CASP? 151-180 Quiz-9

30 Questions

Settings
CASP Quizzes & Trivia

Appraisal tools are essential in any set up and CASP consists of a set of eight of them used for various purposes. Take the test below to find out how these tools are enablers of conducting research and much more. All the best.


Questions and Answers
  • 1. 
    151. An administrator implements a new PHP application into an existing website and discovers the newly added PHP pages do not work. The rest of the site also uses PHP and is functioning correctly. The administrator tested the new application on their personal workstation thoroughly before uploading to the server and did not run into any errors. Checking the Apache configuration file, the administrator verifies that the new virtual directory is added as listed: <VirtualHost *:80> DocumentRoot "/var/www" <Directory "/home/administrator/app"> AllowOveride none Order allow, deny Allow from all </Directory> </VirtualHost> Which of the following is MOST likely occurring so that this application does not run properly?
    • A. 

      PHP is overriding the Apache security settings.

    • B. 

      SELinux is preventing HTTP access to home directories.

    • C. 

      PHP has not been restarted since the additions were added.

    • D. 

      The directory had an explicit allow statement rather than the implicit deny.

  • 2. 
    152. Company GHI consolidated their network distribution so twelve network VLANs would be available over dual fiber links to a modular L2 switch in each of the company’s six IDFs. The IDF modular switches have redundant switch fabrics and power supplies. Which of the following threats will have the GREATEST impact on the network and what is the appropriate remediation step?
    • A. 

      Threat: 802.1q trunking attack Remediation: Enable only necessary VLANs for each port

    • B. 

      Threat: Bridge loop Remediation: Enable spanning tree

    • C. 

      Threat: VLAN hopping Remediation: Enable only necessary VLANs for each port

    • D. 

      Threat: VLAN hopping Remediation: Enable ACLs on the IDF switch

  • 3. 
    153. After a recent outbreak of malware attacks, the Chief Information Officer (CIO) tasks the new security manager with determining how to keep these attacks from reoccurring. The company has a standard image for all laptops/workstations and uses a host-based firewall and anti-virus. Which of the following should the security manager suggest to INCREASE each system’s security level?
    • A. 

      Upgrade all system’s to use a HIPS and require daily anti-virus scans.

    • B. 

      Conduct a vulnerability assessment of the standard image and remediate findings.

    • C. 

      Upgrade the existing NIDS to NIPS and deploy the system across all network segments.

    • D. 

      Rebuild the standard image and require daily anti-virus scans of all PCs and laptops.

  • 4. 
    154. The Chief Information Officer (CIO) of Company XYZ has returned from a large IT conference where one of the topics was defending against zero day attacks – specifically deploying third party patches to vulnerable software. Two months prior, the majority of the company systems were compromised because of a zero day exploit. Due to budget constraints the company only has operational systems. The CIO wants the Security Manager to research the use of these patches. Which of the following is the GREATEST concern with the use of a third party patch to mitigate another un-patched vulnerability?
    • A. 

      The company does not have an adequate test environment to validate the impact of the third party patch, introducing unknown risks.

    • B. 

      The third party patch may introduce additional unforeseen risks and void the software licenses for the patched applications.

    • C. 

      The company’s patch management solution only supports patches and updates released directly by the vendor.

    • D. 

      Another period of vulnerability will be introduced because of the need to remove the third party patch prior to installing any vendor patch.

  • 5. 
    155. When planning a complex system architecture, it is important to build in mechanisms to secure log information, facilitate audit log reduction, and event correlation. Besides synchronizing system time across all devices through NTP, which of the following is also a common design consideration for remote locations?
    • A. 

      Two factor authentication for all incident responders

    • B. 

      A central SYSLOG server for collecting all logs

    • C. 

      A distributed SIEM with centralized sensors

    • D. 

      A SIEM server with distributed sensors

  • 6. 
    • A. 

      Audit successful and failed events, transfer logs to a centralized server, institute computer assisted audit reduction, and email alerts to NOC staff hourly.

    • B. 

      Audit successful and critical failed events, transfer logs to a centralized server once a month, tailor logged event thresholds to meet organization goals, and display alerts in real time when thresholds are approached.

    • C. 

      Audit successful and failed events, transfer logs to a centralized server, institute computer assisted audit reduction, tailor logged event thresholds to meet organization goals, and display alerts in real time when thresholds are exceeded.

    • D. 

      Audit failed events only, transfer logs to a centralized server, implement manual audit reduction, tailor logged event thresholds to meet organization goals, and display alerts in real time when thresholds are approached and exceeded.

  • 7. 
    157. A corporation relies on a server running a trusted operating system to broker data transactions between different security zones on their network. Each zone is a separate domain and the only connection between the networks is via the trusted server. The three zones at the corporation are as followeD. Zone A connects to a network, which is also connected to the Internet through a router. Zone B to a closed research and development network. Zone C to an intermediary switch supporting a SAN, dedicated to long-term audit log and file storage, so the corporation meets compliance requirements. A firewall is deployed on the inside edge of the Internet connected router. Which of the following is the BEST location to place other security equipment?
    • A. 

      HIPS on all hosts in Zone A and B, and an antivirus and patch server in Zone C.

    • B. 

      A WAF on the switch in Zone C, an additional firewall in Zone A, and an antivirus server in Zone B.

    • C. 

      A NIPS on the switch in Zone C, an antivirus server in Zone A, and a patch server in Zone B.

    • D. 

      A NIDS on the switch in Zone C, a WAF in Zone A, and a firewall in Zone B.

  • 8. 
    158. A system architect has the following constraints from the customer: Confidentiality, Integrity, and Availability (CIA) are all of equal importance. Average availability must be at least 6 nines (99.9999%). All devices must support collaboration with every other user device. All devices must be VoIP and teleconference ready. Which of the following security controls is the BEST to apply to this architecture?
    • A. 

      Deployment of multiple standard images based on individual hardware configurations, employee choice of hardware and software requirements, triple redundancy of all processing equipment

    • B. 

      Enforcement of strict network access controls and bandwidth minimization techniques, a single standard software image, high speed processing, and distributed backups of all equipment in the datacenter.

    • C. 

      Deployment of a unified VDI across all devices, SSD RAID in all servers, multiple identical hot sites, granting administrative rights to all users, backup of system critical data.

    • D. 

      Enforcement of security policies on mobile/remote devices, standard images and device hardware configurations, multiple layers of redundancy, and backup on all storage devices.

  • 9. 
    159. The security administrator reports that the physical security of the Ethernet network has been breached, but the fibre channel storage network was not breached. Why might this still concern the storage administrator? (Select TWO).
    • A. 

      The storage network uses FCoE.

    • B. 

      The storage network uses iSCSI.

    • C. 

      The storage network uses vSAN.

    • D. 

      The storage network uses switch zoning.

    • E. 

      The storage network uses LUN masking.

  • 10. 
    160. As part of a new wireless implementation, the Chief Information Officer’s (CIO’s) main objective is to immediately deploy a system that supports the 802.11r standard, which will help wireless VoIP devices in moving vehicles. However, the 802.11r standard was not ratified by the IETF. The wireless vendor’s products do support the pre-ratification version of 802.11r. The security and network administrators have tested the product and do not see any security or compatibility issues; however, they are concerned that the standard is not yet final. Which of the following is the BEST way to proceed?
    • A. 

      Purchase the equipment now, but do not use 802.11r until the standard is ratified.

    • B. 

      Do not purchase the equipment now as the client devices do not yet support 802.11r.

    • C. 

      Purchase the equipment now, as long as it will be firmware upgradeable to the final 802.11r standard.

    • D. 

      Do not purchase the equipment now; delay the implementation until the IETF has ratified the final 802.11r standard.

  • 11. 
    161. A firm’s Chief Executive Officer (CEO) is concerned that its IT staff lacks the knowledge to identify complex vulnerabilities that may exist in the payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted, in a risk management meeting that code base confidentiality is of upmost importance to allow the company to exceed the competition in terms of product reliability, stability and performance. The CEO also highlighted that company reputation for secure products is extremely important. Which of the following will provide the MOST thorough testing and satisfy the CEO’s requirements?
    • A. 

      Use the security assurance team and development team to perform Grey box testing.

    • B. 

      Sign a NDA with a large consulting firm and use the firm to perform Black box testing.

    • C. 

      Use the security assurance team and development team to perform Black box testing.

    • D. 

      Sign a NDA with a small consulting firm and use the firm to perform Grey box testing.

  • 12. 
    162. The security manager is in the process of writing a business case to replace a legacy secure web gateway so as to meet an availability requirement of 99.9% service availability. According to the vendor, the newly acquired firewall has been rated with an MTBF of 10,000 hours and has an MTTR of 2 hours. This equates to 1.75 hours per year of downtime. Based on this, which of the following is the MOST accurate statement?
    • A. 

      The firewall will meet the availability requirement because availability will be 99.98%.

    • B. 

      The firewall will not meet the availability requirement because availability will be 85%.

    • C. 

      The firewall will meet the availability requirement because availability will be 99.993%.

    • D. 

      The firewall will not meet the availability requirement because availability will be 99.2%.

  • 13. 
    163. What of the following vulnerabilities is present in the below source code file named ‘AuthenticatedArea.php’? <html><head><title>AuthenticatedArea</title></head> <? include (“/inc/common.php”); $username = $_REQUEST[‘username’]; if ($username != “”) { echo “Your username is: “ . $_REQUEST[‘username’]; }else { header)(“location: /login.php” } ?> </html>
    • A. 

      Header manipulation

    • B. 

      Account disclosure

    • C. 

      Unvalidated file inclusion

    • D. 

      Cross-site scripting

  • 14. 
    • A. 

      3 hours

    • B. 

      3.5 hours

    • C. 

      4 hours

    • D. 

      4.666 hours

  • 15. 
    • A. 

      Nearly four years

    • B. 

      Nearly six years

    • C. 

      Within the first year

    • D. 

      Nearly three years

  • 16. 
    166. During user acceptance testing, the security administrator believes to have discovered an issue in the login prompt of the company’s financial system. While entering the username and password, the program crashed and displayed the system command prompt. The security administrator believes that one of the fields may have been mistyped and wants to reproduce the issue to report it to the software developers. Which of the following should the administrator use to reproduce the issue?
    • A. 

      The administrator should enter a username and use an offline password cracker in brute force mode.

    • B. 

      The administrator should use a network analyzer to determine which packet caused the system to crash.

    • C. 

      The administrator should extract the password file and run an online password cracker in brute force mode against the password file.

    • D. 

      The administrator should run an online fuzzer against the login screen.

  • 17. 
    167. A security administrator wants to perform an audit of the company password file to ensure users are not using personal information such as addresses and birthdays as part of their password. The company employs 200,000 users, has virtualized environments with cluster and cloud-based computing resources, and enforces a minimum password length of 14 characters. Which of the following options is BEST suited to run the password auditing software and produce a report in the SHORTEST amount of time?
    • A. 

      The system administrator should take advantage of the company’s cluster based computing resources, upload the password file to the cluster, and run the password cracker on that platform.

    • B. 

      The system administrator should upload the password file to a virtualized de-duplicated storage system to reduce the password entries and run a password cracker on that file.

    • C. 

      The system administrator should build a virtual machine on the administrator’s desktop, transfer the password file to it, and run the a password cracker on the virtual machine.

    • D. 

      The system administrator should upload the password file to cloud storage and use on-demand provisioning to build a purpose based virtual machine to run a password cracker on all the users.

  • 18. 
    168. The network administrator has been tracking the cause of network performance problems and decides to take a look at the internal and external router stats.
    • A. 

      The IP TOS field of business related network traffic should be modified accordingly.

    • B. 

      The TCP flags of business related traffic should be modified accordingly.

    • C. 

      An ACL should be placed on the external router to drop incoming ICMP packets.

    • D. 

      An ACL should be placed on the internal router to drop layer 4 packets to and from port 0.

  • 19. 
    169. The security administrator at ‘company.com’ is reviewing the network logs and notices a new UDP port pattern where the amount of UDP port 123 packets has increased by 20% above the baseline. The administrator runs a packet capturing tool from a server attached to a SPAN port and notices the following. UDP 192.168.0.1:123 -> 172.60.3.0:123 UDP 192.168.0.36:123 -> time.company.com UDP 192.168.0.112:123 -> 172.60.3.0:123 UDP 192.168.0.91:123 -> time.company.com UDP 192.168.0.211:123 -> 172.60.3.0:123 UDP 192.168.0.237:123 -> time.company.com UDP 192.168.0.78:123 -> 172.60.3.0:123 The corporate HIPS console reports an MD5 hash mismatch on the svchost.exe file of the following computers: 192.168.0.1 192.168.0.112 192.168.0.211 192.168.0.78 Which of the following should the security administrator report to upper management based on the above output?
    • A. 

      An NTP client side attack successfully exploited some hosts.

    • B. 

      A DNS cache poisoning successfully exploited some hosts.

    • C. 

      An NTP server side attack successfully exploited some hosts.

    • D. 

      A DNS server side attack successfully exploited some hosts.

  • 20. 
    170. A mid-level company is rewriting its security policies and has halted the rewriting progress because the company’s executives believe that its major vendors, who have cultivated a strong personal and professional relationship with the senior level staff, have a good handle on compliance and regulatory standards. Therefore, the executive level managers are allowing vendors to play a large role in writing the policy. Having experienced this type of environment in previous positions, and being aware that vendors may not always put the company’s interests first, the IT Director decides that while vendor support is important, it is critical that the company writes the policy objectively. Which of the following is the recommendation the IT Director should present to senior staff?
    • A. 

      1) Consult legal, moral, and ethical standards; 2) Draft General Organizational Policy; 3) Specify Functional Implementing Policies; 4) Allow vendors to review and participate in the establishment of focused compliance standards, plans, and procedures

    • B. 

      1) Consult legal and regulatory requirements; 2) Draft General Organizational Policy; 3) Specify Functional Implementing Policies; 4) Establish necessary standards, procedures, baselines, and guidelines

    • C. 

      1) Draft General Organizational Policy; 2) Establish necessary standards and compliance documentation; 3) Consult legal and industry security experts; 4) Determine acceptable tolerance guidelines

    • D. 

      1) Draft a Specific Company Policy Plan; 2) Consult with vendors to review and collaborate with executives; 3) Add industry compliance where needed; 4) Specify Functional Implementing Policies

  • 21. 
    171. A Chief Information Security Officer (CISO) has been trying to eliminate some IT security risks for several months. These risks are not high profile but still exist. Furthermore, many of these risks have been mitigated with innovative solutions. However, at this point in time, the budget is insufficient to deal with the risks. Which of the following risk strategies should be used?
    • A. 

      Transfer the risks

    • B. 

      Avoid the risks

    • C. 

      Accept the risks

    • D. 

      Mitigate the risks

  • 22. 
    172. The firm’s CISO has been working with the Chief Procurement Officer (CPO) and the Senior Project Manager (SPM) on soliciting bids for a series of HIPS and NIPS products for a major installation in the firm’s new Hong Kong office. After reviewing RFQs received from three vendors, the CPO and the SPM have not gained any real data regarding the specifications about any of the solutions and want that data before the procurement continues. Which of the following will the CPO and SPM have the CISO do at this point to get back on track in this procurement process?
    • A. 

      Ask the three submitting vendors for a full blown RFP so that the CPO and SPM can move to the next step.

    • B. 

      Contact the three submitting vendor firms and have them submit supporting RFIs to provide more detailed information about their product solutions.

    • C. 

      Provide the CPO and the SPM a personalized summary from what the CISO knows about these three submitting vendors.

    • D. 

      Inform the three submitting vendors that there quotes are null and void at this time and that they are disqualified based upon their RFQs.

  • 23. 
    173. To prevent a third party from identifying a specific user as having previously accessed a service provider through an SSO operation, SAML uses which of the following?
    • A. 

      Transient identifiers

    • B. 

      SOAP calls

    • C. 

      Discovery profiles

    • D. 

