CASP ? 241-272 END OF TEST

1. 242. A Physical Security Manager is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. The Security Manager has several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should the Security Manager suggest to BEST secure this environment?

Create an IP camera network and deploy NIPS to prevent unauthorized access.

Create an IP camera network and only allow SSL access to the cameras.

Create an IP camera network and deploy a proxy to authenticate users prior to accessing thecameras.

Create an IP camera network and restrict access to cameras from a single management host.

The Security Manager should suggest creating an IP camera network and deploying a proxy to authenticate users prior to accessing the cameras. Since the selected IP camera vendor does not have the ability to authenticate users at the camera level, deploying a proxy would provide an additional layer of security by requiring users to authenticate before accessing the cameras. This would prevent unauthorized people from viewing the video while allowing the security guard desks on different networks to view the cameras.

Explanation

The Security Manager should suggest creating an IP camera network and deploying a proxy to authenticate users prior to accessing the cameras. Since the selected IP camera vendor does not have the ability to authenticate users at the camera level, deploying a proxy would provide an additional layer of security by requiring users to authenticate before accessing the cameras. This would prevent unauthorized people from viewing the video while allowing the security guard desks on different networks to view the cameras.

2. 257. After three vendors submit their requested documentation, the CPO and the SPM can better understand what each vendor does and what solutions that they can provide. But now they want to see the intricacies of how these solutions can adequately match the requirements needed by the firm. Upon the directive of the CPO, the CISO should submit which of the following to the three submitting firms?

A T&M contract

An RFP

A FFP agreement

A new RFQ

The CPO and SPM have reviewed the documentation submitted by the vendors and now want to assess how well their solutions align with the firm's requirements. To do this, the CISO is instructed to submit an RFP (Request for Proposal) to the three vendors. An RFP is a formal document that outlines the specific needs and expectations of the firm and solicits detailed proposals from vendors on how they can meet those needs. By requesting an RFP, the CISO is seeking more information from the vendors to evaluate their solutions in greater depth.

Explanation

The CPO and SPM have reviewed the documentation submitted by the vendors and now want to assess how well their solutions align with the firm's requirements. To do this, the CISO is instructed to submit an RFP (Request for Proposal) to the three vendors. An RFP is a formal document that outlines the specific needs and expectations of the firm and solicits detailed proposals from vendors on how they can meet those needs. By requesting an RFP, the CISO is seeking more information from the vendors to evaluate their solutions in greater depth.

3. 262. Company ABC is planning to outsource its Customer Relationship Management system (CRM) and marketing / leads management to Company XYZ. Which of the following is the MOST important to be considered before going ahead with the service?

Internal auditors have approved the outsourcing arrangement.

Penetration testing can be performed on the externally facing web system.

Ensure there are security controls within the contract and the right to audit.

A physical site audit is performed on Company XYZ’s management / operation.

Before going ahead with the service, it is important to ensure that there are security controls within the contract and the right to audit. This is crucial because outsourcing the CRM and marketing/leads management system means that sensitive customer data will be shared with Company XYZ. By having security controls within the contract, Company ABC can ensure that appropriate measures are in place to protect the data and mitigate any potential security risks. Additionally, having the right to audit allows Company ABC to assess and verify the security measures implemented by Company XYZ, ensuring compliance with industry standards and regulations.

Explanation

Before going ahead with the service, it is important to ensure that there are security controls within the contract and the right to audit. This is crucial because outsourcing the CRM and marketing/leads management system means that sensitive customer data will be shared with Company XYZ. By having security controls within the contract, Company ABC can ensure that appropriate measures are in place to protect the data and mitigate any potential security risks. Additionally, having the right to audit allows Company ABC to assess and verify the security measures implemented by Company XYZ, ensuring compliance with industry standards and regulations.

4. 264. A data breach has occurred at Company A and as a result, the Chief Information Officer (CIO) has resigned. The CIO's laptop, cell phone and PC were all wiped of data per company policy. A month later, prosecutors in litigation with Company A suspect the CIO knew about the data breach long before it was discovered and have issued a subpoena requesting all the CIO's email from the last 12 months. The corporate retention policy recommends keeping data for no longer than 90 days. Which of the following should occur?

Inform the litigators that the CIOs information has been deleted as per corporate policy.

The correct answer is to restore the CIO's email from an email server backup and provide whatever is available up to the last 12 months from the subpoena date. This is because the prosecutors have issued a subpoena requesting all the CIO's email from the last 12 months, and it is necessary to comply with the legal request. Although the corporate retention policy recommends keeping data for no longer than 90 days, in this case, the data needs to be restored and provided to the prosecutors as it is relevant to the ongoing litigation.

Explanation

The correct answer is to restore the CIO's email from an email server backup and provide whatever is available up to the last 12 months from the subpoena date. This is because the prosecutors have issued a subpoena requesting all the CIO's email from the last 12 months, and it is necessary to comply with the legal request. Although the corporate retention policy recommends keeping data for no longer than 90 days, in this case, the data needs to be restored and provided to the prosecutors as it is relevant to the ongoing litigation.

5. 272. A University uses a card transaction system that allows students to purchase goods using their student ID. Students can put money on their ID at terminals throughout the campus. The security administrator was notified that computer science students have been using the network to illegally put money on their cards. The administrator would like to attempt to reproduce what the students are doing. Which of the following is the BEST course of action?

Notify the transaction system vendor of the security vulnerability that was discovered.

Use a protocol analyzer to reverse engineer the transaction system’s protocol.

Contact the computer science students and threaten disciplinary action if they continue theiractions.

Install a NIDS in front of all the transaction system terminals.

The best course of action is to use a protocol analyzer to reverse engineer the transaction system's protocol. By doing so, the security administrator can understand how the computer science students are illegally putting money on their cards and identify any vulnerabilities in the system. This will allow the administrator to take appropriate measures to patch the security holes and prevent further misuse of the network. Notifying the transaction system vendor and installing a NIDS may also be necessary steps, but understanding the protocol through reverse engineering is the first and most crucial step in addressing the issue.

Explanation

The best course of action is to use a protocol analyzer to reverse engineer the transaction system's protocol. By doing so, the security administrator can understand how the computer science students are illegally putting money on their cards and identify any vulnerabilities in the system. This will allow the administrator to take appropriate measures to patch the security holes and prevent further misuse of the network. Notifying the transaction system vendor and installing a NIDS may also be necessary steps, but understanding the protocol through reverse engineering is the first and most crucial step in addressing the issue.

6. 253. A small customer focused bank with implemented least privilege principles, is concerned about the possibility of branch staff unintentionally aiding fraud in their day to day interactions with customers. Bank staff has been encouraged to build friendships with customers to make the banking experience feel more personal. The security and risk team have decided that a policy needs to be implemented across all branches to address the risk. Which of the following BEST addresses the security and risk team's concerns?

Information disclosure policy

Awareness training

Job rotation

Option 4

Awareness training is the best option to address the security and risk team's concerns in this scenario. By providing training to the bank staff, they can be educated about the potential risks of unintentionally aiding fraud and how to identify and prevent such situations. This training will increase their awareness and knowledge, enabling them to make informed decisions and take appropriate actions while interacting with customers. It will also help them understand the importance of maintaining security measures and following least privilege principles, while still providing a personalized banking experience.

Explanation

Awareness training is the best option to address the security and risk team's concerns in this scenario. By providing training to the bank staff, they can be educated about the potential risks of unintentionally aiding fraud and how to identify and prevent such situations. This training will increase their awareness and knowledge, enabling them to make informed decisions and take appropriate actions while interacting with customers. It will also help them understand the importance of maintaining security measures and following least privilege principles, while still providing a personalized banking experience.

7. 254. A hosting company provides inexpensive guest virtual machines to low-margin customers. Customers manage their own guest virtual machines. Some customers want basic guarantees of logical separation from other customers and it has been indicated that some customers would like to have configuration control of this separation; whereas others want this provided as a valueadded service by the hosting company. Which of the following BEST meets these requirements?

The hosting company should install a hypervisor-based firewall and allow customers to manage this on an as-needed basis.

The hosting company should manage the hypervisor-based firewall; while allowing customersto configure their own host-based firewall.

Customers should purchase physical firewalls to protect their guest hosts and have the hostingcompany manage these if requested.

The best option to meet the requirements is for the hosting company to manage the hypervisor-based firewall, while allowing customers to configure their own host-based firewall. This solution provides logical separation between customers while also giving them the flexibility to customize their own firewall settings. By managing the hypervisor-based firewall, the hosting company can ensure that basic guarantees of logical separation are in place, while allowing customers to configure their own host-based firewall gives them control over their own security settings. This solution strikes a balance between customer needs and the hosting company's responsibilities.

Explanation

The best option to meet the requirements is for the hosting company to manage the hypervisor-based firewall, while allowing customers to configure their own host-based firewall. This solution provides logical separation between customers while also giving them the flexibility to customize their own firewall settings. By managing the hypervisor-based firewall, the hosting company can ensure that basic guarantees of logical separation are in place, while allowing customers to configure their own host-based firewall gives them control over their own security settings. This solution strikes a balance between customer needs and the hosting company's responsibilities.

8. 245. A manager who was attending an all-day training session was overdue entering bonus and payroll information for subordinates. The manager felt the best way to get the changes entered while in training was to log into the payroll system, and then activate desktop sharing with a trusted subordinate. The manager granted the subordinate control of the desktop thereby giving the subordinate full access to the payroll system. The subordinate did not have authorization to be in the payroll system. Another employee reported the incident to the security team. Which of the following would be the MOST appropriate method for dealing with this issue going forward?

Provide targeted security awareness training and impose termination for repeat violators.

Block desktop sharing and web conferencing applications and enable use only with approval.

Actively monitor the data traffic for each employee using desktop sharing or web conferencingapplications.

Permanently block desktop sharing and web conferencing applications and do not allow its useat the company.

The most appropriate method for dealing with this issue going forward would be to provide targeted security awareness training and impose termination for repeat violators. This incident highlights a lack of understanding regarding the importance of access controls and the potential risks associated with granting unauthorized access to sensitive systems. By providing targeted security awareness training, employees can be educated on the proper protocols and consequences of unauthorized access. Imposing termination for repeat violators will send a strong message that such actions are not tolerated and will help deter future incidents.

Explanation

The most appropriate method for dealing with this issue going forward would be to provide targeted security awareness training and impose termination for repeat violators. This incident highlights a lack of understanding regarding the importance of access controls and the potential risks associated with granting unauthorized access to sensitive systems. By providing targeted security awareness training, employees can be educated on the proper protocols and consequences of unauthorized access. Imposing termination for repeat violators will send a strong message that such actions are not tolerated and will help deter future incidents.

9. 252. A large corporation which is heavily reliant on IT platforms and systems is in financial difficulty and needs to drastically reduce costs in the short term to survive. The Chief Financial Officer (CFO) has mandated that all IT and architectural functions will be outsourced and a mixture of providers will be selected. One provider will manage the desktops for five years, another provider will manage the network for ten years, another provider will be responsible for security for four years, and an offshore provider will perform day to day business processing functions for two years. At the end of each contract the incumbent may be renewed or a new provider may be selected. Which of the following are the MOST likely risk implications of the CFO's business decision?

The CFO's decision to outsource different IT functions to multiple providers will result in the segregation of duties between these providers, which will adversely impact the strategic architecture of the organization. This means that the coordination and integration of different IT systems may be compromised. Additionally, vendor management costs will increase as the organization will need to manage multiple providers. The organization's flexibility to react to new market conditions will be reduced due to the complexity of managing multiple providers. Internal knowledge of IT systems will decline, making it more difficult for the organization to develop future platforms. Lastly, the implementation of security controls and updates may take longer as responsibility is divided among multiple providers.

Explanation

The CFO's decision to outsource different IT functions to multiple providers will result in the segregation of duties between these providers, which will adversely impact the strategic architecture of the organization. This means that the coordination and integration of different IT systems may be compromised. Additionally, vendor management costs will increase as the organization will need to manage multiple providers. The organization's flexibility to react to new market conditions will be reduced due to the complexity of managing multiple providers. Internal knowledge of IT systems will decline, making it more difficult for the organization to develop future platforms. Lastly, the implementation of security controls and updates may take longer as responsibility is divided among multiple providers.

10. 256. A developer is coding the crypto routine of an application that will be installed on a standard headless and diskless server connected to a NAS housed in the datacenter. The developer has written the following six lines of code to add entropy to the routine: 1 - If VIDEO input exists, use video data for entropy 2 - If AUDIO input exists, use audio data for entropy 3 - If MOUSE input exists, use mouse data for entropy 4 - IF KEYBOARD input exists, use keyboard data for entropy 5 - IF IDE input exists, use IDE data for entropy 6 - IF NETWORK input exists, use network data for entropy Which of the following lines of code will result in the STRONGEST seed when combined?

2 and 1

3 and 5

5 and 2

6 and 4

The lines of code 6 and 4 will result in the strongest seed when combined. This is because using network data (line 6) and keyboard data (line 4) for entropy will provide a diverse range of random input sources, making the seed stronger. The combination of these two inputs will increase the randomness and unpredictability of the seed, making it more secure for cryptographic purposes.

Explanation

The lines of code 6 and 4 will result in the strongest seed when combined. This is because using network data (line 6) and keyboard data (line 4) for entropy will provide a diverse range of random input sources, making the seed stronger. The combination of these two inputs will increase the randomness and unpredictability of the seed, making it more secure for cryptographic purposes.

11. 248. A security administrator wants to verify and improve the security of a business process which is tied to proven company workflow. The security administrator was able to improve security by applying controls that were defined by the newly released company security standard. Such controls included code improvement, transport encryption, and interface restrictions. Which of the following can the security administrator do to further increase security after having exhausted all the technical controls dictated by the company's security standard?

Modify the company standard to account for higher security and meet with upper managementfor approval to implement the new standard.

Conduct a gap analysis and recommend appropriate non-technical mitigating controls, andincorporate the new controls into the standard.

Conduct a risk analysis on all current controls, and recommend appropriate mechanisms toincrease overall security.

Modify the company policy to account for higher security, adapt the standard accordingly, andimplement new technical controls.

The security administrator should conduct a gap analysis to identify any shortcomings or vulnerabilities in the current security controls. Based on the findings of the analysis, the administrator can recommend non-technical mitigating controls, such as policies, procedures, and training, to address the identified gaps. These non-technical controls can complement the technical controls already in place, further increasing the overall security of the business process. The administrator should also incorporate these new controls into the company's security standard to ensure consistency and adherence to best practices.

Explanation

The security administrator should conduct a gap analysis to identify any shortcomings or vulnerabilities in the current security controls. Based on the findings of the analysis, the administrator can recommend non-technical mitigating controls, such as policies, procedures, and training, to address the identified gaps. These non-technical controls can complement the technical controls already in place, further increasing the overall security of the business process. The administrator should also incorporate these new controls into the company's security standard to ensure consistency and adherence to best practices.

12. 261. A WAF without customization will protect the infrastructure from which of the following attack combinations?

DDoS, DNS poisoning, Boink, Teardrop

Reflective XSS, HTTP exhaustion, Teardrop

SQL Injection, DOM based XSS, HTTP exhaustion

SQL Injection, CSRF, Clickjacking

A Web Application Firewall (WAF) is designed to protect the infrastructure from various types of attacks. In this case, the correct answer states that a WAF without customization will protect the infrastructure from SQL Injection, DOM based XSS, and HTTP exhaustion attacks. These are common types of attacks that target vulnerabilities in web applications. By detecting and blocking SQL Injection attempts, preventing Cross-Site Scripting attacks, and mitigating HTTP exhaustion attacks, the WAF can help safeguard the infrastructure from potential security breaches and data loss.

Explanation

A Web Application Firewall (WAF) is designed to protect the infrastructure from various types of attacks. In this case, the correct answer states that a WAF without customization will protect the infrastructure from SQL Injection, DOM based XSS, and HTTP exhaustion attacks. These are common types of attacks that target vulnerabilities in web applications. By detecting and blocking SQL Injection attempts, preventing Cross-Site Scripting attacks, and mitigating HTTP exhaustion attacks, the WAF can help safeguard the infrastructure from potential security breaches and data loss.

13. 249. A company receives an e-discovery request for the Chief Information Officer's (CIO's) email data. The storage administrator reports that the data retention policy relevant to their industry only requires one year of email data. However the storage administrator also reports that there are three years of email data on the server and five years of email data on backup tapes. How many years of data MUST the company legally provide?

1

2

3

5

The company must legally provide five years of data. Even though the data retention policy only requires one year of email data, the fact that there are three years of data on the server and five years of data on backup tapes means that the company must provide all of the available data, which is a total of five years.

Explanation

The company must legally provide five years of data. Even though the data retention policy only requires one year of email data, the fact that there are three years of data on the server and five years of data on backup tapes means that the company must provide all of the available data, which is a total of five years.

14. 265. A security administrator at a Lab Company is required to implement a solution which will provide the highest level of confidentiality possible to all data on the lab network. The current infrastructure design includes: Two-factor token and biometric based authentication for all users Attributable administrator accounts Logging of all transactions Full disk encryption of all HDDs Finely granular access controls to all resources Full virtualization of all servers The use of LUN masking to segregate SAN data Port security on all switches The network is protected with a firewall implementing ACLs, a NIPS device, and secured wireless access points. Which of the following cryptographic improvements should be made to the current architecture to achieve the stated goals?

PKI based authorization

Transport encryption

Data at rest encryption

Code signing

Transport encryption should be implemented to achieve the highest level of confidentiality for data on the lab network. Transport encryption ensures that data is securely transmitted between systems, protecting it from unauthorized access or interception. This can be achieved through the use of protocols such as SSL/TLS, which encrypt the data in transit, making it unreadable to anyone who may try to intercept it. By implementing transport encryption, the lab company can ensure that data remains confidential while it is being transmitted across the network.

Explanation

Transport encryption should be implemented to achieve the highest level of confidentiality for data on the lab network. Transport encryption ensures that data is securely transmitted between systems, protecting it from unauthorized access or interception. This can be achieved through the use of protocols such as SSL/TLS, which encrypt the data in transit, making it unreadable to anyone who may try to intercept it. By implementing transport encryption, the lab company can ensure that data remains confidential while it is being transmitted across the network.

15. 268. A security researcher is about to evaluate a new secure VoIP routing appliance. The appliance manufacturer claims the new device is hardened against all known attacks and several undisclosed zero day exploits. The code base used for the device is a combination of compiled C and TC/TKL scripts. Which of the following methods should the security research use to enumerate the ports and protocols in use by the appliance?

Device fingerprinting

Switchport analyzer

Grey box testing

Penetration testing

Device fingerprinting is the correct method to use in order to enumerate the ports and protocols in use by the appliance. Device fingerprinting involves analyzing the network traffic and examining the responses from the device to determine the ports and protocols being used. This method is effective in identifying the specific characteristics and behaviors of the device, allowing the security researcher to gather information about its configuration and potential vulnerabilities. It is a non-intrusive approach that can provide valuable insights into the device's security posture.

Explanation

Device fingerprinting is the correct method to use in order to enumerate the ports and protocols in use by the appliance. Device fingerprinting involves analyzing the network traffic and examining the responses from the device to determine the ports and protocols being used. This method is effective in identifying the specific characteristics and behaviors of the device, allowing the security researcher to gather information about its configuration and potential vulnerabilities. It is a non-intrusive approach that can provide valuable insights into the device's security posture.

16. 247. A morphed worm carrying a 0-day payload has infiltrated the company network and is now spreading across the organization. The security administrator was able to isolate the worm communication and payload distribution channel to TCP port 445. Which of the following can the administrator do in the short term to minimize the attack?

Deploy the following ACL to the HIPS: DENY - TCP - ANY - ANY – 445.

Run a TCP 445 port scan across the organization and patch hosts with open ports.

Add the following ACL to the corporate firewall: DENY - TCP - ANY - ANY - 445.

Force a signature update and full system scan from the enterprise anti-virus solution.

The correct answer is to deploy an ACL to the HIPS (Host-based Intrusion Prevention System) to deny TCP traffic on port 445. By doing this, the security administrator can block the worm's communication and payload distribution channel, effectively minimizing the attack. This action will prevent the worm from spreading further across the organization's network.

Explanation

The correct answer is to deploy an ACL to the HIPS (Host-based Intrusion Prevention System) to deny TCP traffic on port 445. By doing this, the security administrator can block the worm's communication and payload distribution channel, effectively minimizing the attack. This action will prevent the worm from spreading further across the organization's network.

17. 251. The Chief Information Security Officer (CISO) of a small bank wants to embed a monthly testing regiment into the security management plan specifically for the development area. The CISO's requirements are that testing must have a low risk of impacting system stability, can be scripted, and is very thorough. The development team claims that this will lead to a higher degree of test script maintenance and that it would be preferable if the testing was outsourced to a third party. The CISO still maintains that third-party testing would not be as thorough as the third party lacks the introspection of the development team. Which of the following will satisfy the CISO requirements?

Grey box testing performed by a major external consulting firm who have signed a NDA.

Black box testing performed by a major external consulting firm who have signed a NDA.

White box testing performed by the development and security assurance teams.

Grey box testing performed by the development and security assurance teams.

White box testing, performed by the development and security assurance teams, will satisfy the CISO's requirements. White box testing allows for a thorough examination of the internal workings of the system, ensuring a high level of testing. Additionally, since it is performed by the development and security assurance teams, there is no need for outsourcing, reducing the risk of test script maintenance and maintaining the introspection of the development team. This option also aligns with the CISO's requirement of low risk of impacting system stability.

Explanation

White box testing, performed by the development and security assurance teams, will satisfy the CISO's requirements. White box testing allows for a thorough examination of the internal workings of the system, ensuring a high level of testing. Additionally, since it is performed by the development and security assurance teams, there is no need for outsourcing, reducing the risk of test script maintenance and maintaining the introspection of the development team. This option also aligns with the CISO's requirement of low risk of impacting system stability.

18. 246. After connecting to a secure payment server at https://pay.xyz.com, an auditor notices that the SSL certificate was issued to *.xyz.com. The auditor also notices that many of the internal development servers use the same certificate. After installing the certificate on dev1.xyz.com, one of the developers reports misplacing the USB thumb-drive where the SSL certificate was stored. Which of the following should the auditor recommend FIRST?

Generate a new public key on both servers.

Replace the SSL certificate on dev1.xyz.com.

Generate a new private key password for both servers.

Replace the SSL certificate on pay.xyz.com.

The auditor should recommend replacing the SSL certificate on pay.xyz.com as the first step. This is because the SSL certificate has been compromised due to the USB thumb-drive being misplaced, and it is being used on both dev1.xyz.com and pay.xyz.com. By replacing the SSL certificate on pay.xyz.com, the auditor ensures that the secure payment server is protected and any potential vulnerabilities are addressed.

Explanation

The auditor should recommend replacing the SSL certificate on pay.xyz.com as the first step. This is because the SSL certificate has been compromised due to the USB thumb-drive being misplaced, and it is being used on both dev1.xyz.com and pay.xyz.com. By replacing the SSL certificate on pay.xyz.com, the auditor ensures that the secure payment server is protected and any potential vulnerabilities are addressed.

19. 267. Company ABC was formed by combining numerous companies which all had multiple databases, web portals, and cloud data sets. Each data store had a unique set of custom developed authentication mechanisms and schemas. Which of the following approaches to combining the disparate mechanisms has the LOWEST up front development costs?

Attestation

PKI

Biometrics

Federated IDs

Federated IDs would have the lowest up front development costs in this scenario. Federated IDs allow for a centralized authentication system that can be used across multiple databases, web portals, and cloud data sets. This means that the existing custom developed authentication mechanisms and schemas can be integrated into a single federated ID system, reducing the need for extensive development and customization. This approach would be more cost-effective compared to implementing new authentication mechanisms such as Attestation, PKI, or Biometrics, which would require additional development and potentially new hardware or software implementations.

Explanation

Federated IDs would have the lowest up front development costs in this scenario. Federated IDs allow for a centralized authentication system that can be used across multiple databases, web portals, and cloud data sets. This means that the existing custom developed authentication mechanisms and schemas can be integrated into a single federated ID system, reducing the need for extensive development and customization. This approach would be more cost-effective compared to implementing new authentication mechanisms such as Attestation, PKI, or Biometrics, which would require additional development and potentially new hardware or software implementations.

20. 259. A corporation has expanded for the first time by integrating several newly acquired businesses. Which of the following are the FIRST tasks that the security team should undertake? (Select TWO).

Remove acquired companies Internet access.

Federate identity management systems.

Install firewalls between the businesses.

Re-image all end user computers to a standard image.

Develop interconnection policy.

Conduct a risk analysis of each acquired company’s networks.

The security team should develop an interconnection policy to establish guidelines and procedures for connecting the newly acquired businesses' networks. This will help ensure secure and efficient communication between the different systems. Additionally, conducting a risk analysis of each acquired company's networks is crucial to identify any vulnerabilities or potential security threats that may exist. This analysis will help the security team prioritize their efforts and implement appropriate security measures to protect the integrated network.

Explanation

The security team should develop an interconnection policy to establish guidelines and procedures for connecting the newly acquired businesses' networks. This will help ensure secure and efficient communication between the different systems. Additionally, conducting a risk analysis of each acquired company's networks is crucial to identify any vulnerabilities or potential security threats that may exist. This analysis will help the security team prioritize their efforts and implement appropriate security measures to protect the integrated network.

Submit

21. 241. An administrator at a small company replaces servers whenever budget money becomes available. Over the past several years the company has acquired and still uses 20 servers and 50 desktops from five different computer manufacturers. Which of the following are management challenges and risks associated with this style of technology lifecycle management?

Decreased security posture, decommission of outdated hardware, inability to centrally manage,and performance bottlenecks on old hardware.

Increased mean time to failure rate of legacy servers, OS variances, patch availability, andability to restore to dissimilar hardware.

OS end-of-support issues, ability to backup data, hardware parts availability, and firmwareupdate availability and management.

Inability to use virtualization, trusted OS complexities, and multiple patch versions based on OSdependency.

The management challenges and risks associated with the company's style of technology lifecycle management include an increased mean time to failure rate of legacy servers, OS variances, patch availability, and the ability to restore to dissimilar hardware. Legacy servers are more prone to failures, which can lead to downtime and decreased productivity. OS variances can create compatibility issues and make it difficult to manage and support multiple systems. Patch availability is important for security and stability, and not being able to restore to dissimilar hardware can cause problems during system upgrades or replacements.

Explanation

The management challenges and risks associated with the company's style of technology lifecycle management include an increased mean time to failure rate of legacy servers, OS variances, patch availability, and the ability to restore to dissimilar hardware. Legacy servers are more prone to failures, which can lead to downtime and decreased productivity. OS variances can create compatibility issues and make it difficult to manage and support multiple systems. Patch availability is important for security and stability, and not being able to restore to dissimilar hardware can cause problems during system upgrades or replacements.

22. 244. A corporation has Research and Development (R&D) and IT support teams, each requiring separate networks with independent control of their security boundaries to support department objectives. The corporation's Information Security Officer (ISO) is responsible for providing firewall services to both departments, but does not want to increase the hardware footprint within the datacenter. Which of the following should the ISO consider to provide the independent functionality required by each department's IT teams?

Put both departments behind the firewall and assign administrative control for each departmentto the corporate firewall.

Provide each department with a virtual firewall and assign administrative control to the physicalfirewall.

Put both departments behind the firewall and incorporate restrictive controls on eachdepartment’s network.

Provide each department with a virtual firewall and assign appropriate levels of managementfor the virtual device.

The ISO should consider providing each department with a virtual firewall and assigning appropriate levels of management for the virtual device. This solution allows for separate networks with independent control of their security boundaries for both the R&D and IT support teams. By using virtual firewalls, the ISO can provide the required functionality without increasing the hardware footprint in the datacenter. Each department can have their own virtual firewall, allowing for independent control and customization of security settings. The appropriate levels of management can be assigned to ensure that each department has control over their own virtual firewall.

Explanation

The ISO should consider providing each department with a virtual firewall and assigning appropriate levels of management for the virtual device. This solution allows for separate networks with independent control of their security boundaries for both the R&D and IT support teams. By using virtual firewalls, the ISO can provide the required functionality without increasing the hardware footprint in the datacenter. Each department can have their own virtual firewall, allowing for independent control and customization of security settings. The appropriate levels of management can be assigned to ensure that each department has control over their own virtual firewall.

23. 260. New zero-day attacks are announced on a regular basis against a broad range of technology systems. Which of the following best practices should a security manager do to manage the risks of these attack vectors? (Select TWO).

Establish an emergency response call tree.

Create an inventory of applications.

Backup the router and firewall configurations.

Maintain a list of critical systems.

Update all network diagrams.

Creating an inventory of applications helps the security manager to have a clear understanding of the technology systems in place and identify any vulnerabilities that may exist. Maintaining a list of critical systems allows the security manager to prioritize their protection and allocate resources accordingly. Both of these practices contribute to effectively managing the risks of new zero-day attacks.

Explanation

Creating an inventory of applications helps the security manager to have a clear understanding of the technology systems in place and identify any vulnerabilities that may exist. Maintaining a list of critical systems allows the security manager to prioritize their protection and allocate resources accordingly. Both of these practices contribute to effectively managing the risks of new zero-day attacks.

Submit

24. 269. Customer Need: "We need the system to produce a series of numbers with no discernible mathematical progression for use by our Java based, PKI-enabled, customer facing website." Which of the following BEST restates the customer need?

The system shall use a pseudo-random number generator seeded the same every time.

The system shall generate a pseudo-random number upon invocation by the existing Javaprogram.

The system shall generate a truly random number based upon user PKI certificates.

The system shall implement a pseudo-random number generator for use by corporatecustomers.

The customer needs the system to generate a random series of numbers for their Java-based website. The best restatement of this need is that the system should generate a pseudo-random number when called by the existing Java program.

Explanation

The customer needs the system to generate a random series of numbers for their Java-based website. The best restatement of this need is that the system should generate a pseudo-random number when called by the existing Java program.

25. 258. The <nameID> element in SAML can be provided in which of the following predefined formats? (Select TWO).

X.509 subject name

PTR DNS record

EV certificate OID extension

Kerberos principal name

WWN record name

The element in SAML can be provided in the X.509 subject name format, which is a standard way of representing the subject of an X.509 digital certificate. This format is commonly used in authentication and authorization processes. Additionally, the element can also be provided in the Kerberos principal name format, which is used in Kerberos authentication systems to uniquely identify a principal (user or service) within a realm. These two formats are supported by SAML for providing the element.

Explanation

The element in SAML can be provided in the X.509 subject name format, which is a standard way of representing the subject of an X.509 digital certificate. This format is commonly used in authentication and authorization processes. Additionally, the element can also be provided in the Kerberos principal name format, which is used in Kerberos authentication systems to uniquely identify a principal (user or service) within a realm. These two formats are supported by SAML for providing the element.

Submit

26. 255. A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSec in transport mode with AH enabled and ESP disabled throughout the internal network. The company has hired a security consultant to analyze the network infrastructure and provide a solution for intrusion prevention. Which of the following recommendations should the consultant provide to the security administrator?Switch to TLS in the DMZ. Implement NIPS on the internal network, and HIPS on the DMZ.

Switch to TLS in the DMZ. Implement NIPS on the internal network, and HIPS on the DMZ.

Switch IPSec to tunnel mode. Implement HIPS on the internal network, and NIPS on the DMZ.

Disable AH. Enable ESP on the internal network, and use NIPS on both networks.

Enable ESP on the internal network, and place NIPS on both networks.

The consultant should recommend switching to TLS in the DMZ because end-to-end encryption via SSL is already implemented. Implementing NIPS on the internal network and HIPS on the DMZ is also a good recommendation for intrusion prevention, as it will provide protection against network-based attacks on both networks.

Explanation

The consultant should recommend switching to TLS in the DMZ because end-to-end encryption via SSL is already implemented. Implementing NIPS on the internal network and HIPS on the DMZ is also a good recommendation for intrusion prevention, as it will provide protection against network-based attacks on both networks.

27. 271. A large financial company has a team of security-focused architects and designers that contribute into broader IT architecture and design solutions. Concerns have been raised due to the security contributions having varying levels of quality and consistency. It has been agreed that a more formalized methodology is needed that can take business drivers, capabilities, baselines, and reusable patterns into account. Which of the following would BEST help to achieve these objectives?

Construct a library of re-usable security patterns

Construct a security control library

Introduce an ESA framework

Include SRTM in the SDLC

Introducing an ESA (Enterprise Security Architecture) framework would be the best solution to achieve the objectives mentioned. An ESA framework provides a formalized methodology for incorporating security considerations into IT architecture and design solutions. It takes into account business drivers, capabilities, baselines, and reusable patterns, ensuring that security contributions have consistent quality. By implementing an ESA framework, the large financial company can address the concerns raised and improve the overall security of their IT systems.

Explanation

Introducing an ESA (Enterprise Security Architecture) framework would be the best solution to achieve the objectives mentioned. An ESA framework provides a formalized methodology for incorporating security considerations into IT architecture and design solutions. It takes into account business drivers, capabilities, baselines, and reusable patterns, ensuring that security contributions have consistent quality. By implementing an ESA framework, the large financial company can address the concerns raised and improve the overall security of their IT systems.

28. 266. A data processing server uses a Linux based file system to remotely mount physical disks on a shared SAN. The server administrator reports problems related to processing of files where the file appears to be incompletely written to the disk. The network administration team has conducted a thorough review of all network infrastructure and devices and found everything running at optimal performance. Other SAN customers are unaffected. The data being processed consists of millions of small files being written to disk from a network source one file at a time. These files are then accessed by a local Java program for processing before being transferred over the network to a SELinux host for processing. Which of the following is the MOST likely cause of the processing problem?

The administrator has a PERL script running which disrupts the NIC by restarting the CRONprocess every 65 seconds.

The Java developers accounted for network latency only for the read portion of the processingand not the write process.

The virtual file system on the SAN is experiencing a race condition between the reads andwrites of network files.

The most likely cause of the processing problem is that the Linux file system being used is unable to write files as fast as they can be read by the Java program. This results in incomplete files being written to the disk. The problem is specific to this server as other SAN customers are unaffected, indicating that the issue lies with the server's file system rather than the network infrastructure. The fact that the files are being written one at a time from a network source further supports this explanation.

Explanation

The most likely cause of the processing problem is that the Linux file system being used is unable to write files as fast as they can be read by the Java program. This results in incomplete files being written to the disk. The problem is specific to this server as other SAN customers are unaffected, indicating that the issue lies with the server's file system rather than the network infrastructure. The fact that the files are being written one at a time from a network source further supports this explanation.

29. 270. A security engineer is implementing a new solution designed to process e-business transactions and record them in a corporate audit database. The project has multiple technical stakeholders. The database team controls the physical database resources, the internal audit division controls the audit records in the database, the web hosting team is responsible for implementing the website front end and shopping cart application, and the accounting department is responsible for processing the transaction and interfacing with the payment processor. As the solution owner, the security engineer is responsible for ensuring which of the following?

Ensure the process functions in a secure manner from customer input to audit review.

Security solutions result in zero additional processing latency.

Ensure the process of storing audit records is in compliance with applicable laws.

Web transactions are conducted in a secure network channel.

The security engineer, as the solution owner, is responsible for ensuring that the entire process, from customer input to audit review, functions in a secure manner. This means implementing security measures at every step of the process to protect customer data and prevent unauthorized access. It also involves ensuring that the audit records are stored securely and in compliance with applicable laws. This responsibility extends beyond just the web transactions and includes all aspects of the solution, including the website front end, shopping cart application, and database resources.

Explanation

The security engineer, as the solution owner, is responsible for ensuring that the entire process, from customer input to audit review, functions in a secure manner. This means implementing security measures at every step of the process to protect customer data and prevent unauthorized access. It also involves ensuring that the audit records are stored securely and in compliance with applicable laws. This responsibility extends beyond just the web transactions and includes all aspects of the solution, including the website front end, shopping cart application, and database resources.

30. 263. The Linux server at Company A hosts a graphical application widely used by the company designers. One designer regularly connects to the server from a Mac laptop in the designer's office down the hall. When the security engineer learns of this it is discovered the connection is not secured and the password can easily be obtained via network sniffing. Which of the following would the security engineer MOST likely implement to secure this connection? Linux Server: 192.168.10.10/24 Mac Laptop: 192.168.10.200/24

From the server, establish an SSH tunnel to the Mac and VPN to 192.168.10.200.

From the Mac, establish a remote desktop connection to 192.168.10.10 using Network LayerAuthentication and the CredSSP security provider.

From the Mac, establish a VPN to the Linux server and connect the VNC to 127.0.0.1.

From the Mac, establish a SSH tunnel to the Linux server and connect the VNC to 127.0.0.1.

The security engineer would most likely implement a SSH tunnel from the Mac to the Linux server and connect the VNC to 127.0.0.1. This would secure the connection by encrypting the data transmitted between the Mac and the server, preventing network sniffing from obtaining the password. The SSH tunnel would create a secure channel for the VNC connection, ensuring the confidentiality and integrity of the data exchanged.

Explanation

The security engineer would most likely implement a SSH tunnel from the Mac to the Linux server and connect the VNC to 127.0.0.1. This would secure the connection by encrypting the data transmitted between the Mac and the server, preventing network sniffing from obtaining the password. The SSH tunnel would create a secure channel for the VNC connection, ensuring the confidentiality and integrity of the data exchanged.

31. 250. The VoIP administrator starts receiving reports that users are having problems placing phone calls. The VoIP administrator cannot determine the issue, and asks the security administrator for help. The security administrator reviews the switch interfaces and does not see an excessive amount of network traffic on the voice network. Using a protocol analyzer, the security administrator does see an excessive number of SIP INVITE packets destined for the SIP proxy. Based on the information given, which of the following types of attacks is underway and how can it be remediated?

Man in the middle attack; install an IPS in front of SIP proxy.

Man in the middle attack; use 802.1x to secure voice VLAN.

Denial of Service; switch to more secure H.323 protocol.

Denial of Service; use rate limiting to limit traffic.

not-available-via-ai

Explanation

not-available-via-ai

32. 243. In single sign-on, the secondary domain needs to trust the primary domain to do which of the following? (Select TWO).

Correctly assert the identity and authorization credentials of the end user.

Correctly assert the authentication and authorization credentials of the end user.

Protect the authentication credentials used to verify the end user identity to the secondarydomain for unauthorized use.

Protect the authentication credentials used to verify the end user identity to the secondarydomain for authorized use.

Protect the accounting credentials used to verify the end user identity to the secondary domainfor unauthorized use.

Correctly assert the identity and authentication credentials of the end user.

The secondary domain needs to trust the primary domain in order to protect the authentication credentials used to verify the end user identity to the secondary domain for authorized use. This ensures that only authorized users are able to access the secondary domain using their authentication credentials. Additionally, the secondary domain needs to correctly assert the identity and authentication credentials of the end user, ensuring that the user's identity and authentication are accurately represented and verified.

Explanation

The secondary domain needs to trust the primary domain in order to protect the authentication credentials used to verify the end user identity to the secondary domain for authorized use. This ensures that only authorized users are able to access the secondary domain using their authentication credentials. Additionally, the secondary domain needs to correctly assert the identity and authentication credentials of the end user, ensuring that the user's identity and authentication are accurately represented and verified.

Submit

CASP ? 241-272 End Of Test