CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 9

An administrator has a system hardening policy to only allow network access to certain services,

to always use similar hardware, and to protect from unauthorized application configuration

changes.

Which of the following technologies would help meet this policy requirement? (Select TWO).

A. Spam filter

B. Solid state drives

C. Management interface

D. Virtualization

E. Host firewall

Options are :
  • D,A
  • B,E
  • D,E (Correct)
  • D,C

Answer : D,E

The Chief Technology Officer (CTO) has decided that servers in the company datacenter should

be virtualized to conserve physical space. The risk assurance officer is concerned that the project

team in charge of virtualizing servers plans to co-mingle many guest operating systems with

different security requirements to speed up the rollout and reduce the number of host operating

systems or hypervisors required.

Which of the following BEST describes the risk assurance officerís concerns?

Options are :
  • Co-mingling guest operating system with different security requirements allows guest OS privilege elevation to occur within the guest OS via shared memory allocation with the host OS.
  • A weakly protected host OS will allow the hypervisor to become corrupted resulting in data throughput performance issues. (Correct)
  • Co-mingling of guest operating systems with different security requirements increases the risk of data loss if the hypervisor fails.
  • A weakly protected guest OS combined with a host OS exploit increases the chance of a successful VMEscape attack being executed, compromising the hypervisor and other guest OS.

Answer : A weakly protected host OS will allow the hypervisor to become corrupted resulting in data throughput performance issues.

About twice a year a switch fails in a company's network center. Under the maintenance contract,

the switch would be replaced in two hours losing the business $1,000 per hour. The cost of a

spare switch is $3,000 with a 12-hour delivery time and would eliminate downtime costs if

purchased ahead of time. The maintenance contract is $1,500 per year.

Which of the following is true in this scenario?

Options are :
  • It is more cost-effective to purchase a spare switch prior to an outage and eliminate the maintenance contract.
  • It is more cost-effective to eliminate the maintenance contract and purchase a replacement upon failure.
  • It is more cost-effective to keep the maintenance contract instead of purchasing a spare switch prior to an outage.
  • It is more cost-effective to purchase a spare switch prior to an outage and keep the maintenance contract. (Correct)

Answer : It is more cost-effective to purchase a spare switch prior to an outage and keep the maintenance contract.

A data processing server uses a Linux based file system to remotely mount physical disks on a

shared SAN. The server administrator reports problems related to processing of files where the file

appears to be incompletely written to the disk. The network administration team has conducted a

thorough review of all network infrastructure and devices and found everything running at optimal

performance. Other SAN customers are unaffected. The data being processed consists of millions

of small files being written to disk from a network source one file at a time. These files are then

accessed by a local Java program for processing before being transferred over the network to a

SE Linux host for processing. Which of the following is the MOST likely cause of the processing

problem?

Options are :
  • The virtual file system on the SAN is experiencing a race condition between the reads and writes of network files.
  • The Java developers accounted for network latency only for the read portion of the processing and not the write process.
  • The administrator has a PERL script running which disrupts the NIC by restarting the CRON process every 65 seconds.
  • The Linux file system in use cannot write files as fast as they can be read by the Java program resulting in the errors. (Correct)

Answer : The Linux file system in use cannot write files as fast as they can be read by the Java program resulting in the errors.

When attending the latest security conference, an information security administrator noticed only a

few people carrying a laptop around. Most other attendees only carried their smartphones.

Which of the following would impact the security of conferenceís resources?

Options are :
  • Physical security may need to be increased to deter or prevent theft of mobile devices.
  • Wireless network security may need to be decreased to allow for increased access of mobile devices.
  • Network security may need to be increased by reducing the number of available physical network jacks. (Correct)
  • Wireless network security may need to be increased to decrease access of mobile devices

Answer : Network security may need to be increased by reducing the number of available physical network jacks.

An organization is preparing to upgrade its firewall and NIPS infrastructure and has narrowed the

vendor choices down to two platforms. The integrator chosen to assist the organization with the

deployment has many clients running a mixture of the possible combinations of environments.

Which of the following is the MOST comprehensive method for evaluating the two platforms?

Options are :
  • Benchmark each possible solution with the integrators existing client deployments.
  • Use results from each vendorís test labs to determine adherence to project requirements.
  • Run virtual test scenarios to validate the potential solutions.
  • Develop testing criteria and evaluate each environment in-house. (Correct)

Answer : Develop testing criteria and evaluate each environment in-house.

A Chief Information Security Officer (CISO) of a major consulting firm has significantly increased

the companyís security posture; however, the company is still plagued by data breaches of

misplaced assets. These data breaches as a result have led to the compromise of sensitive

corporate and client data on at least 25 occasions. Each employee in the company is provided a

laptop to perform company business. Which of the following actions can the CISO take to mitigate

the breaches?

Options are :
  • Implement new continuous monitoring procedures.
  • Implement an open source system which allows data to be encrypted while processed.
  • Implement full disk encryption on all storage devices the firm owns. (Correct)
  • Reload all user laptops with full disk encryption software immediately.

Answer : Implement full disk encryption on all storage devices the firm owns.

Which of the following is the BEST place to contractually document security priorities,

responsibilities, guarantees, and warranties when dealing with outsourcing providers?

Options are :
  • OLA
  • SLA (Correct)
  • MOU
  • NDA

Answer : SLA

A data breach has occurred at Company A and as a result, the Chief Information Officer (CIO) has

resigned. The CIO's laptop, cell phone and PC were all wiped of data per company policy. A

month later, prosecutors in litigation with Company A suspect the CIO knew about the data breach

long before it was discovered and have issued a subpoena requesting all the CIO's email from the

last 12 months. The corporate retention policy recommends keeping data for no longer than 90

days. Which of the following should occur?

Options are :
  • Restore the CIO's email from an email server backup and provide the last 90 days from the date of the CIO resignation.
  • Restore the CIO's email from an email server backup and provide the last 90 days from the date of the subpoena request.
  • Inform the litigators that the CIOs information has been deleted as per corporate policy.
  • Restore the CIO's email from an email server backup and provide whatever is available up to the last 12 months from the subpoena date. (Correct)

Answer : Restore the CIO's email from an email server backup and provide whatever is available up to the last 12 months from the subpoena date.

Which of the following BEST explains SAML?

Options are :
  • A security verification model built on SSO and SSL-based services, which allows for the exchange of PKI data between users and supports XACML.
  • An XML and SOAP-based protocol, which enables the use of PKI for code signing and SSO by using SSL and SSH to establish a trust model.
  • A security attestation model built on XML and SOAP-based services, which allows for the exchange of A&A data between systems and supports Federated Identity Management. (Correct)
  • A security model built on the transfer of assertions over XML and SOAP-based protocols, which allows for seamless SSO and the open exchange of data

Answer : A security attestation model built on XML and SOAP-based services, which allows for the exchange of A&A data between systems and supports Federated Identity Management.

The organization has an IT driver on cloud computing to improve delivery times for IT solution

provisioning. Separate to this initiative, a business case has been approved for replacing the

existing banking platform for credit card processing with a newer offering. It is the security

practitionerís responsibility to evaluate whether the new credit card processing platform can be

hosted within a cloud environment. Which of the following BEST balances the security risk and IT

drivers for cloud computing?

Options are :
  • Cloud computing should rarely be considered an option for any processes that need to be significantly secured. The security practitioner needs to convince the stakeholders that the new platform can only be delivered internally on physical infrastructure.
  • A third-party cloud computing platform makes sense for new IT solutions. This should be endorsed going forward so as to align with the IT strategy. However, the security practitioner will need to ensure that the third-party cloud provider does regular penetration tests to ensure that all data is secure.
  • Using a third-party cloud computing environment should be endorsed going forward. This aligns with the organizationís strategic direction. It also helps to shift any risk and regulatory compliance concerns away from the companyís internal IT department. The next step will be to evaluate each of the cloud computing vendors, so that a vendor can then be selected for hosting the new credit card processing platform.
  • There may be regulatory restrictions with credit cards being processed out of country or processed by shared hosting providers. A private cloud within the company should be considered. An options paper should be created which outlines the risks, advantages, disadvantages of relevant choices and it should recommended a way forward. (Correct)

Answer : There may be regulatory restrictions with credit cards being processed out of country or processed by shared hosting providers. A private cloud within the company should be considered. An options paper should be created which outlines the risks, advantages, disadvantages of relevant choices and it should recommended a way forward.

A security engineer is implementing a new solution designed to process e-business transactions

and record them in a corporate audit database. The project has multiple technical stakeholders.

The database team controls the physical database resources, the internal audit division controls

the audit records in the database, the web hosting team is responsible for implementing the

website front end and shopping cart application, and the accounting department is responsible for

processing the transaction and interfacing with the payment processor. As the solution owner, the

security engineer is responsible for ensuring which of the following?

Options are :
  • Web transactions are conducted in a secure network channel.
  • Ensure the process of storing audit records is in compliance with applicable laws.
  • Ensure the process functions in a secure manner from customer input to audit review. (Correct)
  • Security solutions result in zero additional processing latency.

Answer : Ensure the process functions in a secure manner from customer input to audit review.

A company receives a subpoena for email that is four years old. Which of the following should the

company consult to determine if it can provide the email in question?

Options are :
  • Backup and archive processes
  • Electronic inventory
  • Data retention policy (Correct)
  • Business continuity plan

Answer : Data retention policy

The security administrator is responsible for the confidentiality of all corporate data. The

companyís servers are located in a datacenter run by a different vendor. The vendor datacenter

hosts servers for many different clients, all of whom have access to the datacenter. None of the

racks are physically secured. Recently, the company has been the victim of several attacks

involving data injection and exfiltatration. The security administrator suspects these attacks are

due to several new network based attacks facilitated by having physical access to a system.

Which of the following BEST describes how to adapt to the threat?

Options are :
  • Apply two factor authentication, require point to point VPNs, and enable log auditing on all devices.
  • Apply port security to all switches, switch to SCP, and implement IPSec tunnels between devices. (Correct)
  • Apply three factor authentication, implement IPSec, and enable SNMP.
  • Apply port security to all routers, switch to telnet, and implement point to point VPNs on all servers.

Answer : Apply port security to all switches, switch to SCP, and implement IPSec tunnels between devices.

A small customer focused bank with implemented least privilege principles, is concerned about the

possibility of branch staff unintentionally aiding fraud in their day to day interactions with

customers. Bank staff has been encouraged to build friendships with customers to make the

banking experience feel more personal. The security and risk team have decided that a policy

needs to be implemented across all branches to address the risk. Which of the following BEST

addresses the security and risk teamís concerns?

Options are :
  • Information disclosure policy
  • Separation of duties
  • Awareness training (Correct)
  • Job rotation

Answer : Awareness training

hosting company provides inexpensive guest virtual machines to low-margin customers.

Customers manage their own guest virtual machines. Some customers want basic guarantees of

logical separation from other customers and it has been indicated that some customers would like

to have configuration control of this separation; whereas others want this provided as a valueadded

service by the hosting company. Which of the following BEST meets these requirements?

Options are :
  • The hosting company should install a host-based firewall on customer guest hosts and offer to administer host firewalls for customers if requested.
  • Customers should purchase physical firewalls to protect their guest hosts and have the hosting company manage these if requested.
  • The hosting company should install a hypervisor-based firewall and allow customers to manage this on an as-needed basis.
  • The hosting company should manage the hypervisor-based firewall; while allowing customers to configure their own host-based firewall. (Correct)

Answer : The hosting company should manage the hypervisor-based firewall; while allowing customers to configure their own host-based firewall.

A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSec in

transport mode with AH enabled and ESP disabled throughout the internal network. The company

has hired a security consultant to analyze the network infrastructure and provide a solution for

intrusion prevention. Which of the following recommendations should the consultant provide to the

security administrator?

Options are :
  • Enable ESP on the internal network, and place NIPS on both networks.
  • Disable AH. Enable ESP on the internal network, and use NIPS on both networks.
  • Switch to TLS in the DMZ. Implement NIPS on the internal network, and HIPS on the DMZ. (Correct)
  • Switch IPSec to tunnel mode. Implement HIPS on the internal network, and NIPS on the DMZ.

Answer : Switch to TLS in the DMZ. Implement NIPS on the internal network, and HIPS on the DMZ.

An administrator has four virtual guests on a host server. Two of the servers are corporate SQL

servers, one is a corporate mail server, and one is a testing web server for a small group of

developers. The administrator is experiencing difficulty connecting to the host server during peak

network usage times. Which of the following would allow the administrator to securely connect to

and manage the host server during peak usage times?

Options are :
  • Move the guest web server to another dedicated host.
  • Install a management NIC and dedicated virtual switch. (Correct)
  • Increase the virtual RAM allocation to high I/O servers.
  • Configure the high I/O virtual servers to use FCoE rather than iSCSI.

Answer : Install a management NIC and dedicated virtual switch.

The risk committee has endorsed the adoption of a security system development life cycle

(SSDLC) designed to ensure compliance with PCI-DSS, HIPAA, and meet the organizationís

mission. Which of the following BEST describes the correct order of implementing a five phase

SSDLC?

Options are :
  • Initiation, assessment/acquisition, development/implementation, operations/maintenance and sunset.
  • Assessment, initiation/development, implementation/assessment, operations/maintenance and disposal.
  • Initiation, acquisition/development, implementation/assessment, operations/maintenance and sunset. (Correct)
  • Acquisition, initiation/development, implementation/assessment, operations/maintenance and disposal.

Answer : Initiation, acquisition/development, implementation/assessment, operations/maintenance and sunset.

An organization did not know its internal customer and financial databases were compromised

until the attacker published sensitive portions of the database on several popular attacker

websites. The organization was unable to determine when, how, or who conducted the attacks but

rebuilt, restored, and updated the compromised database server to continue operations.

Which of the following is MOST likely the cause for the organizationís inability to determine what

really occurred?

Options are :
  • Lack of a defined security auditing methodology
  • Insufficient logging and mechanisms for review (Correct)
  • Poor intrusion prevention system placement and maintenance
  • Too few layers of protection between the Internet and internal network

Answer : Insufficient logging and mechanisms for review

A security administrator at a Lab Company is required to implement a solution which will provide

the highest level of confidentiality possible to all data on the lab network.

The current infrastructure design includes:

Two-factor token and biometric based authentication for all users

Attributable administrator accounts

Logging of all transactions

Full disk encryption of all HDDs

Finely granular access controls to all resources

Full virtualization of all servers

The use of LUN masking to segregate SAN data

Port security on all switches

The network is protected with a firewall implementing ACLs, a NIPS device, and secured wireless

access points.

Which of the following cryptographic improvements should be made to the current architecture to

achieve the stated goals?

Options are :
  • Data at rest encryption
  • PKI based authorization
  • Transport encryption (Correct)
  • Code signing

Answer : Transport encryption

A helpdesk manager at a financial company has received multiple reports from employees and

customers that their phone calls sound metallic on the voice system. The helpdesk has been using

VoIP lines encrypted from the handset to the PBX for several years. Which of the following should

be done to address this issue for the future?

Options are :
  • Traffic shaping
  • Lower encryption setting
  • SIP session tagging and QoS
  • A dedicated VLAN (Correct)

Answer : A dedicated VLAN

The Linux server at Company A hosts a graphical application widely used by the company

designers. One designer regularly connects to the server from a Mac laptop in the designerís

office down the hall. When the security engineer learns of this it is discovered the connection is not

secured and the password can easily be obtained via network sniffing. Which of the following

would the security engineer MOST likely implement to secure this connection?

Linux Server: 192.168.10.10/24

Mac Laptop: 192.168.10.200/24

Options are :
  • From the Mac, establish a SSH tunnel to the Linux server and connect the VNC to 127.0.0.1. (Correct)
  • From the Mac, establish a VPN to the Linux server and connect the VNC to 127.0.0.1.
  • From the Mac, establish a remote desktop connection to 192.168.10.10 using Network Layer Authentication and the CredSSP security provider.
  • From the server, establish an SSH tunnel to the Mac and VPN to 192.168.10.200.

Answer : From the Mac, establish a SSH tunnel to the Linux server and connect the VNC to 127.0.0.1.

An organization determined that each of its remote sales representatives must use a smartphone

for email access.

The organization provides the same centrally manageable model to each person.

Which of the following mechanisms BEST protects the confidentiality of the resident data?

Options are :
  • Require a PIN and automatic wiping of the smartphone if someone enters a specific number of incorrect PINs. (Correct)
  • Require dual factor authentication when connecting to the organizationís email server.
  • Require encrypted communications when connecting to the organizationís email server.
  • Require each sales representative to establish a PIN to access the smartphone and limit email storage to two weeks.

Answer : Require a PIN and automatic wiping of the smartphone if someone enters a specific number of incorrect PINs.

A network administrator notices a security intrusion on the web server. Which of the following is

noticed by http://test.com/modules.php?op=modload&name=XForum&file=[hostilejavascript]&fid=2

in the log file?

Options are :
  • Click jacking
  • Buffer overflow
  • XSS attack (Correct)
  • SQL injection

Answer : XSS attack

Which of the following should be used to identify overflow vulnerabilities?

Options are :
  • Fuzzing (Correct)
  • Secure coding standards
  • Privilege escalation
  • Input validation

Answer : Fuzzing

A company receives an e-discovery request for the Chief Information Officerís (CIOís) email data.

The storage administrator reports that the data retention policy relevant to their industry only

requires one year of email data. However the storage administrator also reports that there are

three years of email data on the server and five years of email data on backup tapes. How many

years of data MUST the company legally provide?

Options are :
  • 3
  • 1
  • 2
  • 5 (Correct)

Answer : 5

A large corporation which is heavily reliant on IT platforms and systems is in financial difficulty and

needs to drastically reduce costs in the short term to survive. The Chief Financial Officer (CFO)

has mandated that all IT and architectural functions will be outsourced and a mixture of providers

will be selected. One provider will manage the desktops for five years, another provider will

manage the network for ten years, another provider will be responsible for security for four years,

and an offshore provider will perform day to day business processing functions for two years. At

the end of each contract the incumbent may be renewed or a new provider may be selected.

Which of the following are the MOST likely risk implications of the CFOís business decision?

Options are :
  • Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will increase and the organizationís flexibility to react to new market conditions will be reduced. Internal knowledge of IT systems will decline anddecrease future platform development. The implementation of security controls and security updates will take longer as responsibility crosses multiple boundaries. (Correct)
  • Strategic architecture will not be impacted in the short term, but will be adversely impacted in the long term through the segregation of duties between the providers. Vendor management costs will stay the same and the organizationís flexibility to react to new market conditions will be improved through best of breed technology implementations. Internal knowledge of IT systems will decline over time. The implementation of security controls and security updates will not change.
  • Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will remain unchanged. The risk position of the organization will decline as specialists now maintain the environment. The implementation of security controls and security updates will improve. Internal knowledge of IT systems will improve as providers maintain system documentation.
  • Strategic architecture will improve as more time can be dedicated to strategy. System stability will improve as providers use specialists and tested processes to maintain systems. Vendor management costs will increase and the organizationís flexibility to react to new market conditions will be reduced slightly. Internal knowledge of IT systems will improve as providers maintain system documentation. The risk position of the organization will remain unchanged.

Answer : Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will increase and the organizationís flexibility to react to new market conditions will be reduced. Internal knowledge of IT systems will decline anddecrease future platform development. The implementation of security controls and security updates will take longer as responsibility crosses multiple boundaries.

After three vendors submit their requested documentation, the CPO and the SPM can better

understand what each vendor does and what solutions that they can provide. But now they want to

see the intricacies of how these solutions can adequately match the requirements needed by the

firm. Upon the directive of the CPO, the CISO should submit which of the following to the three

submitting firms?

Options are :
  • A new RFQ
  • An RFP (Correct)
  • A T&M contract
  • A FFP agreement

Answer : An RFP

New zero-day attacks are announced on a regular basis against a broad range of technology

systems. Which of the following best practices should a security manager do to manage the risks

of these attack vectors? (Select TWO).

A. Establish an emergency response call tree.

B. Create an inventory of applications.

C. Backup the router and firewall configurations.

D. Maintain a list of critical systems.

E. Update all network diagrams.

Options are :
  • B,A
  • B,C
  • C,D
  • B,D (Correct)

Answer : B,D

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions