CASP ? 273-303

30 Questions

Settings
CASP Quizzes & Trivia

CASP ? 273-303


Questions and Answers
  • 1. 
    273. At 10:35 a.m. a malicious user was able to obtain a valid authentication token which allowed read/write access to the backend database of a financial company. At 10:45 a.m. the security administrator received multiple alerts from the company’s statistical anomaly-based IDS about a company database administrator performing unusual transactions. At 10:55 a.m. the security administrator resets the database administrator’s password. At 11:00 a.m. the security administrator is still receiving alerts from the IDS about unusual transactions from the same user. Which of the following is MOST likely the cause of the alerts?
    • A. 

      The IDS logs are compromised.

    • B. 

      The new password was compromised.

    • C. 

      An input validation error has occurred.

    • D. 

      A race condition has occurred.

  • 2. 
    274. Company A is purchasing Company B. Company A uses a change management system for all IT processes while Company B does not have one in place. Company B’s IT staff needs to purchase a third party product to enhance production. Which of the following NEXT steps should be implemented to address the security impacts this product may cause?
    • A. 

      Purchase the product and test it in a lab environment before installing it on any live system.

    • B. 

      Allow Company A and B’s IT staff to evaluate the new product prior to purchasing it.

    • C. 

      Purchase the product and test it on a few systems before installing it throughout the entire company.

    • D. 

      Use Company A’s change management process during the evaluation of the new product.

  • 3. 
    275. The marketing department at Company A regularly sends out emails signed by the company’s Chief Executive Officer (CEO) with announcements about the company. The CEO sends company and personal emails from a different email account. During legal proceedings against the company, the Chief Information Officer (CIO) must prove which emails came from the CEO and which came from the marketing department. The email server allows emails to be digitally signed and the corporate PKI provisioning allows for one certificate per user. The CEO did not share their password with anyone. Which of the following will allow the CIO to state which emails the CEO sent and which the marketing department sent?
    • A. 

      Identity proofing

    • B. 

      Non-repudiation

    • C. 

      Key escrow

    • D. 

      Digital rights management

  • 4. 
    276. A security administrator must implement a SCADA style network overlay to ensure secure remote management of all network management and infrastructure devices. Which of the following BEST describes the rationale behind this architecture?
    • A. 

      A physically isolated network that allows for secure metric collection.

    • B. 

      A physically isolated network with inband management that uses two factor authentication.

    • C. 

      A logically isolated network with inband management that uses secure two factor authentication.

    • D. 

      An isolated network that provides secure out-of-band remote management.

  • 5. 
    277. A helpdesk manager at a financial company has received multiple reports from employees and customers that their phone calls sound metallic on the voice system. The helpdesk has been using VoIP lines encrypted from the handset to the PBX for several years. Which of the following should be done to address this issue for the future?
    • A. 

      SIP session tagging and QoS

    • B. 

      A dedicated VLAN

    • C. 

      Lower encryption setting

    • D. 

      Traffic shaping

  • 6. 
    278. Which of the following provides the HIGHEST level of security for an integrated network providing services to authenticated corporate users?
    • A. 

      Point to point VPN tunnels for external users, three-factor authentication, a cold site, physical security guards, cloud based servers, and IPv6 networking.

    • B. 

      IPv6 networking, port security, full disk encryption, three-factor authentication, cloud based servers, and a cold site.

    • C. 

      Port security on switches, point to point VPN tunnels for user server connections, two-factor cryptographic authentication, physical locks, and a standby hot site.

    • D. 

      Port security on all switches, point to point VPN tunnels for user connections to servers, twofactor authentication, a sign-in roster, and a warm site.

  • 7. 
    279. A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and well-written report from the independent contractor who performed a security assessment of the system. The report details what seem to be a manageable volume of infrequently exploited security vulnerabilities. The director decides to implement continuous monitoring and other security controls to mitigate the impact of the vulnerabilities. Which of the following should the director require from the developers before agreeing to deploy the system?
    • A. 

      An incident response plan which guarantees response by tier two support within 15 minutes of an incident.

    • B. 

      A definitive plan of action and milestones which lays out resolutions to all vulnerabilities within six months.

    • C. 

      Business insurance to transfer all risk from the company shareholders to the insurance company.

    • D. 

      A prudent plan of action which details how to decommission the system within 90 days of becoming operational.

  • 8. 
    280. Company XYZ has transferred all of the corporate servers, including web servers, to a cloud hosting provider to reduce costs. All of the servers are running unpatched, outdated versions of Apache. Furthermore, the corporate financial data is also hosted by the cloud services provider, but it is encrypted when not in use. Only the DNS server is configured to audit user and administrator actions and logging is disabled on the other virtual machines. Given this scenario, which of the following is the MOST significant risk to the system?
    • A. 

