CASP ? 211-240

30 Questions

Settings
CASP Quizzes & Trivia

CASP? 211-241


Questions and Answers
  • 1. 
    211.  A database administrator comes across the below records in one of the databases during an internal audit of the payment system: UserIDAddressCredit Card No.Password jsmith123 fake street55XX-XXX-XXXX-1397Password100 jqdoe234 fake street42XX-XXX-XXXX-202717DEC12 From a security perspective, which of the following should be the administrator’s GREATEST concern, and what will correct the concern?
    • A. 

      Concern: Passwords are stored in plain text. Correction: Require a minimum of 8 alphanumeric characters and hash the password.

    • B. 

      Concern: User IDs are also usernames, and could be enumerated, thereby disclosing sensitive account information. Correction: Require user IDs to be more complex by using alphanumeric characters and hash the UserIDs.

    • C. 

      Concern: User IDs are confidential private information. Correction: Require encryption of user IDs.

    • D. 

      Concern: More than four digits within a credit card number are stored. Correction: Only store the last four digits of a credit card to protect sensitive financial information.

  • 2. 
    212. A security administrator is redesigning, and implementing a service-oriented architecture to replace an old, in-house software processing system, tied to a corporate sales website. After performing the business process analysis, the administrator decides the services need to operate in a dynamic fashion. The company has also been the victim of data injection attacks in the past and needs to build in mitigation features. Based on these requirements and past vulnerabilities, which of the following needs to be incorporated into the SOA?
    • A. 

      Point to point VPNs for all corporate intranet users.

    • B. 

      Cryptographic hashes of all data transferred between services.

    • C. 

      Service to service authentication for all workflows.

    • D. 

      Two-factor authentication and signed code

  • 3. 
    213. A team of security engineers has applied regulatory and corporate guidance to the design of a corporate network. The engineers have generated an SRTM based on their work and a thorough analysis of the complete set of functional and performance requirements in the network specification. Which of the following BEST describes the purpose of an SRTM in this scenario?
    • A. 

      To ensure the security of the network is documented prior to customer delivery

    • B. 

      To document the source of all functional requirements applicable to the network

    • C. 

      To facilitate the creation of performance testing metrics and test plans

    • D. 

      To allow certifiers to verify the network meets applicable security requirements

  • 4. 
    214. A small company hosting multiple virtualized client servers on a single host is considering adding a new host to create a cluster. The new host hardware and operating system will be different from the first host, but the underlying virtualization technology will be compatible. Both hosts will be connected to a shared iSCSI storage solution. Which of the following is the hosting company MOST likely trying to achieve?
    • A. 

      Increased customer data availability

    • B. 

      Increased customer data confidentiality

    • C. 

      Increased security through provisioning

    • D. 

      Increased security through data integrity

  • 5. 
    215. A security administrator is conducting network forensic analysis of a recent defacement of the company’s secure web payment server (HTTPS). The server was compromised around the New Year’s holiday when all the company employees were off. The company’s network diagram is summarized below: Internet Gateway Firewall IDS Web SSL Accelerator Web Server Farm Internal Firewall Company Internal Network The security administrator discovers that all the local web server logs have been deleted. Additionally, the Internal Firewall logs are intact but show no activity from the internal network to the web server farm during the holiday. Which of the following is true?
    • A. 

      The security administrator should review the IDS logs to determine the source of the attack and the attack vector used to compromise the web server.

    • B. 

      The security administrator must correlate the external firewall logs with the intrusion detection system logs to determine what specific attack led to the web server compromise.

    • C. 

      The security administrator must reconfigure the network and place the IDS between the SSL accelerator and the server farm to be able to determine the cause of future attacks.

    • D. 

      The security administrator must correlate logs from all the devices in the network diagram to determine what specific attack led to the web server compromise.

  • 6. 
    216.  The security manager of a company has hired an external consultant to conduct a security assessment of the company network. The contract stipulates that the consultant is not allowed to transmit any data on the company network while performing wired and wireless security assessments. Which of the following technical means can the consultant use to determine the manufacturer and likely operating system of the company wireless and wired network devices, as well as the computers connected to the company network?
    • A. 

      Social engineering

    • B. 

      Protocol analyzer

    • C. 

      Port scanner

    • D. 

      Grey box testing

  • 7. 
    217. A security consultant is called into a small advertising business to recommend which security policies and procedures would be most helpful to the business. The business is comprised of 20 employees, operating off of two shared servers. One server houses employee data and the other houses client data. All machines are on the same local network. Often these employees must work remotely from client sites, but do not access either of the servers remotely. Assuming no security policies or procedures are in place right now, which of the following would be the MOST applicable for implementation? (Select TWO).
    • A. 

      Password Policy

    • B. 

      Data Classification Policy

    • C. 

      Wireless Access Procedure

    • D. 

      VPN Policy

    • E. 

      Database Administrative Procedure

  • 8. 
    • A. 

      Wireless network security may need to be increased to decrease access of mobile devices.

    • B. 

      Physical security may need to be increased to deter or prevent theft of mobile devices.

    • C. 

      Network security may need to be increased by reducing the number of available physical network jacks.

    • D. 

      Wireless network security may need to be decreased to allow for increased access of mobile devices.

  • 9. 
    219. A process allows a LUN to be available to some hosts and unavailable to others. Which of the following causes such a process to become vulnerable?
    • A. 

      LUN masking

    • B. 

      Data injection

    • C. 

      Data fragmentation

    • D. 

      Moving the HBA

  • 10. 
    220. In order for a company to boost profits by implementing cost savings on non-core business activities, the IT manager has sought approval for the corporate email system to be hosted in the cloud. The compliance officer has been tasked with ensuring that data lifecycle issues are taken into account. Which of the following BEST covers the data lifecycle end-to-end?
    • A. 

      Creation and secure destruction of mail accounts, emails, and calendar items

    • B. 

      Information classification, vendor selection, and the RFP process

    • C. 

      Data provisioning, processing, in transit, at rest, and de-provisioning

    • D. 

      Securing virtual environments, appliances, and equipment that handle email

  • 11. 
    221. A large organization has gone through several mergers, acquisitions, and de-mergers over the past decade. As a result, the internal networks have been integrated but have complex dependencies and interactions between systems. Better integration is needed in order to simplify the underlying complexity. Which of the following is the MOST suitable integration platform to provide event-driven and standards-based secure software architecture?
    • A. 

      Service oriented architecture (SOA)

    • B. 

      Federated identities

    • C. 

      Object request broker (ORB)

    • D. 

      Enterprise service bus (ESB)

  • 12. 
    222.  The Chief Information Officer (CIO) of a technology company is likely to move away from a deperimeterized model for employee owned devices. This is because there were too many issues with lack of patching, malware incidents, and data leakage due to lost/stolen devices which did not have full-disk encryption. The ‘bring your own computing’ approach was originally introduced because different business units preferred different operating systems and application stacks. Based on the issues and user needs, which of the following is the BEST recommendation for the CIO to make?
    • A. 

      The de-perimeterized model should be kept as this is major industry trend and other companies are following this direction. Advise that the issues being faced are standard business as usual concerns in a modern IT environment.

    • B. 

      Update the policy to disallow non-company end-point devices on the corporate network. Develop security-focused standard operating environments (SOEs) for all required operating systems and ensure the needs of each business unit are met.

    • C. 

      The de-perimeterized model should be kept but update company policies to state that noncompany end-points require full disk encryption, anti-virus software, and regular patching.

    • D. 

      Update the policy to disallow non-company end-point devices on the corporate network. Allow only one type of outsourced SOE to all users as this will be easier to provision, secure, and will save money on operating costs.

  • 13. 
    223. An architect has been engaged to write the security viewpoint of a new initiative. Which of the following BEST describes a repeatable process that can be used for establishing the security architecture?
    • A. 

      Inspect a previous architectural document. Based on the historical decisions made, consult the architectural control and pattern library within the organization and select the controls that appear to best fit this new architectural need.

    • B. 

      Implement controls based on the system needs. Perform a risk analysis of the system. For any remaining risks, perform continuous monitoring.

    • C. 

      Classify information types used within the system into levels of confidentiality, integrity, and availability. Determine minimum required security controls. Conduct a risk analysis. Decide on which security controls to implement.

    • D. 

      Perform a risk analysis of the system. Avoid extreme risks. Mitigate high risks. Transfer medium risks and accept low risks. Perform continuous monitoring to ensure that the system remains at an adequate security posture.

  • 14. 
    224. Within the company, there is executive management pressure to start advertising to a new target market. Due to the perceived schedule and budget inefficiencies of engaging a technology business unit to commission a new micro-site, the marketing department is engaging third parties to develop the site in order to meet time-to-market demands. From a security perspective, which of the following options BEST balances the needs between marketing and risk management?
    • A. 

      The third party should be contractually obliged to perform adequate security activities, and evidence of those activities should be confirmed by the company prior to launch.

    • B. 

      Outsourcing is a valid option to increase time-to-market. If a security incident occurs, it is not of great concern as the reputational damage will be the third party’s responsibility.

    • C. 

      The company should never outsource any part of the business that could cause a security or privacy incident. It could lead to legal and compliance issues.

