CASP ? 211-240

1. 211. A database administrator comes across the below records in one of the databases during an internal audit of the payment system: UserIDAddressCredit Card No.Password jsmith123 fake street55XX-XXX-XXXX-1397Password100 jqdoe234 fake street42XX-XXX-XXXX-202717DEC12 From a security perspective, which of the following should be the administrator's GREATEST concern, and what will correct the concern?

Concern: Passwords are stored in plain text.Correction: Require a minimum of 8 alphanumeric characters and hash the password.

Concern: User IDs are confidential private information.Correction: Require encryption of user IDs.

2. 214. A small company hosting multiple virtualized client servers on a single host is considering adding a new host to create a cluster. The new host hardware and operating system will be different from the first host, but the underlying virtualization technology will be compatible. Both hosts will be connected to a shared iSCSI storage solution. Which of the following is the hosting company MOST likely trying to achieve?

Increased customer data availability

Increased customer data confidentiality

Increased security through provisioning

Increased security through data integrity

3. 224. Within the company, there is executive management pressure to start advertising to a new target market. Due to the perceived schedule and budget inefficiencies of engaging a technology business unit to commission a new micro-site, the marketing department is engaging third parties to develop the site in order to meet time-to-market demands. From a security perspective, which of the following options BEST balances the needs between marketing and risk management?

4. 220. In order for a company to boost profits by implementing cost savings on non-core business activities, the IT manager has sought approval for the corporate email system to be hosted in the cloud. The compliance officer has been tasked with ensuring that data lifecycle issues are taken into account. Which of the following BEST covers the data lifecycle end-to-end?

Creation and secure destruction of mail accounts, emails, and calendar items

Information classification, vendor selection, and the RFP process

Data provisioning, processing, in transit, at rest, and de-provisioning

Securing virtual environments, appliances, and equipment that handle email

5. 227. A security consultant is hired by a company to determine if an internally developed web application is vulnerable to attacks. The consultant spent two weeks testing the application, and determines that no vulnerabilities are present. Based on the results of the tools and tests available, which of the following statements BEST reflects the security status of the application?

The company’s software lifecycle management improved the security of the application.

There are no vulnerabilities in the application.

The company should deploy a web application firewall to ensure extra security.

There are no known vulnerabilities at this time.

6. 233. A team is established to create a secure connection between software packages in order to list employee's remaining or unused benefits on their paycheck stubs. Which of the following business roles would be MOST effective on this team?

Network Administrator, Database Administrator, Programmers

Network Administrator, Emergency Response Team, Human Resources

Finance Officer, Human Resources, Security Administrator

Database Administrator, Facilities Manager, Physical Security Manager

7. 216. The security manager of a company has hired an external consultant to conduct a security assessment of the company network. The contract stipulates that the consultant is not allowed to transmit any data on the company network while performing wired and wireless security assessments. Which of the following technical means can the consultant use to determine the manufacturer and likely operating system of the company wireless and wired network devices, as well as the computers connected to the company network?

Social engineering

Protocol analyzer

Port scanner

Grey box testing

8. 218. When attending the latest security conference, an information security administrator noticed only a few people carrying a laptop around. Most other attendees only carried their smartphones. Which of the following would impact the security of conference's resources?

Wireless network security may need to be increased to decrease access of mobile devices.

Physical security may need to be increased to deter or prevent theft of mobile devices.

Network security may need to be increased by reducing the number of available physicalnetwork jacks.

Wireless network security may need to be decreased to allow for increased access of mobiledevices.

9. 237. If a technician must take an employee's workstation into custody in response to an investigation, which of the following can BEST reduce the likelihood of related legal issues?

A formal letter from the company’s president approving the seizure of the workstation.

A formal training and awareness program on information security for all company managers.

A screen displayed at log in that informs users of the employer’s rights to seize, search, andmonitor company devices.

A printout of an activity log, showing that the employee has been spending substantial time onnon-work related websites.

10. 239. A company runs large computing jobs only during the overnight hours. To minimize the amount of capital investment in equipment, the company relies on the elastic computing services of a major cloud computing vendor. Because the virtual resources are created and destroyed on the fly across a large pool of shared resources, the company never knows which specific hardware platforms will be used from night to night. Which of the following presents the MOST risk to confidentiality in this scenario?

Loss of physical control of the servers

Distribution of the job to multiple data centers

Network transmission of cryptographic keys

Data scraped from the hardware platforms

11. 238. An organization has had six security incidents over the past year against their main web application. Each time the organization was able to determine the cause of the incident and restore operations within a few hours to a few days. Which of the following provides the MOST comprehensive method for reducing the time to recover?

Create security metrics that provide information on response times and requirements todetermine the best place to focus time and money.

Conduct a loss analysis to determine which systems to focus time and money towardsincreasing security.

Implement a knowledge management process accessible to the help desk and financedepartments to estimate cost and prioritize remediation.

Develop an incident response team, require training for incident remediation, and provideincident reporting and tracking metrics.

12. 236. A security manager is developing new policies and procedures. Which of the following is a best practice in end user security?

Employee identity badges and physical access controls to ensure only staff are allowed onsite.

A training program that is consistent, ongoing, and relevant.

Access controls to prevent end users from gaining access to confidential data.

Access controls for computer systems and networks with two-factor authentication.

13. 226. A new web application system was purchased from a vendor and configured by the internal development team. Before the web application system was moved into production, a vulnerability assessment was conducted. A review of the vulnerability assessment report indicated that the testing team discovered a minor security issue with the configuration of the web application. The security issue should be reported to:

CISO immediately in an exception report.

Users of the new web application system.

The vendor who supplied the web application system.

Team lead in a weekly report.

14. In an effort to reduce internal email administration costs, a company is determining whether to outsource its email to a managed service provider that provides email, spam, and malware protection. The security manager is asked to provide input regarding any security implications of this change. Which of the following BEST addresses risks associated with disclosure of intellectual property?

Require the managed service provider to implement additional data separation.

Require encrypted communications when accessing email.

Enable data loss protection to minimize emailing PII and confidential data.

Establish an acceptable use policy and incident response policy.

15. 212. A security administrator is redesigning, and implementing a service-oriented architecture to replace an old, in-house software processing system, tied to a corporate sales website. After performing the business process analysis, the administrator decides the services need to operate in a dynamic fashion. The company has also been the victim of data injection attacks in the past and needs to build in mitigation features. Based on these requirements and past vulnerabilities, which of the following needs to be incorporated into the SOA?

Point to point VPNs for all corporate intranet users.

Cryptographic hashes of all data transferred between services.

Service to service authentication for all workflows.

Two-factor authentication and signed code

16. 231. A company has a single subnet in a small office. The administrator wants to limit non-web related traffic to the corporate intranet server as well as prevent abnormal HTTP requests and HTTP protocol anomalies from causing problems with the web server. Which of the following is the MOST likely solution?

Application firewall and NIPS

Edge firewall and HIDS

ACLs and anti-virus

Host firewall and WAF

17. 213. A team of security engineers has applied regulatory and corporate guidance to the design of a corporate network. The engineers have generated an SRTM based on their work and a thorough analysis of the complete set of functional and performance requirements in the network specification. Which of the following BEST describes the purpose of an SRTM in this scenario?

To ensure the security of the network is documented prior to customer delivery

To document the source of all functional requirements applicable to the network

To facilitate the creation of performance testing metrics and test plans

To allow certifiers to verify the network meets applicable security requirements

18. 217. A security consultant is called into a small advertising business to recommend which security policies and procedures would be most helpful to the business. The business is comprised of 20 employees, operating off of two shared servers. One server houses employee data and the other houses client data. All machines are on the same local network. Often these employees must work remotely from client sites, but do not access either of the servers remotely. Assuming no security policies or procedures are in place right now, which of the following would be the MOST applicable for implementation? (Select TWO).

Password Policy

Data Classification Policy

Wireless Access Procedure

VPN Policy

Database Administrative Procedure

Submit

19. 221. A large organization has gone through several mergers, acquisitions, and de-mergers over the past decade. As a result, the internal networks have been integrated but have complex dependencies and interactions between systems. Better integration is needed in order to simplify the underlying complexity. Which of the following is the MOST suitable integration platform to provide event-driven and standards-based secure software architecture?

Service oriented architecture (SOA)

Federated identities

Object request broker (ORB)

Enterprise service bus (ESB)

20. 219. A process allows a LUN to be available to some hosts and unavailable to others. Which of the following causes such a process to become vulnerable?

LUN masking

Data injection

Data fragmentation

Moving the HBA

21. 225. Several business units have requested the ability to use collaborative web-based meeting places with third party vendors. Generally these require user registration, installation of client-based ActiveX or Java applets, and also the ability for the user to share their desktop in read-only or read-write mode. In order to ensure that information security is not compromised, which of the following controls is BEST suited to this situation?

22. 215. A security administrator is conducting network forensic analysis of a recent defacement of the company's secure web payment server (HTTPS). The server was compromised around the New Year's holiday when all the company employees were off. The company's network diagram is summarized below: Internet Gateway Firewall IDS Web SSL Accelerator Web Server Farm Internal Firewall Company Internal Network The security administrator discovers that all the local web server logs have been deleted. Additionally, the Internal Firewall logs are intact but show no activity from the internal network to the web server farm during the holiday. Which of the following is true?

23. 229. A company is preparing to upgrade its NIPS at five locations around the world. The three platforms the team plans to test, claims to have the most advanced features and lucrative pricing. Assuming all platforms meet the functionality requirements, which of the following methods should be used to select the BEST platform?

Establish return on investment as the main criteria for selection.

Require encrypted coRun a cost/benefit analysis based on the data received from the RFP.mmunications when accessing email.

Enable data loss protection toEvaluate each platform based on the total cost of ownership. minimize emailing PII and confidential data.

24. 240. A business wants to start using social media to promote the corporation and to ensure that customers have a good experience with their products. Which of the following security items should the company have in place before implementation? (Select TWO).

The company must dedicate specific staff to act as social media representatives of thecompany.

All staff needs to be instructed in the proper use of social media in the work environment.

Senior staff blogs should be ghost written by marketing professionals.

The finance department must provide a cost benefit analysis for social media.

The security policy needs to be reviewed to ensure that social media policy is properlyimplemented.

The company should ensure that the company has sufficient bandwidth to allow for socialmedia traffic.

Submit

25. 222. The Chief Information Officer (CIO) of a technology company is likely to move away from a deperimeterized model for employee owned devices. This is because there were too many issues with lack of patching, malware incidents, and data leakage due to lost/stolen devices which did not have full-disk encryption. The 'bring your own computing' approach was originally introduced because different business units preferred different operating systems and application stacks. Based on the issues and user needs, which of the following is the BEST recommendation for the CIO to make?

26. 235. A new startup company with very limited funds wants to protect the organization from external threats by implementing some type of best practice security controls across a number of hosts located in the application zone, the production zone, and the core network. The 50 hosts in the core network are a mixture of Windows and Linux based systems, used by development staff to develop new applications. The single Windows host in the application zone is used exclusively by the production team to control software deployments into the production zone. There are 10 UNIX web application hosts in the production zone which are publically accessible. Development staff is required to install and remove various types of software from their hosts on a regular basis while the hosts in the zone rarely require any type of configuration changes. Which of the following when implemented would provide the BEST level of protection with the LEAST amount of disruption to staff?

NIPS in the production zone, HIPS in the application zone, and anti-virus / anti-malware acrossall Windows hosts.

HIPS in the production zone, NIPS in the application zone, and HIPS in the core network.

NIDS in the production zone, HIDS in the application zone, and anti-virus / anti-malware acrossall hosts.

27. 223. An architect has been engaged to write the security viewpoint of a new initiative. Which of the following BEST describes a repeatable process that can be used for establishing the security architecture?

Implement controls based on the system needs. Perform a risk analysis of the system. For anyremaining risks, perform continuous monitoring.

28. 232.An administrator is reviewing logs and sees the following entry: Action: Intercepted (phase 2) Apache-Handler: php5-script Which of the following attacks was being attempted?

Session hijacking

Cross-site script

SQL injection

Buffer overflow

29. 234. An administrator is notified that contract workers will be onsite assisting with a new project. The administrator wants each worker to be aware of the corporate policy pertaining to USB storage devices. Which of the following should each worker review and understand before beginning work?

Interconnection Security Agreement

Memorandum of Understanding

Business Partnership Agreement

Non-Disclosure Agreement

30. 230. An organization has had component integration related vulnerabilities exploited in consecutive releases of the software it hosts. The only reason the company was able to identify the compromises was because of a correlation of slow server performance and an attentive security analyst noticing unusual outbound network activity from the application servers. End-to-end management of the development process is the responsibility of the applications development manager and testing is done by various teams of programmers. Which of the following will MOST likely reduce the likelihood of similar incidents?

Conduct monthly audits to verify that application modifications do not introduce newvulnerabilities.

Implement a peer code review requirement prior to releasing code into production.

Follow secure coding practices to minimize the likelihood of creating vulnerable applications.

Establish cross-functional planning and testing requirements for software developmentactivities.