      All servers are unpatched and running old versions.

    • B. 

      Financial data is processed without being encrypted.

    • C. 

      Logging is disabled on critical servers.

    • D. 

      Server services have been virtualized and outsourced.

  • 9. 
    281. A Chief Information Security Officer (CISO) of a major consulting firm has significantly increased the company’s security posture; however, the company is still plagued by data breaches of misplaced assets. These data breaches as a result have led to the compromise of sensitive corporate and client data on at least 25 occasions. Each employee in the company is provided a laptop to perform company business. Which of the following actions can the CISO take to mitigate the breaches?
    • A. 

      Reload all user laptops with full disk encryption software immediately.

    • B. 

      Implement full disk encryption on all storage devices the firm owns.

    • C. 

      Implement new continuous monitoring procedures.

    • D. 

      Implement an open source system which allows data to be encrypted while processed.

  • 10. 
    282. The security administrator is responsible for the confidentiality of all corporate data. The company’s servers are located in a datacenter run by a different vendor. The vendor datacenter hosts servers for many different clients, all of whom have access to the datacenter. None of the racks are physically secured. Recently, the company has been the victim of several attacks involving data injection and exfiltatration. The security administrator suspects these attacks are due to several new network based attacks facilitated by having physical access to a system. Which of the following BEST describes how to adapt to the threat?
    • A. 

      Apply port security to all switches, switch to SCP, and implement IPSec tunnels between devices.

    • B. 

      Apply two factor authentication, require point to point VPNs, and enable log auditing on all devices.

    • C. 

      Apply port security to all routers, switch to telnet, and implement point to point VPNs on all servers.

    • D. 

      Apply three factor authentication, implement IPSec, and enable SNMP.

  • 11. 
    283. Which of the following should be used to identify overflow vulnerabilities?
    • A. 

      Fuzzing

    • B. 

      Input validation

    • C. 

      Privilege escalation

    • D. 

      Secure coding standards

  • 12. 
    284. When attending the latest security conference, an information security administrator noticed only a few people carrying a laptop around. Most other attendees only carried their smartphones. Which of the following would impact the security of conference’s resources?
    • A. 

      Wireless network security may need to be increased to decrease access of mobile devices.

    • B. 

      Physical security may need to be increased to deter or prevent theft of mobile devices.

    • C. 

      Network security may need to be increased by reducing the number of available physical network jacks.

    • D. 

      Wireless network security may need to be decreased to allow for increased access of mobile devices.

  • 13. 
    286.  The Chief Technology Officer (CTO) has decided that servers in the company datacenter should be virtualized to conserve physical space. The risk assurance officer is concerned that the project team in charge of virtualizing servers plans to co-mingle many guest operating systems with different security requirements to speed up the rollout and reduce the number of host operating systems or hypervisors required. Which of the following BEST describes the risk assurance officer’s concerns?
    • A. 

      Co-mingling guest operating system with different security requirements allows guest OS privilege elevation to occur within the guest OS via shared memory allocation with the host OS.

    • B. 

      Co-mingling of guest operating systems with different security requirements increases the risk of data loss if the hypervisor fails.

    • C. 

      A weakly protected guest OS combined with a host OS exploit increases the chance of a successful VMEscape attack being executed, compromising the hypervisor and other guest OS.

    • D. 

      A weakly protected host OS will allow the hypervisor to become corrupted resulting in data throughput performance issues.

  • 14. 
    287. Due to cost and implementation time pressures, a security architect has allowed a NAS to be used instead of a SAN for a non-critical, low volume database. Which of the following would make a NAS unsuitable for a business critical, high volume database application that required a high degree of data confidentiality and data availability? (Select THREE).
    • A. 

      File level transfer of data

    • B. 

      Zoning and LUN security

    • C. 

      Block level transfer of data

    • D. 

      Multipath

    • E. 

      Broadcast storms

    • F. 

      File level encryption

    • G. 

      Latency

  • 15. 
    288. An IT administrator wants to restrict DNS zone transfers between two geographically dispersed, external company DNS name servers, and has decided to use TSIG. Which of the following are critical when using TSIG? (Select TWO).
    • A. 

      Periodic key changes once the initial keys are established between the DNS name servers.

    • B. 

      Secure exchange of the key values between the two DNS name servers.

    • C. 

      A secure NTP source used by both DNS name servers to avoid message rejection.

    • D. 

      DNS configuration files on both DNS name servers must be identically encrypted.

    • E. 

      AES encryption with a SHA1 hash must be used to encrypt the configuration files on both DNS

  • 16. 
    289. As part of the ongoing information security plan in a large software development company, the Chief Information officer (CIO) has decided to review and update the company’s privacy policies and procedures to reflect the changing business environment and business requirements. Training and awareness of the new policies and procedures has been incorporated into the security awareness program which should be:
    • A. 

      Presented by top level management to only data handling staff.

    • B. 

      Customized for the various departments and staff roles.

    • C. 

      Technical in nature to ensure all development staff understand the procedures.

    • D. 

      Used to promote the importance of the security department.

  • 17. 
    290. Which of the following is the BEST place to contractually document security priorities, responsibilities, guarantees, and warranties when dealing with outsourcing providers?
    • A. 

      NDA

    • B. 

      OLA

    • C. 

      MOU

    • D. 

      SLA

  • 18. 
    291. Staff from the sales department have administrator rights to their corporate standard operating environment, and often connect their work laptop to customer networks when onsite during meetings and presentations. This increases the risk and likelihood of a security incident when the sales staff reconnects to the corporate LAN. Which of the following controls would BEST protect the corporate network?
    • A. 

      Implement a network access control (NAC) solution that assesses the posture of the laptop before granting network access.

    • B. 

      Use an independent consulting firm to provide regular network vulnerability assessments and biannually qualitative risk assessments.

    • C. 

      Provide sales staff with a separate laptop with no administrator access just for sales visits.

    • D. 

      Update the acceptable use policy and ensure sales staff read and acknowledge the policy.

  • 19. 
    292.  The risk committee has endorsed the adoption of a security system development life cycle (SSDLC) designed to ensure compliance with PCI-DSS, HIPAA, and meet the organization’s mission. Which of the following BEST describes the correct order of implementing a five phase SSDLC?
    • A. 

      Initiation, assessment/acquisition, development/implementation, operations/maintenance and sunset.

    • B. 

      Initiation, acquisition/development, implementation/assessment, operations/maintenance and sunset.

    • C. 

      Assessment, initiation/development, implementation/assessment, operations/maintenance and disposal.

    • D. 

      Acquisition, initiation/development, implementation/assessment, operations/maintenance and disposal.

  • 20. 
    293. An organization determined that each of its remote sales representatives must use a smartphone for email access. The organization provides the same centrally manageable model to each person. Which of the following mechanisms BEST protects the confidentiality of the resident data?
    • A. 

      Require dual factor authentication when connecting to the organization’s email server.

    • B. 

      Require each sales representative to establish a PIN to access the smartphone and limit email storage to two weeks.

    • C. 

      Require encrypted communications when connecting to the organization’s email server.

    • D. 

      Require a PIN and automatic wiping of the smartphone if someone enters a specific number of incorrect PINs.

  • 21. 
    294. An organization did not know its internal customer and financial databases were compromised until the attacker published sensitive portions of the database on several popular attacker websites. The organization was unable to determine when, how, or who conducted the attacks but rebuilt, restored, and updated the compromised database server to continue operations. Which of the following is MOST likely the cause for the organization’s inability to determine what really occurred?
    • A. 

      Too few layers of protection between the Internet and internal network

    • B. 

      Lack of a defined security auditing methodology

    • C. 

      Poor intrusion prevention system placement and maintenance

    • D. 

      Insufficient logging and mechanisms for review

  • 22. 
    295. An administrator has a system hardening policy to only allow network access to certain services, to always use similar hardware, and to protect from unauthorized application configuration changes. Which of the following technologies would help meet this policy requirement? (Select TWO).
    • A. 

      Spam filter

    • B. 

      Solid state drives

    • C. 

      Management interface

    • D. 

      Virtualization

    • E. 

      Host firewall

  • 23. 
    296. About twice a year a switch fails in a company's network center. Under the maintenance contract, the switch would be replaced in two hours losing the business $1,000 per hour. The cost of a spare switch is $3,000 with a 12-hour delivery time and would eliminate downtime costs if purchased ahead of time. The maintenance contract is $1,500 per year. Which of the following is true in this scenario?
    • A. 

      It is more cost-effective to eliminate the maintenance contract and purchase a replacement upon failure.

    • B. 

      It is more cost-effective to purchase a spare switch prior to an outage and eliminate the maintenance contract.

    • C. 

      It is more cost-effective to keep the maintenance contract instead of purchasing a spare switch prior to an outage.

    • D. 

      It is more cost-effective to purchase a spare switch prior to an outage and keep the maintenance contract.

  • 24. 
    297. An administrator receives reports that the network is running slow for users connected to a certain switch. Viewing the network traffic, the administrator reviews the following: 18:51:59.042108 IP linuxwksta.55467 > dns.company.com.domain: 39462+ PTR? 222.17.4.10.inaddr. arpa. (42) 18:51:59.055732 IP dns.company.com.domain > linuxwksta.55467: 39462 NXDomain 0/0/0 (42) 18:51:59.055842 IP linuxwksta.48287 > dns.company.com.domain: 46767+ PTR? 255.19.4.10.inaddr. arpa. (42) 18:51:59.069816 IP dns.company.com.domain > linuxwksta.48287: 46767 NXDomain 0/0/0 (42) 18:51:59.159060 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [P.], seq 1989625106:1989625154, ack 2067334822, win 1525, options [nop,nop,TS val 16021424 ecr 215646227], length 48 18:51:59.159145 IP linuxwksta.48854 > dns.company.com.domain: 3834+ PTR? 72.17.4.10.inaddr. arpa. (41) 18:51:59.159314 IP 10.4.17.72.iscsi-target > linuxwksta.42491: Flags [P.], seq 1:49, ack 48, win 124, options [nop,nop,TS val 215647479 ecr 16021424], length 48 18:51:59.159330 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [.], ack 49, win 1525, options [nop,nop,TS val 16021424 ecr 215647479], length 0 18:51:59.165342 IP dns.company.com.domain > linuxwksta.48854: 3834 NXDomain 0/0/0 (41) 18:51:59.397461 ARP, Request who-has 10.4.16.58 tell 10.4.16.1, length 46 18:51:59.397597 IP linuxwksta.37684 > dns.company.com.domain: 15022+ PTR? 58.16.4.10.inaddr. arpa. (41) Given the traffic report, which of the following is MOST likely causing the slow traffic?
    • A. 

      DNS poisoning

    • B. 

      Improper network zoning

    • C. 

      ARP poisoning

    • D. 

      Improper LUN masking

  • 25. 
    298. An intrusion detection system logged an attack attempt from a remote IP address. One week later, the attacker successfully compromised the network. Which of the following MOST likely occurred?
    • A. 

      The IDS generated too many false negatives.

    • B. 

      The attack occurred after hours.

    • C. 

      The IDS generated too many false positives.

    • D. 

      No one was reviewing the IDS event logs.

  • 26. 
    299.  A company receives a subpoena for email that is four years old. Which of the following should the company consult to determine if it can provide the email in question?
    • A. 

      Data retention policy

    • B. 

      Business continuity plan

    • C. 

      Backup and archive processes

    • D. 

      Electronic inventory

  • 27. 
    300. A new company requirement mandates the implementation of multi-factor authentication to access network resources. The security administrator was asked to research and implement the most cost-effective solution that would allow for the authentication of both hardware and users. The company wants to leverage the PKI infrastructure which is already well established. Which of the following solutions should the security administrator implement?
    • A. 

      Issue individual private/public key pairs to each user, install the private key on the central authentication system, and protect the private key with the user’s credentials. Require each user to install the public key on their computer.

    • B. 

      Deploy USB fingerprint scanners on all desktops, and enable the fingerprint scanner on all laptops. Require all network users to register their fingerprint using the reader and store the information in the central authentication system.

    • C. 

      Issue each user one hardware token. Configure the token serial number in the user properties of the central authentication system for each user and require token authentication with PIN for network logon.

    • D. 

      Issue individual private/public key pairs to each user, install the public key on the central authentication system, and require each user to install the private key on their computer and protect it with a password.

  • 28. 
    301.  The internal audit department is investigating a possible breach of security. One of the auditors is sent to interview the following employees: Employee A. Works in the accounts receivable office and is in charge of entering data into the finance system. Employee B. Works in the accounts payable office and is in charge of approving purchase orders. Employee C. Is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Employee A and Employee B. Which of the following should the auditor suggest be done to avoid future security breaches?
    • A. 

      All employees should have the same access level to be able to check on each others.

    • B. 

      The manager should only be able to review the data and approve purchase orders.

    • C. 

      Employee A and Employee B should rotate jobs at a set interval and cross-train.

    • D. 

      The manager should be able to both enter and approve information.

  • 29. 
    302. A company’s security policy states that its own internally developed proprietary Internet facing software must be resistant to web application attacks. Which of the following methods provides the MOST protection against unauthorized access to stored database information?
    • A. 

      Require all development to follow secure coding practices.

    • B. 

      Require client-side input filtering on all modifiable fields.

    • C. 

      Escape character sequences at the application tier.

    • D. 

      Deploy a WAF with application specific signatures.

  • 30. 
    303. An organization is preparing to upgrade its firewall and NIPS infrastructure and has narrowed the vendor choices down to two platforms. The integrator chosen to assist the organization with the deployment has many clients running a mixture of the possible combinations of environments. Which of the following is the MOST comprehensive method for evaluating the two platforms?
    • A. 

      Benchmark each possible solution with the integrators existing client deployments.

    • B. 

      Develop testing criteria and evaluate each environment in-house.

    • C. 

      Run virtual test scenarios to validate the potential solutions.

    • D. 

      Use results from each vendor’s test labs to determine adherence to project requirements.