CompTIA CASP Test Trivia Questions! Quiz

1. 31. Which of the following is the MOST appropriate control measure for lost mobile devices?

Disable unnecessary wireless interfaces such as Bluetooth.

Reduce the amount of sensitive data stored on the device.

Require authentication before access is given to the device.

Require that the compromised devices be remotely wiped.

Requiring that compromised devices be remotely wiped is the most appropriate control measure for lost mobile devices because it ensures that any sensitive data on the device will be erased, preventing unauthorized access. Disabling unnecessary wireless interfaces such as Bluetooth can help reduce the risk of data leakage, but it does not address the issue of the lost device itself. Similarly, reducing the amount of sensitive data stored on the device is a good practice, but it does not guarantee the protection of the data if the device is lost. Requiring authentication before access is given to the device is a general security measure, but it does not specifically address the control of lost devices.

Explanation

Requiring that compromised devices be remotely wiped is the most appropriate control measure for lost mobile devices because it ensures that any sensitive data on the device will be erased, preventing unauthorized access. Disabling unnecessary wireless interfaces such as Bluetooth can help reduce the risk of data leakage, but it does not address the issue of the lost device itself. Similarly, reducing the amount of sensitive data stored on the device is a good practice, but it does not guarantee the protection of the data if the device is lost. Requiring authentication before access is given to the device is a general security measure, but it does not specifically address the control of lost devices.

2. 32. Which of the following is the MOST cost-effective solution for sanitizing a DVD with sensitive information on it?

Write over the data

Purge the data

Incinerate the DVD

Shred the DVD

Shredding the DVD is the most cost-effective solution for sanitizing it with sensitive information. Shredding ensures that the data on the DVD is completely destroyed and cannot be recovered. This method is relatively inexpensive compared to other options like incineration or purging, which may require specialized equipment or services. Writing over the data may not completely erase the sensitive information, leaving it vulnerable to recovery. Shredding the DVD is a secure and efficient way to ensure that the sensitive information cannot be accessed or misused.

Explanation

Shredding the DVD is the most cost-effective solution for sanitizing it with sensitive information. Shredding ensures that the data on the DVD is completely destroyed and cannot be recovered. This method is relatively inexpensive compared to other options like incineration or purging, which may require specialized equipment or services. Writing over the data may not completely erase the sensitive information, leaving it vulnerable to recovery. Shredding the DVD is a secure and efficient way to ensure that the sensitive information cannot be accessed or misused.

3. 50. Which of the following refers to programs running in an isolated space to run untested code and prevents the code from making permanent changes to the OS kernel and other data on the host machine?

Input Validation

Application hardening

Code signing

Application sandboxing

Application sandboxing refers to programs running in an isolated space to run untested code and prevents the code from making permanent changes to the OS kernel and other data on the host machine. This technique ensures that any malicious or untrusted code is contained within a restricted environment, preventing it from accessing sensitive resources or causing harm to the system. Sandboxing is commonly used in web browsers, mobile applications, and operating systems to enhance security and protect against potential threats.

Explanation

Application sandboxing refers to programs running in an isolated space to run untested code and prevents the code from making permanent changes to the OS kernel and other data on the host machine. This technique ensures that any malicious or untrusted code is contained within a restricted environment, preventing it from accessing sensitive resources or causing harm to the system. Sandboxing is commonly used in web browsers, mobile applications, and operating systems to enhance security and protect against potential threats.

4. 44. A corporate executive lost their smartphone while on an overseas business trip. The phone was equipped with file encryption and secured with a strong passphrase. The phone contained over 60GB of proprietary data. Given this scenario, which of the following is the BEST course of action?

File an insurance claim and assure the executive the data is secure because it is encrypted.

Immediately implement a plan to remotely wipe all data from the device.

Have the executive change all passwords and issue the executive a new phone.

Execute a plan to remotely disable the device and report the loss to the police.

The best course of action in this scenario is to immediately implement a plan to remotely wipe all data from the lost smartphone. This is because the phone contained over 60GB of proprietary data, which could be sensitive and valuable to the company. By remotely wiping the data, the company can ensure that the information does not fall into the wrong hands and minimize the risk of data breaches or unauthorized access. The other options, such as filing an insurance claim or changing passwords, may provide some level of security, but they do not address the immediate concern of protecting the sensitive data on the lost device.

Explanation

The best course of action in this scenario is to immediately implement a plan to remotely wipe all data from the lost smartphone. This is because the phone contained over 60GB of proprietary data, which could be sensitive and valuable to the company. By remotely wiping the data, the company can ensure that the information does not fall into the wrong hands and minimize the risk of data breaches or unauthorized access. The other options, such as filing an insurance claim or changing passwords, may provide some level of security, but they do not address the immediate concern of protecting the sensitive data on the lost device.

5. 47. A company has asked their network engineer to list the major advantages for implementing a virtual environment in regards to cost. Which of the following would MOST likely be selected?

Ease of patch testing

Reducing physical footprint

Reduced network traffic

Isolation of applications

Reducing physical footprint is the most likely advantage for implementing a virtual environment in regards to cost because it allows for consolidation of multiple physical servers onto a single virtual server, thereby reducing the amount of physical space required for housing the servers. This can result in cost savings related to data center space, power consumption, cooling, and maintenance.

Explanation

Reducing physical footprint is the most likely advantage for implementing a virtual environment in regards to cost because it allows for consolidation of multiple physical servers onto a single virtual server, thereby reducing the amount of physical space required for housing the servers. This can result in cost savings related to data center space, power consumption, cooling, and maintenance.

6. 48. The security administrator has been tasked with providing a solution that would not only eliminate the need for physical desktops, but would also centralize the location of all desktop applications, without losing physical control of any network devices. Which of the following would the security manager MOST likely implement?

VLANs

VDI

PaaS

IaaS

The security administrator would most likely implement VDI (Virtual Desktop Infrastructure) as a solution to eliminate the need for physical desktops and centralize the location of all desktop applications. VDI allows for virtual desktops to be hosted on a centralized server, which can be accessed remotely by users. This eliminates the need for physical desktops while still providing control over network devices. VLANs (Virtual Local Area Networks) would not directly address the need for eliminating physical desktops and centralizing desktop applications. PaaS (Platform as a Service) and IaaS (Infrastructure as a Service) are cloud computing models that may not directly address the specific requirements mentioned in the question.

Explanation

The security administrator would most likely implement VDI (Virtual Desktop Infrastructure) as a solution to eliminate the need for physical desktops and centralize the location of all desktop applications. VDI allows for virtual desktops to be hosted on a centralized server, which can be accessed remotely by users. This eliminates the need for physical desktops while still providing control over network devices. VLANs (Virtual Local Area Networks) would not directly address the need for eliminating physical desktops and centralizing desktop applications. PaaS (Platform as a Service) and IaaS (Infrastructure as a Service) are cloud computing models that may not directly address the specific requirements mentioned in the question.

7. 40. A security manager at Company ABC, needs to perform a risk assessment of a new mobile device which the Chief Information Officer (CIO) wants to immediately deploy to all employees in the company. The product is commercially available, runs a popular mobile operating system, and can connect to IPv6 networks wirelessly. The model the CIO wants to procure also includes the upgraded 160GB solid state hard drive. The producer of the device will not reveal exact numbers but experts estimate that over 73 million of the devices have been sold worldwide. Which of the following is the BEST list of factors the security manager should consider while performing a risk assessment?

The security manager should consider the ability to remotely wipe the devices, apply security controls remotely, and encrypt the SSD. This is important to ensure that in case of loss or theft, sensitive data can be protected and the devices can be remotely controlled. The track record of the vendor in publicizing and correcting security flaws in their products is also important as it indicates their commitment to addressing vulnerabilities. Additionally, the predicted costs associated with maintaining, integrating, and securing the devices should be considered to assess the financial implications of deploying the new mobile devices.

Explanation

The security manager should consider the ability to remotely wipe the devices, apply security controls remotely, and encrypt the SSD. This is important to ensure that in case of loss or theft, sensitive data can be protected and the devices can be remotely controlled. The track record of the vendor in publicizing and correcting security flaws in their products is also important as it indicates their commitment to addressing vulnerabilities. Additionally, the predicted costs associated with maintaining, integrating, and securing the devices should be considered to assess the financial implications of deploying the new mobile devices.

8. 52. The security administrator is worried about possible SPIT attacks against the VoIP system. Which of the following security controls would MOST likely need to be implemented to detect this type of attack?

SIP and SRTP traffic analysis

QoS audit on Layer 3 devices

IP and MAC filtering logs

Email spam filter log

To detect SPIT (Spam over Internet Telephony) attacks on the VoIP system, implementing SIP (Session Initiation Protocol) and SRTP (Secure Real-time Transport Protocol) traffic analysis would be the most suitable security control. SPIT attacks involve the mass distribution of unsolicited and unwanted voice messages, similar to email spam. By analyzing the SIP and SRTP traffic, the security administrator can identify patterns and anomalies that indicate potential SPIT attacks, allowing for timely detection and mitigation of such threats. The other options, such as QoS audit, IP and MAC filtering logs, and email spam filter logs, are not directly related to detecting SPIT attacks.

Explanation

To detect SPIT (Spam over Internet Telephony) attacks on the VoIP system, implementing SIP (Session Initiation Protocol) and SRTP (Secure Real-time Transport Protocol) traffic analysis would be the most suitable security control. SPIT attacks involve the mass distribution of unsolicited and unwanted voice messages, similar to email spam. By analyzing the SIP and SRTP traffic, the security administrator can identify patterns and anomalies that indicate potential SPIT attacks, allowing for timely detection and mitigation of such threats. The other options, such as QoS audit, IP and MAC filtering logs, and email spam filter logs, are not directly related to detecting SPIT attacks.

9. 36. After implementing port security, restricting all network traffic into and out of a network, migrating to IPv6, installing NIDS, firewalls, spam and application filters, a security administer is convinced that the network is secure. The administrator now focuses on securing the hosts on the network, starting with the servers. Which of the following is the MOST complete list of end-point security software the administrator could plan to implement?

Anti-malware/virus/spyware/spam software, as well as a host based firewall and strong, twofactorauthentication.

Anti-virus/spyware/spam software, as well as a host based IDS, firewall, and strong three-factorauthentication.

Anti-malware/virus/spyware/spam software, as well as a host based firewall and biometricauthentication.

Anti-malware/spam software, as well as a host based firewall and strong, three-factorauthentication.

The administrator should implement anti-malware/virus/spyware/spam software to protect the servers from malicious software and spam. A host-based firewall should be implemented to monitor and control network traffic to and from the servers. Strong two-factor authentication should be used to ensure that only authorized individuals can access the servers. This combination of software and authentication measures will provide a comprehensive approach to securing the hosts on the network.

Explanation

The administrator should implement anti-malware/virus/spyware/spam software to protect the servers from malicious software and spam. A host-based firewall should be implemented to monitor and control network traffic to and from the servers. Strong two-factor authentication should be used to ensure that only authorized individuals can access the servers. This combination of software and authentication measures will provide a comprehensive approach to securing the hosts on the network.

10. 35. A security administrator needs a secure computing solution to use for all of the company's security audit log storage, and to act as a central server to execute security functions from. Which of the following is the BEST option for the server in this scenario?

A hardened Red Hat Enterprise Linux implementation running a software firewall

Windows 7 with a secure domain policy and smartcard based authentication

A hardened bastion host with a permit all policy implemented in a software firewall

Solaris 10 with trusted extensions or SE Linux with a trusted policy

Solaris 10 with trusted extensions or SE Linux with a trusted policy is the best option for the server in this scenario because both Solaris 10 and SE Linux have strong security features and trusted extensions/policies that can ensure the secure storage of security audit logs and execute security functions. These operating systems provide robust access controls, mandatory access controls, and isolation mechanisms, making them suitable for handling sensitive security data and performing security-related tasks.

Explanation

Solaris 10 with trusted extensions or SE Linux with a trusted policy is the best option for the server in this scenario because both Solaris 10 and SE Linux have strong security features and trusted extensions/policies that can ensure the secure storage of security audit logs and execute security functions. These operating systems provide robust access controls, mandatory access controls, and isolation mechanisms, making them suitable for handling sensitive security data and performing security-related tasks.

11. 42. A small company has a network with 37 workstations, 3 printers, a 48 port switch, an enterprise class router, and a firewall at the boundary to the ISP. The workstations have the latest patches and all have up-to-date anti-virus software. User authentication is a two-factor system with fingerprint scanners and passwords. Sensitive data on each workstation is encrypted. The network is configured to use IPv4 and is a standard Ethernet network. The network also has a captive portal based wireless hot-spot to accommodate visitors. Which of the following is a problem with the security posture of this company?

No effective controls in place

No transport security controls are implemented

Insufficient user authentication controls are implemented

IPv6 is not incorporated in the network

The problem with the security posture of this company is that no transport security controls are implemented. While the company has taken measures to secure the workstations, such as patching, antivirus software, and encryption of sensitive data, it has not implemented any controls to secure the transmission of data over the network. This means that data sent between the workstations, printers, switch, router, and firewall is not protected from unauthorized access or interception. Without transport security controls, the company's network is vulnerable to attacks and data breaches.

Explanation

The problem with the security posture of this company is that no transport security controls are implemented. While the company has taken measures to secure the workstations, such as patching, antivirus software, and encryption of sensitive data, it has not implemented any controls to secure the transmission of data over the network. This means that data sent between the workstations, printers, switch, router, and firewall is not protected from unauthorized access or interception. Without transport security controls, the company's network is vulnerable to attacks and data breaches.

12. 33. A network engineer at Company ABC observes the following raw HTTP request: GET /disp_reports.php?SectionEntered=57&GroupEntered=-1&report_type=alerts&to_date=01- 01-0101&Run= Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10-2010&TypesEntered=1 HTTP/1.1 Host: test.example.net Accept: */* Accept-LanguagE. en Connection: close CookiE. java14=1; java15=1; java16=1; js=1292192278001; Which of the following should be the engineer's GREATEST concern?

The HTTPS is not being enforced so the system is vulnerable.

The numerical encoding on the session ID is limited to hexadecimal characters, making itsusceptible to a brute force attack.

Sensitive data is transmitted in the URL.

The dates entered are outside a normal range, which may leave the system vulnerable to adenial of service attack.

The engineer's greatest concern should be that sensitive data is being transmitted in the URL. This can pose a security risk as the data can be easily intercepted and accessed by unauthorized individuals. It is recommended to transmit sensitive data through secure methods such as HTTPS to ensure its confidentiality and integrity.

Explanation

The engineer's greatest concern should be that sensitive data is being transmitted in the URL. This can pose a security risk as the data can be easily intercepted and accessed by unauthorized individuals. It is recommended to transmit sensitive data through secure methods such as HTTPS to ensure its confidentiality and integrity.

13. 37. A security architect is assigned to a major software development project. The software development team has a history of writing bug prone, inefficient code, with multiple security flaws in every release. The security architect proposes implementing secure coding standards to the project manager. The secure coding standards will contain detailed standards for:

Error handling, input validation, memory use and reuse, race condition handling, commenting,and preventing typical security problems.

Error prevention, requirements validation, memory use and reuse, commenting typical securityproblems, and testing code standards.

Error elimination, trash collection, documenting race conditions, peer review, and typicalsecurity problems.

Error handling, input validation, commenting, preventing typical security problems, managingcustomers, and documenting extra requirements.

The security architect proposes implementing secure coding standards that include error handling, input validation, memory use and reuse, race condition handling, commenting, and preventing typical security problems. This means that the architect wants to establish guidelines and practices for the development team to follow in order to address these specific areas of concern. By implementing these standards, the team can reduce the number of bugs, improve code efficiency, and enhance the overall security of the software.

Explanation

The security architect proposes implementing secure coding standards that include error handling, input validation, memory use and reuse, race condition handling, commenting, and preventing typical security problems. This means that the architect wants to establish guidelines and practices for the development team to follow in order to address these specific areas of concern. By implementing these standards, the team can reduce the number of bugs, improve code efficiency, and enhance the overall security of the software.

14. 46. A certain script was recently altered by the author to meet certain security requirements, and needs to be executed on several critical servers. Which of the following describes the process of ensuring that the script being used was not altered by anyone other than the author?

Digital encryption

Digital signing

Password entropy

Code signing

Code signing is the process of digitally signing a script or software to ensure that it has not been altered by anyone other than the author. It involves using a cryptographic algorithm to create a unique signature for the script, which can be verified by the recipient. This provides assurance that the script has not been tampered with during transmission or storage. Digital encryption, digital signing, and password entropy are not directly related to verifying the integrity of a script.

Explanation

Code signing is the process of digitally signing a script or software to ensure that it has not been altered by anyone other than the author. It involves using a cryptographic algorithm to create a unique signature for the script, which can be verified by the recipient. This provides assurance that the script has not been tampered with during transmission or storage. Digital encryption, digital signing, and password entropy are not directly related to verifying the integrity of a script.

15. 57. An Information Security Officer (ISO) has asked a security team to randomly retrieve discarded computers from the warehouse dumpster. The security team was able to retrieve two older computers and a broken MFD network printer. The security team was able to connect the hard drives from the two computers and the network printer to a computer equipped with forensic tools. The security team was able to retrieve PDF files from the network printer hard drive but the data on the two older hard drives was inaccessible. Which of the following should the Warehouse Manager do to remediate the security issue?

Revise the hardware and software maintenance contract.

Degauss the printer hard drive to delete data.

Implement a new change control process.

Update the hardware decommissioning procedures.

The security issue in this scenario is that the data on the two older hard drives was inaccessible, indicating that the hardware decommissioning procedures were not effective. To remediate this issue, the Warehouse Manager should update the hardware decommissioning procedures to ensure that all data is properly wiped and inaccessible before discarding the computers. This will help prevent sensitive information from being retrieved from discarded devices in the future.

Explanation

The security issue in this scenario is that the data on the two older hard drives was inaccessible, indicating that the hardware decommissioning procedures were not effective. To remediate this issue, the Warehouse Manager should update the hardware decommissioning procedures to ensure that all data is properly wiped and inaccessible before discarding the computers. This will help prevent sensitive information from being retrieved from discarded devices in the future.

16. 58. Which of the following precautions should be taken to harden network devices in case of VMEscape?

Database servers should be on the same virtual server as web servers in the DMZ networksegment.

Web servers should be on the same physical server as database servers in the networksegment.

Virtual servers should only be on the same physical server as others in their network segment.

Physical servers should only be on the same WAN as other physical servers in their network.

To harden network devices in case of VMEscape, it is important to isolate virtual servers from each other. Placing virtual servers only on the same physical server as others in their network segment helps to prevent VMEscape attacks, as it limits the potential for lateral movement and containment breaches. This segregation ensures that if one virtual server is compromised, the attacker will have limited access to other virtual servers on different physical servers.

Explanation

To harden network devices in case of VMEscape, it is important to isolate virtual servers from each other. Placing virtual servers only on the same physical server as others in their network segment helps to prevent VMEscape attacks, as it limits the potential for lateral movement and containment breaches. This segregation ensures that if one virtual server is compromised, the attacker will have limited access to other virtual servers on different physical servers.

17. 54. On Monday, the Chief Information Officer (CIO) of a state agency received an e-discovery request for the release of all emails sent and received by the agency board of directors for the past five years. The CIO has contacted the email administrator and asked the administrator to provide the requested information by end of day on Friday. Which of the following has the GREATEST impact on the ability to fulfill the e-discovery request?

Data retention policy

Backup software and hardware

Email encryption software

Data recovery procedures

The data retention policy has the greatest impact on the ability to fulfill the e-discovery request. A data retention policy outlines how long data should be retained and how it should be managed. If the agency has a well-defined and comprehensive data retention policy, it will be easier to locate and provide the requested emails. Without a clear policy, it may be more difficult to locate and retrieve the emails within the given timeframe. Backup software and hardware, email encryption software, and data recovery procedures are important, but they do not directly address the ability to fulfill the specific e-discovery request.

Explanation

The data retention policy has the greatest impact on the ability to fulfill the e-discovery request. A data retention policy outlines how long data should be retained and how it should be managed. If the agency has a well-defined and comprehensive data retention policy, it will be easier to locate and provide the requested emails. Without a clear policy, it may be more difficult to locate and retrieve the emails within the given timeframe. Backup software and hardware, email encryption software, and data recovery procedures are important, but they do not directly address the ability to fulfill the specific e-discovery request.

18. 43. Statement: "The system shall implement measures to notify system administrators prior to a security incident occurring." Which of the following BEST restates the above statement to allow it to be implemented by a team of software developers?

The system shall cease processing data when certain configurable events occur.

The system shall continue processing in the event of an error and email the securityadministrator the error logs.

The system shall halt on error.

The system shall throw an error when specified incidents pass a configurable threshold.

The correct answer is the option that states "The system shall throw an error when specified incidents pass a configurable threshold." This answer restates the original statement by specifying that the system should generate an error when certain incidents exceed a predefined threshold. This allows the software developers to implement a mechanism that notifies system administrators of potential security incidents before they occur.

Explanation

The correct answer is the option that states "The system shall throw an error when specified incidents pass a configurable threshold." This answer restates the original statement by specifying that the system should generate an error when certain incidents exceed a predefined threshold. This allows the software developers to implement a mechanism that notifies system administrators of potential security incidents before they occur.

19. 34. Driven mainly by cost, many companies outsource computing jobs which require a large amount of processor cycles over a short duration to cloud providers. This allows the company to avoid a large investment in computing resources which will only be used for a short time. Assuming the provisioned resources are dedicated to a single company, which of the following is the MAIN vulnerability associated with on-demand provisioning?

Traces of proprietary data which can remain on the virtual machine and be exploited

Remnants of network data from prior customers on the physical servers during a compute job

Exposure of proprietary data when in-transit to the cloud provider through IPSec tunnels

Failure of the de-provisioning mechanism resulting in excessive charges for the resources

When companies outsource computing jobs to cloud providers, there is a risk that traces of proprietary data can remain on the virtual machine even after the job is completed. This poses a vulnerability as these traces can be exploited by unauthorized individuals, potentially leading to the exposure or misuse of sensitive information. Therefore, it is important for companies to ensure proper data sanitization measures are in place to mitigate this risk.

Explanation

When companies outsource computing jobs to cloud providers, there is a risk that traces of proprietary data can remain on the virtual machine even after the job is completed. This poses a vulnerability as these traces can be exploited by unauthorized individuals, potentially leading to the exposure or misuse of sensitive information. Therefore, it is important for companies to ensure proper data sanitization measures are in place to mitigate this risk.

20. 41. A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and well-written report from the independent contractor who performed a security assessment of the system. The report details what seems to be a manageable volume of infrequently exploited security vulnerabilities. The likelihood of a malicious attacker exploiting one of the vulnerabilities is low; however, the director still has some reservations about approving the system because of which of the following?

The resulting impact of even one attack being realized might cripple the company financially.

Government health care regulations for the pharmaceutical industry prevent the director fromapproving a system with vulnerabilities.

The director is new and is being rushed to approve a project before an adequate assessmenthas been performed.

The director should be uncomfortable accepting any security vulnerabilities and should find timeto correct them before the system is deployed.

The correct answer is that the resulting impact of even one attack being realized might cripple the company financially. This means that although the likelihood of a malicious attacker exploiting the vulnerabilities is low, the potential consequences of an attack could be severe and have a significant financial impact on the company. Therefore, the risk management director is justified in having reservations about approving the system.

Explanation

The correct answer is that the resulting impact of even one attack being realized might cripple the company financially. This means that although the likelihood of a malicious attacker exploiting the vulnerabilities is low, the potential consequences of an attack could be severe and have a significant financial impact on the company. Therefore, the risk management director is justified in having reservations about approving the system.

21. 49. A company has decided to relocate and the security manager has been tasked to perform a site survey of the new location to help in the design of the physical infrastructure. The current location has video surveillance throughout the building and entryways. The following requirements must be met: Able to log entry of all employees in and out of specific areas Access control into and out of all sensitive areas Tailgating prevention Which of the following would MOST likely be implemented to meet the above requirements and provide a secure solution? (Select TWO).

Discretionary Access control

Man trap

Visitor logs

Proximity readers

Motion detection sensors

To meet the requirements of logging entry of employees in and out of specific areas, access control into and out of sensitive areas, and tailgating prevention, the company would likely implement a man trap and proximity readers. A man trap is a physical security measure that consists of two doors, allowing only one person to enter or exit at a time, preventing unauthorized access. Proximity readers, on the other hand, use RFID or similar technology to grant access to authorized individuals, ensuring only those with the proper credentials can enter specific areas. Together, these measures provide a secure solution for the company's relocation.

Explanation

To meet the requirements of logging entry of employees in and out of specific areas, access control into and out of sensitive areas, and tailgating prevention, the company would likely implement a man trap and proximity readers. A man trap is a physical security measure that consists of two doors, allowing only one person to enter or exit at a time, preventing unauthorized access. Proximity readers, on the other hand, use RFID or similar technology to grant access to authorized individuals, ensuring only those with the proper credentials can enter specific areas. Together, these measures provide a secure solution for the company's relocation.

Submit

22. 53. The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance department. The network administrator reviews the tickets and compiles the following information for the security administrator: ------ Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0 Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0 Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0 All callers are connected to the same switch and are routed by a router with five built-in interfaces. The upstream router interface's MAC is 00-01-42-32-ab-1a ------ The security administrator brings a laptop to the finance office, connects it to one of the wall jacks, starts up a network analyzer, and notices the following: 09:05:10.937590 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52) 09:05:15.934840 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52) 09:05:19.931482 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52) Which of the following can the security administrator determine from the above information?

A man in the middle attack is underway - implementing static ARP entries is a possible solution.

An ARP flood attack targeted at the router is causing intermittent communication –implementing IPS is a possible solution.

The default gateway is being spoofed - implementing static routing with MD5 is a possiblesolution.

The router is being advertised on a separate network - router reconfiguration is a possiblesolution.

From the given information, the security administrator notices that there are multiple ARP replies coming from the same MAC address (0:12:3f:f1:da:52) for the IP address 172.16.34.1. This indicates that there is an attacker intercepting the communication between the finance department and the router, suggesting a man-in-the-middle attack. To mitigate this, implementing static ARP entries can be a possible solution to ensure that only legitimate MAC addresses are associated with the IP addresses.

Explanation

From the given information, the security administrator notices that there are multiple ARP replies coming from the same MAC address (0:12:3f:f1:da:52) for the IP address 172.16.34.1. This indicates that there is an attacker intercepting the communication between the finance department and the router, suggesting a man-in-the-middle attack. To mitigate this, implementing static ARP entries can be a possible solution to ensure that only legitimate MAC addresses are associated with the IP addresses.

23. 56. A telecommunication company has recently upgraded their teleconference systems to multicast. Additionally, the security team has instituted a new policy which requires VPN to access the company's video conference. All parties must be issued a VPN account and must connect to the company's VPN concentrator to participate in the remote meetings. Which of the following settings will increase bandwidth utilization on the VPN concentrator during the remote meetings?

IPSec transport mode is enabled

ICMP is disabled

Split tunneling is disabled

NAT-traversal is enabled

Split tunneling allows users to access both the VPN and local network simultaneously. When split tunneling is disabled, all traffic from the user's device is routed through the VPN concentrator, increasing the bandwidth utilization on the concentrator. This means that during remote meetings, all traffic, including video conference data, will be sent through the VPN concentrator, resulting in increased bandwidth usage.

Explanation

Split tunneling allows users to access both the VPN and local network simultaneously. When split tunneling is disabled, all traffic from the user's device is routed through the VPN concentrator, increasing the bandwidth utilization on the concentrator. This means that during remote meetings, all traffic, including video conference data, will be sent through the VPN concentrator, resulting in increased bandwidth usage.

24. 59. Which of the following should be used with caution because of its ability to provide access to block level data instead of file level data?

CIFS

NFS

ISCSI

NAS

iSCSI should be used with caution because it has the ability to provide access to block level data instead of file level data. This means that iSCSI allows direct access to individual blocks of data on a storage device, bypassing the file system. While this can be advantageous in certain scenarios, it also requires careful management and can potentially lead to data corruption or loss if not handled properly. Therefore, caution should be exercised when using iSCSI to ensure proper configuration and monitoring of block-level access.

Explanation

iSCSI should be used with caution because it has the ability to provide access to block level data instead of file level data. This means that iSCSI allows direct access to individual blocks of data on a storage device, bypassing the file system. While this can be advantageous in certain scenarios, it also requires careful management and can potentially lead to data corruption or loss if not handled properly. Therefore, caution should be exercised when using iSCSI to ensure proper configuration and monitoring of block-level access.

25. 38. A number of security incidents have been reported involving mobile web-based code developed by a consulting company. Performing a root cause analysis, the security administrator of the consulting company discovers that the problem is a simple programming error that results in extra information being loaded into the memory when the proper format is selected by the user. After repeating the process several times, the security administrator is able to execute unintentional instructions through this method. Which of the following BEST describes the problem that is occurring, a good mitigation technique to use to prevent future occurrences, and why it a security concern?

The correct answer is "Problem: Buffer overflow, Mitigation Technique: Secure coding standards, Security Concern: Exposes the company to liability buffer overflows and can enable malicious actors to compromise the confidentiality/availability of the data." In this scenario, the extra information being loaded into memory when the proper format is selected by the user indicates a buffer overflow vulnerability. This vulnerability can be mitigated by following secure coding standards, which ensure that input is properly validated to prevent buffer overflows. Buffer overflows are a security concern because they can lead to unauthorized access and compromise the confidentiality and availability of data.

Explanation

The correct answer is "Problem: Buffer overflow, Mitigation Technique: Secure coding standards, Security Concern: Exposes the company to liability buffer overflows and can enable malicious actors to compromise the confidentiality/availability of the data." In this scenario, the extra information being loaded into memory when the proper format is selected by the user indicates a buffer overflow vulnerability. This vulnerability can be mitigated by following secure coding standards, which ensure that input is properly validated to prevent buffer overflows. Buffer overflows are a security concern because they can lead to unauthorized access and compromise the confidentiality and availability of data.

26. 39. A security administrator has been conducting a security assessment of Company XYZ for the past two weeks. All of the penetration tests and other assessments have revealed zero flaws in the systems at Company XYZ. However, Company XYZ reports that it has been the victim of numerous security incidents in the past six months. In each of these incidents, the criminals have managed to exfiltrate large volumes of data from the secure servers at the company. Which of the following techniques should the investigation team consider in the next phase of their assessment in hopes of uncovering the attack vector the criminals used?

Vulnerability assessment

Code review

Social engineering

Reverse engineering

The investigation team should consider social engineering in the next phase of their assessment. Even though the penetration tests and other assessments have revealed no flaws in the systems, the fact that the criminals were able to exfiltrate large volumes of data suggests that they may have used social engineering techniques to exploit human vulnerabilities rather than technical vulnerabilities. Social engineering involves manipulating individuals into performing actions or divulging confidential information, and it is a common attack vector used by criminals to gain unauthorized access to secure systems. Therefore, investigating social engineering can help uncover the attack vector used by the criminals in these incidents.

Explanation

The investigation team should consider social engineering in the next phase of their assessment. Even though the penetration tests and other assessments have revealed no flaws in the systems, the fact that the criminals were able to exfiltrate large volumes of data suggests that they may have used social engineering techniques to exploit human vulnerabilities rather than technical vulnerabilities. Social engineering involves manipulating individuals into performing actions or divulging confidential information, and it is a common attack vector used by criminals to gain unauthorized access to secure systems. Therefore, investigating social engineering can help uncover the attack vector used by the criminals in these incidents.

27. 55. A company is evaluating a new marketing strategy involving the use of social networking sites to reach its customers. The marketing director wants to be able to report important company news, product updates, and special promotions on the social websites. After an initial and successful pilot period, other departments want to use the social websites to post their updates as well. The Chief Information Officer (CIO) has asked the company security administrator to document three negative security impacts of allowing IT staff to post work related information on such websites. Which of the following are the major risks the security administrator should report back to the CIO? (Select THREE).

Brute force attacks

Malware infection

DDOS attacks

Phishing attacks

SQL injection attacks

Social engineering attacks

The major risks that the security administrator should report back to the CIO are malware infection, phishing attacks, and social engineering attacks. Allowing IT staff to post work-related information on social networking sites increases the risk of malware infection, as malicious links or downloads can be disguised as legitimate updates. Phishing attacks can also occur, where attackers impersonate the company and trick employees or customers into revealing sensitive information. Additionally, social engineering attacks can be facilitated through the information shared on social networking sites, as attackers can manipulate employees into divulging confidential information or granting unauthorized access.

Explanation

The major risks that the security administrator should report back to the CIO are malware infection, phishing attacks, and social engineering attacks. Allowing IT staff to post work-related information on social networking sites increases the risk of malware infection, as malicious links or downloads can be disguised as legitimate updates. Phishing attacks can also occur, where attackers impersonate the company and trick employees or customers into revealing sensitive information. Additionally, social engineering attacks can be facilitated through the information shared on social networking sites, as attackers can manipulate employees into divulging confidential information or granting unauthorized access.

Submit

28. 60. Which of the following can aid a buffer overflow attack to execute when used in the creation of applications?

Secure cookie storage

Standard libraries

State management

Input validation

Standard libraries can aid a buffer overflow attack when used in the creation of applications. Standard libraries are pre-written code that developers use to perform common tasks. If these libraries contain vulnerabilities or are not properly implemented, they can be exploited by attackers to manipulate the application's memory and execute malicious code. This can lead to a buffer overflow attack, where an attacker overflows a buffer with excessive data, causing it to overwrite adjacent memory and potentially execute arbitrary code. Therefore, it is crucial to use secure and properly implemented standard libraries to mitigate the risk of buffer overflow attacks.

Explanation

Standard libraries can aid a buffer overflow attack when used in the creation of applications. Standard libraries are pre-written code that developers use to perform common tasks. If these libraries contain vulnerabilities or are not properly implemented, they can be exploited by attackers to manipulate the application's memory and execute malicious code. This can lead to a buffer overflow attack, where an attacker overflows a buffer with excessive data, causing it to overwrite adjacent memory and potentially execute arbitrary code. Therefore, it is crucial to use secure and properly implemented standard libraries to mitigate the risk of buffer overflow attacks.

29. 45. A user logs into domain A using a PKI certificate on a smartcard protected by an 8 digit PIN. The credential is cached by the authenticating server in domain A. Later, the user attempts to access a resource in domain B. This initiates a request to the original authenticating server to somehow attest to the resource server in the second domain that the user is in fact who they claim to be. Which of the following is being described?

Authentication

Authorization

SAML

Kerberos

The correct answer is SAML (Security Assertion Markup Language). SAML is a widely used protocol for exchanging authentication and authorization data between parties, particularly in web-based applications. In this scenario, when the user attempts to access a resource in domain B, the original authenticating server in domain A uses SAML to provide an assertion or proof of the user's identity to the resource server in domain B, verifying that the user is who they claim to be. This allows the user to access the resource in domain B without having to go through the authentication process again.

Explanation

The correct answer is SAML (Security Assertion Markup Language). SAML is a widely used protocol for exchanging authentication and authorization data between parties, particularly in web-based applications. In this scenario, when the user attempts to access a resource in domain B, the original authenticating server in domain A uses SAML to provide an assertion or proof of the user's identity to the resource server in domain B, verifying that the user is who they claim to be. This allows the user to access the resource in domain B without having to go through the authentication process again.

30. 51. The company is about to upgrade a financial system through a third party, but wants to legally ensure that no sensitive information is compromised throughout the project. The project manager must also make sure that internal controls are set to mitigate the potential damage that one individual's actions may cause. Which of the following needs to be put in place to make certain both organizational requirements are met? (Select TWO).

Separation of duties

Forensic tasks

MOU

OLA

NDA

Job rotation

Separation of duties is needed to ensure that no single individual has complete control over sensitive information, reducing the risk of compromise. Non-Disclosure Agreements (NDA) are necessary to legally bind the third party and ensure that they do not disclose any sensitive information during the project.

Explanation

Separation of duties is needed to ensure that no single individual has complete control over sensitive information, reducing the risk of compromise. Non-Disclosure Agreements (NDA) are necessary to legally bind the third party and ensure that they do not disclose any sensitive information during the project.

Submit