CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 12

A security policy states that all applications on the network must have a password length of eight

characters. There are three legacy applications on the network that cannot meet this policy. One

system will be upgraded in six months, and two are not expected to be upgraded or removed from

the network. Which of the following processes should be followed?

Options are :
  • Provide a business justification for a risk exception (Correct)
  • Inherit the risk for six months
  • Provide a business justification to avoid the risk
  • Establish a risk matrix

Answer : Provide a business justification for a risk exception

Company XYZ has just purchased Company ABC through a new acquisition. A business decision

has been made to integrate the two companyís networks, application, and several basic services.

The initial integration of the two companies has specified the following requirements:

Company XYZ requires access to the web intranet, file, print, secure FTP server, and

authentication domain resources

Company XYZ is being on boarded into Company ABCís authentication domain

Company XYZ is considered partially trusted

Company XYZ does not want performance issues when accessing ABCís systems

Which of the following network security solutions will BEST meet the above requirements?

Options are :
  • Place no restrictions on internal network connectivity between Company XYZ and Company ABC. Open up Company ABCís business partner firewall to permit access to Company ABCís file, print, secure FTP server, authentication servers and web intranet access.
  • Place file, print, secure FTP server and authentication domain servers at Company XYZís hub site. Open up Company ABCís business partner firewall to permit access to ABCís web intranet access and other required services.
  • Require Company XYZ to manage the router ACLs, controlling access to Company ABC resources, but with Company ABC approving the change control to the ACLs. Open up Company ABCís business partner firewall to permit access to Company ABCís file, print, secure FTP server, authentication servers and web intranet access.
  • Place a Company ABC managed firewall in Company XYZís hub site; then place Company ABCís file, print, authentication, and secure FTP servers in a zone off the firewall. Ensure that Company ABCís business partner firewalls are opened up for web intranet access and other required services. (Correct)

Answer : Place a Company ABC managed firewall in Company XYZís hub site; then place Company ABCís file, print, authentication, and secure FTP servers in a zone off the firewall. Ensure that Company ABCís business partner firewalls are opened up for web intranet access and other required services.

Part of the procedure for decommissioning a database server is to wipe all local disks, as well as

SAN LUNs allocated to the server, even though the SAN itself is not being decommissioned.

Which of the following is the reason for wiping the SAN LUNs?

Options are :
  • Data remnants remain on the LUN that could be read by other servers (Correct)
  • The data is not encrypted during transport
  • The data may be replicated to other sites that are not as secure.
  • LUN masking will prevent the next server from accessing the LUNs.

Answer : Data remnants remain on the LUN that could be read by other servers

Three companies want to allow their employees to seamlessly connect to each otherís wireless

corporate networks while keeping one consistent wireless client configuration. Each company

wants to maintain its own authentication infrastructure and wants to ensure that an employee who

is visiting the other two companies is authenticated by the home office when connecting to the

other companiesí wireless network. All three companies have agreed to standardize on 802.1x

EAP-PEAP-MSCHAPv2 for client configuration. Which of the following should the three companies

implement?

Options are :
  • The three companies should implement a central portal-based single sign-on and agree to use the same CA when issuing client certificates.
  • The three companies should agree on a single SSID and configure a hierarchical RADIUS system which implements trust delegation. (Correct)
  • The three companies should implement federated authentication through Shibboleth connected to an LDAP backend and agree on a single SSID.
  • All three companies should use the same wireless vendor to facilitate the use of a shared cloud based wireless controller.

Answer : The three companies should agree on a single SSID and configure a hierarchical RADIUS system which implements trust delegation.

A security administrator is tasked with securing a company's headquarters and branch offices

move to unified communications. The Chief Information Officer (CIO) wants to integrate the

corporate users' email, voice mail, telephony, presence and corporate messaging to internal

computers, mobile users, and devices. Which of the following actions would BEST meet the CIO's

goals while providing maximum unified communications security?

Options are :
  • Set presence to invisible by default, restrict IM to invite only, implement QoS on SIP and RTP traffic, discretionary email forwarding, and full disk encryption.
  • Enable discretionary email forwarding restrictions, utilize QoS and Secure RTP, allow external IM protocols only over TLS, and allow port 2000 incoming to the internal firewall interface for secure SIP
  • Create presence groups, restrict IM protocols to the internal networks, encrypt remote devices, and restrict access to services to local network and VPN clients. (Correct)
  • Establish presence privacy groups, restrict all IM protocols, allow secure RTP on session border gateways, enable full disk encryptions, and transport encryption for email security.

Answer : Create presence groups, restrict IM protocols to the internal networks, encrypt remote devices, and restrict access to services to local network and VPN clients.

An administrator attempts to install the package "named.9.3.6-12-x86_64.rpm" on a server. Even

though the package was downloaded from the official repository, the server states the package

cannot be installed because no GPG key is found. Which of the following should the administrator

perform to allow the program to be installed?

Options are :
  • Download the file from the program publisher's website
  • Run sha1sum and verify the hash.
  • Import the repository's public key. (Correct)
  • Generate RSA and DSA keys using GPG.

Answer : Import the repository's public key.

Which of the following protocols only facilitates access control?

Options are :
  • SPML
  • Kerberos
  • XACML (Correct)
  • SAML

Answer : XACML

An organization has just released a new mobile application for its customers. The application has

an inbuilt browser and native application to render content from existing websites and the

organizationís new web services gateway. All rendering of the content is performed on the mobile

application.

The application requires SSO between the application, the web services gateway and legacy UI.

Which of the following controls MUST be implemented to securely enable SSO?

Options are :
  • Local storage of the authenticated token on the mobile application is secured. (Correct)
  • A registration process is implemented to have a random number stored on the client.
  • Attestation of the XACML payload to ensure that the client is authorized.
  • The identity is passed between the applications as a HTTP header over REST.

Answer : Local storage of the authenticated token on the mobile application is secured.

A security code reviewer has been engaged to manually review a legacy application. A number of

systemic issues have been uncovered relating to buffer overflows and format string vulnerabilities.

The reviewer has advised that future software projects utilize managed code platforms if at all

possible.

Which of the following languages would suit this recommendation? (Select TWO).

A. C

B. C#

C. C++

D. Perl

E. Java

Options are :
  • C,E
  • B,E (Correct)
  • B,A
  • B,C

Answer : B,E

A new internal network segmentation solution will be implemented into the enterprise that consists

of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three

changes to deploy a new application onto the network before it is operational. Security now has a

significant affect on overall availability. Which of the following would be the FIRST process to

perform as a result of these findings?

Options are :
  • Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Decrease the current SLA expectations to match the new solution.
  • Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. As part of the review ask them to review the control effectiveness.
  • Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Reuse the firewall infrastructure on other projects.
  • Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution. (Correct)

Answer : Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution.

The security administrator has just installed an active\passive cluster of two firewalls for enterprise

perimeter defense of the corporate network. Stateful firewall inspection is being used in the firewall

implementation. There have been numerous reports of dropped connections with external clients.

Which of the following is MOST likely the cause of this problem?

Options are :
  • TCP sessions are traversing one firewall and return traffic is being sent through the secondary firewall and sessions are being dropped. (Correct)
  • Prioritize UDP traffic and associated stateful UDP session information is traversing the passive firewall causing the connections to be dropped.
  • TCP and UDP sessions are being balanced across both firewalls and connections are being dropped because the session IDs are not recognized by the secondary firewall.
  • The firewall administrator connected a dedicated communication cable between the firewalls in order to share a single state table across the cluster causing the sessions to be dropped.

Answer : TCP sessions are traversing one firewall and return traffic is being sent through the secondary firewall and sessions are being dropped.

In developing a new computing lifecycle process for a large corporation, the security team is

developing the process for decommissioning computing equipment. In order to reduce the

potential for data leakage, which of the following should the team consider? (Select TWO).

A. Erase all files on drive

B. Install of standard image

C. Remove and hold all drives

D. Physical destruction

E. Drive wipe

Options are :
  • D,B
  • D,A
  • D,E (Correct)
  • C,E

Answer : D,E

A UNIX administrator notifies the storage administrator that extra LUNs can be seen on a UNIX

server. The LUNs appear to be NTFS file systems. Which of the following MOST likely happened?

Options are :
  • The NTFS LUNs are snapshots.
  • The HBA allocation is wrong. (Correct)
  • The UNIX server is multipathed.
  • The iSCSI initiator was not restarted.

Answer : The HBA allocation is wrong.

Which of the following are components defined within an Enterprise Security Architecture

Framework? (Select THREE).

A. Implementation run-sheets

B. Solution designs

C. Business capabilities

D. Solution architectures

E. Business requirements documents

F. Reference models

G. Business cases

H. Business vision and drivers

Options are :
  • B,F,H
  • C,F,A
  • C,F,H (Correct)
  • C,F,C

Answer : C,F,H

Company XYZ has had repeated vulnerability exploits of a critical nature released to the

companyís flagship product. The product is used by a number of large customers. At the Chief

Information Security Officerís (CISOís) request, the product manager now has to budget for a team

of security consultants to introduce major product security improvements.

Here is a list of improvements in order of priority:

CompTIA CAS-001 Exam

"Pass Any Exam. Any Time." - www.actualtests.com 156

1. A noticeable improvement in security posture immediately.

2. Fundamental changes to resolve systemic issues as an ongoing process

3. Improvements should be strategic as opposed to tactical

4. Customer impact should be minimized

Which of the following recommendations is BEST for the CISO to put forward to the product

manager?

Options are :
  • Patch the known issues and provide the patch to customers. Make a company announcement to customers on the main website to reduce the perceived exposure of the application to alleviate customer concerns. Engage penetration testers and code reviewers to perform an in-depth review of the product. Based on the findings, address the defects and re-test the findings to ensure that any defects have been resolved.
  • Patch the known issues and provide the patch to customers. Implement an SSDLC / SDL overlay on top of the SDLC. Train architects, designers, developers, testers and operators on security importance and ensure that security-relevant activities are performed within each of the SDLC phases. Use the product as the primary focal point to close out issues and consider using the SSDLC / SDL overlay for all relevant future projects. (Correct)
  • Patch the known issues and provide the patch to customers. Engage penetration testers and code reviewers to perform an in-depth review of the product. Based on the findings, address the defects and re-test the findings to ensure that the defects have been resolved. Introduce periodic code review and penetration testing of the product in question and consider including all relevant future projects going forward.
  • Stop active support of the product. Bring forward end-of-life dates for the product so that it can be decommissioned. Start a new project to develop a replacement product and ensure that an SSDLC / SDL overlay on top of the SDLC is formed. Train BAs, architects, designers, developers, testers and operators on security importance and ensure that security-relevant activities are performed within each of the SDLC phases.

Answer : Patch the known issues and provide the patch to customers. Implement an SSDLC / SDL overlay on top of the SDLC. Train architects, designers, developers, testers and operators on security importance and ensure that security-relevant activities are performed within each of the SDLC phases. Use the product as the primary focal point to close out issues and consider using the SSDLC / SDL overlay for all relevant future projects.

Ann, a Physical Security Manager, is ready to replace all 50 analog surveillance cameras with IP

cameras with built-in web management. Ann has several security guard desks on different

networks that must be able to view the cameras without unauthorized people viewing the video as

well. The selected IP camera vendor does not have the ability to authenticate users at the camera

level. Which of the following should Ann suggest to BEST secure this environment?

Options are :
  • Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras. (Correct)
  • Create an IP camera network and restrict access to cameras from a single management host.
  • Create an IP camera network and deploy NIPS to prevent unauthorized access.
  • Create an IP camera network and only allow SSL access to the cameras.

Answer : Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.

A government agency considers confidentiality to be of utmost importance and availability issues

to be of least importance. Knowing this, which of the following correctly orders various

vulnerabilities in the order of MOST important to LEAST important?

Options are :
  • SQL injection, Resource exhaustion, Privilege escalation
  • Insecure direct object references, CSRF, Smurf (Correct)
  • Privilege escalation, Application DoS, Buffer overflow
  • CSRF, Fault injection, Memory leaks

Answer : Insecure direct object references, CSRF, Smurf

A system administrator has installed a new Internet facing secure web application that consists of

a Linux web server and Windows SQL server into a new corporate site. The administrator wants to

place the servers in the most logical network security zones and implement the appropriate

security controls. Which of the following scenarios BEST accomplishes this goal?

Options are :
  • Create an Internet zone and two DMZ zones on the firewall. Place the web server in the DMZ one. Set the enforcement threshold on SELinux to 100, and configure IPtables to allow TCP 80 and 443. Place the SQL server in DMZ two. Configure the Windows firewall to allow TCP 80 and 443. Configure the Internet zone with an ACL of allow 443 destination ANY.
  • Create an Internet zone and two DMZ zones on the firewall. Place the web server in DMZ one. Set enforcement threshold on SELinux to zero, and configure IPtables to allow TCP 80 and 443. Place the SQL server in DMZ two. Configure the Internet zone ACLs with allow 80, 443, 1433, and 1443 destination ANY.
  • Create an Internet zone, DMZ, and Internal zone on the firewall. Place the web server in the DMZ. Configure IPtables to allow TCP 443. Set enforcement threshold on SELinux to one. Place the SQL server in the internal zone. Configure the Windows firewall to allow TCP 1433 and 1443. Configure the Internet zone with ACLs of allow 443 destination DMZ. (Correct)
  • Create an Internet zone, DMZ, and Internal zone on the firewall. Place the web server in the DMZ. Configure IPtables to allow TCP 80 and 443. Set SELinux to permissive. Place the SQL server in the internal zone. Configure the Windows firewall to allow TCP 80 and 443. Configure the Internet zone with ACLs of allow 80 and 443 destination DMZ.

Answer : Create an Internet zone, DMZ, and Internal zone on the firewall. Place the web server in the DMZ. Configure IPtables to allow TCP 443. Set enforcement threshold on SELinux to one. Place the SQL server in the internal zone. Configure the Windows firewall to allow TCP 1433 and 1443. Configure the Internet zone with ACLs of allow 443 destination DMZ.

A Security Manager is part of a team selecting web conferencing systems for internal use. The

system will only be used for internal employee collaboration. Which of the following are the MAIN

concerns of the security manager? (Select THREE).

A. Security of data storage

B. The cost of the solution

C. System availability

D. User authentication strategy

E. PBX integration of the service

F. Operating system compatibility

Options are :
  • A,C,D (Correct)
  • F,C,D
  • A,C,B
  • A,E,D

Answer : A,C,D

In a SPML exchange, which of the following BEST describes the three primary roles?

Options are :
  • The Request Authority (RA) entity makes the provisioning request, the Provisioning Service Provider (PSP) responds to the RA requests, and the Provisioning Service Target (PST) performs the provisioning. (Correct)
  • The Provisioning Service Target (PST) entity makes the provisioning request, the Provisioning Service Provider (PSP) responds to the PST requests, and the Provisioning Service Target (PST) performs the provisioning.
  • The Request Authority (RA) entity makes the provisioning request, the Provisioning Service Target (PST) responds to the RA requests, and the Provisioning Service Provider (PSP) performs the provisioning.
  • The Provisioning Service Provider (PSP) entity makes the provisioning request, the Provisioning Service Target (PST) responds to the PSP requests, and the Provisioning Service Provider (PSP) performs the provisioning.

Answer : The Request Authority (RA) entity makes the provisioning request, the Provisioning Service Provider (PSP) responds to the RA requests, and the Provisioning Service Target (PST) performs the provisioning.

Two storage administrators are discussing which SAN configurations will offer the MOST

confidentiality. Which of the following configurations would the administrators use? (Select TWO).

A. Deduplication

B. Zoning

C. Snapshots

D. Multipathing

E. LUN masking

Options are :
  • B,A
  • B,C
  • B,E (Correct)
  • C,E

Answer : B,E

A security administrator at Company XYZ is trying to develop a body of knowledge to enable

heuristic and behavior based security event monitoring of activities on a geographically distributed

network. Instrumentation is chosen to allow for monitoring and measuring the network. Which of

the following is the BEST methodology to use in establishing this baseline?

Options are :
  • Completely duplicate the network on virtual machines; replay eight hours of captured corporate network traffic through the duplicate network; instrument the network; analyze the results; document the baseline
  • Schedule testing on operational systems when users are not present; instrument the systems to log all network traffic; monitor the network for at least eight hours; analyze the results; document the established baseline.
  • Instrument the operational network; simulate extra traffic on the network; analyze net flow information from all network devices; document the baseline volume of traffic.
  • Model the network in a series of VMs; instrument the systems to record comprehensive metrics; run a large volume ofsimulated data through the model; record and analyze results; document expected future behavior. (Correct)

Answer : Model the network in a series of VMs; instrument the systems to record comprehensive metrics; run a large volume ofsimulated data through the model; record and analyze results; document expected future behavior.

The lead systems architect on a software development project developed a design which is

optimized for a distributed computing environment. The security architect assigned to the project

has concerns about the integrity of the system, if it is deployed in a commercial cloud. Due to poor

communication within the team, the security risks of the proposed design are not being given any

attention. A network engineer on the project has a security background and is concerned about

the overall success of the project. Which of the following is the BEST course of action for the

network engineer to take?

Options are :
  • Address the security concerns through the network design and security controls.
  • Implement mitigations to the security risks and address the poor communications on the team with the project manager.
  • Develop a proposal for an alternative architecture that does not leverage cloud computing and present it to the lead architect. (Correct)
  • Document mitigations to the security concerns and facilitate a meeting between the architects and the project manager.

Answer : Develop a proposal for an alternative architecture that does not leverage cloud computing and present it to the lead architect.

A corporation implements a mobile device policy on smartphones that utilizes a white list for

allowed applications. Recently, the security administrator notices that a consumer cloud based

storage application has been added to the mobile device white list. Which of the following security

implications should the security administrator cite when recommending the applicationís removal

from the white list?

Options are :
  • Consumer cloud storage systems retain local copies of each file on the smartphone, as well as in the cloud, causing a potential data breach if the phone is lost or stolen.
  • Consumer cloud storage systems could allow users to download applications to the smartphone. Installing applications this way would circumvent the application white list.
  • Smartphones using consumer cloud storage are more likely to have sensitive data remnants on them when they are repurposed.
  • Smartphones can export sensitive data or import harmful data with this application causing the potential for DLP or malware issues. (Correct)

Answer : Smartphones can export sensitive data or import harmful data with this application causing the potential for DLP or malware issues.

A Linux security administrator is attempting to resolve performance issues with new software

installed on several baselined user systems. After investigating, the security administrator

determines that the software is not initializing or executing correctly. For security reasons, the

company has implemented trusted operating systems with the goal of preventing unauthorized

changes to the configuration baseline. The MOST likely cause of this problem is that SE Linux is

set to:

Options are :
  • Permissive mode with an incorrectly configured policy.
  • Enforcing mode with an incorrectly configured policy. (Correct)
  • Enforcing mode with no policy configured.
  • Disabled with a correctly configured policy.

Answer : Enforcing mode with an incorrectly configured policy.

Company XYZ is in negotiations to acquire Company ABC for $1.2millon. Due diligence activities

have uncovered systemic security issues in the flagship product of Company ABC. It has been

established that a complete product rewrite would be needed with average estimates indicating a

cost of $1.6millon. Which of the following approaches should the risk manager of Company XYZ

recommend?

Options are :
  • Mitigate the risk
  • Avoid the risk (Correct)
  • Accept the risk
  • Transfer the risk

Answer : Avoid the risk

Company ABC will test connecting networks with Company XYZ as part of their upcoming merger

and are both concerned with minimizing security exposures to each others network throughout the

test. Which of the following is the FIRST thing both sides should do prior to connecting the

networks?

Options are :
  • Determine the necessary data flows between the two companies. (Correct)
  • Implement a firewall that restricts everything except the IPSec VPN traffic connecting the two companies.
  • Create a DMZ to isolate the two companies and provide a security inspection point for all intercompany network traffic.
  • Implement inline NIPS on the connection points between the two companies.

Answer : Determine the necessary data flows between the two companies.

A bank now has a major initiative to virtualize as many servers as possible, due to power and rack

space capacity at both data centers. The bank has prioritized by virtualizing older servers first as

the hardware is nearing end-of-life.

The two initial migrations include:

Windows 2000 hosts: domain controllers and front-facing web servers

RHEL3 hosts: front-facing web servers

Which of the following should the security consultant recommend based on best practices?

Options are :
  • Each data center should contain one virtual environment for the web servers and another virtual environment for the domain controllers.
  • Each data center should contain one virtual environment housing converted Windows 2000 virtual machines and converted RHEL3 virtual machines
  • One data center should host virtualized web servers and the second data center should host the virtualized domain controllers. (Correct)
  • One virtual environment should be present at each data center, each housing a combination of the converted Windows 2000 and RHEL3 virtual machines.

Answer : One data center should host virtualized web servers and the second data center should host the virtualized domain controllers.

Company ABCís SAN is nearing capacity, and will cause costly downtimes if servers run out disk

space. Which of the following is a more cost effective alternative to buying a new SAN?

Options are :
  • Implement snapshots to reduce virtual disk size
  • Implement replication to offsite datacenter
  • Enable deduplication on the storage pools (Correct)
  • Enable multipath to increase availability

Answer : Enable deduplication on the storage pools

Company XYZ has experienced a breach and has requested an internal investigation be

conducted by the IT Department. Which of the following represents the correct order of the

investigation process?

Options are :
  • Collection, Identification, Preservation, Examination, Analysis, Presentation.
  • Identification, Preservation, Collection, Examination, Analysis, Presentation. (Correct)
  • Collection, Preservation, Examination, Identification, Analysis, Presentation.
  • Identification, Examination, Preservation, Collection, Analysis, Presentation.

Answer : Identification, Preservation, Collection, Examination, Analysis, Presentation.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions