CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 10

A developer is coding the crypto routine of an application that will be installed on a standard

headless and diskless server connected to a NAS housed in the datacenter. The developer has

written the following six lines of code to add entropy to the routine:

1 - If VIDEO input exists, use video data for entropy

2 - If AUDIO input exists, use audio data for entropy

3 - If MOUSE input exists, use mouse data for entropy

4 - IF KEYBOARD input exists, use keyboard data for entropy

5 - IF IDE input exists, use IDE data for entropy

6 - IF NETWORK input exists, use network data for entropy

Which of the following lines of code will result in the STRONGEST seed when combined?

Options are :
  • 3 and 5
  • 2 and 1
  • 6 and 4 (Correct)
  • 5 and 2

Answer : 6 and 4

A security researcher is about to evaluate a new secure VoIP routing appliance. The appliance

manufacturer claims the new device is hardened against all known attacks and several undisclosed

zero day exploits. The code base used for the device is a combination of compiled C

and TC/TKL scripts. Which of the following methods should the security research use to

enumerate the ports and protocols in use by the appliance?

Options are :
  • Switchport analyzer
  • Penetration testing
  • Device fingerprinting (Correct)
  • Grey box testing

Answer : Device fingerprinting

A corporation has expanded for the first time by integrating several newly acquired businesses.

Which of the following are the FIRST tasks that the security team should undertake? (Select

TWO).

A. Remove acquired companies Internet access.

B. Federate identity management systems.

C. Install firewalls between the businesses.

D. Re-image all end user computers to a standard image.

E. Develop interconnection policy.

F. Conduct a risk analysis of each acquired company’s networks.

Options are :
  • E,B
  • C,F
  • E,F (Correct)
  • E,D

Answer : E,F

A WAF without customization will protect the infrastructure from which of the following attack

combinations?

Options are :
  • SQL Injection, CSRF, Clickjacking
  • Reflective XSS, HTTP exhaustion, Teardrop
  • DDoS, DNS poisoning, Boink, Teardrop
  • SQL Injection, DOM based XSS, HTTP exhaustion (Correct)

Answer : SQL Injection, DOM based XSS, HTTP exhaustion

At 10:35 a.m. a malicious user was able to obtain a valid authentication token which allowed

read/write access to the backend database of a financial company. At 10:45 a.m. the security

administrator received multiple alerts from the company’s statistical anomaly-based IDS about a

company database administrator performing unusual transactions. At 10:55 a.m. the security

administrator resets the database administrator’s password.

At 11:00 a.m. the security administrator is still receiving alerts from the IDS about unusual

transactions from the same user. Which of the following is MOST likely the cause of the alerts?

Options are :
  • An input validation error has occurred
  • A race condition has occurred. (Correct)
  • The new password was compromised.
  • The IDS logs are compromised.

Answer : A race condition has occurred.

An intrusion detection system logged an attack attempt from a remote IP address. One week later,

the attacker successfully compromised the network. Which of the following MOST likely occurred?

Options are :
  • No one was reviewing the IDS event logs. (Correct)
  • The IDS generated too many false positives.
  • The IDS generated too many false negatives.
  • The attack occurred after hours.

Answer : No one was reviewing the IDS event logs.

Staff from the sales department have administrator rights to their corporate standard operating

environment, and often connect their work laptop to customer networks when onsite during

meetings and presentations. This increases the risk and likelihood of a security incident when the

sales staff reconnects to the corporate LAN. Which of the following controls would BEST protect

the corporate network?

Options are :
  • Implement a network access control (NAC) solution that assesses the posture of the laptop before granting network access. (Correct)
  • Provide sales staff with a separate laptop with no administrator access just for sales visits.
  • Update the acceptable use policy and ensure sales staff read and acknowledge the policy.
  • Use an independent consulting firm to provide regular network vulnerability assessments and biannually qualitative risk assessments.

Answer : Implement a network access control (NAC) solution that assesses the posture of the laptop before granting network access.

Company XYZ has transferred all of the corporate servers, including web servers, to a cloud

hosting provider to reduce costs. All of the servers are running unpatched, outdated versions of

Apache. Furthermore, the corporate financial data is also hosted by the cloud services provider,

but it is encrypted when not in use. Only the DNS server is configured to audit user and

administrator actions and logging is disabled on the other virtual machines. Given this scenario,

which of the following is the MOST significant risk to the system?

Options are :
  • Server services have been virtualized and outsourced.
  • Financial data is processed without being encrypted.
  • Logging is disabled on critical servers.
  • All servers are unpatched and running old versions. (Correct)

Answer : All servers are unpatched and running old versions.

An administrator receives a notification from legal that an investigation is being performed on

members of the finance department. As a precaution, legal has advised a legal hold on all

documents for an unspecified period of time. Which of the following policies will MOST likely be

violated? (Select TWO).

A. Data Storage Policy

B. Data Retention Policy

C. Corporate Confidentiality Policy

D. Data Breach Mitigation Policy

E. Corporate Privacy Policy

Options are :
  • D,B
  • A,C
  • A,D
  • A,B (Correct)

Answer : A,B

Company A is purchasing Company B. Company A uses a change management system for all IT

processes while Company B does not have one in place. Company B’s IT staff needs to purchase

a third party product to enhance production. Which of the following NEXT steps should be

implemented to address the security impacts this product may cause?

Options are :
  • Use Company A’s change management process during the evaluation of the new product. (Correct)
  • Purchase the product and test it on a few systems before installing it throughout the entire company.
  • Purchase the product and test it in a lab environment before installing it on any live system.
  • Allow Company A and B’s IT staff to evaluate the new product prior to purchasing it.

Answer : Use Company A’s change management process during the evaluation of the new product.

A newly-appointed risk management director for the IT department at Company XYZ, a major

pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the

developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and

well-written report from the independent contractor who performed a security assessment of the

system. The report details what seem to be a manageable volume of infrequently exploited

security vulnerabilities. The director decides to implement continuous monitoring and other

security controls to mitigate the impact of the vulnerabilities. Which of the following should the

director require from the developers before agreeing to deploy the system?

Options are :
  • A prudent plan of action which details how to decommission the system within 90 days of becoming operational.
  • A definitive plan of action and milestones which lays out resolutions to all vulnerabilities within six months. (Correct)
  • Business insurance to transfer all risk from the company shareholders to the insurance company.
  • An incident response plan which guarantees response by tier two support within 15 minutes of an incident.

Answer : A definitive plan of action and milestones which lays out resolutions to all vulnerabilities within six months.

A University uses a card transaction system that allows students to purchase goods using their

student ID. Students can put money on their ID at terminals throughout the campus. The security

administrator was notified that computer science students have been using the network to illegally

put money on their cards. The administrator would like to attempt to reproduce what the students

are doing. Which of the following is the BEST course of action?

Options are :
  • Use a protocol analyzer to reverse engineer the transaction system’s protocol. (Correct)
  • Contact the computer science students and threaten disciplinary action if they continue their actions.
  • Notify the transaction system vendor of the security vulnerability that was discovered.
  • Install a NIDS in front of all the transaction system terminals.

Answer : Use a protocol analyzer to reverse engineer the transaction system’s protocol.

Which of the following provides the HIGHEST level of security for an integrated network providing

services to authenticated corporate users?

Options are :
  • Port security on all switches, point to point VPN tunnels for user connections to servers, twofactor authentication, a sign-in roster, and a warm site.
  • Point to point VPN tunnels for external users, three-factor authentication, a cold site, physical security guards, cloud based servers, and IPv6 networking
  • Port security on switches, point to point VPN tunnels for user server connections, two-factor cryptographic authentication, physical locks, and a standby hot site. (Correct)
  • IPv6 networking, port security, full disk encryption, three-factor authentication, cloud based servers, and a cold site.

Answer : Port security on switches, point to point VPN tunnels for user server connections, two-factor cryptographic authentication, physical locks, and a standby hot site.

A large financial company has a team of security-focused architects and designers that contribute

into broader IT architecture and design solutions. Concerns have been raised due to the security

contributions having varying levels of quality and consistency. It has been agreed that a more

formalized methodology is needed that can take business drivers, capabilities, baselines, and reusable

patterns into account. Which of the following would BEST help to achieve these objectives?

Options are :
  • Construct a library of re-usable security patterns
  • Include SRTM in the SDLC
  • Introduce an ESA framework (Correct)
  • Construct a security control library

Answer : Introduce an ESA framework

A company’s security policy states that its own internally developed proprietary Internet facing

software must be resistant to web application attacks. Which of the following methods provides the

MOST protection against unauthorized access to stored database information?

Options are :
  • Deploy a WAF with application specific signatures.
  • Require client-side input filtering on all modifiable fields.
  • Require all development to follow secure coding practices. (Correct)
  • Escape character sequences at the application tier.

Answer : Require all development to follow secure coding practices.

A new company requirement mandates the implementation of multi-factor authentication to access

network resources. The security administrator was asked to research and implement the most

cost-effective solution that would allow for the authentication of both hardware and users. The

company wants to leverage the PKI infrastructure which is already well established. Which of the

following solutions should the security administrator implement?

Options are :
  • Issue each user one hardware token. Configure the token serial number in the user properties of the central authentication system for each user and require token authentication with PIN for network logon.
  • Deploy USB fingerprint scanners on all desktops, and enable the fingerprint scanner on all laptops. Require all network users to register their fingerprint using the reader and store the information in the central authentication system.
  • Issue individual private/public key pairs to each user, install the public key on the central authentication system, and require each user to install the private key on their computer and protect it with a password. (Correct)
  • Issue individual private/public key pairs to each user, install the private key on the central authentication system, and protect the private key with the user’s credentials. Require each user to install the public key on their computer.

Answer : Issue individual private/public key pairs to each user, install the public key on the central authentication system, and require each user to install the private key on their computer and protect it with a password.

An IT administrator wants to restrict DNS zone transfers between two geographically dispersed,

external company DNS name servers, and has decided to use TSIG. Which of the following are

critical when using TSIG? (Select TWO).

A. Periodic key changes once the initial keys are established between the DNS name servers.

B. Secure exchange of the key values between the two DNS name servers.

C. A secure NTP source used by both DNS name servers to avoid message rejection.

D. DNS configuration files on both DNS name servers must be identically encrypted.

E. AES encryption with a SHA1 hash must be used to encrypt the configuration files on both DNS

name servers.

Options are :
  • B,A
  • D,C
  • B,D
  • B,C (Correct)

Answer : B,C

As part of the ongoing information security plan in a large software development company, the

Chief Information officer (CIO) has decided to review and update the company’s privacy policies

and procedures to reflect the changing business environment and business requirements.

Training and awareness of the new policies and procedures has been incorporated into the

security awareness program which should be:

Options are :
  • presented by top level management to only data handling staff.
  • used to promote the importance of the security department.
  • technical in nature to ensure all development staff understand the procedures.
  • customized for the various departments and staff roles. (Correct)

Answer : customized for the various departments and staff roles.

The Universal Research Association has just been acquired by the Association of Medical

Business Researchers. The new conglomerate has funds to upgrade or replace hardware as part

of the acquisition, but cannot fund labor for major software projects. Which of the following will

MOST likely result in some IT resources not being integrated?

Options are :
  • One of the companies may use an outdated VDI.
  • Corporate websites may be optimized for different web browsers.
  • Industry security standards and regulations may be in conflict. (Correct)
  • Data loss prevention standards in one company may be less stringent.

Answer : Industry security standards and regulations may be in conflict.

The <nameID> element in SAML can be provided in which of the following predefined formats?

(Select TWO).

A. X.509 subject name

B. PTR DNS record

C. EV certificate OID extension

D. Kerberos principal name

E. WWN record name

Options are :
  • A,B
  • C,D
  • A,D (Correct)
  • A,C

Answer : A,D

Customer Need:

“We need the system to produce a series of numbers with no discernible mathematical

progression for use by our Java based, PKI-enabled, customer facing website.”

Which of the following BEST restates the customer need?

Options are :
  • The system shall generate a pseudo-random number upon invocation by the existing Java program. (Correct)
  • The system shall generate a truly random number based upon user PKI certificates.
  • The system shall implement a pseudo-random number generator for use by corporate customers.
  • The system shall use a pseudo-random number generator seeded the same every time.

Answer : The system shall generate a pseudo-random number upon invocation by the existing Java program.

A company receives an e-discovery request for the Chief Information Officer’s (CIO’s) email data.

The storage administrator reports that the data retention policy relevant to their industry only

requires one year of email data. However the storage administrator also reports that there are

three years of email data on the server and five years of email data on backup tapes. How many

years of data MUST the company legally provide?

Options are :
  • Man in the middle attack; install an IPS in front of SIP proxy.
  • Man in the middle attack; use 802.1x to secure voice VLAN.
  • Denial of Service; use rate limiting to limit traffic. (Correct)
  • Denial of Service; switch to more secure H.323 protocol.

Answer : Denial of Service; use rate limiting to limit traffic.

The internal audit department is investigating a possible breach of security. One of the auditors is

sent to interview the following employees:

Employee A. Works in the accounts receivable office and is in charge of entering data into the

finance system.

Employee B. Works in the accounts payable office and is in charge of approving purchase orders.

Employee C. Is the manager of the finance department, supervises Employee A and Employee B,

and can perform the functions of both Employee A and Employee B.

Which of the following should the auditor suggest be done to avoid future security breaches?

Options are :
  • Employee A and Employee B should rotate jobs at a set interval and cross-train.
  • All employees should have the same access level to be able to check on each others
  • The manager should be able to both enter and approve information.
  • The manager should only be able to review the data and approve purchase orders. (Correct)

Answer : The manager should only be able to review the data and approve purchase orders.

A security administrator must implement a SCADA style network overlay to ensure secure remote

management of all network management and infrastructure devices. Which of the following BEST

describes the rationale behind this architecture?

Options are :
  • A physically isolated network with inband management that uses two factor authentication.
  • An isolated network that provides secure out-of-band remote management (Correct)
  • A logically isolated network with inband management that uses secure two factor authentication.
  • A physically isolated network that allows for secure metric collection.

Answer : An isolated network that provides secure out-of-band remote management

An administrator receives reports that the network is running slow for users connected to a certain

switch. Viewing the network traffic, the administrator reviews the following:

18:51:59.042108 IP linuxwksta.55467 > dns.company.com.domain: 39462+ PTR? 222.17.4.10.inaddr.

arpa. (42)

18:51:59.055732 IP dns.company.com.domain > linuxwksta.55467: 39462 NXDomain 0/0/0 (42)

18:51:59.055842 IP linuxwksta.48287 > dns.company.com.domain: 46767+ PTR? 255.19.4.10.inaddr.

arpa. (42)

18:51:59.069816 IP dns.company.com.domain > linuxwksta.48287: 46767 NXDomain 0/0/0 (42)

18:51:59.159060 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [P.], seq

1989625106:1989625154, ack 2067334822, win 1525, options [nop,nop,TS val 16021424 ecr

215646227], length 48

18:51:59.159145 IP linuxwksta.48854 > dns.company.com.domain: 3834+ PTR? 72.17.4.10.inaddr.

arpa. (41)

18:51:59.159314 IP 10.4.17.72.iscsi-target > linuxwksta.42491: Flags [P.], seq 1:49, ack 48, win

124, options [nop,nop,TS val 215647479 ecr 16021424], length 48

18:51:59.159330 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [.], ack 49, win 1525,

options [nop,nop,TS val 16021424 ecr 215647479], length 0

18:51:59.165342 IP dns.company.com.domain > linuxwksta.48854: 3834 NXDomain 0/0/0 (41)

18:51:59.397461 ARP, Request who-has 10.4.16.58 tell 10.4.16.1, length 46

18:51:59.397597 IP linuxwksta.37684 > dns.company.com.domain: 15022+ PTR? 58.16.4.10.inaddr.

arpa. (41)

Given the traffic report, which of the following is MOST likely causing the slow traffic?

Options are :
  • ARP poisoning
  • Improper LUN masking
  • Improper network zoning (Correct)
  • DNS poisoning

Answer : Improper network zoning

The Chief Information Security Officer (CISO) of a small bank wants to embed a monthly testing

regiment into the security management plan specifically for the development area. The CISO’s

requirements are that testing must have a low risk of impacting system stability, can be scripted,

and is very thorough. The development team claims that this will lead to a higher degree of test

script maintenance and that it would be preferable if the testing was outsourced to a third party.

The CISO still maintains that third-party testing would not be as thorough as the third party lacks

the introspection of the development team. Which of the following will satisfy the CISO

requirements?

Options are :
  • White box testing performed by the development and security assurance teams. (Correct)
  • Black box testing performed by a major external consulting firm who have signed a NDA.
  • Grey box testing performed by the development and security assurance teams.
  • Grey box testing performed by a major external consulting firm who have signed a NDA.

Answer : White box testing performed by the development and security assurance teams.

The marketing department at Company A regularly sends out emails signed by the company’s

Chief Executive Officer (CEO) with announcements about the company. The CEO sends company

and personal emails from a different email account. During legal proceedings against the

company, the Chief Information Officer (CIO) must prove which emails came from the CEO and

which came from the marketing department. The email server allows emails to be digitally signed

and the corporate PKI provisioning allows for one certificate per user. The CEO did not share their

password with anyone. Which of the following will allow the CIO to state which emails the CEO

sent and which the marketing department sent?

Options are :
  • Non-repudiation (Correct)
  • Key escrow
  • Identity proofing
  • Digital rights management

Answer : Non-repudiation

Company ABC is planning to outsource its Customer Relationship Management system (CRM)

and marketing / leads management to Company XYZ.

Which of the following is the MOST important to be considered before going ahead with the

service?

Options are :
  • Ensure there are security controls within the contract and the right to audit. (Correct)
  • A physical site audit is performed on Company XYZ’s management / operation.
  • Internal auditors have approved the outsourcing arrangement.
  • Penetration testing can be performed on the externally facing web system.

Answer : Ensure there are security controls within the contract and the right to audit.

Due to cost and implementation time pressures, a security architect has allowed a NAS to be used

instead of a SAN for a non-critical, low volume database. Which of the following would make a

NAS unsuitable for a business critical, high volume database application that required a high

degree of data confidentiality and data availability? (Select THREE).

A. File level transfer of data

B. Zoning and LUN security

C. Block level transfer of data

D. Multipath

E. Broadcast storms

F. File level encryption

G. Latency

Options are :
  • A,F,G
  • A,E,B
  • A,E,G (Correct)
  • F,E,G

Answer : A,E,G

Company ABC was formed by combining numerous companies which all had multiple databases,

web portals, and cloud data sets. Each data store had a unique set of custom developed

authentication mechanisms and schemas. Which of the following approaches to combining the

disparate mechanisms has the LOWEST up front development costs?

Options are :
  • Federated IDs (Correct)
  • PKI
  • Biometrics
  • Attestation

Answer : Federated IDs

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions