CASP ? 304-327

24 Questions

Settings
Please wait...
CASP ? 304-327

CASP ? 304-327


Questions and Answers
  • 1. 
    304. An administrator has four virtual guests on a host server. Two of the servers are corporate SQL servers, one is a corporate mail server, and one is a testing web server for a small group of developers. The administrator is experiencing difficulty connecting to the host server during peak network usage times. Which of the following would allow the administrator to securely connect to and manage the host server during peak usage times?
    • A. 

      Increase the virtual RAM allocation to high I/O servers.

    • B. 

      Install a management NIC and dedicated virtual switch.

    • C. 

      Configure the high I/O virtual servers to use FCoE rather than iSCSI.

    • D. 

      Move the guest web server to another dedicated host.

  • 2. 
    305. An administrator receives a notification from legal that an investigation is being performed on members of the finance department. As a precaution, legal has advised a legal hold on all documents for an unspecified period of time. Which of the following policies will MOST likely be violated? (Select TWO).
    • A. 

      Data Storage Policy

    • B. 

      Data Retention Policy

    • C. 

      Corporate Confidentiality Policy

    • D. 

      Data Breach Mitigation Policy

    • E. 

      Corporate Privacy Policy

  • 3. 
    306. Which of the following BEST explains SAML?
    • A. 

      A security attestation model built on XML and SOAP-based services, which allows for the exchange of A&A data between systems and supports Federated Identity Management.

    • B. 

      An XML and SOAP-based protocol, which enables the use of PKI for code signing and SSO by using SSL and SSH to establish a trust model.

    • C. 

      A security model built on the transfer of assertions over XML and SOAP-based protocols, which allows for seamless SSO and the open exchange of data.

    • D. 

      A security verification model built on SSO and SSL-based services, which allows for the exchange of PKI data between users and supports XACML.

  • 4. 
    307. The organization has an IT driver on cloud computing to improve delivery times for IT solution provisioning. Separate to this initiative, a business case has been approved for replacing the existing banking platform for credit card processing with a newer offering. It is the security practitioner’s responsibility to evaluate whether the new credit card processing platform can be hosted within a cloud environment. Which of the following BEST balances the security risk and IT drivers for cloud computing?
    • A. 

      A third-party cloud computing platform makes sense for new IT solutions. This should be endorsed going forward so as to align with the IT strategy. However, the security practitioner will need to ensure that the third-party cloud provider does regular penetration tests to ensure that all data is secure.

    • B. 

      Using a third-party cloud computing environment should be endorsed going forward. This aligns with the organization’s strategic direction. It also helps to shift any risk and regulatory compliance concerns away from the company’s internal IT department. The next step will be to evaluate each of the cloud computing vendors, so that a vendor can then be selected for hosting the new credit card processing platform.

    • C. 

      There may be regulatory restrictions with credit cards being processed out of country or processed by shared hosting providers. A private cloud within the company should be considered. An options paper should be created which outlines the risks, advantages, disadvantages of relevant choices and it should recommended a way forward.

    • D. 

      Cloud computing should rarely be considered an option for any processes that need to be significantly secured. The security practitioner needs to convince the stakeholders that the new platform can only be delivered internally on physical infrastructure.

  • 5. 
    308. The Universal Research Association has just been acquired by the Association of Medical Business Researchers. The new conglomerate has funds to upgrade or replace hardware as part of the acquisition, but cannot fund labor for major software projects. Which of the following will MOST likely result in some IT resources not being integrated?
    • A. 

      One of the companies may use an outdated VDI.

    • B. 

      Corporate websites may be optimized for different web browsers.

    • C. 

      Industry security standards and regulations may be in conflict.

    • D. 

      Data loss prevention standards in one company may be less stringent.

  • 6. 
    309. A large enterprise introduced a next generation firewall appliance into the Internet facing DMZ. All Internet traffic passes through this appliance. Four hours after implementation the network engineering team discovered that traffic through the DMZ now has un-acceptable latency, and is recommending that the new firewall be taken offline. At what point in the implementation process should this problem have been discovered?
    • A. 