    • D. 

      If the third party has an acceptable record to date on security compliance and is provably faster and cheaper, then it makes sense to outsource in this specific situation.

  • 15. 
    225. Several business units have requested the ability to use collaborative web-based meeting places with third party vendors. Generally these require user registration, installation of client-based ActiveX or Java applets, and also the ability for the user to share their desktop in read-only or read-write mode. In order to ensure that information security is not compromised, which of the following controls is BEST suited to this situation?
    • A. 

      Disallow the use of web-based meetings as this could lead to vulnerable client-side components being installed, or a malicious third party gaining read-write control over an internal workstation.

    • B. 

      Hire an outside consultant firm to perform both a quantitative and a qualitative risk-based assessment. Based on the outcomes, if any risks are identified then do not allow web-based meetings. If no risks are identified then go forward and allow for these meetings to occur.

    • C. 

      Allow the use of web-based meetings, but put controls in place to ensure that the use of these meetings is logged and tracked.

    • D. 

      Evaluate several meeting providers. Ensure that client-side components do not introduce undue security risks. Ensure that the read-write desktop mode can either be prevented or strongly audited.

  • 16. 
    226. A new web application system was purchased from a vendor and configured by the internal development team. Before the web application system was moved into production, a vulnerability assessment was conducted. A review of the vulnerability assessment report indicated that the testing team discovered a minor security issue with the configuration of the web application. The security issue should be reported to:
    • A. 

      CISO immediately in an exception report.

    • B. 

      Users of the new web application system.

    • C. 

      The vendor who supplied the web application system.

    • D. 

      Team lead in a weekly report.

  • 17. 
    • A. 

      The company’s software lifecycle management improved the security of the application.

    • B. 

      There are no vulnerabilities in the application.

    • C. 

      The company should deploy a web application firewall to ensure extra security.

    • D. 

      There are no known vulnerabilities at this time.

  • 18. 
    In an effort to reduce internal email administration costs, a company is determining whether to outsource its email to a managed service provider that provides email, spam, and malware protection. The security manager is asked to provide input regarding any security implications of this change. Which of the following BEST addresses risks associated with disclosure of intellectual property?
    • A. 

      Require the managed service provider to implement additional data separation.

    • B. 

      Require encrypted communications when accessing email.

    • C. 

      Enable data loss protection to minimize emailing PII and confidential data.

    • D. 

      Establish an acceptable use policy and incident response policy.

  • 19. 
    229. A company is preparing to upgrade its NIPS at five locations around the world. The three platforms the team plans to test, claims to have the most advanced features and lucrative pricing. Assuming all platforms meet the functionality requirements, which of the following methods should be used to select the BEST platform?
    • A. 

      Establish return on investment as the main criteria for selection.

    • B. 

      Require encrypted coRun a cost/benefit analysis based on the data received from the RFP.mmunications when accessing email.

    • C. 

      Enable data loss protection toEvaluate each platform based on the total cost of ownership. minimize emailing PII and confidential data.

    • D. 

      Establish an acDevelop a service level agreement to ensure the selected NIPS meets all performance requirements.ceptable use policy and incident response policy.

  • 20. 
    230. An organization has had component integration related vulnerabilities exploited in consecutive releases of the software it hosts. The only reason the company was able to identify the compromises was because of a correlation of slow server performance and an attentive security analyst noticing unusual outbound network activity from the application servers. End-to-end management of the development process is the responsibility of the applications development manager and testing is done by various teams of programmers. Which of the following will MOST likely reduce the likelihood of similar incidents?
    • A. 

      Conduct monthly audits to verify that application modifications do not introduce new vulnerabilities.

    • B. 

      Implement a peer code review requirement prior to releasing code into production.

    • C. 

      Follow secure coding practices to minimize the likelihood of creating vulnerable applications.

    • D. 

      Establish cross-functional planning and testing requirements for software development activities.

  • 21. 
    231. A company has a single subnet in a small office. The administrator wants to limit non-web related traffic to the corporate intranet server as well as prevent abnormal HTTP requests and HTTP protocol anomalies from causing problems with the web server. Which of the following is the MOST likely solution?
    • A. 

      Application firewall and NIPS

    • B. 

      Edge firewall and HIDS

    • C. 

      ACLs and anti-virus

    • D. 

      Host firewall and WAF

  • 22. 
    232.An administrator is reviewing logs and sees the following entry: Action: Intercepted (phase 2) Apache-Handler: php5-script Which of the following attacks was being attempted?
    • A. 

      Session hijacking

    • B. 

      Cross-site script

    • C. 

      SQL injection

    • D. 

      Buffer overflow

  • 23. 
    • A. 

      Network Administrator, Database Administrator, Programmers

    • B. 

      Network Administrator, Emergency Response Team, Human Resources

    • C. 

      Finance Officer, Human Resources, Security Administrator

    • D. 

      Database Administrator, Facilities Manager, Physical Security Manager

  • 24. 
    234. An administrator is notified that contract workers will be onsite assisting with a new project. The administrator wants each worker to be aware of the corporate policy pertaining to USB storage devices. Which of the following should each worker review and understand before beginning work?
    • A. 

      Interconnection Security Agreement

    • B. 

      Memorandum of Understanding

    • C. 

      Business Partnership Agreement

    • D. 

      Non-Disclosure Agreement

  • 25. 
    235. A new startup company with very limited funds wants to protect the organization from external threats by implementing some type of best practice security controls across a number of hosts located in the application zone, the production zone, and the core network. The 50 hosts in the core network are a mixture of Windows and Linux based systems, used by development staff to develop new applications. The single Windows host in the application zone is used exclusively by the production team to control software deployments into the production zone. There are 10 UNIX web application hosts in the production zone which are publically accessible. Development staff is required to install and remove various types of software from their hosts on a regular basis while the hosts in the zone rarely require any type of configuration changes. Which of the following when implemented would provide the BEST level of protection with the LEAST amount of disruption to staff?
    • A. 

      NIPS in the production zone, HIPS in the application zone, and anti-virus / anti-malware across all Windows hosts.

    • B. 

      NIPS in the production zone, NIDS in the application zone, HIPS in the core network, and antivirus / anti-malware across all hosts.

    • C. 

      HIPS in the production zone, NIPS in the application zone, and HIPS in the core network.

    • D. 

      NIDS in the production zone, HIDS in the application zone, and anti-virus / anti-malware across all hosts.

  • 26. 
    236. A security manager is developing new policies and procedures. Which of the following is a best practice in end user security?
    • A. 

      Employee identity badges and physical access controls to ensure only staff are allowed onsite.

    • B. 

      A training program that is consistent, ongoing, and relevant.

    • C. 

      Access controls to prevent end users from gaining access to confidential data.

    • D. 

      Access controls for computer systems and networks with two-factor authentication.

  • 27. 
    237. If a technician must take an employee’s workstation into custody in response to an investigation, which of the following can BEST reduce the likelihood of related legal issues?
    • A. 

      A formal letter from the company’s president approving the seizure of the workstation.

    • B. 

      A formal training and awareness program on information security for all company managers.

    • C. 

      A screen displayed at log in that informs users of the employer’s rights to seize, search, and monitor company devices.

    • D. 

      A printout of an activity log, showing that the employee has been spending substantial time on non-work related websites.

  • 28. 
    238. An organization has had six security incidents over the past year against their main web application. Each time the organization was able to determine the cause of the incident and restore operations within a few hours to a few days. Which of the following provides the MOST comprehensive method for reducing the time to recover?
    • A. 

      Create security metrics that provide information on response times and requirements to determine the best place to focus time and money.

    • B. 

      Conduct a loss analysis to determine which systems to focus time and money towards increasing security.

    • C. 

      Implement a knowledge management process accessible to the help desk and finance departments to estimate cost and prioritize remediation.

    • D. 

      Develop an incident response team, require training for incident remediation, and provide incident reporting and tracking metrics.

  • 29. 
    239. A company runs large computing jobs only during the overnight hours. To minimize the amount of capital investment in equipment, the company relies on the elastic computing services of a major cloud computing vendor. Because the virtual resources are created and destroyed on the fly across a large pool of shared resources, the company never knows which specific hardware platforms will be used from night to night. Which of the following presents the MOST risk to confidentiality in this scenario?
    • A. 

      Loss of physical control of the servers

    • B. 

      Distribution of the job to multiple data centers

    • C. 

      Network transmission of cryptographic keys

    • D. 

      Data scraped from the hardware platforms

  • 30. 
    240. A business wants to start using social media to promote the corporation and to ensure that customers have a good experience with their products. Which of the following security items should the company have in place before implementation? (Select TWO).
    • A. 

      The company must dedicate specific staff to act as social media representatives of the company.

    • B. 

      All staff needs to be instructed in the proper use of social media in the work environment.

    • C. 

      Senior staff blogs should be ghost written by marketing professionals.

    • D. 

      The finance department must provide a cost benefit analysis for social media.

    • E. 

      The security policy needs to be reviewed to ensure that social media policy is properly implemented.

    • F. 

      The company should ensure that the company has sufficient bandwidth to allow for social media traffic.