CASP ? 91-120

1. 95. Company Z is merging with Company A to expand its global presence and consumer base. This purchase includes several offices in different countries. To maintain strict internal security and compliance requirements, all employee activity may be monitored and reviewed. Which of the following would be the MOST likely cause for a change in this practice?

The excessive time it will take to merge the company’s information systems.

Countries may have different legal or regulatory requirements.

Company A might not have adequate staffing to conduct these reviews.

The companies must consolidate security policies during the merger.

2. 106. A wholesaler has decided to increase revenue streams by selling direct to the public through an on-line system. Initially this will be run as a short term trial and if profitable, will be expanded and form part of the day to day business. The risk manager has raised two main business risks for the initial trial: 1. IT staff has no experience with establishing and managing secure on-line credit card processing. 2. An internal credit card processing system will expose the business to additional compliance requirements. Which of the following is the BEST risk mitigation strategy?

Transfer the risks to another internal department, who have more resources to accept the risk.

Accept the risks and log acceptance in the risk register. Once the risks have been acceptedclose them out.

Transfer the initial risks by outsourcing payment processing to a third party service provider.

Mitigate the risks by hiring additional IT staff with the appropriate experience and certifications.

3. Virtual hosts with different security requirements should be:

Encrypted with a one-time password.

Stored on separate physical hosts.

Moved to the cloud.

Scanned for vulnerabilities regularly.

4. When Company A and Company B merged, the network security administrator for Company A was tasked with joining the two networks. Which of the following should be done FIRST?

Implement a unified IPv6 addressing scheme on the entire network.

Conduct a penetration test of Company B’s network.

Perform a vulnerability assessment on Company B’s network.

Perform a peer code review on Company B’s application.

5. 100. After a security incident, an administrator revokes the SSL certificate for their web server www.company.com. Later, users begin to inform the help desk that a few other servers are generating certificate errors: ftp.company.com, mail.company.com, and partners.company.com. Which of the following is MOST likely the reason for this?

Each of the servers used the same EV certificate.

The servers used a wildcard certificate.

The web server was the CA for the domain.

Revoking a certificate can only be done at the domain level.

6. 99. An administrator is reviewing a recent security audit and determines that two users in finance also have access to the human resource data. One of those users fills in for any HR employees on vacation, the other user only works in finance. Which of the following policies is being violated by the finance user according to the audit results?

Mandatory vacation

Non-disclosure

Job rotation

Least privilege

7. 104. A legacy system is not scheduled to be decommissioned for two years and requires the use of the standard Telnet protocol. Which of the following should be used to mitigate the security risks of this system?

Migrate the system to IPv6.

Migrate the system to RSH.

Move the system to a secure VLAN.

Use LDAPs for authentication.

8. 98. An administrator is assessing the potential risk impact on an accounting system and categorizes it as follows: Administrative Files = {(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Low)} Vendor Information = {(Confidentiality, Moderate), (Integrity, Low), (Availability, Low)} Payroll Data = {(Confidentiality, High), (Integrity, Moderate), (Availability, Low)} Which of the following is the aggregate risk impact on the accounting system?

{(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Moderate)}

{(Confidentiality, High), (Integrity, Low), (Availability, Low)}

{(Confidentiality, High), (Integrity, Moderate), (Availability, Low)}

{(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Low)}

9. 105. An ISP is peering with a new provider and wishes to disclose which autonomous system numbers should be allowed through BGP for network transport. Which of the following should contain this information?

Memorandum of Understanding

Interconnection Security Agreement

Operating Level Agreement

Service Level Agreement

10. 92. Based on the results of a recent audit, a company rolled out a standard computer image in an effort to provide consistent security configurations across all computers. Which of the following controls provides the GREATEST level of certainty that unauthorized changes are not occurring?

Schedule weekly vulnerability assessments

Implement continuous log monitoring

Scan computers weekly against the baseline

Require monthly reports showing compliance with configuration and updates

11. Corporate policy states that the systems administrator should not be present during system audits. The security policy that states this is:

Separation of duties.

Mandatory vacation.

Non-disclosure agreement.

Least privilege.

12. 110. Which of the following activities could reduce the security benefits of mandatory vacations?

Have a replacement employee run the same applications as the vacationing employee.

Have a replacement employee perform tasks in a different order from the vacationingemployee.

Have a replacement employee perform the job from a different workstation than the vacationingemployee.

Have a replacement employee run several daily scripts developed by the vacationingemployee.

13. 116. An administrator of a secure web server has several clients with top security clearance and prefers security over performance. By default, which of the following cipher suites would provide strong security, but at the same time the worst performance?

3DES - SHA

DES - MD5

Camellia - SHA

RC4 - MD5

14. 93. Due to a new regulation, a company has to increase active monitoring of security-related events to 24 hours a day. The security staff only has three full time employees that work during normal business hours. Instead of hiring new security analysts to cover the remaining shifts necessary to meet the monitoring requirement, the Chief Information Officer (CIO) has hired a Managed Security Service (MSS) to monitor events. Which of the following should the company do to ensure that the chosen MSS meets expectations?

Develop a memorandum of understanding on what the MSS is responsible to provide.

Create internal metrics to track MSS performance.

Establish a mutually agreed upon service level agreement.

Issue a RFP to ensure the MSS follows guidelines.

15. 114. A company has a primary DNS server at address 192.168.10.53 and a secondary server at 192.168.20.53. An administrator wants to secure a company by only allowing secure zone transfers to the secondary server. Which of the following should appear in the primary DNS configuration file to accomplish this?

Key company-key.{ algorithm hmac-rc4;secret "Hdue8du9jdknkhdoLksdlkeYEIks83K=";};

Key company-key.{algorithm hmac-md5;secret "Hdue8du9jdknkhdoLksdlkeYEIks83K=";key company-key.{algorithm hmac-md5;secret "Hdue8du9jdknkhdoLksdlkeYEIks83K=";};allow transfer { 192.168.10.53; }

Key company-key.{algorithm hmac-md5;secret "Hdue8du9jdknkhdoLksdlkeYEIks83K=";};allow transfer { 192.168.20.53; }

Key company-key.{algorithm hmac-rc4;secret "Hdue8du9jdknkhdoLksdlkeYEIks83K=";};allow transfer { 192.168.10.53; }algorithm hmac-rc4;secret "Hdue8du9jdknkhdoLksdlkeYEIks83K=";};allow transfer { 192.168.10.53; }

16. 108. The company is considering issuing non-standard tablet computers to executive management. Which of the following is the FIRST step the security manager should perform?

Apply standard security policy settings to the devices.

Set up an access control system to isolate the devices from the network.

Integrate the tablets into standard remote access systems.

Develop the use case for the devices and perform a risk analysis.

17. 120. Which of the following is the MOST secure way to ensure third party applications and introduce only acceptable risk?

Line by line code review and simulation; uncovers hidden vulnerabilities and allows for behaviorto be observed with minimal risk.

Technical exchange meetings with the application’s vendor; vendors have more in depthknowledge of the product.

Pilot trial; minimizes the impact to the enterprise while still providing services to enterpriseusers.

Full deployment with crippled features; allows for large scale testing and observation of theapplications security profile.

18. 94. The company's marketing department needs to provide more real-time interaction with its partners and consumers and decides to move forward with a presence on multiple social networking sites for sharing information. Which of the following minimizes the potential exposure of proprietary information?

Require each person joining the company’s social networking initiative to accept a nondisclosureagreement.

Establish a specific set of trained people that can release information on the organization’sbehalf.

Require a confidential statement be attached to all information released to the social networkingsites.

Establish a social media usage policy and provide training to all marketing employees.

19. 113. The Chief Information Security Officer (CISO) is researching ways to reduce the risk associated with administrative access of six IT staff members while enforcing separation of duties. In the case where an IT staff member is absent, each staff member should be able to perform all the necessary duties of their IT co-workers. Which of the following policies should the CISO implement to reduce the risk?

Require the use of an unprivileged account, and a second shared account only foradministrative purposes.

Require role-based security on primary role, and only provide access to secondary roles on acase-by-case basis.

Require separation of duties ensuring no single administrator has access to all systems.

Require on-going auditing of administrative activities, and evaluate against risk-based metrics.

20. 111. A database is hosting information assets with a computed CIA aggregate value of high. The database is located within a secured network zone where there is flow control between the client and datacenter networks. Which of the following is the MOST likely threat?

Inappropriate administrator access

Malicious code

Internal business fraud

Regulatory compliance

21. 109. When authenticating over HTTP using SAML, which of the following is issued to the authenticating user?

A symmetric key

A PKI ticket

An X.509 certificate

An assertion ticket

22. 115. An employee of a company files a complaint with a security administrator. While sniffing network traffic, the employee discovers that financially confidential emails were passing between two warehouse users. The two users deny sending confidential emails to each other. Which of the following security practices would allow for non-repudiation and prevent network sniffers from reading the confidential mail? (Select TWO).

Transport encryption

Authentication hashing

Digital signature

Legal mail hold

TSIG code signing

Submit

23. 118. A systems security consultant is hired by Corporation X to analyze the current enterprise network environment and make recommendations for increasing network security. It is the consultant's first day on the job. Which of the following network design considerations should the consultant consider? (Select THREE).

What hardware and software would work best for securing the network?

What corporate assets need to be protected?

What are the business needs of the organization?

What outside threats are most likely to compromise network security?

What is the budget for this project?

What time and resources are needed to carry out the security plan?

Submit

24. 97. A security incident happens three times a year on a company's web server costing the company $1,500 in downtime, per occurrence. The web server is only for archival access and is scheduled to be decommissioned in five years. The cost of implementing software to prevent this incident would be $15,000 initially, plus $1,000 a year for maintenance. Which of the following is the MOST cost-effective manner to deal with this risk?

Avoid the risk

Transfer the risk

Accept the risk

Mitigate the risk

25. 107. A large enterprise is expanding through the acquisition of a second corporation. Which of the following should be undertaken FIRST before connecting the networks of the newly formed entity?

A system and network scan to determine if all of the systems are secure.

Implement a firewall/DMZ system between the networks.

Develop a risk analysis for the merged networks.

Conduct a complete review of the security posture of the acquired corporation.

26. 119. The Chief Executive Officer (CEO) has asked a security project manager to provide recommendations on the breakout of tasks for the development of a new product. The CEO thinks that by assigning areas of work appropriately the overall security of the product will be increased, because staff will focus on their areas of expertise. Given the below groups and tasks select the BEST list of assignments. Groups: Networks, Development, Project Management, Security, Systems Engineering, Testing Tasks: Decomposing requirements, Secure coding standards, Code stability, Functional validation, Stakeholder engagement, Secure transport

SystemsEngineering. Decomposing requirementsDevelopment: Secure coding standardsTesting. Code stabilityProject Management: Stakeholder engagementSecurity: Secure transportNetworks: Functional validation

SystemsEngineering. Decomposing requirementsDevelopment: Code stabilityTesting. Functional validationProject Management: Stakeholder engagementSecurity: Secure coding standardsNetworks: Secure transport

SystemsEngineering. Functional validationDevelopment: Stakeholder engagementTesting. Code stabilityProject Management: Decomposing requirementsSecurity: Secure coding standardsNetworks: Secure transport

SystemsEngineering. Decomposing requirementsDevelopment: Stakeholder engagementTesting. Code stabilityProject Management: Functional validationSecurity: Secure coding standardsNetworks: Secure transport

27. 91. The sales division within a large organization purchased touch screen tablet computers for all 250 sales representatives in an effort to showcase the use of technology to its customers and increase productivity. This includes the development of a new product tracking application that works with the new platform. The security manager attempted to stop the deployment because the equipment and application are non-standard and unsupported within the organization. However, upper management decided to continue the deployment. Which of the following provides the BEST method for evaluating the potential threats?

Conduct a vulnerability assessment to determine the security posture of the new devices andthe application.

Benchmark other organization’s that already encountered this type of situation and apply allrelevant learning’s and industry best practices.

Work with the business to understand and classify the risk associated with the full lifecycle ofthe hardware and software deployment.

Develop a standard image for the new devices and migrate to a web application to eliminatelocally resident data.

28. 112. An organization recently upgraded its wireless infrastructure to support WPA2 and requires all clients to use this method. After the upgrade, several critical wireless clients fail to connect because they are only WEP compliant. For the foreseeable future, none of the affected clients have an upgrade path to put them into compliance with the WPA2 requirement. Which of the following provides the MOST secure method of integrating the non-compliant clients into the network?

Create a separate SSID and WEP key to support the legacy clients and enable detection ofrogue APs.

Create a separate SSID and WEP key on a new network segment and only allow requiredcommunication paths.

Create a separate SSID and require the legacy clients to connect to the wireless network usingcertificate-based 802.1x.

Create a separate SSID and require the use of dynamic WEP keys.

29. 96. An administrator wants to virtualize the company's web servers, application servers, and database servers. Which of the following should be done to secure the virtual host machines? (Select TWO).

Establish VLANs for each virtual guest's NIC on the virtual switch.

Enable virtual switch layer 2 security precautions.

Only access hosts through a secure management interface.

Distribute guests to hosts by application role or trust zone.

Restrict physical and network access to the host console.

Submit

30. 117. An administrator wants to integrate the Credential Security Support Provider (CredSSP) protocol network level authentication (NLA) into the remote desktop terminal services environment. Which of the following are supported authentication or encryption methods to use while implementing this? (Select THREE).

Kerberos

NTLM

RADIUS

TACACS+

TLS

HMAC

Camellia

Submit