” and “why” customer data is being collected.

Republish the data classification and the confidentiality policy.

22. 138. A security engineer at a major financial institution is prototyping multiple secure network configurations. The testing is focused on understanding the impact each potential design will have on the three major security tenants of the network. All designs must take into account the stringent compliance and reporting requirements for most worldwide financial institutions. Which of the following is the BEST list of security lifecycle related concerns related to deploying the final design?

23. 134. The security administrator has noticed a range of network problems affecting the proxy server. Based on reviewing the logs, the administrator notices that the firewall is being targeted with various web attacks at the same time that the network problems are occurring. Which of the following strategies would be MOST effective in conducting an in-depth assessment and remediation of the problems?

24. 135. Company A is merging with Company B. Company B uses mostly hosted services from an outside vendor, while Company A uses mostly in-house products. The project manager of the merger states the merged systems should meet these goals: Ability to customize systems per department Quick implementation along with an immediate ROI The internal IT team having administrative level control over all products The project manager states the in-house services are the best solution. Because of staff shortages, the senior security administrator argues that security will be best maintained by continuing to use outsourced services. Which of the following solutions BEST solves the disagreement?

25. 139. The sales staff at a software development company has received the following requirements from a customer: "We need the system to notify us in advance of all software errors and report all outages". Which of the following BEST conveys these customer requirements to the software development team to understand and implement?

The system shall alert the administrator upon the loss of network communications and whenerror flags are thrown.

26. 148. A small company has recently placed a newly installed DNS server on the DMZ and wants to secure it by allowing Internet hosts to query the DNS server. Since the company deploys an internal DNS server, all DNS queries to that server coming from the company network should be blocked. An IT administrator has placed the following ACL on the company firewall: Testing shows that the DNS server in the DMZ is not working. Which of the following should the administrator do to resolve the problem?

Modify the SRC and DST ports of ACL 1

Modify the SRC IP of ACL 1 to 0.0.0.0/32

Modify the ACTION of ACL 2 to Permit

Modify the PROTO of ACL 1 to TCP

27. 126. In order to reduce cost and improve employee satisfaction, a large corporation has decided to allow personal communication devices to access email and to remotely connect to the corporate network. Which of the following security measures should the IT organization implement? (Select TWO).

A device lockdown according to policies

An IDS on the internal networks

A data disclosure policy

A privacy policy

Encrypt data in transit for remote access

Submit

28. 140. A programming team is deploying a new PHP module to be run on a Solaris 10 server with trusted extensions. The server is configured with three zones, a management zone, a customer zone, and a backend zone. The security model is constructed so that only programs in the management zone can communicate data between the zones. After installation of the new PHP module, which handles on-line customer payments, it is not functioning correctly. Which of the following is the MOST likely cause of this problem?

The iptables configuration is not configured correctly to permit zone to zone communicationsbetween the customer and backend zones.

The ipfilters configuration is configured to disallow loopback traffic between the physical NICsassociated with each zone.

29. 149. An administrator would like to connect a server to a SAN. Which of the following processes would BEST allow for availability and access control?

Install a dual port HBA on the SAN, create a LUN on the server, and enable deduplication anddata snapshots.

Install a multipath LUN on the server with deduplication, and enable LUN masking on the SAN.

Install 2 LUNs on the server, cluster HBAs on the SAN, and enable multipath and datadeduplication.

Install a dual port HBA in the server; create a LUN on the SAN, and enable LUN masking andmultipath.

30. 142. Company ABC has grown yearly through mergers and acquisitions. This has led to over 200 internal custom web applications having standalone identity stores. In order to reduce costs and improve operational efficiencies a project has been initiated to implement a centralized security infrastructure. The requirements are as follows: Reduce costs Improve efficiencies and time to market Manageable Accurate identity information Standardize on authentication and authorization Ensure a reusable model with standard integration patterns Which of the following security solution options will BEST meet the above requirements? (Select THREE).

Build an organization-wide fine grained access control model stored in a centralized policy datastore.

Implement self service provisioning of identity information, coarse grained, and fine grainedaccess control.

Implement a web access controlled reverse proxy and centralized directory model providingcoarse grained access control and single sign-on capabilities.

Implement automated provisioning of identity information; coarse grained, and fine grainedaccess control.

Move each of the applications individual fine grained access control models into a centralizeddirectory with fine grained access control.

Implement a web access control forward proxy and centralized directory model, providingcoarse grained access control, and single sign-on capabilities.

Submit

CASP ? 121-150