CASP? 151-180 Quiz-9

PHP is overriding the Apache security settings.

SELinux is preventing HTTP access to home directories.

PHP has not been restarted since the additions were added.

The directory had an explicit allow statement rather than the implicit deny.

Threat: 802.1q trunking attack Remediation: Enable only necessary VLANs for each port

Threat: Bridge loop Remediation: Enable spanning tree

Threat: VLAN hopping Remediation: Enable only necessary VLANs for each port

Threat: VLAN hopping Remediation: Enable ACLs on the IDF switch

Upgrade all system’s to use a HIPS and require daily anti-virus scans.

Conduct a vulnerability assessment of the standard image and remediate findings.

Upgrade the existing NIDS to NIPS and deploy the system across all network segments.

Rebuild the standard image and require daily anti-virus scans of all PCs and laptops.

The company does not have an adequate test environment to validate the impact of the third party patch, introducing unknown risks.

The third party patch may introduce additional unforeseen risks and void the software licenses for the patched applications.

The company’s patch management solution only supports patches and updates released directly by the vendor.

Another period of vulnerability will be introduced because of the need to remove the third party patch prior to installing any vendor patch.

Two factor authentication for all incident responders

A central SYSLOG server for collecting all logs

A distributed SIEM with centralized sensors

A SIEM server with distributed sensors

Audit successful and failed events, transfer logs to a centralized server, institute computer assisted audit reduction, and email alerts to NOC staff hourly.

Audit successful and critical failed events, transfer logs to a centralized server once a month, tailor logged event thresholds to meet organization goals, and display alerts in real time when thresholds are approached.

Audit successful and failed events, transfer logs to a centralized server, institute computer assisted audit reduction, tailor logged event thresholds to meet organization goals, and display alerts in real time when thresholds are exceeded.

Audit failed events only, transfer logs to a centralized server, implement manual audit reduction, tailor logged event thresholds to meet organization goals, and display alerts in real time when thresholds are approached and exceeded.

HIPS on all hosts in Zone A and B, and an antivirus and patch server in Zone C.

A WAF on the switch in Zone C, an additional firewall in Zone A, and an antivirus server in Zone B.

A NIPS on the switch in Zone C, an antivirus server in Zone A, and a patch server in Zone B.

A NIDS on the switch in Zone C, a WAF in Zone A, and a firewall in Zone B.

Deployment of multiple standard images based on individual hardware configurations, employee choice of hardware and software requirements, triple redundancy of all processing equipment

Enforcement of strict network access controls and bandwidth minimization techniques, a single standard software image, high speed processing, and distributed backups of all equipment in the datacenter.

Deployment of a unified VDI across all devices, SSD RAID in all servers, multiple identical hot sites, granting administrative rights to all users, backup of system critical data.

Enforcement of security policies on mobile/remote devices, standard images and device hardware configurations, multiple layers of redundancy, and backup on all storage devices.

Purchase the equipment now, but do not use 802.11r until the standard is ratified.

Do not purchase the equipment now as the client devices do not yet support 802.11r.

Purchase the equipment now, as long as it will be firmware upgradeable to the final 802.11r standard.

Do not purchase the equipment now; delay the implementation until the IETF has ratified the final 802.11r standard.

Use the security assurance team and development team to perform Grey box testing.

Sign a NDA with a large consulting firm and use the firm to perform Black box testing.

Use the security assurance team and development team to perform Black box testing.

Sign a NDA with a small consulting firm and use the firm to perform Grey box testing.

The firewall will meet the availability requirement because availability will be 99.98%.

The firewall will not meet the availability requirement because availability will be 85%.

The firewall will meet the availability requirement because availability will be 99.993%.

The firewall will not meet the availability requirement because availability will be 99.2%.

Header manipulation

Account disclosure

Unvalidated file inclusion

Cross-site scripting

3 hours

3.5 hours

4 hours

4.666 hours

Nearly four years

Nearly six years

Within the first year

Nearly three years

The administrator should enter a username and use an offline password cracker in brute force mode.

The administrator should use a network analyzer to determine which packet caused the system to crash.

The administrator should extract the password file and run an online password cracker in brute force mode against the password file.

The administrator should run an online fuzzer against the login screen.

The system administrator should take advantage of the company’s cluster based computing resources, upload the password file to the cluster, and run the password cracker on that platform.

The system administrator should upload the password file to a virtualized de-duplicated storage system to reduce the password entries and run a password cracker on that file.

The system administrator should build a virtual machine on the administrator’s desktop, transfer the password file to it, and run the a password cracker on the virtual machine.

The system administrator should upload the password file to cloud storage and use on-demand provisioning to build a purpose based virtual machine to run a password cracker on all the users.

The IP TOS field of business related network traffic should be modified accordingly.

The TCP flags of business related traffic should be modified accordingly.

An ACL should be placed on the external router to drop incoming ICMP packets.

An ACL should be placed on the internal router to drop layer 4 packets to and from port 0.

An NTP client side attack successfully exploited some hosts.

A DNS cache poisoning successfully exploited some hosts.

An NTP server side attack successfully exploited some hosts.

A DNS server side attack successfully exploited some hosts.

1) Consult legal, moral, and ethical standards; 2) Draft General Organizational Policy; 3) Specify Functional Implementing Policies; 4) Allow vendors to review and participate in the establishment of focused compliance standards, plans, and procedures

1) Consult legal and regulatory requirements; 2) Draft General Organizational Policy; 3) Specify Functional Implementing Policies; 4) Establish necessary standards, procedures, baselines, and guidelines

1) Draft General Organizational Policy; 2) Establish necessary standards and compliance documentation; 3) Consult legal and industry security experts; 4) Determine acceptable tolerance guidelines

1) Draft a Specific Company Policy Plan; 2) Consult with vendors to review and collaborate with executives; 3) Add industry compliance where needed; 4) Specify Functional Implementing Policies

Transfer the risks

Avoid the risks

Accept the risks

Mitigate the risks

Ask the three submitting vendors for a full blown RFP so that the CPO and SPM can move to the next step.

Contact the three submitting vendor firms and have them submit supporting RFIs to provide more detailed information about their product solutions.

Provide the CPO and the SPM a personalized summary from what the CISO knows about these three submitting vendors.

Inform the three submitting vendors that there quotes are null and void at this time and that they are disqualified based upon their RFQs.

Transient identifiers

SOAP calls

Discovery profiles

Security bindings

Attribute authority and certificate authority

Certificate authority and attribute requestor

Identity provider and service provider

Service provider and administrator

Include a source code escrow clause in the contract for this system.

Require proof-of-insurance by the vendor in the RFP for this system.

Include a penalty clause in the contract for this system.

Require on-going maintenance as part of the SLA for this system.

COTS software is typically well known and widely available. Information concerning vulnerabilities and viable attack patterns are never revealed by the developer to avoid a lawsuit.

COTS software is not well known and is only available in limited quantities. Information concerning vulnerabilities is kept internal to the company that developed the software.

COTS software is well known and widely available. Information concerning vulnerabilities and viable attack patterns is typically ignored within the IT community.

COTS software is well known and widely available. Information concerning vulnerabilities and viable attack patterns is typically shared within the IT community.

It is difficult to verify the security of COTS code because the source is available to the customer and it takes significant man hours to sort through it.

COTS software often provides the source code as part of the licensing agreement and it becomes the company’s responsibility to verify the security.

It is difficult to verify the security of COTS code because the source is not available to the customer in many cases.

COTS source code is readily available to the customer in many cases which opens the customer’s network to both internal and external attacks.

Implement a split DNS, only allowing the external DNS server to contain information about domains that only the outside world should be aware, and an internal DNS server to maintain authoritative records for internal systems.

Implement a split DNS, only allowing the external DNS server to contain information about internal domain resources that the outside world would be interested in, and an internal DNS server to maintain authoritative records for internal systems.

Implement a split DNS, only allowing the external DNS server to contain information about domains that only the outside world should be aware, and an internal DNS server to maintain nonauthoritative records for external systems.

Implement a split DNS, only allowing the internal DNS server to contain information about domains the outside world should be aware of, and an external DNS server to maintain authoritative records for internal systems.

Secure Software Requirements

Secure Software Implementation

Secure Software Design

Software Acceptance