      During the product selection phase

    • B. 

      When testing the appliance

    • C. 

      When writing the RFP for the purchase process

    • D. 

      During the network traffic analysis phase

  • 7. 
    310. A company has implemented data retention policies and storage quotas in response to their legal department's requests and the SAN administrator's recommendation. The retention policy states all email data older than 90 days should be eliminated. As there are no technical controls in place, users have been instructed to stick to a storage quota of 500Mb of network storage and 200Mb of email storage. After being presented with an e-discovery request from an opposing legal council, the security administrator discovers that the user in the suit has 1Tb of files and 300Mb of email spanning over two years. Which of the following should the security administrator provide to opposing council?
    • A. 

      Delete files and email exceeding policy thresholds and turn over the remaining files and email.

    • B. 

      Delete email over the policy threshold and hand over the remaining emails and all of the files.

    • C. 

      Provide the 1Tb of files on the network and the 300Mb of email files regardless of age.

    • D. 

      Provide the first 200Mb of e-mail and the first 500Mb of files as per policy.

  • 8. 
    311. A security administrator is tasked with securing a company's headquarters and branch offices move to unified communications. The Chief Information Officer (CIO) wants to integrate the corporate users' email, voice mail, telephony, presence and corporate messaging to internal computers, mobile users, and devices. Which of the following actions would BEST meet the CIO's goals while providing maximum unified communications security?
    • A. 

      Create presence groups, restrict IM protocols to the internal networks, encrypt remote devices, and restrict access to services to local network and VPN clients.

    • B. 

      Enable discretionary email forwarding restrictions, utilize QoS and Secure RTP, allow external IM protocols only over TLS, and allow port 2000 incoming to the internal firewall interface for secure SIP

    • C. 

      Set presence to invisible by default, restrict IM to invite only, implement QoS on SIP and RTP traffic, discretionary email forwarding, and full disk encryption.

    • D. 

      Establish presence privacy groups, restrict all IM protocols, allow secure RTP on session border gateways, enable full disk encryptions, and transport encryption for email security.

  • 9. 
    312. Ann, a Physical Security Manager, is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. Ann has several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should Ann suggest to BEST secure this environment?
    • A. 

      Create an IP camera network and deploy NIPS to prevent unauthorized access.

    • B. 

      Create an IP camera network and only allow SSL access to the cameras.

    • C. 

      Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.

    • D. 

      Create an IP camera network and restrict access to cameras from a single management host.

  • 10. 
    313. A general insurance company wants to set up a new online business. The requirements are that the solution needs to be: Extendable for new products to be developed and added Externally facing for customers and business partners to login Usable and manageable Be able to integrate seamlessly with third parties for non core functions such as document printing Secure to protect customer’s personal information and credit card information during transport and at rest The conceptual solution architecture has specified that the application will consist of a traditional three tiered architecture for the front end components, an ESB to provide services, data transformation capability and legacy system integration and a web services gateway. Which of the following security components will BEST meet the above requirements and fit into the solution architecture? (Select TWO).
    • A. 

      Implement WS-Security for services authentication and XACML for service authorization.

    • B. 

      Use end-to-end application level encryption to encrypt all fields and store them encrypted in the database.

    • C. 

      Implement a certificate based solution on a smart card in combination with a PIN to provide authentication and authorization of users.

    • D. 

      Implement WS-Security as a federated single sign-on solution for authentication authorization of users.

    • E. 

      Implement SSL encryption for all sensitive data flows and encryption of passwords of the data at rest.

    • F. 

      Use application level encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and database encryption for sensitive data storage.

  • 11. 
    314. A retail bank has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the bank’s share price decreasing in value by 50% and regulatory intervention and monitoring. The new Chief Information Security Officer (CISO) as a result has initiated a program of work to solve the issues. The business has specified that the solution needs to be enterprise grade and meet the following requirements: Be across all major platforms, applications and infrastructure. Be able to track user and administrator activity. Does not significantly degrade the performance of production platforms, applications, and infrastructures. Real time incident reporting. Manageable and has meaningful information. Business units are able to generate reports in a timely manner of the unit’s system assets. In order to solve this problem, which of the following security solutions will BEST meet the above requirements? (Select THREE).
    • A. 

      Implement a security operations center to provide real time monitoring and incident response with self service reporting capability.

    • B. 

      Implement an aggregation based SIEM solution to be deployed on the log servers of the major platforms, applications, and infrastructure.

    • C. 

      Implement a security operations center to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capability.

    • D. 

      Ensure that the network operations center has the tools to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capabilities.

    • E. 

      Implement an agent only based SIEM solution to be deployed on all major platforms, applications, and infrastructures.

    • F. 

      Ensure appropriate auditing is enabled to capture the required information.

    • G. 

      Manually pull the logs from the major platforms, applications, and infrastructures to a central secure server.

  • 12. 
    315. Company XYZ has employed a consultant to perform a controls assessment of the HR system, backend business operations, and the SCADA system used in the factory. Which of the following correctly states the risk management options that the consultant should use during the assessment?
    • A. 

      Risk reduction, risk sharing, risk retention, and risk acceptance.

    • B. 

      Avoid, transfer, mitigate, and accept.

    • C. 

      Risk likelihood, asset value, and threat level.

    • D. 

      Calculate risk by determining technical likelihood and potential business impact.

  • 13. 
    316. Company XYZ has had repeated vulnerability exploits of a critical nature released to the company’s flagship product. The product is used by a number of large customers. At the Chief Information Security Officer’s (CISO’s) request, the product manager now has to budget for a team of security consultants to introduce major product security improvements. Here is a list of improvements in order of priority: 1. A noticeable improvement in security posture immediately. 2. Fundamental changes to resolve systemic issues as an ongoing process 3. Improvements should be strategic as opposed to tactical 4. Customer impact should be minimized Which of the following recommendations is BEST for the CISO to put forward to the product manager?
    • A. 

      Patch the known issues and provide the patch to customers. Make a company announcement to customers on the main website to reduce the perceived exposure of the application to alleviate customer concerns. Engage penetration testers and code reviewers to perform an in-depth review of the product. Based on the findings, address the defects and re-test the findings to ensure that any defects have been resolved.

    • B. 

      Patch the known issues and provide the patch to customers. Engage penetration testers and code reviewers to perform an in-depth review of the product. Based on the findings, address the defects and re-test the findings to ensure that the defects have been resolved. Introduce periodic code review and penetration testing of the product in question and consider including all relevant future projects going forward.

    • C. 

      Patch the known issues and provide the patch to customers. Implement an SSDLC / SDL overlay on top of the SDLC. Train architects, designers, developers, testers and operators on security importance and ensure that security-relevant activities are performed within each of the SDLC phases. Use the product as the primary focal point to close out issues and consider using the SSDLC / SDL overlay for all relevant future projects.

    • D. 

      Stop active support of the product. Bring forward end-of-life dates for the product so that it can be decommissioned. Start a new project to develop a replacement product and ensure that an SSDLC / SDL overlay on top of the SDLC is formed. Train BAs, architects, designers, developers, testers and operators on security importance and ensure that security-relevant activities are performed within each of the SDLC phases.

  • 14. 
    317. A system administrator has installed a new Internet facing secure web application that consists of a Linux web server and Windows SQL server into a new corporate site. The administrator wants to place the servers in the most logical network security zones and implement the appropriate security controls. Which of the following scenarios BEST accomplishes this goal?
    • A. 

      Create an Internet zone, DMZ, and Internal zone on the firewall. Place the web server in the DMZ. Configure IPtables to allow TCP 80 and 443. Set SELinux to permissive. Place the SQL server in the internal zone. Configure the Windows firewall to allow TCP 80 and 443. Configure the Internet zone with ACLs of allow 80 and 443 destination DMZ.

    • B. 

      Create an Internet zone, DMZ, and Internal zone on the firewall. Place the web server in the DMZ. Configure IPtables to allow TCP 443. Set enforcement threshold on SELinux to one. Place the SQL server in the internal zone. Configure the Windows firewall to allow TCP 1433 and 1443. Configure the Internet zone with ACLs of allow 443 destination DMZ.

    • C. 

      Create an Internet zone and two DMZ zones on the firewall. Place the web server in the DMZ one. Set the enforcement threshold on SELinux to 100, and configure IPtables to allow TCP 80 and 443. Place the SQL server in DMZ two. Configure the Windows firewall to allow TCP 80 and 443. Configure the Internet zone with an ACL of allow 443 destination ANY.

    • D. 

      Create an Internet zone and two DMZ zones on the firewall. Place the web server in DMZ one. "Pass Any Exam. Any Time." - www.actualtests.com 154 Set enforcement threshold on SELinux to zero, and configure IPtables to allow TCP 80 and 443. Place the SQL server in DMZ two. Configure the Internet zone ACLs with allow 80, 443, 1433, and 1443 destination ANY.

  • 15. 
    318. The lead systems architect on a software development project developed a design which is optimized for a distributed computing environment. The security architect assigned to the project has concerns about the integrity of the system, if it is deployed in a commercial cloud. Due to poor communication within the team, the security risks of the proposed design are not being given any attention. A network engineer on the project has a security background and is concerned about the overall success of the project. Which of the following is the BEST course of action for the network engineer to take?
    • A. 

      Address the security concerns through the network design and security controls.

    • B. 

      Implement mitigations to the security risks and address the poor communications on the team with the project manager.

    • C. 

      Document mitigations to the security concerns and facilitate a meeting between the architects and the project manager.

    • D. 

      Develop a proposal for an alternative architecture that does not leverage cloud computing and present it to the lead architect.

  • 16. 
    319. Company XYZ plans to donate 1,000 used computers to a local school. The company has a large research and development section and some of the computers were previously used to store proprietary research. The security administrator is concerned about data remnants on the donated machines, but the company does not have a device sanitization section in the data handling policy. Which of the following is the BEST course of action for the security administrator to take?
    • A. 

      Delay the donation until a new policy is approved by the Chief Information Officer (CIO), and then donate the machines.

    • B. 

      Delay the donation until all storage media on the computers can be sanitized.

    • C. 

      Reload the machines with an open source operating system and then donate the machines.

    • D. 

      Move forward with the donation, but remove all software license keys from the machines.

  • 17. 
    320. Continuous monitoring is a popular risk reduction technique in many large organizations with formal certification processes for IT projects. In order to implement continuous monitoring in an effective manner which of the following is correct?
    • A. 

      Only security related alerts should be forwarded to the network team for resolution.

    • B. 

      All logs must be centrally managed and access to the logs restricted only to data storage staff.

    • C. 

      Logging must be set appropriately and alerts delivered to security staff in a timely manner.

    • D. 

      Critical logs must be monitored hourly and adequate staff must be assigned to the network team.

  • 18. 
    321. The Chief Information Security Officer (CISO) regularly receives reports of a single department repeatedly violating the corporate security policy. The head of the department in question informs the CISO that the offending behaviors are a result of necessary business activities. The CISO assigns a junior security administrator to solve the issue. Which of the following is the BEST course of action for the junior security administrator to take?
    • A. 

      Work with the department head to find an acceptable way to change the business needs so the department no longer violates the corporate security policy.

    • B. 

      Draft an RFP for the purchase of a COTS product or consulting services to solve the problem through implementation of technical controls.

    • C. 

      Work with the CISO and department head to create an SLA specifying the response times of the IT security department when incidents are reported.

    • D. 

      Draft an MOU for the department head and CISO to approve, documenting the limits of the necessary behavior, and actions to be taken by both teams.

  • 19. 
    322. A security administrator at Company XYZ is trying to develop a body of knowledge to enable heuristic and behavior based security event monitoring of activities on a geographically distributed network. Instrumentation is chosen to allow for monitoring and measuring the network. Which of the following is the BEST methodology to use in establishing this baseline?
    • A. 

      Model the network in a series of VMs; instrument the systems to record comprehensive metrics; run a large volume of simulated data through the model; record and analyze results; document expected future behavior.

    • B. 

      Completely duplicate the network on virtual machines; replay eight hours of captured corporate network traffic through the duplicate network; instrument the network; analyze the results; document the baseline.

    • C. 

      Instrument the operational network; simulate extra traffic on the network; analyze net flow information from all network devices; document the baseline volume of traffic.

    • D. 

      Schedule testing on operational systems when users are not present; instrument the systems to log all network traffic; monitor the network for at least eight hours; analyze the results; document the established baseline.

  • 20. 
    323. A new IDS device is generating a very large number of irrelevant events. Which of the following would BEST remedy this problem?
    • A. 

      Change the IDS to use a heuristic anomaly filter.

    • B. 

      Adjust IDS filters to decrease the number of false positives.

    • C. 

      Change the IDS filter to data mine the false positives for statistical trending data.

    • D. 

      Adjust IDS filters to increase the number of false negatives.

  • 21. 
    324.  The Chief Information Security Officer (CISO) at a software development company is concerned about the lack of introspection during a testing cycle of the company’s flagship product. Testing was conducted by a small offshore consulting firm and the report by the consulting firm clearly indicates that limited test cases were used and many of the code paths remained untested. The CISO raised concerns about the testing results at the monthly risk committee meeting, highlighting the need to get to the bottom of the product behaving unexpectedly in only some large enterprise deployments. The Security Assurance and Development teams highlighted their availability to redo the testing if required. Which of the following will provide the MOST thorough testing?
    • A. 

      Have the small consulting firm redo the Black box testing.

    • B. 

      Use the internal teams to perform Grey box testing.

    • C. 

      Use the internal team to perform Black box testing.

    • D. 

      Use the internal teams to perform White box testing.

    • E. 

      Use a larger consulting firm to perform Black box testing.

  • 22. 
    325. A security code reviewer has been engaged to manually review a legacy application. A number of systemic issues have been uncovered relating to buffer overflows and format string vulnerabilities. The reviewer has advised that future software projects utilize managed code platforms if at all possible. Which of the following languages would suit this recommendation? (Select TWO).
    • A. 

      C

    • B. 

      C#

    • C. 

      C++

    • D. 

      Perl

    • E. 

      Java

  • 23. 
    326. A bank now has a major initiative to virtualize as many servers as possible, due to power and rack space capacity at both data centers. The bank has prioritized by virtualizing older servers first as the hardware is nearing end-of-life. The two initial migrations include: Windows 2000 hosts: domain controllers and front-facing web servers RHEL3 hosts: front-facing web servers Which of the following should the security consultant recommend based on best practices?
    • A. 

      One data center should host virtualized web servers and the second data center should host the virtualized domain controllers.

    • B. 

      One virtual environment should be present at each data center, each housing a combination of the converted Windows 2000 and RHEL3 virtual machines.

    • C. 

      Each data center should contain one virtual environment for the web servers and another virtual environment for the domain controllers.

    • D. 

      Each data center should contain one virtual environment housing converted Windows 2000 virtual machines and converted RHEL3 virtual machines.

  • 24. 
    327. After being informed that the company DNS is unresponsive, the system administrator issues the following command from a Linux workstation: SSH–p 2020 -l user dnsserver.company.com Once at the command prompt, the administrator issues the below command: Servicebind restart The system returns the below response: Unable to restart BIND Which of the following is true about the above situation?
    • A. 

      The administrator must use the sudo command in order to restart the service.

    • B. 

      The administrator used the wrong SSH port to restart the DNS server.

    • C. 

      The service was restarted correctly, but it failed to bind to the network interface.

    • D. 

      The service did not restart because the bind command is privileged.