CompTIA Advanced Security Practitioner (Cas-001) 241-270

Decreased security posture, decommission of outdated hardware, inability to centrally manage, and performance bottlenecks on old hardware.

Increased mean time to failure rate of legacy servers, OS variances, patch availability, and ability to restore to dissimilar hardware.

OS end-of-support issues, ability to backup data, hardware parts availability, and firmware update availablility and management.

Inability to use virtualization, trusted OS complexities, and multiple patch versions based on OS dependency.

Create an IP camera network and deploy NIPS to prevent unauthorized access.

Create an IP camera network and only allow SSL access to the cameras.

Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.

Create and IP camera network and restrict access to cameras from a single management host.

Put both departments behind the firewall and assign administrative control for each department to the corporate firewall.

Provide each department with a virtual firewall and assign administrative control to the physical firewall.

Put both departments behind the firewall and incorporate restrictive controls on each department's network.

Provide each department with a virtual firewall and assign appropriate levels of management for the virtual device.

Provide targeted security awareness training and impose termination for repeat violators.

Block desktop sharing and web conferencing application and enable use only with approval.

Actively monitor the data traffic for each employee using desktop sharing or web conferencing applications.

Permanently block desktop sharing and web conferencing applications and do not allow its use at the company.

Generate a new public key on both servers.

Replace the SSL certificate on dev1.xyz.com.

Generate a new private key password for both servers.

Replace the SSL certificate on pay.xyz.com.

Deploy the followin ACL to the HIPS: DENY - TCP - ANY - ANY - 445.

Run a TCP 445 port scan across the organization and patch hosts with open ports.

Add the following ACL to the corporate firewall: DENY - TCP - ANY - ANY - 445.

Force a signature update and full system scan from the enterprize anti-virus solution.

Modify the company standard to account for higher security and meet with upper management for approval to implement the new standard.

Conduct a gap analysis and recommend appropriate non-technical mitigating controls, and incorporate the new controls into the standard.

Conduct a risk analysis on all current contorls, and recommend appropriate mechanisms to increase overall security.

Modify the company policy to account for higher security, adapt the standard accordingly, and implement new technical controls.

1

2

3

5

Man in the middle attack; install an IPS in front of the SIP proxy.

Man in the middle attack; use 802.1x to secure voice VLAN.

Denial of Service; switch to more secure H.323 protocol.

Denial of Service; use rate limiting to limit traffic.

Grey box testing performed by a major external consulting firm who have signed a NDA.

Black box testing performed by a major external consulting firm who have signed a NDA.

White box testing performed by the development and security assurance teams.

Grey box testing performed by the development and security assurance teams.

Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will remain unchanged. The risk position of the organization will decline as specialists now maintain the environment. The implementation of security controls and security updates will improve. Internal knowledge of IT systems will improve as providers maintain system documentation.

Strategic architecture will improve as more time can be dedicated to strategy. System stability will improve as providers use specialists and tested processes to maintain systems. Vendor management costs will increase and the organizations's flexibility to reacy to new market conditions will be reduced slightly. Internal knowledge of the IT systems will improve as providers maintain system documentation. The risk position of the organization will remain unchanged.

Strategic architecture will no be impacted in the short term, but will be adversely impacted in the long term through the segregation of duties between the providers. Vendor management costs will stay the same and the organization's flexibility to react to new market conditions will be improved through best of breed thecnology implementations. Internal knowledge of IT systems will decline over time. The implementation of security controls and security updates will not change.

Strategic architecture will be adversly impacted through the segregation of duties between the providers. Vendor management costs will increase and the organizaiton's flexibility to react to new market conditions will be reduced. Internal knowledge of IT systems will decline and decrease future platform development. The implementation of security controls and security updates will take longer as responsibility crosses multiple boundaries.

Information disclosure policy

Awareness training

Job rotation

Separation of duties

The hosting company should install a hypervisor-based firewall and allow customers to manage this on an as-needed basis.

The hosting company should manage the hypervisor-based firewall while allowing customers to configure their own host-based firewall.

Customers should purchase physical firewalls to protect their guests hosts and have the hosting company manage these if requested.

The hosting company should install a host-based firewall on customer guest hosts and offer to administer host firewalls for customers if requested.

Switch to TLS in the DMZ. Implement NIPS on the internal network, and HIPS on the DMZ.

Switch IPSEC to tunnel mode. Implement HIPS on the internal network, and NIPS on the DMZ.

Disable AH. Enable ESP on the internet network, and use NIPS on both networks.

Enable ESP on the internal network, and place NIPS on both networks.

2 and 1

3 and 5

5 and 2

6 and 4

A T&M contract

An RFP

A FFP agreement

A new RFQ

DDoS, DNS poisoning, Boink, Teardrop

Reflective XSS, HTTP exhaustion, Teardrop

SQL Injection, DOM based XSS, HTTP exhaustion

SQL Injection, CSRF, Clickjacking

Internal auditors have approved the outsourcing arrangement.

Penetration testing can be performed on the externally facing web system.

Ensure there are security controls within the contract adn the right to audit.

A physical site audit is performed on Company XYZ's management / operation.

From the server, establish an SSH tunnel to the Mac and VPN to 192.168.10.200.

From the Mac, establish a remote desktop connection to 192.168.10.10 using Network Layer Authentication and the CredSSP security provider.

From the Mac, establish a VPN to the Linux server and connect the VNC to 127.0.0.1.

From the Mac, establish a SSH tunnel to Linux server an connect the VNC to 127.0.0.1.

Restore the CIO's email from an email server backup and provide the last 90 days from the date of the subpoena request.

Inform the litigators that the CIO's information has been deleted as per corporate policy.

Restore the CIO's email from an email server backup and provide the last 90 days from the date of the CIO resignation.

Restore the CIO's email from an email server backup and provide whatever is available up to the last 12 months from the subpoena date.

PKI based authentication

Transport encryption

Data at rest encryption

Code signing

The administrator has a PERL script running which disrupts the NIC by restarting the CRON process every 65 seconds.

The Java developers accounted for network latency only for the read portion of the processing and not the write process.

The virtual file system on the SAN is experiencing a race condition between the reads and writes of the network files.

The Linux file system in use cannot write files as fast as they can be read by the Java program resulting in the errors.

Attestation

PKI

Biometrics

Federated IDs

Device fingerprinting

Switchport analyzer

Grey box testing

Penetration testing

The system shall use a pseudo-random number generator seeded the same every time.

The system shall generate a pseudo-random number upon invocation by the existing Java program.

The system shall generate a truly random number based upon user PKI certificates.

The system shall implement a psuedo-random number generator for use by corporate customers.

Ensure the process functions in a secure manner from customer input to audit review.

Security solutions result in zero additional processing latency.

Ensure the process of storing audit records is in compliance with applicable laws.

Web transactions are conducted in a secure network channel.