Free preview mode
Enjoy the free questions and consider upgrading to gain full access!
CAS-003
Free trial
Verified
Question 26
A security architect is determining the best solution for a new project. The project is developing a new intranet with advanced authentication capabilities, SSO for users, and automated provisioning to streamline Day 1 access to systems. The security architect has identified the following requirements:
- Information should be sourced from the trusted master data source.
- There must be future requirements for identity proofing of devices and users.
- A generic identity connector that can be reused must be developed.
- The current project scope is for internally hosted applications only.
Which of the following solution building blocks should the security architect use to BEST meet the requirements?
- A: LDAP, multifactor authentication, OAuth, XACML
- B: AD, certificate-based authentication, Kerberos, SPML
- C: SAML, context-aware authentication, OAuth, WAYF
- D: NAC, radius, 802.1x, centralized active directory
Question 27
Which of the following is an external pressure that causes companies to hire security assessors and penetration testers?
- A: Lack of adequate in-house testing skills.
- B: Requirements for geographically based assessments
- C: Cost reduction measures
- D: Regulatory insistence on independent reviews.
Question 28
Engineers at a company believe a certain type of data should be protected from competitors, but the data owner insists the information is not sensitive. An information security engineer is implementing controls to secure the corporate SAN. The controls require dividing data into four groups: non-sensitive, sensitive but accessible, sensitive but export-controlled, and extremely sensitive.
Which of the following actions should the engineer take regarding the data?
- A: Label the data as extremely sensitive.
- B: Label the data as sensitive but accessible.
- C: Label the data as non-sensitive.
- D: Label the data as sensitive but export-controlled.
Question 29
A security engineer is performing an assessment again for a company. The security engineer examines the following output from the review:
Which of the following tools is the engineer utilizing to perform this assessment?
- A: Vulnerability scanner
- B: SCAP scanner
- C: Port scanner
- D: Interception proxy
Question 30
The marketing department has developed a new marketing campaign involving significant social media outreach. The campaign includes allowing employees and customers to submit blog posts and pictures of their day-to-day experiences at the company. The information security manager has been asked to provide an informative letter to all participants regarding the security risks and how to avoid privacy and operational security issues.
Which of the following is the MOST important information to reference in the letter?
- A: After-action reports from prior incidents.
- B: Social engineering techniques
- C: Company policies and employee NDAs
- D: Data classification processes
Question 31
A database administrator is required to adhere to and implement privacy principles when executing daily tasks. A manager directs the administrator to reduce the number of unique instances of PII stored within an organization's systems to the greatest extent possible.
Which of the following principles is being demonstrated?
- A: Administrator accountability
- B: PII security
- C: Record transparency
- D: Data minimization
Question 32
A newly hired security analyst has joined an established SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concerned about it.
Which of the following is the MOST likely reason for the team lead's position?
- A: The organization has accepted the risks associated with web-based threats.
- B: The attack type does not meet the organization's threat model.
- C: Web-based applications are on isolated network segments.
- D: Corporate policy states that NIPS signatures must be updated every hour.
Question 33
A systems security engineer is assisting an organization's market survey team in reviewing requirements for an upcoming acquisition of mobile devices. The engineer expresses concerns to the survey team about a particular class of devices that uses a separate SoC for baseband radio I/O. For which of the following reasons is the engineer concerned?
- A: These devices can communicate over networks older than HSPA+ and LTE standards, exposing device communications to poor encryptions routines
- B: The organization will be unable to restrict the use of NFC, electromagnetic induction, and Bluetooth technologies
- C: The associated firmware is more likely to remain out of date and potentially vulnerable
- D: The manufacturers of the baseband radios are unable to enforce mandatory access controls within their driver set
Question 34
A systems administrator has installed a disk wiping utility on all computers across the organization and configured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. The company has also instituted a policy that requires users to erase files containing sensitive information when they are no longer needed.
To ensure the process provides the intended results, an auditor reviews the following content from a randomly selected decommissioned hard disk:
Which of the following should be included in the auditor's report based on the above findings?
- A: The hard disk contains bad sectors
- B: The disk has been degaussed.
- C: The data represents part of the disk BIOS.
- D: Sensitive data might still be present on the hard drives.
Question 35
The Chief Information Officer (CISO) is concerned that certain systems administrators will privileged access may be reading other users' emails. Review of a tool's output shows the administrators have used web mail to log into other users' inboxes.
Which of the following tools would show this type of output?
- A: Log analysis tool
- B: Password cracker
- C: Command-line tool
- D: File integrity monitoring tool
Question 36
A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities. The analyst inspects the following portions of different configuration files:
Configuration file 1:
Operator ALL=/sbin/reboot -
Configuration file 2:
Command=/sbin/shutdown now, no-x11-forwarding, no-pty, ssh-dss
Configuration file 3:
Operator:x:1000:1000::/home/operator:/bin/bash
Which of the following explains why an intended operator cannot perform the intended action?
- A: The sudoers file is locked down to an incorrect command
- B: SSH command shell restrictions are misconfigured
- C: The passwd file is misconfigured
- D: The SSH command is not allowing a pty session
Question 37
The director of sales asked the development team for some small changes to increase the usability of an application used by the sales team. Prior security reviews of the code showed no significant vulnerabilities, and since the changes were small, they were given a peer review and then pushed to the live environment. Subsequent vulnerability scans now show numerous flaws that were not present in the previous versions of the code.
Which of the following is an SDLC best practice that should have been followed?
- A: Versioning
- B: Regression testing
- C: Continuous integration
- D: Integration testing
Question 38
An organization is engaged in international business operations and is required to comply with various legal frameworks. In addition to changes in legal frameworks, which of the following is a primary purpose of a compliance management program?
- A: Following new requirements that result from contractual obligations
- B: Answering requests from auditors that relate to e-discovery
- C: Responding to changes in regulatory requirements
- D: Developing organizational policies that relate to hiring and termination procedures
Question 39
Company.org has requested a black-box security assessment be performed on key cyber terrain. One area of concern is the company's SMTP services. The security assessor wants to run reconnaissance before taking any additional action and wishes to determine which SMTP server is Internet-facing.
Which of the following commands should the assessor use to determine this information?
- A: dnsrecon ג€"d company.org ג€"t SOA
- B: dig company.org mx
- C: nc ג€"v company.org
- D: whois company.org
Question 40
A medical device company is implementing a new COTS antivirus solution in its manufacturing plant. All validated machines and instruments must be retested for interoperability with the new software.
Which of the following would BEST ensure the software and instruments are working as designed?
- A: System design documentation
- B: User acceptance testing
- C: Peer review
- D: Static code analysis testing
- E: Change control documentation
Question 41
A company has gone through a round of phishing attacks. More than 200 users have had their workstation infected because they clicked on a link in an email. An incident analysis has determined an executable ran and compromised the administrator account on each workstation. Management is demanding the information security team prevent this from happening again.
Which of the following would BEST prevent this from happening again?
- A: Antivirus
- B: Patch management
- C: Log monitoring
- D: Application whitelisting
- E: Awareness training
Question 42
An internal staff member logs into an ERP platform and clicks on a record. The browser URL changes to:
URL: http://192.168.0.100/ERP/accountId=5&action=SELECT
Which of the following is the MOST likely vulnerability in this ERP platform?
- A: Brute forcing of account credentials
- B: Plain-text credentials transmitted over the Internet
- C: Insecure direct object reference
- D: SQL injection of ERP back end
Question 43
During a security assessment, an organization is advised of inadequate control over network segmentation. The assessor explains that the organization's reliance on VLANs to segment traffic is insufficient to provide segmentation based on regulatory standards. Which of the following should the organization consider implementing along with VLANs to provide a greater level of segmentation?
- A: Air gaps
- B: Access control lists
- C: Spanning tree protocol
- D: Network virtualization
- E: Elastic load balancing
Question 44
An information security manager is concerned that connectivity used to configure and troubleshoot critical network devices could be attacked. The manager has tasked a network security engineer with meeting the following requirements:
✑ Encrypt all traffic between the network engineer and critical devices.
✑ Segregate the different networking planes as much as possible.
✑ Do not let access ports impact configuration tasks.
Which of the following would be the BEST recommendation for the network security engineer to present?
- A: Deploy control plane protections.
- B: Use SSH over out-of-band management.
- C: Force only TACACS to be allowed.
- D: Require the use of certificates for AAA.
Question 45
A penetration tester noticed special characters in a database table. The penetration tester configured the browser to use an HTTP interceptor to verify that the front-end user registration web form accepts invalid input in the user's age field. The developer was notified and asked to fix the issue.
Which of the following is the MOST secure solution for the developer to implement?
- A: IF $AGE == ג€!@#$%^&*()_+<>?ג€:{}[]ג€ THEN ERROR
- B: IF $AGE == [1234567890] {1,3} THEN CONTINUE
- C: IF $AGE != ג€a-bA-Z!@#$%^&*()_+<>?ג€:{}[]ג€ THEN CONTINUE
- D: IF $AGE == [1-0] {0,2} THEN CONTINUE
Question 46
A managed service provider is designing a log aggregation service for customers who no longer want to manage an internal SIEM infrastructure. The provider expects that customers will send all types of logs to them, and that log files could contain very sensitive entries. Customers have indicated they want on-premises and cloud-based infrastructure logs to be stored in this new service. An engineer, who is designing the new service, is deciding how to segment customers.
Which of the following is the BEST statement for the engineer to take into consideration?
- A: Single-tenancy is often more expensive and has less efficient resource utilization. Multitenancy may increase the risk of cross-customer exposure in the event of service vulnerabilities.
- B: The managed service provider should outsource security of the platform to an existing cloud company. This will allow the new log service to be launched faster and with well-tested security controls.
- C: Due to the likelihood of large log volumes, the service provider should use a multitenancy model for the data storage tier, enable data deduplication for storage cost efficiencies, and encrypt data at rest.
- D: The most secure design approach would be to give customers on-premises appliances, install agents on endpoints, and then remotely manage the service via a VPN.
Question 47
At a meeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company's web servers can be obtained publicly and is not proprietary in any way. The next day the company's website is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website.
Which of the following is the FIRST action the company should take?
- A: Refer to and follow procedures from the company's incident response plan.
- B: Call a press conference to explain that the company has been hacked.
- C: Establish chain of custody for all systems to which the systems administrator has access.
- D: Conduct a detailed forensic analysis of the compromised system.
- E: Inform the communications and marketing department of the attack details.
Question 48
Click on the exhibit buttons to view the four messages.
A security architect is working with a project team to deliver an important service that stores and processes customer banking details. The project, internally known as ProjectX, is due to launch its first set of features publicly within a week, but the team has not been able to implement encryption-at-rest of the customer records.
The security architect is drafting an escalation email to senior leadership.
Which of the following BEST conveys the business impact for senior leadership?
- A: Message 1
- B: Message 2
- C: Message 3
- D: Message 4
Question 49
As a result of an acquisition, a new development team is being integrated into the company. The development team has BYOD laptops with IDEs installed, build servers, and code repositories that utilize SaaS. To have the team up and running effectively, a separate Internet connection has been procured.
A stand up has identified the following additional requirements:
- Reuse of the existing network infrastructure
- Acceptable use policies to be enforced
- Protection of sensitive files
- Access to the corporate applications
Which of the following solution components should be deployed to BEST meet the requirements? (Choose three.)
- A: IPSec VPN
- B: HIDS
- C: Wireless controller
- D: Rights management
- E: SSL VPN
- F: NAC
- G: WAF
- H: Load balancer
Question 50
A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable.
Which of the following solutions BEST meets all of the architect's objectives?
- A: An internal key infrastructure that allows users to digitally sign transaction logs
- B: An agreement with an entropy-as-a-service provider to increase the amount of randomness in generated keys.
- C: A publicly verified hashing algorithm that allows revalidation of message integrity at a future date.
- D: An open distributed transaction ledger that requires proof of work to append entries.
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!