CASP? 151-180 Quiz-9

1. 166. During user acceptance testing, the security administrator believes to have discovered an issue in the login prompt of the company's financial system. While entering the username and password, the program crashed and displayed the system command prompt. The security administrator believes that one of the fields may have been mistyped and wants to reproduce the issue to report it to the software developers. Which of the following should the administrator use to reproduce the issue?

The administrator should enter a username and use an offline password cracker in brute forcemode.

The administrator should use a network analyzer to determine which packet caused the systemto crash.

The administrator should extract the password file and run an online password cracker in bruteforce mode against the password file.

The administrator should run an online fuzzer against the login screen.

2. 162. The security manager is in the process of writing a business case to replace a legacy secure web gateway so as to meet an availability requirement of 99.9% service availability. According to the vendor, the newly acquired firewall has been rated with an MTBF of 10,000 hours and has an MTTR of 2 hours. This equates to 1.75 hours per year of downtime. Based on this, which of the following is the MOST accurate statement?

The firewall will meet the availability requirement because availability will be 99.98%.

The firewall will not meet the availability requirement because availability will be 85%.

The firewall will meet the availability requirement because availability will be 99.993%.

The firewall will not meet the availability requirement because availability will be 99.2%.

3. 172. The firm's CISO has been working with the Chief Procurement Officer (CPO) and the Senior Project Manager (SPM) on soliciting bids for a series of HIPS and NIPS products for a major installation in the firm's new Hong Kong office. After reviewing RFQs received from three vendors, the CPO and the SPM have not gained any real data regarding the specifications about any of the solutions and want that data before the procurement continues. Which of the following will the CPO and SPM have the CISO do at this point to get back on track in this procurement process?

Contact the three submitting vendor firms and have them submit supporting RFIs to providemore detailed information about their product solutions.

Provide the CPO and the SPM a personalized summary from what the CISO knows aboutthese three submitting vendors.

4. 176. A company decides to purchase COTS software. This can introduce new security risks to the network. Which of the following is the BEST description of why this is true?

5. 156. Which of the following implementations of a continuous monitoring risk mitigation strategy is correct?

6. 160. As part of a new wireless implementation, the Chief Information Officer's (CIO's) main objective is to immediately deploy a system that supports the 802.11r standard, which will help wireless VoIP devices in moving vehicles. However, the 802.11r standard was not ratified by the IETF. The wireless vendor's products do support the pre-ratification version of 802.11r. The security and network administrators have tested the product and do not see any security or compatibility issues; however, they are concerned that the standard is not yet final. Which of the following is the BEST way to proceed?

Purchase the equipment now, but do not use 802.11r until the standard is ratified.

Do not purchase the equipment now as the client devices do not yet support 802.11r.

Purchase the equipment now, as long as it will be firmware upgradeable to the final 802.11rstandard.

Do not purchase the equipment now; delay the implementation until the IETF has ratified thefinal 802.11r standard.

7. 154. The Chief Information Officer (CIO) of Company XYZ has returned from a large IT conference where one of the topics was defending against zero day attacks – specifically deploying third party patches to vulnerable software. Two months prior, the majority of the company systems were compromised because of a zero day exploit. Due to budget constraints the company only has operational systems. The CIO wants the Security Manager to research the use of these patches. Which of the following is the GREATEST concern with the use of a third party patch to mitigate another un-patched vulnerability?

The third party patch may introduce additional unforeseen risks and void the software licensesfor the patched applications.

The company’s patch management solution only supports patches and updates releaseddirectly by the vendor.

8. 173. To prevent a third party from identifying a specific user as having previously accessed a service provider through an SSO operation, SAML uses which of the following?

Transient identifiers

SOAP calls

Discovery profiles

Security bindings

9. 174. SAML entities can operate in a variety of different roles. Valid SAML roles include which of the following?

Attribute authority and certificate authority

Certificate authority and attribute requestor

Identity provider and service provider

Service provider and administrator

10. 152. Company GHI consolidated their network distribution so twelve network VLANs would be available over dual fiber links to a modular L2 switch in each of the company's six IDFs. The IDF modular switches have redundant switch fabrics and power supplies. Which of the following threats will have the GREATEST impact on the network and what is the appropriate remediation step?

Threat: 802.1q trunking attackRemediation: Enable only necessary VLANs for each port

Threat: Bridge loopRemediation: Enable spanning tree

Threat: VLAN hoppingRemediation: Enable only necessary VLANs for each port

Threat: VLAN hoppingRemediation: Enable ACLs on the IDF switch

11. 177. Which of the following is a security concern with deploying COTS products within the network?

12. 167. A security administrator wants to perform an audit of the company password file to ensure users are not using personal information such as addresses and birthdays as part of their password. The company employs 200,000 users, has virtualized environments with cluster and cloud-based computing resources, and enforces a minimum password length of 14 characters. Which of the following options is BEST suited to run the password auditing software and produce a report in the SHORTEST amount of time?

13. 163. What of the following vulnerabilities is present in the below source code file named 'AuthenticatedArea.php'? <html><head><title>AuthenticatedArea</title></head> <? include ("/inc/common.php"); $username = $_REQUEST['username']; if ($username != "") { echo "Your username is: " . $_REQUEST['username']; }else { header)("location: /login.php" } ?> </html>

Header manipulation

Account disclosure

Unvalidated file inclusion

Cross-site scripting

14. 170. A mid-level company is rewriting its security policies and has halted the rewriting progress because the company's executives believe that its major vendors, who have cultivated a strong personal and professional relationship with the senior level staff, have a good handle on compliance and regulatory standards. Therefore, the executive level managers are allowing vendors to play a large role in writing the policy. Having experienced this type of environment in previous positions, and being aware that vendors may not always put the company's interests first, the IT Director decides that while vendor support is important, it is critical that the company writes the policy objectively. Which of the following is the recommendation the IT Director should present to senior staff?

15. 175. A financial institution has decided to purchase a very expensive resource management system and has selected the product and vendor. The vendor is experiencing some minor, but public, legal issues. Senior management has some concerns on maintaining this system should the vendor go out of business. Which of the following should the Chief Information Security Officer (CISO) recommend to BEST limit exposure?

Include a source code escrow clause in the contract for this system.

Require proof-of-insurance by the vendor in the RFP for this system.

Include a penalty clause in the contract for this system.

Require on-going maintenance as part of the SLA for this system.

16. 164. There have been some failures of the company's customer-facing website. A security engineer has analyzed the root cause to be the WAF. System logs show that the WAF has been down for 14 total hours over the past month in four separate situations. One of these situations was a two hour scheduled maintenance activity aimed to improve the stability of the WAF. Which of the following is the MTTR, based on the last month's performance figures?

3 hours

3.5 hours

4 hours

4.666 hours

17. 151. An administrator implements a new PHP application into an existing website and discovers the newly added PHP pages do not work. The rest of the site also uses PHP and is functioning correctly. The administrator tested the new application on their personal workstation thoroughly before uploading to the server and did not run into any errors. Checking the Apache configuration file, the administrator verifies that the new virtual directory is added as listed: <VirtualHost *:80> DocumentRoot "/var/www" <Directory "/home/administrator/app"> AllowOveride none Order allow, deny Allow from all </Directory> </VirtualHost> Which of the following is MOST likely occurring so that this application does not run properly?

PHP is overriding the Apache security settings.

SELinux is preventing HTTP access to home directories.

PHP has not been restarted since the additions were added.

The directory had an explicit allow statement rather than the implicit deny.

18. 153. After a recent outbreak of malware attacks, the Chief Information Officer (CIO) tasks the new security manager with determining how to keep these attacks from reoccurring. The company has a standard image for all laptops/workstations and uses a host-based firewall and anti-virus. Which of the following should the security manager suggest to INCREASE each system's security level?

Upgrade all system’s to use a HIPS and require daily anti-virus scans.

Conduct a vulnerability assessment of the standard image and remediate findings.

Upgrade the existing NIDS to NIPS and deploy the system across all network segments.

Rebuild the standard image and require daily anti-virus scans of all PCs and laptops.

19. 171. A Chief Information Security Officer (CISO) has been trying to eliminate some IT security risks for several months. These risks are not high profile but still exist. Furthermore, many of these risks have been mitigated with innovative solutions. However, at this point in time, the budget is insufficient to deal with the risks. Which of the following risk strategies should be used?

Transfer the risks

Avoid the risks

Accept the risks

Mitigate the risks

20. 159. The security administrator reports that the physical security of the Ethernet network has been breached, but the fibre channel storage network was not breached. Why might this still concern the storage administrator? (Select TWO).

The storage network uses FCoE.

The storage network uses iSCSI.

The storage network uses vSAN.

The storage network uses switch zoning.

The storage network uses LUN masking.

Submit

21. 165. To support a software security initiative business case, a project manager needs to provide a cost benefit analysis. The project manager has asked the security consultant to perform a return on investment study. It has been estimated that by spending $300,000 on the software security initiative, a 30% savings in cost will be realized for each project. Based on an average of 8 software projects at a current cost of $50,000 each, how many years will it take to see a positive ROI?

Nearly four years

Nearly six years

Within the first year

Nearly three years

22. 180. Unit testing for security functionality and resiliency to attack, as well as developing secure code and exploit mitigation, occur in which of the following phases of the Secure Software Development Lifecycle?

Secure Software Requirements

Secure Software Implementation

Secure Software Design

Software Acceptance

23. 155. When planning a complex system architecture, it is important to build in mechanisms to secure log information, facilitate audit log reduction, and event correlation. Besides synchronizing system time across all devices through NTP, which of the following is also a common design consideration for remote locations?

Two factor authentication for all incident responders

A central SYSLOG server for collecting all logs

A distributed SIEM with centralized sensors

A SIEM server with distributed sensors

24. 169. The security administrator at 'company.com' is reviewing the network logs and notices a new UDP port pattern where the amount of UDP port 123 packets has increased by 20% above the baseline. The administrator runs a packet capturing tool from a server attached to a SPAN port and notices the following. UDP 192.168.0.1:123 -> 172.60.3.0:123 UDP 192.168.0.36:123 -> time.company.com UDP 192.168.0.112:123 -> 172.60.3.0:123 UDP 192.168.0.91:123 -> time.company.com UDP 192.168.0.211:123 -> 172.60.3.0:123 UDP 192.168.0.237:123 -> time.company.com UDP 192.168.0.78:123 -> 172.60.3.0:123 The corporate HIPS console reports an MD5 hash mismatch on the svchost.exe file of the following computers: 192.168.0.1 192.168.0.112 192.168.0.211 192.168.0.78 Which of the following should the security administrator report to upper management based on the above output?

An NTP client side attack successfully exploited some hosts.

A DNS cache poisoning successfully exploited some hosts.

An NTP server side attack successfully exploited some hosts.

A DNS server side attack successfully exploited some hosts.

25. 179. The security team for Company XYZ has determined that someone from outside the organization has obtained sensitive information about the internal organization by querying the external DNS server of the company. The security manager is tasked with making sure this problem does not occur in the future. How would the security manager address this problem?

26. 161. A firm's Chief Executive Officer (CEO) is concerned that its IT staff lacks the knowledge to identify complex vulnerabilities that may exist in the payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted, in a risk management meeting that code base confidentiality is of upmost importance to allow the company to exceed the competition in terms of product reliability, stability and performance. The CEO also highlighted that company reputation for secure products is extremely important. Which of the following will provide the MOST thorough testing and satisfy the CEO's requirements?

Use the security assurance team and development team to perform Grey box testing.

Sign a NDA with a large consulting firm and use the firm to perform Black box testing.

Use the security assurance team and development team to perform Black box testing.

Sign a NDA with a small consulting firm and use the firm to perform Grey box testing.

27. 168. The network administrator has been tracking the cause of network performance problems and decides to take a look at the internal and external router stats.

The IP TOS field of business related network traffic should be modified accordingly.

The TCP flags of business related traffic should be modified accordingly.

An ACL should be placed on the external router to drop incoming ICMP packets.

An ACL should be placed on the internal router to drop layer 4 packets to and from port 0.

28. 158. A system architect has the following constraints from the customer: Confidentiality, Integrity, and Availability (CIA) are all of equal importance. Average availability must be at least 6 nines (99.9999%). All devices must support collaboration with every other user device. All devices must be VoIP and teleconference ready. Which of the following security controls is the BEST to apply to this architecture?

29. 157. A corporation relies on a server running a trusted operating system to broker data transactions between different security zones on their network. Each zone is a separate domain and the only connection between the networks is via the trusted server. The three zones at the corporation are as followeD. Zone A connects to a network, which is also connected to the Internet through a router. Zone B to a closed research and development network. Zone C to an intermediary switch supporting a SAN, dedicated to long-term audit log and file storage, so the corporation meets compliance requirements. A firewall is deployed on the inside edge of the Internet connected router. Which of the following is the BEST location to place other security equipment?

HIPS on all hosts in Zone A and B, and an antivirus and patch server in Zone C.

A WAF on the switch in Zone C, an additional firewall in Zone A, and an antivirus server inZone B.

A NIDS on the switch in Zone C, a WAF in Zone A, and a firewall in Zone B.

30. 178. The database team has suggested deploying a SOA based system across the enterprise. The Chief Information Officer (CIO) has decided to consult the security manager about the risk implications for adopting this architecture. Which of the following are concerns that the security manager should present to the CIO concerning the SOA system? (Select TWO).

Users and services are centralized and only available within the enterprise.

Users and services are distributed, often times over the Internet

SOA centrally manages legacy systems, and opens the internal network to vulnerabilities.

SOA abstracts legacy systems as a virtual device and is susceptible to VMEscape.

SOA abstracts legacy systems as web services, which are often exposed to outside threats.