      Security bindings

  • 24. 
    174. SAML entities can operate in a variety of different roles. Valid SAML roles include which of the following?
    • A. 

      Attribute authority and certificate authority

    • B. 

      Certificate authority and attribute requestor

    • C. 

      Identity provider and service provider

    • D. 

      Service provider and administrator

  • 25. 
    175. A financial institution has decided to purchase a very expensive resource management system and has selected the product and vendor. The vendor is experiencing some minor, but public, legal issues. Senior management has some concerns on maintaining this system should the vendor go out of business. Which of the following should the Chief Information Security Officer (CISO) recommend to BEST limit exposure?
    • A. 

      Include a source code escrow clause in the contract for this system.

    • B. 

      Require proof-of-insurance by the vendor in the RFP for this system.

    • C. 

      Include a penalty clause in the contract for this system.

    • D. 

      Require on-going maintenance as part of the SLA for this system.

  • 26. 
    176. A company decides to purchase COTS software. This can introduce new security risks to the network. Which of the following is the BEST description of why this is true?
    • A. 

      COTS software is typically well known and widely available. Information concerning vulnerabilities and viable attack patterns are never revealed by the developer to avoid a lawsuit.

    • B. 

      COTS software is not well known and is only available in limited quantities. Information concerning vulnerabilities is kept internal to the company that developed the software.

    • C. 

      COTS software is well known and widely available. Information concerning vulnerabilities and viable attack patterns is typically ignored within the IT community.

    • D. 

      COTS software is well known and widely available. Information concerning vulnerabilities and viable attack patterns is typically shared within the IT community.

  • 27. 
    177. Which of the following is a security concern with deploying COTS products within the network?
    • A. 

      It is difficult to verify the security of COTS code because the source is available to the customer and it takes significant man hours to sort through it.

    • B. 

      COTS software often provides the source code as part of the licensing agreement and it becomes the company’s responsibility to verify the security.

    • C. 

      It is difficult to verify the security of COTS code because the source is not available to the customer in many cases.

    • D. 

      COTS source code is readily available to the customer in many cases which opens the customer’s network to both internal and external attacks.

  • 28. 
    178. The database team has suggested deploying a SOA based system across the enterprise. The Chief Information Officer (CIO) has decided to consult the security manager about the risk implications for adopting this architecture. Which of the following are concerns that the security manager should present to the CIO concerning the SOA system? (Select TWO).
    • A. 

      Users and services are centralized and only available within the enterprise.

    • B. 

      Users and services are distributed, often times over the Internet

    • C. 

      SOA centrally manages legacy systems, and opens the internal network to vulnerabilities.

    • D. 

      SOA abstracts legacy systems as a virtual device and is susceptible to VMEscape.

    • E. 

      SOA abstracts legacy systems as web services, which are often exposed to outside threats.

  • 29. 
    179. The security team for Company XYZ has determined that someone from outside the organization has obtained sensitive information about the internal organization by querying the external DNS server of the company. The security manager is tasked with making sure this problem does not occur in the future. How would the security manager address this problem?
    • A. 

      Implement a split DNS, only allowing the external DNS server to contain information about domains that only the outside world should be aware, and an internal DNS server to maintain authoritative records for internal systems.

    • B. 

      Implement a split DNS, only allowing the external DNS server to contain information about internal domain resources that the outside world would be interested in, and an internal DNS server to maintain authoritative records for internal systems.

    • C. 

      Implement a split DNS, only allowing the external DNS server to contain information about domains that only the outside world should be aware, and an internal DNS server to maintain nonauthoritative records for external systems.

    • D. 

      Implement a split DNS, only allowing the internal DNS server to contain information about domains the outside world should be aware of, and an external DNS server to maintain authoritative records for internal systems.

  • 30. 
    180. Unit testing for security functionality and resiliency to attack, as well as developing secure code and exploit mitigation, occur in which of the following phases of the Secure Software Development Lifecycle?
    • A. 

      Secure Software Requirements

    • B. 

      Secure Software Implementation

    • C. 

      Secure Software Design

    • D. 

      Software Acceptance