CompTIA Advanced Security Practitioner (Cas-001) 241-270

30 Questions | Total Attempts: 38

SettingsSettingsSettings
CompTIA Quizzes & Trivia

Questions and Answers
  • 1. 
    An administrator at a small company replaces servers whenever budget money becomes available.  Over the past several years the company has acquired and still uses 20 servers and 50 desktops from five different computer manufacturers.  Which of the following are management challenges and risk associated with this style of technology lifecycle management?
    • A. 

      Decreased security posture, decommission of outdated hardware, inability to centrally manage, and performance bottlenecks on old hardware.

    • B. 

      Increased mean time to failure rate of legacy servers, OS variances, patch availability, and ability to restore to dissimilar hardware.

    • C. 

      OS end-of-support issues, ability to backup data, hardware parts availability, and firmware update availablility and management.

    • D. 

      Inability to use virtualization, trusted OS complexities, and multiple patch versions based on OS dependency.

  • 2. 
    A Physical Security Manager is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management.  The Security Manager has several security guard desk on different networks that must be able to view the cameras without unauthorized people viewing the video as well.  The selected IP camera vendor does not have the ability to authenticate users at the camera level.  Which of the following should the Security Manager suggest to BEST secure this environment?
    • A. 

      Create an IP camera network and deploy NIPS to prevent unauthorized access.

    • B. 

      Create an IP camera network and only allow SSL access to the cameras.

    • C. 

      Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.

    • D. 

      Create and IP camera network and restrict access to cameras from a single management host.

  • 3. 
    In single sign-on, the secondary domain needs to trust the primary domain to do which of the following?  (Select TWO).
    • A. 

      Correctly assert the identity and authorization credentials of the end user.

    • B. 

      Correctly assert the authentication and authorization credentials of the end user.

    • C. 

      Protect the authentication credentials used to verify the end user identity to the secondary domain for unauthorized use.

    • D. 

      Protect the authentiation credentials used to verify the end user identity to the secondary domain for authorized use.

    • E. 

      Protect the accounting credentials used to verify the end identity to the secondary domain for unauthorized use.

    • F. 

      Correctly assert the identify and authentication credentials of the end user.

  • 4. 
    A corporation has Research and Development (R&D) and IT support teams, each requiring separate networks with independent control of their security boundaries to support department objectives.  The coporation's Information Security Officer (ISO) is responsible for providing firewall services to both departments, but does not want to increase the hardware footprint within the datacenter.  Which of the following should the ISO consider to provide the independent functionality required by each department's IT teams?
    • A. 

      Put both departments behind the firewall and assign administrative control for each department to the corporate firewall.

    • B. 

      Provide each department with a virtual firewall and assign administrative control to the physical firewall.

    • C. 

      Put both departments behind the firewall and incorporate restrictive controls on each department's network.

    • D. 

      Provide each department with a virtual firewall and assign appropriate levels of management for the virtual device.

  • 5. 
    A manager who was attending an all-day training session was overdue to entertaining bonus and payroll information for subordinates.  The manager felt the best way to get the changes entered while in training was to log into the payroll system, and then activate desktop sharing with a trusted subordinate.  The manager granted the subordinate control of the desktop thereby giving the subordinate full access to the payroll system.  The subordinate did not have authorization to be in the payroll system.  Another employee reported the incident to the security team.  Which of the folloing would be the MOST appropriate method for dealing with this issue going forward?
    • A. 

      Provide targeted security awareness training and impose termination for repeat violators.

    • B. 

      Block desktop sharing and web conferencing application and enable use only with approval.

    • C. 

      Actively monitor the data traffic for each employee using desktop sharing or web conferencing applications.

    • D. 

      Permanently block desktop sharing and web conferencing applications and do not allow its use at the company.

  • 6. 
    After connecting to a secure payment server at https://pay.xyz.com, an auditor notices that the SSL certificate was issued to *.xyz.com.  The auditor also notices that many of the internal development servers use the same certificate.  After installing the certificate on dev1.xyz.com, one of the developers reports misplacing the USB thumb-drive where the SSL certificate was stored.  Which of the following should the auditor recommend FIRST?
    • A. 

      Generate a new public key on both servers.

    • B. 

      Replace the SSL certificate on dev1.xyz.com.

    • C. 

      Generate a new private key password for both servers.

    • D. 

      Replace the SSL certificate on pay.xyz.com.

  • 7. 
    A morphed worm carrying a 0-day payload has infiltrated the cmpany network and is now spreading across the organization.  The security administrator was able to isolate the worm communication and payload distribution channel to TCP port 445.  Which of the following can the administrator do in the short term to minimize the attack?
    • A. 

      Deploy the followin ACL to the HIPS: DENY - TCP - ANY - ANY - 445.

    • B. 

      Run a TCP 445 port scan across the organization and patch hosts with open ports.

    • C. 

      Add the following ACL to the corporate firewall: DENY - TCP - ANY - ANY - 445.

    • D. 

      Force a signature update and full system scan from the enterprize anti-virus solution.

  • 8. 
    A security administrator wants to verify and improve the security of a business process which is tied to proven company workflow.  The security administrator was able to improve security by applying controls that were defined by the newly released company security standard.  Such controls included code improvement, transport encryption, and interface restrictions.  Which of the following can the security administrator do to further increase security after having exhausted all the technical control dictated by the company's security standard?
    • A. 

      Modify the company standard to account for higher security and meet with upper management for approval to implement the new standard.

    • B. 

      Conduct a gap analysis and recommend appropriate non-technical mitigating controls, and incorporate the new controls into the standard.

    • C. 

      Conduct a risk analysis on all current contorls, and recommend appropriate mechanisms to increase overall security.

    • D. 

      Modify the company policy to account for higher security, adapt the standard accordingly, and implement new technical controls.

  • 9. 
    A company receives an e-discovery request for the Chief Information Officer's (CIO's) email data.  The storage administrator reports that the data retention policy relevant to their industry only requires one year of email data.  However the storage administrator also reports that there are three years of email data on the server and five years of email data on the backup tapes.  How many years of data MUST the company legally provide?
    • A. 

      1

    • B. 

      2

    • C. 

      3

    • D. 

      5

  • 10. 
    The VoIP administrator starts receiving reports that users are having problems placing phone calls.  The VoIP administrator cannot determine the issue, and asks the security administrator for help.  The security administrator reviews the switch interfaces and does not see an excessive amount of network traffic on the voice network.  Using a protocol analyzer, the security administrator does see an excessive number of SIP INVITE packets destined for the SIP proxy.  Based on the information given, which of the following attacks is underway and how can it be remediated?
    • A. 

      Man in the middle attack; install an IPS in front of the SIP proxy.

    • B. 

      Man in the middle attack; use 802.1x to secure voice VLAN.

    • C. 

      Denial of Service; switch to more secure H.323 protocol.

    • D. 

      Denial of Service; use rate limiting to limit traffic.

  • 11. 
    The Chief Information Security Office (CISO) of a small bank wants to embed a monthly testing regiment into the security management plan specifically for the development area.  The CISO's requirements are that testing must have a low risk of impacting system stability, can be scripted, and is very thorough.  The development team claims that this will lead to a higher degree of test script maintenance and that it would be preferable if the testing was outsourced to a third party.  The CISO still maintains that third-party testing would not be as the third party lacks the introspection of the development team.  Which of the following will satisfy the CISO requirements?
    • A. 

      Grey box testing performed by a major external consulting firm who have signed a NDA.

    • B. 

      Black box testing performed by a major external consulting firm who have signed a NDA.

    • C. 

      White box testing performed by the development and security assurance teams.

    • D. 

      Grey box testing performed by the development and security assurance teams.

  • 12. 
    A large corporation which is heavily reliant on IT platforms and systems is in financial difficulty and needs to drastically reduce costs in the short term to survive.  The Chief Financial Officer (CFO) has mandated that all IT architectural functions will be outsourced and a mixture of providers will be selected.  One provider will manage the desktops for five years, another provider will manage the network for ten years, another provider will be responsible for security for four years, and an offshore provider will perform day to day business processing functions for two years.  At the end of each contract the incumbent may be renewed or a new provider may be selected.  Which of the following are the MOST likely risk implications of the CFO's business decision?
    • A. 

      Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will remain unchanged. The risk position of the organization will decline as specialists now maintain the environment. The implementation of security controls and security updates will improve. Internal knowledge of IT systems will improve as providers maintain system documentation.

    • B. 

      Strategic architecture will improve as more time can be dedicated to strategy. System stability will improve as providers use specialists and tested processes to maintain systems. Vendor management costs will increase and the organizations's flexibility to reacy to new market conditions will be reduced slightly. Internal knowledge of the IT systems will improve as providers maintain system documentation. The risk position of the organization will remain unchanged.

    • C. 

      Strategic architecture will no be impacted in the short term, but will be adversely impacted in the long term through the segregation of duties between the providers. Vendor management costs will stay the same and the organization's flexibility to react to new market conditions will be improved through best of breed thecnology implementations. Internal knowledge of IT systems will decline over time. The implementation of security controls and security updates will not change.

    • D. 

      Strategic architecture will be adversly impacted through the segregation of duties between the providers. Vendor management costs will increase and the organizaiton's flexibility to react to new market conditions will be reduced. Internal knowledge of IT systems will decline and decrease future platform development. The implementation of security controls and security updates will take longer as responsibility crosses multiple boundaries.

  • 13. 
    A small customer focused bank with implemented least privilege principles, is concerned about the possibility of branch staff unintentionally aiding fraud in their day to day interactions with customers.  Bank staff has been encouraged to build friendships with customers to make the banking experience feel more personal.  The security and risk team have decided that a policy needs to be implemented across all branches to address the risk.  Which of the following BEST addresses the security and risk team's concerns?
    • A. 

      Information disclosure policy

    • B. 

      Awareness training

    • C. 

      Job rotation

    • D. 

      Separation of duties

  • 14. 
    A hosting company provides inexpensive guest virtual machines to low-margin customers.  Customers manage their own guest virtual machines.  Some customers want basic guarantees of logical separation from other customers and it has been indicated that some customers would like to have configuration control of this separation; whereas others want this provided as a value-added service by the hosting company.  Which of the following BEST meets these requirements?
    • A. 

      The hosting company should install a hypervisor-based firewall and allow customers to manage this on an as-needed basis.

    • B. 

      The hosting company should manage the hypervisor-based firewall while allowing customers to configure their own host-based firewall.

    • C. 

      Customers should purchase physical firewalls to protect their guests hosts and have the hosting company manage these if requested.

    • D. 

      The hosting company should install a host-based firewall on customer guest hosts and offer to administer host firewalls for customers if requested.

  • 15. 
    A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSEC in transport mode with AH enabled and ESP disabled throughout the internal network.  The company has hired a security consultant to analyze the network infrastructure and provide a solution for intrusion prevention.  Which of the following recommendations should the consultant provide to the security administrator?
    • A. 

      Switch to TLS in the DMZ. Implement NIPS on the internal network, and HIPS on the DMZ.

    • B. 

      Switch IPSEC to tunnel mode. Implement HIPS on the internal network, and NIPS on the DMZ.

    • C. 

      Disable AH. Enable ESP on the internet network, and use NIPS on both networks.

    • D. 

      Enable ESP on the internal network, and place NIPS on both networks.

  • 16. 
    A developer is coding the crypo routing of an application that will be installed on a standard headless and diskless server connected to a NAS housed in the datacenter.  The developer has written the following six lines of code to add entropy to the routine: 
    1. If VIDEO input exists, use video data for entropy
    2. If AUDIO input exists, use audio data for entropy
    3. If MOUSE input exists, use mouse data for entropy
    4. If KEYBOARD input exists, use keyboard data for entropy
    5. If IDE input exists, use IDE data for entropy
    6. If NETWORK input exists, use network data for entropy
    Which of the following lines of code will result in the STRONGEST seed when combined?
    • A. 

      2 and 1

    • B. 

      3 and 5

    • C. 

      5 and 2

    • D. 

      6 and 4

  • 17. 
    After three vendors submit their requested documentation, the CPO and the SPN can better understand what each vendor does and what solutions that they can provide.  But now they want to see the intricacies of how these solutions can adequately match the requirements needed by the firm.  Upon the directive of the CPO, the CISO should submit which of the following to the three submitting firms?
    • A. 

      A T&M contract

    • B. 

      An RFP

    • C. 

      A FFP agreement

    • D. 

      A new RFQ

  • 18. 
    The <nameID> element in SAML can be provided in which of the following predefined formats?  (Select TWO).
    • A. 

      X.509 subject name

    • B. 

      PTR DNS record

    • C. 

      EV certificate

    • D. 

      Kerberos principal name

    • E. 

      WWN record name

  • 19. 
    A corporation has expanded for the first time by integrating several newly acquired businesses.Which of the following are the FIRST tasks that the security team should undertake?  (Select TWO).
    • A. 

      Remove acquired companies Internet access.

    • B. 

      Federate identity management systems.

    • C. 

      Install firewall between the businesses.

    • D. 

      Re-image all end user computers to a standard image.

    • E. 

      Develop interconnection policy

    • F. 

      Conduct a risk analysis of each acquired company's networks.

  • 20. 
    New zero-day attacks are announced on a regular basis against a broad range of technology systems.  Which of the following best practices should a security manager do to manage the risks of these attack vectors
    • A. 

      Establish an emergency response call tree.

    • B. 

      Create an inventory of applications.

    • C. 

      Backup the router and firewall configurations.

    • D. 

      Maintain a list of critical systems.

    • E. 

      Update all network diagrams

  • 21. 
    A WAF without customization will protect the infrastructure from which of the following combinations?
    • A. 

      DDoS, DNS poisoning, Boink, Teardrop

    • B. 

      Reflective XSS, HTTP exhaustion, Teardrop

    • C. 

      SQL Injection, DOM based XSS, HTTP exhaustion

    • D. 

      SQL Injection, CSRF, Clickjacking

  • 22. 
    Company ABC is planning to outsource its Customer Relationship Management System (CRM) and marketing / leads management to Company XYZ.Which of the following is the MOST important to be considered before going ahead with the service?
    • A. 

      Internal auditors have approved the outsourcing arrangement.

    • B. 

      Penetration testing can be performed on the externally facing web system.

    • C. 

      Ensure there are security controls within the contract adn the right to audit.

    • D. 

      A physical site audit is performed on Company XYZ's management / operation.

  • 23. 
    The Linux server at Company A hosts a graphical application widely used by the company designers.  One designer regularly connects to the server from a Mac laptop in the designers's office down the hall.  When the security engineer learns of this it is discovered the connection is not secured and the password can easily be obtained via network sniffing.  Which of the following would the security engineer MOST likely implement to secure this connection?Linux Server:  192.168.10.10/24Mac Laptop:  192.168.10.200/24
    • A. 

      From the server, establish an SSH tunnel to the Mac and VPN to 192.168.10.200.

    • B. 

      From the Mac, establish a remote desktop connection to 192.168.10.10 using Network Layer Authentication and the CredSSP security provider.

    • C. 

      From the Mac, establish a VPN to the Linux server and connect the VNC to 127.0.0.1.

    • D. 

      From the Mac, establish a SSH tunnel to Linux server an connect the VNC to 127.0.0.1.

  • 24. 
    A data breach has occured at Company A and as a result, the Chief Information Officer (CIO) has resigned.  The CIO's laptop, cell phone and PC were all wiped of data per company policy.  A month later, prosecutors in litigation with Company A suspect the CIO knew about the data breach long before it was discovered and have issued a subpoena requesting all the CIO's email from the last 12 months.  The corporate retention policy recommends keeping data for no longer than 90 days.  Which of the following should occur?
    • A. 

      Restore the CIO's email from an email server backup and provide the last 90 days from the date of the subpoena request.

    • B. 

      Inform the litigators that the CIO's information has been deleted as per corporate policy.

    • C. 

      Restore the CIO's email from an email server backup and provide the last 90 days from the date of the CIO resignation.

    • D. 

      Restore the CIO's email from an email server backup and provide whatever is available up to the last 12 months from the subpoena date.

  • 25. 
    A security administrator at a Lab Company is required to implement a solution which will provide the highest level of confidentiality possible to all data on the lab network.The current infrastructure design includes: 
    • Two-factor token and biometric based authentication for all users
    • Attributable administrator accounts
    • Logging of all transactions
    • Full disk encryption of all HDDs
    • Finely granular access control to all resources
    • Full virtualization of all servers
    • The use of LUN masking to segregate SAN data
    • Port security on all switches
    The network is protected with a firewall implementing ACLs, a NIPS device, and secured wireless access points.Which of the following cyptographic improvements should be made to the current architecutre to achieve the stated goals? 
    • A. 

      PKI based authentication

    • B. 

      Transport encryption

    • C. 

      Data at rest encryption

    • D. 

      Code signing

Related Topics
Back to Top Back to top