CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 3

After a recent outbreak of malware attacks, the Chief Information Officer (CIO) tasks the new

security manager with determining how to keep these attacks from reoccurring. The company has

a standard image for all laptops/workstations and uses a host-based firewall and anti-virus. Which

of the following should the security manager suggest to INCREASE each system’s security level?

Options are :
  • Upgrade all system’s to use a HIPS and require daily anti-virus scans.
  • Upgrade the existing NIDS to NIPS and deploy the system across all network segments.
  • Conduct a vulnerability assessment of the standard image and remediate findings. (Correct)
  • Rebuild the standard image and require daily anti-virus scans of all PCs and laptops.

Answer : Conduct a vulnerability assessment of the standard image and remediate findings.

There has been a recent security breach which has led to the release of sensitive customer

information. As part of improving security and reducing the disclosure of customer data, a training

company has been employed to educate staff. Which of the following should be the primary focus

of the privacy compliance training program?

Options are :
  • Focus on explaining the “how” and “why” customer data is being collected.
  • Remind staff of the company’s data handling policy and have staff sign an NDA.
  • Explain how customer data is gathered, used, disclosed, and managed. (Correct)
  • Republish the data classification and the confidentiality policy.

Answer : Explain how customer data is gathered, used, disclosed, and managed.

The firm’s CISO has been working with the Chief Procurement Officer (CPO) and the Senior

Project Manager (SPM) on soliciting bids for a series of HIPS and NIPS products for a major

installation in the firm’s new Hong Kong office. After reviewing RFQs received from three vendors,

the CPO and the SPM have not gained any real data regarding the specifications about any of the

solutions and want that data before the procurement continues. Which of the following will the

CPO and SPM have the CISO do at this point to get back on track in this procurement process?

Options are :
  • Ask the three submitting vendors for a full blown RFP so that the CPO and SPM can move to the next step.
  • Inform the three submitting vendors that there quotes are null and void at this time and that they are disqualified based upon their RFQs.
  • Provide the CPO and the SPM a personalized summary from what the CISO knows about these three submitting vendors.
  • Contact the three submitting vendor firms and have them submit supporting RFIs to provide more detailed information about their product solutions. (Correct)

Answer : Contact the three submitting vendor firms and have them submit supporting RFIs to provide more detailed information about their product solutions.

A system architect has the following constraints from the customer:

Confidentiality, Integrity, and Availability (CIA) are all of equal importance.

Average availability must be at least 6 nines (99.9999%).

All devices must support collaboration with every other user device.

All devices must be VoIP and teleconference ready.

Which of the following security controls is the BEST to apply to this architecture?

Options are :
  • Enforcement of security policies on mobile/remote devices, standard images and device hardware configurations, multiple layers of redundancy, and backup on all storage devices. (Correct)
  • Deployment of a unified VDI across all devices, SSD RAID in all servers, multiple identical hot sites, granting administrative rights to all users, backup of system critical data.
  • Enforcement of strict network access controls and bandwidth minimization techniques, a single standard software image, high speed processing, and distributed backups of all equipment in the datacenter.
  • Deployment of multiple standard images based on individual hardware configurations, employee choice of hardware and software requirements, triple redundancy of all processing equipment.

Answer : Enforcement of security policies on mobile/remote devices, standard images and device hardware configurations, multiple layers of redundancy, and backup on all storage devices.

A software vendor has had several zero-day attacks against its software, due to previously

unknown security defects being exploited by attackers. The attackers have been able to perform

operations at the same security level as the trusted application. The vendor product management

team has decided to re-design the application with security as a priority. Which of the following is a

design principle that should be used to BEST prevent these types of attacks?

Options are :
  • Code reviews
  • Input validation
  • Penetration testing
  • Application sandboxing (Correct)

Answer : Application sandboxing

Company XYZ has invested an increasing amount in security due to the changing threat

landscape. The company is going through a cost cutting exercise and the Chief Financial Officer

(CFO) has queried the security budget allocated to the Chief Information Security Officer (CISO).

At the same time, the CISO is actively promoting business cases for additional funding to support

new initiatives. These initiatives will mitigate several security incidents that have occurred due to

ineffective controls.

A security advisor is engaged to assess the current controls framework and to provide

recommendations on whether preventative, detective, or corrective controls should be

implemented. How should the security advisor respond when explaining which controls to

implement?

Options are :
  • Detective controls are less costly to implement than preventative controls; therefore, they should be encouraged wherever possible. Corrective controls are used during an event or security incident. Preventative controls are hard to achieve in practice due to current market offerings.
  • Corrective controls are more costly to implement, but are only needed for real attacks or high value assets; therefore, controls should only be put in place after a real attack has occurred.
  • Always advise the use of preventative controls as this will prevent security incidents from occurring in the first place. Detective and corrective controls are redundant compensating controls and are not required if preventative controls are implemented.
  • Preventative controls are useful before an event occurs, detective controls are useful during an event, and corrective controls are useful after an event has occurred. A combination of controls can be used. (Correct)

Answer : Preventative controls are useful before an event occurs, detective controls are useful during an event, and corrective controls are useful after an event has occurred. A combination of controls can be used.

The sales staff at a software development company has received the following requirements from

a customer: “We need the system to notify us in advance of all software errors and report all

outages”. Which of the following BEST conveys these customer requirements to the software

development team to understand and implement?

Options are :
  • The system shall email the administrator when an error condition is detected and a flag is thrown and the system shall send an email to the administrator when network communications are disrupted.
  • The system shall email the administrator when processing deviates from expected conditions and the system shall send a heartbeat message to a monitoring console every second while in normal operations. (Correct)
  • The system shall send a status message to a network monitoring console every five seconds while in an error state and the system should email the administrator when the number of input errors exceeds five.
  • The system shall alert the administrator upon the loss of network communications and when error flags are thrown

Answer : The system shall email the administrator when processing deviates from expected conditions and the system shall send a heartbeat message to a monitoring console every second while in normal operations.

A security administrator wants to perform an audit of the company password file to ensure users

are not using personal information such as addresses and birthdays as part of their password. The

company employs 200,000 users, has virtualized environments with cluster and cloud-based

computing resources, and enforces a minimum password length of 14 characters. Which of the

following options is BEST suited to run the password auditing software and produce a report in the

SHORTEST amount of time?

Options are :
  • The system administrator should take advantage of the company’s cluster based computing resources, upload the password file to the cluster, and run the password cracker on that platform. (Correct)
  • The system administrator should upload the password file to a virtualized de-duplicated storage system to reduce the password entries and run a password cracker on that file.
  • The system administrator should build a virtual machine on the administrator’s desktop, transfer the password file to it, and run the a password cracker on the virtual machine.
  • The system administrator should upload the password file to cloud storage and use on-demand provisioning to build a purpose based virtual machine to run a password cracker on all the users.

Answer : The system administrator should take advantage of the company’s cluster based computing resources, upload the password file to the cluster, and run the password cracker on that platform.

The security manager is in the process of writing a business case to replace a legacy secure web

gateway so as to meet an availability requirement of 99.9% service availability. According to the

vendor, the newly acquired firewall has been rated with an MTBF of 10,000 hours and has an

MTTR of 2 hours. This equates to 1.75 hours per year of downtime. Based on this, which of the

following is the MOST accurate statement?

Options are :
  • The firewall will meet the availability requirement because availability will be 99.98%. (Correct)
  • The firewall will meet the availability requirement because availability will be 99.993%.
  • The firewall will not meet the availability requirement because availability will be 85%.
  • The firewall will not meet the availability requirement because availability will be 99.2%.

Answer : The firewall will meet the availability requirement because availability will be 99.98%.

Which of the following is a security advantage of single sign-on? (Select TWO).

A. Users only have to remember one password.

B. Applications need to validate authentication tokens.

C. Authentication is secured by the certificate authority.

D. Less time and complexity removing user access.

E. All password transactions are encrypted.

Options are :
  • B,D
  • A,B
  • A,D (Correct)
  • A,C

Answer : A,D

During user acceptance testing, the security administrator believes to have discovered an issue in

the login prompt of the company’s financial system. While entering the username and password,

the program crashed and displayed the system command prompt. The security administrator

believes that one of the fields may have been mistyped and wants to reproduce the issue to report

it to the software developers. Which of the following should the administrator use to reproduce the

issue?

Options are :
  • The administrator should enter a username and use an offline password cracker in brute force mode.
  • The administrator should run an online fuzzer against the login screen. (Correct)
  • The administrator should extract the password file and run an online password cracker in brute force mode against the password file.
  • The administrator should use a network analyzer to determine which packet caused the system to crash.

Answer : The administrator should run an online fuzzer against the login screen.

A programming team is deploying a new PHP module to be run on a Solaris 10 server with trusted

extensions. The server is configured with three zones, a management zone, a customer zone, and

a backend zone. The security model is constructed so that only programs in the management

zone can communicate data between the zones. After installation of the new PHP module, which

handles on-line customer payments, it is not functioning correctly. Which of the following is the

MOST likely cause of this problem?

Options are :
  • The iptables configuration is not configured correctly to permit zone to zone communications between the customer and backend zones.
  • The PHP module is written to transfer data from the customer zone to the management zone, and then from the management zone to the backend zone.
  • The ipfilters configuration is configured to disallow loopback traffic between the physical NICs associated with each zone.
  • The PHP module was installed in the management zone, but is trying to call a routine in the customer zone to transfer data directly to a MySQL database in the backend zone. (Correct)

Answer : The PHP module was installed in the management zone, but is trying to call a routine in the customer zone to transfer data directly to a MySQL database in the backend zone.

Which of the following potential vulnerabilities exists in the following code snippet?

var myEmail = document.getElementById(“formInputEmail”).value;

if (xmlhttp.readyState==4 && xmlhttp.status==200)

{

Document.getElementById(“profileBox”).innerHTML = “Emails will be sent to “ + myEmail +

xmlhttp.responseText;

}

Options are :
  • JSON weaknesses
  • DOM-based XSS (Correct)
  • Javascript buffer overflow
  • AJAX XHR weaknesses

Answer : DOM-based XSS

A financial institution has decided to purchase a very expensive resource management system

and has selected the product and vendor. The vendor is experiencing some minor, but public,

legal issues. Senior management has some concerns on maintaining this system should the

vendor go out of business. Which of the following should the Chief Information Security Officer

(CISO) recommend to BEST limit exposure?

Options are :
  • Include a source code escrow clause in the contract for this system (Correct)
  • Require on-going maintenance as part of the SLA for this system.
  • Include a penalty clause in the contract for this system.
  • Require proof-of-insurance by the vendor in the RFP for this system

Answer : Include a source code escrow clause in the contract for this system

An administrator is troubleshooting availability issues on a FCoE based storage array that uses

deduplication. An administrator has access to the raw data from the SAN and wants to restore the

data to different hardware. Which of the following issues may potentially occur?

Options are :
  • The data may not be in a usable format. (Correct)
  • The existing SAN used LUN masking
  • The new SAN is not FCoE based.
  • The existing SAN may be read-only.

Answer : The data may not be in a usable format.

The database team has suggested deploying a SOA based system across the enterprise. The

Chief Information Officer (CIO) has decided to consult the security manager about the risk

implications for adopting this architecture. Which of the following are concerns that the security

manager should present to the CIO concerning the SOA system? (Select TWO).

A. Users and services are centralized and only available within the enterprise.

B. Users and services are distributed, often times over the Internet

C. SOA centrally manages legacy systems, and opens the internal network to vulnerabilities.

D. SOA abstracts legacy systems as a virtual device and is susceptible to VMEscape.

E. SOA abstracts legacy systems as web services, which are often exposed to outside threats.

Options are :
  • B,C
  • B,E (Correct)
  • B,A
  • A,E

Answer : B,E

A company decides to purchase COTS software. This can introduce new security risks to the

network. Which of the following is the BEST description of why this is true?

Options are :
  • COTS software is not well known and is only available in limited quantities. Information concerning vulnerabilities is kept internal to the company that developed the software.
  • COTS software is well known and widely available. Information concerning vulnerabilities and viable attack patterns is typically shared within the IT community. (Correct)
  • COTS software is well known and widely available. Information concerning vulnerabilities and viable attack patterns is typically ignored within the IT community.
  • COTS software is typically well known and widely available. Information concerning vulnerabilities and viable attack patterns are never revealed by the developer to avoid a lawsuit.

Answer : COTS software is well known and widely available. Information concerning vulnerabilities and viable attack patterns is typically shared within the IT community.

A newly-hired Chief Information Security Officer (CISO) is faced with improving security for a

company with low morale and numerous disgruntled employees. After reviewing the situation for

several weeks the CISO publishes a more comprehensive security policy with associated

standards. Which of the following issues could be addressed through the use of technical controls

specified in the new security policy?

Options are :
  • Employees publishing negative information and stories about company management on social network sites and blogs.
  • An employee remotely configuring the email server at a relative’s company during work hours (Correct)
  • External parties cloning some of the company’s externally facing web pages and creating lookalike sites.
  • Employees posting negative comments about the company from personal phones and PDAs.

Answer : An employee remotely configuring the email server at a relative’s company during work hours

To prevent a third party from identifying a specific user as having previously accessed a service

provider through an SSO operation, SAML uses which of the following?

Options are :
  • Security bindings
  • Transient identifiers (Correct)
  • Discovery profiles
  • SOAP calls

Answer : Transient identifiers

The security team for Company XYZ has determined that someone from outside the organization

has obtained sensitive information about the internal organization by querying the external DNS

server of the company. The security manager is tasked with making sure this problem does not

occur in the future. How would the security manager address this problem?

Options are :
  • Implement a split DNS, only allowing the external DNS server to contain information about domains that only the outside world should be aware, and an internal DNS server to maintain nonauthoritative records for external systems.
  • Implement a split DNS, only allowing the external DNS server to contain information about internal domain resources that the outside world would be interested in, and an internal DNS server to maintain authoritative records for internal systems.
  • Implement a split DNS, only allowing the internal DNS server to contain information about domains the outside world should be aware of, and an external DNS server to maintain authoritative records for internal systems
  • Implement a split DNS, only allowing the external DNS server to contain information about domains that only the outside world should be aware, and an internal DNS server to maintain authoritative records for internal systems. (Correct)

Answer : Implement a split DNS, only allowing the external DNS server to contain information about domains that only the outside world should be aware, and an internal DNS server to maintain authoritative records for internal systems.

The new security policy states that only authorized software will be allowed on the corporate

network and all personally owned equipment needs to be configured by the IT security staff before

being allowed on the network. The security administrator creates standard images with all the

required software and proper security controls. These images are required to be loaded on all

personally owned equipment prior to connecting to the corporate network. These measures

ensure compliance with the new security policy. Which of the following security risks still needs to

be addressed in this scenario?

Options are :
  • An employee connecting their personal laptop to use a non-company endorsed accounting application that the employee used at a previous company.
  • An employee using a corporate FTP application to transfer customer lists and other proprietary files to an external computer and selling them to a competitor. (Correct)
  • An employee accidentally infecting the network with a virus by connecting a USB drive to the employee’s personal laptop.
  • An employee copying gigabytes of personal video files from the employee’s personal laptop to their company desktop to share files.

Answer : An employee using a corporate FTP application to transfer customer lists and other proprietary files to an external computer and selling them to a competitor.

Which of the following are security components provided by an application security library or

framework? (Select THREE).

A. Authorization database

B. Fault injection

C. Input validation

D. Secure logging

E. Directory services

F. Encryption and decryption

Options are :
  • C,E,F
  • C,D,A
  • C,D,F (Correct)
  • A,E,F

Answer : C,D,F

A mid-level company is rewriting its security policies and has halted the rewriting progress

because the company’s executives believe that its major vendors, who have cultivated a strong

personal and professional relationship with the senior level staff, have a good handle on

compliance and regulatory standards. Therefore, the executive level managers are allowing

vendors to play a large role in writing the policy. Having experienced this type of environment in

previous positions, and being aware that vendors may not always put the company’s interests first,

the IT Director decides that while vendor support is important, it is critical that the company writes

the policy objectively. Which of the following is the recommendation the IT Director should present

to senior staff?

Options are :
  • 1) Consult legal, moral, and ethical standards; 2) Draft General Organizational Policy; 3)Specify Functional Implementing Policies; 4) Allow vendors to review and participate in the establishment of focused compliance standards, plans, and procedures
  • 1) Draft a Specific Company Policy Plan; 2) Consult with vendors to review and collaborate with executives; 3) Add industry compliance where needed; 4) Specify Functional Implementing Policies
  • 1) Draft General Organizational Policy; 2) Establish necessary standards and compliance documentation; 3) Consult legal and industry security experts; 4) Determine acceptable tolerance guidelines
  • 1) Consult legal and regulatory requirements; 2) Draft General Organizational Policy; 3)Specify Functional Implementing Policies; 4) Establish necessary standards, procedures, baselines, and guidelines (Correct)

Answer : 1) Consult legal and regulatory requirements; 2) Draft General Organizational Policy; 3)Specify Functional Implementing Policies; 4) Establish necessary standards, procedures, baselines, and guidelines

Within an organization, there is a known lack of governance for solution designs. As a result there

are inconsistencies and varying levels of quality for the artifacts that are produced. Which of the

following will help BEST improve this situation?

Options are :
  • Introduce a peer review process that is mandatory before a document can be officially made final.
  • Ensure that those producing solution artifacts are reminded at the next team meeting that quality is important.
  • Introduce a peer review and presentation process that includes a review board with representation from relevant disciplines. (Correct)
  • Ensure that appropriate representation from each relevant discipline approves of the solution documents before official approval.

Answer : Introduce a peer review and presentation process that includes a review board with representation from relevant disciplines.

An administrator implements a new PHP application into an existing website and discovers the

newly added PHP pages do not work. The rest of the site also uses PHP and is functioning

correctly. The administrator tested the new application on their personal workstation thoroughly

before uploading to the server and did not run into any errors. Checking the Apache configuration

file, the administrator verifies that the new virtual directory is added as listed:

<VirtualHost *:80>

DocumentRoot "/var/www"

<Directory "/home/administrator/app">

AllowOveride none

Order allow, deny

Allow from all

</Directory>

</VirtualHost>

Which of the following is MOST likely occurring so that this application does not run properly?

Options are :
  • The directory had an explicit allow statement rather than the implicit deny.
  • PHP is overriding the Apache security settings.
  • SELinux is preventing HTTP access to home directories. (Correct)
  • PHP has not been restarted since the additions were added.

Answer : SELinux is preventing HTTP access to home directories.

Company A is merging with Company B. Company B uses mostly hosted services from an outside

vendor, while Company A uses mostly in-house products.

The project manager of the merger states the merged systems should meet these goals:

Ability to customize systems per department

Quick implementation along with an immediate ROI

The internal IT team having administrative level control over all products

The project manager states the in-house services are the best solution. Because of staff

shortages, the senior security administrator argues that security will be best maintained by

continuing to use outsourced services.

Which of the following solutions BEST solves the disagreement?

Options are :
  • Calculate the time to deploy and support the in-sourced systems accounting for the staff shortage and compare the costs to the ROI costs minus outsourcing costs. Present the document numbers to management for a final decision. (Correct)
  • Perform a detailed cost benefit analysis of outsourcing vs. in-sourcing the IT systems and review the system documentation to assess the ROI of in-sourcing. Select COTS products to eliminate development time to meet the ROI goals.
  • Raise the issue to the Chief Executive Officer (CEO) to escalate the decision to senior management with the recommendation to continue the outsourcing of all IT services.
  • Arrange a meeting between the project manager and the senior security administrator to review the requirements and determine how critical all the requirements are.

Answer : Calculate the time to deploy and support the in-sourced systems accounting for the staff shortage and compare the costs to the ROI costs minus outsourcing costs. Present the document numbers to management for a final decision.

A small company has recently placed a newly installed DNS server on the DMZ and wants to

secure it by allowing Internet hosts to query the DNS server. Since the company deploys an

internal DNS server, all DNS queries to that server coming from the company network should be

blocked. An IT administrator has placed the following ACL on the company firewall:

Testing shows that the DNS server in the DMZ is not working. Which of the following should the

administrator do to resolve the problem?

Options are :
  • Modify the ACTION of ACL 2 to Permit
  • Modify the SRC IP of ACL 1 to 0.0.0.0/32
  • Modify the SRC and DST ports of ACL 1 (Correct)
  • Modify the PROTO of ACL 1 to TCP

Answer : Modify the SRC and DST ports of ACL 1

There have been some failures of the company’s customer-facing website. A security engineer

has analyzed the root cause to be the WAF. System logs show that the WAF has been down for

14 total hours over the past month in four separate situations. One of these situations was a two

hour scheduled maintenance activity aimed to improve the stability of the WAF. Which of the

following is the MTTR, based on the last month’s performance figures?

Options are :
  • 4.666 hours
  • 4 hours (Correct)
  • 3.5 hours
  • 3 hours

Answer : 4 hours

Which of the following is a security concern with deploying COTS products within the network?

Options are :
  • COTS source code is readily available to the customer in many cases which opens the customer’s network to both internal and external attacks.
  • COTS software often provides the source code as part of the licensing agreement and it becomes the company’s responsibility to verify the security.
  • It is difficult to verify the security of COTS code because the source is available to the customer and it takes significant man hours to sort through it.
  • It is difficult to verify the security of COTS code because the source is not available to the customer in many cases (Correct)

Answer : It is difficult to verify the security of COTS code because the source is not available to the customer in many cases

A company has a legacy virtual cluster which was added to the datacenter after a small company

was acquired. All VMs on the cluster use the same virtual network interface to connect to the

corporate data center LAN. Some of the virtual machines on the cluster process customer data,

some process company financial data, and others act as externally facing web servers. Which of

the following security risks can result from the configuration in this scenario?

Options are :
  • Shared virtual switches can negatively impact the integrity of network packets
  • Additional overhead from network bridging can affect availability
  • NIC utilization can exceed 50 percent and impact availability
  • Visibility on the traffic between the virtual machines can impact confidentiality (Correct)

Answer : Visibility on the traffic between the virtual machines can impact confidentiality

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions