CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 7

Which of the following refers to programs running in an isolated space to run untested code and

prevents the code from making permanent changes to the OS kernel and other data on the host

machine?

Options are :
  • Code signing
  • Application sandboxing (Correct)
  • Application hardening
  • Input Validation

Answer : Application sandboxing

A number of security incidents have been reported involving mobile web-based code developed by

a consulting company. Performing a root cause analysis, the security administrator of the

consulting company discovers that the problem is a simple programming error that results in extra

information being loaded into the memory when the proper format is selected by the user. After

repeating the process several times, the security administrator is able to execute unintentional

instructions through this method. Which of the following BEST describes the problem that is

occurring, a good mitigation technique to use to prevent future occurrences, and why it a security

concern?

Options are :
  • Problem: Buffer overflow Mitigation Technique: Secure coding standards Security Concern: Exposes the company to liability buffer overflows and can enable malicious actors to compromise the confidentiality/availability of the data. (Correct)
  • Problem: SQL injection Mitigation Technique: Secure coding standards Security Concern: Exposes the company to liability SQL injection and can enable malicious actors to compromise the confidentiality of data or interrupt the availability of a system.
  • Problem: Cross-site scripting Mitigation Technique. Input validation Security Concern: Decreases the company’s profits and cross-site scripting can enable malicious actors to compromise the confidentiality of network connections or interrupt the availability of the network.
  • Problem: Buffer overflow Mitigation Technique: Output validation Security Concern: Exposing the company to public scrutiny buffer overflows can enable malicious actors to interrupt the availability of a system.

Answer : Problem: Buffer overflow Mitigation Technique: Secure coding standards Security Concern: Exposes the company to liability buffer overflows and can enable malicious actors to compromise the confidentiality/availability of the data.

A user logs into domain A using a PKI certificate on a smartcard protected by an 8 digit PIN. The

credential is cached by the authenticating server in domain A. Later, the user attempts to access a

resource in domain B. This initiates a request to the original authenticating server to somehow

attest to the resource server in the second domain that the user is in fact who they claim to be.

Which of the following is being described?

Options are :
  • Authentication
  • SAML (Correct)
  • Authorization
  • Kerberos

Answer : SAML

A security manager at Company ABC, needs to perform a risk assessment of a new mobile device

which the Chief Information Officer (CIO) wants to immediately deploy to all employees in the

company. The product is commercially available, runs a popular mobile operating system, and can

connect to IPv6 networks wirelessly. The model the CIO wants to procure also includes the

upgraded 160GB solid state hard drive. The producer of the device will not reveal exact numbers

but experts estimate that over 73 million of the devices have been sold worldwide. Which of the

following is the BEST list of factors the security manager should consider while performing a risk

assessment?

Options are :
  • Ability to remotely wipe the devices, apply security controls remotely, and encrypt the SSD; the track record of the vendor in publicizing and correcting security flaws in their products; predicted costs associated with maintaining, integrating and securing the devices. (Correct)
  • Ability to remotely administer the devices, apply security controls remotely, and remove the SSD; the track record of the vendor in securely implementing IPv6 with IPSec; predicted costs associated with securing the devices
  • Ability to remotely monitor the devices, remove security controls remotely, and decrypt the SSD; the track record of the vendor in publicizing and preventing security flaws in their products; predicted costs associated with maintaining, destroying and tracking the devices.
  • Ability to remotely sanitize the devices, apply security controls locally, encrypt the SSD; the track record of the vendor in adapting the open source operating system to their platform; predicted costs associated with inventory management, maintaining, integrating and securing the devices.

Answer : Ability to remotely wipe the devices, apply security controls remotely, and encrypt the SSD; the track record of the vendor in publicizing and correcting security flaws in their products; predicted costs associated with maintaining, integrating and securing the devices.

An Information Security Officer (ISO) has asked a security team to randomly retrieve discarded

computers from the warehouse dumpster. The security team was able to retrieve two older

computers and a broken MFD network printer. The security team was able to connect the hard

drives from the two computers and the network printer to a computer equipped with forensic tools.

The security team was able to retrieve PDF files from the network printer hard drive but the data

on the two older hard drives was inaccessible.

Which of the following should the Warehouse Manager do to remediate the security issue?

Options are :
  • Update the hardware decommissioning procedures (Correct)
  • Degauss the printer hard drive to delete data.
  • Revise the hardware and software maintenance contract.
  • Implement a new change control process

Answer : Update the hardware decommissioning procedures

Which of the following precautions should be taken to harden network devices in case of

VMEscape?

Options are :
  • Physical servers should only be on the same WAN as other physical servers in their network
  • Web servers should be on the same physical server as database servers in the network segment.
  • Virtual servers should only be on the same physical server as others in their network segment (Correct)
  • Database servers should be on the same virtual server as web servers in the DMZ network segment.

Answer : Virtual servers should only be on the same physical server as others in their network segment

A company contracts with a third party to develop a new web application to process credit cards.

Which of the following assessments will give the company the GREATEST level of assurance for

the web application?

Options are :
  • Code Review (Correct)
  • Social Engineering
  • Penetration Test
  • Vulnerability Assessment

Answer : Code Review

Wireless users are reporting issues with the company’s video conferencing and VoIP systems.

The security administrator notices DOS attacks on the network that are affecting the company’s

VoIP system (i.e. premature call drops and garbled call signals). The security administrator also

notices that the SIP servers are unavailable during these attacks. Which of the following security

controls will MOST likely mitigate the VoIP DOS attacks on the network? (Select TWO).

A. Configure 802.11b on the network

B. Configure 802.1q on the network

C. Configure 802.11e on the network

D. Update the firewall managing the SIP servers

E. Update the HIDS managing the SIP servers

Options are :
  • C,A
  • C,B
  • C,D (Correct)
  • B,D

Answer : C,D

A security architect is assigned to a major software development project. The software

development team has a history of writing bug prone, inefficient code, with multiple security flaws

in every release. The security architect proposes implementing secure coding standards to the

project manager. The secure coding standards will contain detailed standards for:

Options are :
  • error prevention, requirements validation, memory use and reuse, commenting typical security problems, and testing code standards.
  • error handling, input validation, commenting, preventing typical security problems, managing customers, and documenting extra requirements.
  • error handling, input validation, memory use and reuse, race condition handling, commenting, and preventing typical security problems. (Correct)
  • error elimination, trash collection, documenting race conditions, peer review, and typical security problems.

Answer : error handling, input validation, memory use and reuse, race condition handling, commenting, and preventing typical security problems.

A network engineer at Company ABC observes the following raw HTTP request:

GET /disp_reports.php?SectionEntered=57&GroupEntered=-1&report_type=alerts&to_date=01-

01-0101&Run=

Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10-2010&TypesEntered=1

HTTP/1.1

Host: test.example.net

Accept: */*

Accept-Language: en

Connection: close

Cookie: java14=1; java15=1; java16=1; js=1292192278001;

Which of the following should be the engineer’s GREATEST concern?

Options are :
  • The HTTPS is not being enforced so the system is vulnerable.
  • The dates entered are outside a normal range, which may leave the system vulnerable to a denial of service attack.
  • Sensitive data is transmitted in the URL.
  • The numerical encoding on the session ID is limited to hexadecimal characters, making it susceptible to a brute force attack. (Correct)

Answer : The numerical encoding on the session ID is limited to hexadecimal characters, making it susceptible to a brute force attack.

A company has decided to relocate and the security manager has been tasked to perform a site

survey of the new location to help in the design of the physical infrastructure. The current location

has video surveillance throughout the building and entryways.

The following requirements must be met:

Able to log entry of all employees in and out of specific areas

Access control into and out of all sensitive areas

Tailgating prevention

Which of the following would MOST likely be implemented to meet the above requirements and

provide a secure solution? (Select TWO).

A. Discretionary Access control

B. Man trap

C. Visitor logs

D. Proximity readers

E. Motion detection sensors

Options are :
  • B,D (Correct)
  • B,C
  • B,A
  • A,D

Answer : B,D

A security audit has uncovered a lack of security controls with respect to employees’ network

account management. Specifically, the audit reveals that employee’s network accounts are not

disabled in a timely manner once an employee departs the organization. The company policy

states that the network account of an employee should be disabled within eight hours of

termination. However, the audit shows that 5% of the accounts were not terminated until three

days after a dismissed employee departs. Furthermore, 2% of the accounts are still active.

Which of the following is the BEST course of action that the security officer can take to avoid

repeat audit findings?

Options are :
  • Update the company policy to account for delays and unforeseen situations in account deactivation.
  • Enforce the company policy by conducting monthly account reviews of inactive accounts.
  • Review the termination policy with the company managers to ensure prompt reporting of employee terminations. (Correct)
  • Review the HR termination process and ask the software developers to review the identity management code.

Answer : Review the termination policy with the company managers to ensure prompt reporting of employee terminations.

A company has asked their network engineer to list the major advantages for implementing a

virtual environment in regards to cost. Which of the following would MOST likely be selected?

Options are :
  • Isolation of applications
  • Reducing physical footprint (Correct)
  • Reduced network traffic
  • Ease of patch testing

Answer : Reducing physical footprint

The security administrator of a small private firm is researching and putting together a proposal to

purchase an IPS to replace an existing IDS. A specific brand and model has been selected, but

the security administrator needs to gather various cost information for that product. Which of the

following documents would perform a cost analysis report and include information such as

payment terms?

Options are :
  • RFQ (Correct)
  • RFC
  • RTO
  • RFI

Answer : RFQ

A certain script was recently altered by the author to meet certain security requirements, and

needs to be executed on several critical servers. Which of the following describes the process of

ensuring that the script being used was not altered by anyone other than the author?

Options are :
  • Password entropy
  • Digital signing
  • Digital encryption
  • Code signing (Correct)

Answer : Code signing

The company is about to upgrade a financial system through a third party, but wants to legally

ensure that no sensitive information is compromised throughout the project. The project manager

must also make sure that internal controls are set to mitigate the potential damage that one

individual’s actions may cause. Which of the following needs to be put in place to make certain

both organizational requirements are met? (Select TWO).

A. Separation of duties

B. Forensic tasks

C. MOU

D. OLA

E. NDA

F. Job rotation

Options are :
  • A,D
  • B,E
  • A,E (Correct)
  • A,C

Answer : A,E

Which of the following can aid a buffer overflow attack to execute when used in the creation of

applications?

Options are :
  • Secure cookie storage
  • Standard libraries (Correct)
  • Input validation
  • State management

Answer : Standard libraries

The helpdesk is receiving multiple calls about slow and intermittent Internet access from the

CompTIA CAS-001 Exam

"Pass Any Exam. Any Time." - www.actualtests.com 25

finance department. The network administrator reviews the tickets and compiles the following

information for the security administrator:

------

Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0

Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0

Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0

All callers are connected to the same switch and are routed by a router with five built-in interfaces.

The upstream router interface’s MAC is 00-01-42-32-ab-1a

------

The security administrator brings a laptop to the finance office, connects it to one of the wall jacks,

starts up a network analyzer, and notices the following:

09:05:10.937590 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)

09:05:15.934840 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)

09:05:19.931482 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)

Which of the following can the security administrator determine from the above information?

Options are :
  • A man in the middle attack is underway - implementing static ARP entries is a possible solution. (Correct)
  • The default gateway is being spoofed - implementing static routing with MD5 is a possible solution.
  • The router is being advertised on a separate network - router reconfiguration is a possible solution.
  • An ARP flood attack targeted at the router is causing intermittent communication – implementing IPS is a possible solution.

Answer : A man in the middle attack is underway - implementing static ARP entries is a possible solution.

A security consultant is evaluating forms which will be used on a company website. Which of the

following techniques or terms is MOST effective at preventing malicious individuals from

successfully exploiting programming flaws in the website?

Options are :
  • Input validation (Correct)
  • Anti-spam software
  • Data loss prevention
  • Application sandboxing

Answer : Input validation

Which of the following is true about an unauthenticated SAMLv2 transaction?

Options are :
  • The browser asks the SP for a resource. The SP provides the browser with an XHTML format. The browser asks the IdP to validate the user, and then provides the XHTML back to the SP for access. (Correct)
  • B. The browser asks the IdP for a resource. The IdP provides the browser with an XHTML format. The browser asks the SP to validate the user, and then provides the XHTML to the IdP for access.
  • The browser asks the IdP to validate the user. The IdP sends an XHTML form to the SP and a cookie to the browser. The browser asks for a resource to the SP, which verifies the cookie and XHTML format for access.
  • The browser asks the SP to validate the user. The SP sends an XHTML form to the IdP. The IdP provides the XHTML form back to the SP, and then the browser asks the SP for a resource.

Answer : The browser asks the SP for a resource. The SP provides the browser with an XHTML format. The browser asks the IdP to validate the user, and then provides the XHTML back to the SP for access.

The security administrator is receiving numerous alerts from the internal IDS of a possible

Conficker infection spreading through the network via the Windows file sharing services. Given the

size of the company which deploys over 20,000 workstations and 1,000 servers, the security

engineer believes that the best course of action is to block the file sharing service across the

organization by placing ACLs on the internal routers.

Which of the following should the security administrator do before applying the ACL?

Options are :
  • Call an emergency change management meeting to ensure the ACL will not impact core business functions. (Correct)
  • Quickly research best practices with respect to stopping Conficker infections and implement the solution.
  • Apply the ACL immediately since this is an emergency that could lead to a widespread data compromise.
  • Consult with the rest of the security team and get approval on the solution by all the team members and the team manager.

Answer : Call an emergency change management meeting to ensure the ACL will not impact core business functions.

Which of the following must be taken into consideration for e-discovery purposes when a legal

case is first presented to a company?

Options are :
  • Data ownership on all files
  • Data recovery and storage (Correct)
  • Data retention policies on only file servers
  • Data size on physical disks

Answer : Data recovery and storage

Several critical servers are unresponsive after an update was installed. Other computers that have

not yet received the same update are operational, but are vulnerable to certain buffer overflow

attacks. The security administrator is required to ensure all systems have the latest updates while

minimizing any downtime.

Which of the following is the BEST risk mitigation strategy to use to ensure a system is properly

updated and operational?

Options are :
  • Distributed patch management system where all updates are tested in a lab environment prior to being installed on a live production system. (Correct)
  • Central patch management system where all systems in production are patched by automatic updates as they are released.
  • Central patch management system where all updates are tested in a lab environment after being installed on a live production system.
  • Distributed patch management system where all systems in production are patched as updates are released.

Answer : Distributed patch management system where all updates are tested in a lab environment prior to being installed on a live production system.

The security administrator at a bank is receiving numerous reports that customers are unable to

login to the bank website. Upon further investigation, the security administrator discovers that the

name associated with the bank website points to an unauthorized IP address.

Which of the following solutions will MOST likely mitigate this type of attack?

Options are :
  • Configuring and deploying TSIG (Correct)
  • Firewalls and IDS technologies
  • Security awareness and user training
  • Recursive DNS from the root servers

Answer : Configuring and deploying TSIG

A security audit has uncovered that some of the encryption keys used to secure the company B2B

financial transactions with its partners may be too weak. The security administrator needs to

implement a process to ensure that financial transactions will not be compromised if a weak

encryption key is found. Which of the following should the security administrator implement?

Options are :
  • AES256-CBC should be implemented for all encrypted data.
  • PFS should be implemented on all SSH connections.
  • Entropy should be enabled on all SSLv2 transactions.
  • PFS should be implemented on all VPN tunnels. (Correct)

Answer : PFS should be implemented on all VPN tunnels.

A company which manufactures ASICs for use in an IDS wants to ensure that the ASICs’ code is

not prone to buffer and integer overflows. The ASIC technology is copyrighted and the

confidentiality of the ASIC code design is exceptionally important. The company is required to

conduct internal vulnerability testing as well as testing by a third party.

Which of the following should be implemented in the SDLC to achieve these requirements?

Options are :
  • Defect testing by the manufacturer and user acceptance testing by the third party
  • Regression testing by the manufacturer and integration testing by the third party
  • White box unit testing by the manufacturer and black box testing by the third party (Correct)
  • User acceptance testing by the manufacturer and black box testing by the third party

Answer : White box unit testing by the manufacturer and black box testing by the third party

Which of the following is the MOST cost-effective solution for sanitizing a DVD with sensitive

information on it?

Options are :
  • Write over the data
  • Incinerate the DVD
  • Purge the data
  • Shred the DVD (Correct)

Answer : Shred the DVD

After implementing port security, restricting all network traffic into and out of a network, migrating

to IPv6, installing NIDS, firewalls, spam and application filters, a security administer is convinced

that the network is secure. The administrator now focuses on securing the hosts on the network,

starting with the servers.

Which of the following is the MOST complete list of end-point security software the administrator

could plan to implement?

Options are :
  • Anti-malware/virus/spyware/spam software, as well as a host based firewall and biometric authentication.
  • Anti-malware/spam software, as well as a host based firewall and strong, three-factor authentication.
  • Anti-malware/virus/spyware/spam software, as well as a host based firewall and strong, twofactor authentication (Correct)
  • Anti-virus/spyware/spam software, as well as a host based IDS, firewall, and strong three-factor authentication.

Answer : Anti-malware/virus/spyware/spam software, as well as a host based firewall and strong, twofactor authentication

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions