CAS-001 - CompTIA Advanced Security Practitioner Certification Exam
Go back to CompTIA
A security analyst is tasked to create an executive briefing, which explains the activity and motivation of a cyber adversary. Which of the following is the MOST important content for the brief for management personnel to understand?
Threat actor types, threat actor motivation, and the attack impact
The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53?
A mid-level company is rewriting its security policies and has halted the rewriting progress because the company's executives believe that its major vendors, who have cultivated a strong personal and professional relationship with the senior level staff, have a good handle on compliance and regulatory standards. Therefore, the executive level managers are allowing vendors to play a large role in writing the policy. Having experienced this type of environment in previous positions, and being aware that vendors may not always put the company's interests first, the IT Director decides that while vendor support is important, it is critical that the company writes the policy objectively. Which of the following is the recommendation the IT Director should present to senior staff?
1) Consult legal and regulatory requirements; 2) Draft General Organizational Policy; 3) Specify Functional Implementing Policies; 4) Establish necessary standards, procedures, baselines, and guidelines
_________ consists of very large-scale virtualized, distributed computing systems. They cover multiple administrative domains and enable virtual organizations.
A network engineer at Company ABC observes the following raw HTTP request: GET /disp_reports.php?SectionEntered=57&GroupEntered=-1&report_type=alerts&to_date=01- 01-0101&Run= Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10-2010&TypesEntered=1 HTTP/1.1 Host: test.example.net Accept: */* Accept-Language: en Connection: close Cookie: java14=1; java15=1; java16=1; js=1292192278001; Which of the following should be the engineer's GREATEST concern?
Sensitive data is transmitted in the URL.
A security administrator is investigating the compromise of a software distribution website. Forensic analysis shows that several popular files are infected with malicious code. However, comparing a hash of the infected files with the original, non-infected files which were restored from backup, shows that the hash is the same. Which of the following explains this?
The infected files were specially crafted to exploit a collision in the hash function.
The security administrator at a bank is receiving numerous reports that customers are unable to login to the bank website. Upon further investigation, the security administrator discovers that the name associated with the bank website points to an unauthorized IP address. Which of the following solutions will MOST likely mitigate this type of attack?
Configuring and deploying TSIG
A database is hosting information assets with a computed CIA aggregate value of high. The database is located within a secured network zone where there is flow control between the client and datacenter networks. Which of the following is the MOST likely threat?
Inappropriate administrator access
An IT administrator wants to restrict DNS zone transfers between two geographically dispersed, external company DNS name servers, and has decided to use TSIG. Which of the following are critical when using TSIG? (Select TWO).
Secure exchange of the key values between the two DNS name servers.
A secure NTP source used by both DNS name servers to avoid message rejection.
The Chief Risk Officer (CRO) has requested that the MTD, RTO and RPO for key business applications be identified and documented. Which of the following business documents would MOST likely contain the required values?
A company receives an e-discovery request for the Chief Information Officer's (CIO's) email data. The storage administrator reports that the data retention policy relevant to their industry only requires one year of email data. However the storage administrator also reports that there are three years of email data on the server and five years of email data on backup tapes. How many years of data MUST the company legally provide?
A University uses a card transaction system that allows students to purchase goods using their student ID. Students can put money on their ID at terminals throughout the campus. The security administrator was notified that computer science students have been using the network to illegally put money on their cards. The administrator would like to attempt to reproduce what the students are doing. Which of the following is the BEST course of action?
Use a protocol analyzer to reverse engineer the transaction system's protocol.
Which of the following is the predicted elapsed time between inherent failures of a system during operation?
Mean time between failures
The Chief Executive Officer (CEO) has decided to outsource systems which are not core business functions; however, a recent review by the risk officer has indicated that core business functions are dependent on the outsourced systems. The risk officer has requested that the IT department calculates the priority of restoration for all systems and applications under the new business model. Which of the following is the BEST tool to achieve this?
Business impact analysis
Continuous monitoring is a popular risk reduction technique in many large organizations with formal certification processes for IT projects. In order to implement continuous monitoring in an effective manner which of the following is correct?
Logging must be set appropriately and alerts delivered to security staff in a timely manner.
Which of the following is a group of people who prepare for and respond to any emergency incident, such as a natural disaster or an interruption of business operations?
Incident response team
An Information Security Officer (ISO) has asked a security team to randomly retrieve discarded computers from the warehouse dumpster. The security team was able to retrieve two older computers and a broken MFD network printer. The security team was able to connect the hard drives from the two computers and the network printer to a computer equipped with forensic tools. The security team was able to retrieve PDF files from the network printer hard drive but the data on the two older hard drives was inaccessible. Which of the following should the Warehouse Manager do to remediate the security issue?
Update the hardware decommissioning procedures.
A healthcare company recently purchased the building next door located on the same campus. The building previously did not have any IT infrastructure. The building manager has selected four potential locations to place IT equipment consisting of a half height open server rack with five switches, a router, a firewall, and two servers. Given the descriptions below, where would the security engineer MOST likely recommend placing the rack? The Boiler Room: The rack can be placed 5 feet (1.5 meters) up on the wall, between the second and third boiler. The room is locked and only maintenance has access to it. The Reception AreA. The reception area is an open area right as customers enter. There is a closet 5 feet by 5 feet (1.5 meters by 1.5 meters) that the rack will be placed in with floor mounts. There is a 3 digit PIN lock that the receptionist sets. The Rehabilitation AreA. The rack needs to be out of the way from patients using the whirlpool bath, so it will be wall mounted 8 feet (2.4 meters) up as the area has high ceilings. The rehab area is staffed full time and admittance is by key card only. The Finance AreA. There is an unused office in the corner of the area that can be used for the server rack. The rack will be floor mounted. The finance area is locked and alarmed at night.
The Finance Area
A security administrator is conducting network forensic analysis of a recent defacement of the company’s secure web payment server (HTTPS). The server was compromised around the New Year’s holiday when all the company employees were off. The company’s network diagram is summarized below: -Internet -Gateway Firewall -IDS -Web SSL Accelerator -Web Server Farm -Internal Firewall -Company Internal Network The security administrator discovers that all the local web server logs have been deleted. Additionally, the Internal Firewall logs are intact but show no activity from the internal network to the web server farm during the holiday. Which of the following is true?
The security administrator should review the IDS logs to determine the source of the attack and the attack vector used to compromise the web server.
The security administrator must reconfigure the network and place the IDS between the SSL accelerator and the server farm to be able to determine the cause of future attacks.
A company has decided to move to an agile software development methodology. The company gives all of its developers security training. After a year of agile, a management review finds that the number of items on a vulnerability scan has actually increased since the methodology change. Which of the following best practices has MOST likely been overlooked in the agile implementation?
The security requirements definition phase should be added to each sprint.
After a security incident, an administrator revokes the SSL certificate for their web server www.company.com. Later, users begin to inform the help desk that a few other servers are generating certificate errors: ftp.company.com, mail.company.com, and partners.company.com. Which of the following is MOST likely the reason for this?
The servers used a wildcard certificate.
Which of the following statements are true about Risk analysis? Each correct answer represents a complete solution. Choose three.
It recognizes risks, quantifies the impact of threats, and supports budgeting for security.
It adjusts the requirements and objectives of the security policy with the business objectives and motives.
It provides the higher management the details necessary to determine the risks that should be mitigated, transferred, and accepted.
How many levels of threats are faced by the SAN?
An organization is finalizing a contract with a managed security services provider (MSSP) that is responsible for primary support of all security technologies. Which of the following should the organization require as part of the contract to ensure the protection of the organization's technology?
An interconnection security agreement
A company is planning to deploy an in-house Security Operations Center (SOC). One of the new requirements is to deploy a NIPS solution into the Internet facing environment. The SOC highlighted the following requirements: -Perform fingerprinting on unfiltered inbound traffic to the company -Monitor all inbound and outbound traffic to the DMZ's In which of the following places should the NIPS be placed in the network?
In front of the Internet firewall and in front of the DMZs
A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. This requirement is BEST described as an implementation of:
Separation of duties
A company wishes to purchase a new security appliance. A security administrator has extensively researched the appliances, and after presenting security choices to the company's management team, they approve of the proposed solution. Which of the following documents should be constructed to acquire the security appliance?
To support a software security initiative business case, a project manager needs to provide a cost benefit analysis. The project manager has asked the security consultant to perform a return on investment study. It has been estimated that by spending $300,000 on the software security initiative, a 30% savings in cost will be realized for each project. Based on an average of 8 software projects at a current cost of $50,000 each, how many years will it take to see a positive ROI?
Nearly three years
A security administrator notices a recent increase in workstations becoming compromised by malware. Often, the malware is delivered via drive-by downloads, from malware hosting websites, and is not being detected by the corporate antivirus. Which of the following solutions would provide the BEST protection for the company?
Deploy a cloud-based content filter and enable the appropriate category to prevent further infections.
Which of the following activities could reduce the security benefits of mandatory vacations?
Have a replacement employee run the same applications as the vacationing employee.
Have a replacement employee run several daily scripts developed by the vacationing employee.
What routine security measure is most effective in protecting against emerging threats?
A programming team is deploying a new PHP module to be run on a Solaris 10 server with trusted extensions. The server is configured with three zones, a management zone, a customer zone, and a backend zone. The security model is constructed so that only programs in the management zone can communicate data between the zones. After installation of the new PHP module, which handles on-line customer payments, it is not functioning correctly. Which of the following is the MOST likely cause of this problem?
The PHP module was installed in the management zone, but is trying to call a routine in the customer zone to transfer data directly to a MySQL database in the backend zone.
An administrator is unable to connect to a server via VNC. Upon investigating the host firewall configuration, the administrator sees the following lines: - A INPUT -m state --state NEW -m tcp -p tcp --dport 3389 -j DENY - A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j DENY - A INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT - A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j DENY - A INPUT -m state --state NEW -m tcp -p tcp --sport 3389 -j ACCEPT Which of the following should occur to allow VNC access to the server?
A line needs to be added.
An online banking application has had its source code updated and is soon to be re-launched. The underlying infrastructure has not been changed. In order to ensure that the application has an appropriate security posture, several security-related activities are required. Which of the following security activities should be performed to provide an appropriate level of security testing coverage? (Select TWO).
Penetration test across the application with accounts of varying access levels (i.e. non- authenticated, authenticated, and administrative users).
Code review across critical modules to ensure that security defects, Trojans, and backdoors are not present.
Fred is a network administrator for an insurance company. Lately there has been an issue with the antivirus software not updating. What is the first thing Fred should do to solve the problem?
Clearly define the problem
A company is in the process of implementing a new front end user interface for its customers, the goal is to provide them with more self service functionality. The application has been written by developers over the last six months and the project is currently in the test phase. Which of the following security activities should be implemented as part of the SDL in order to provide the MOST security coverage over the solution? (Select TWO).
Perform grey box penetration testing over the solution
Perform static code review over the front end source code
An organization has just released a new mobile application for its customers. The application has an inbuilt browser and native application to render content from existing websites and the organization's new web services gateway. All rendering of the content is performed on the mobile application. The application requires SSO between the application, the web services gateway and legacy UI. Which of the following controls MUST be implemented to securely enable SSO?
Local storage of the authenticated token on the mobile application is secured.
Software and systems as a service in the cloud provide flexibility for administrators. The administrator can create, shutdown, and restart virtual servers as needed. However this flexibility also leads to a problem. Which of the following problems is directly related to that?
Company XYZ is building a new customer facing website which must access some corporate resources. The company already has an internal facing web server and a separate server supporting an extranet to which suppliers have access. The extranet web server is located in a network DMZ. The internal website is hosted on a laptop on the internal corporate network. The internal network does not restrict traffic between any internal hosts. Which of the following locations will BEST secure both the intranet and the customer facing website?
Dedicated DMZ network segments
Unit testing for security functionality and resiliency to attack, as well as developing secure code and exploit mitigation, occur in which of the following phases of the Secure Software Development Lifecycle?
Secure Software Implementation
What is this formula for SC information system = [(confidentiality, impact), (integrity, impact), (availability, impact)}?
Calculate CIA aggregate score
A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and well-written report from the independent contractor who performed a security assessment of the system. The report details what seems to be a manageable volume of infrequently exploited security vulnerabilities. The likelihood of a malicious attacker exploiting one of the vulnerabilities is low; however, the director still has some reservations about approving the system because of which of the following?
The resulting impact of even one attack being realized might cripple the company financially.
The internal auditor at Company ABC has completed the annual audit of the company's financial system. The audit report indicates that the accounts receivable department has not followed proper record disposal procedures during a COOP/BCP tabletop exercise involving manual processing of financial transactions. Which of the following should be the Information Security Officer's (ISO's) recommendation? (Select TWO).
Implement mandatory training
Review company procedures
Which of the following Web sites provides a virtual community where people with a shared interest can communicate and also can post their thoughts, ideas, and anything else and share it with their friends?
Social networking site
The Chief Information Security Officer (CISO) of a small bank wants to embed a monthly testing regiment into the security management plan specifically for the development area. The CISO's requirements are that testing must have a low risk of impacting system stability, can be scripted, and is very thorough. The development team claims that this will lead to a higher degree of test script maintenance and that it would be preferable if the testing was outsourced to a third party. The CISO still maintains that third-party testing would not be as thorough as the third party lacks the introspection of the development team. Which of the following will satisfy the CISO requirements?
White box testing performed by the development and security assurance teams.
Which of the following is the MOST appropriate control measure for lost mobile devices?
Require that the compromised devices be remotely wiped.
The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and wants to connect it to the company’s internal network. The Chief Information Security Officer (CISO) was told to research and recommend how to secure this device. Which of the following recommendations should be implemented to keep the device from posing a security risk to the company?
A corporate policy to prevent sensitive information from residing on a mobile device and antivirus software.
Encryption of the non-volatile memory and a password or PIN to access the device.
A firm's Chief Executive Officer (CEO) is concerned that its IT staff lacks the knowledge to identify complex vulnerabilities that may exist in the payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted, in a risk management meeting that code base confidentiality is of upmost importance to allow the company to exceed the competition in terms of product reliability, stability and performance. The CEO also highlighted that company reputation for secure products is extremely important. Which of the following will provide the MOST thorough testing and satisfy the CEO's requirements?
Sign a NDA with a small consulting firm and use the firm to perform Grey box testing.
The IT Manager has mandated that an extensible markup language be implemented which can be used to exchange provisioning requests and responses for account creation. Which of the following is BEST able to achieve this?