Free preview mode
Enjoy the free questions and consider upgrading to gain full access!
CAS-003
Free trial
Verified
Question 51
A user asks a security practitioner for recommendations on securing a home network. The user recently purchased a connected home assistant and multiple IoT devices in an effort to automate the home. Some of the IoT devices are wearables, and other are installed in the user's automobiles. The current home network is configured as a single flat network behind an ISP-supplied router. The router has a single IP address, and the router performs NAT on incoming traffic to route it to individual devices.
Which of the following security controls would address the user's privacy concerns and provide the BEST level of security for the home network?
- A: Ensure all IoT devices are configured in a geofencing mode so the devices do not work when removed from the home network. Disable the home assistant unless actively using it, and segment the network so each IoT device has its own segment.
- B: Install a firewall capable of cryptographically separating network traffic, require strong authentication to access all IoT devices, and restrict network access for the home assistant based on time-of-day restrictions.
- C: Segment the home network to separate network traffic from users and the IoT devices, ensure security settings on the home assistant support no or limited recording capability, and install firewall rules on the router to restrict traffic to the home assistant as much as possible.
- D: Change all default passwords on the IoT devices, disable Internet access for the IoT devices and the home assistant, obtain routable IP addresses for all devices, and implement IPv6 and IPSec protections on all network traffic.
Question 52
An enterprise with global sites processes and exchanges highly sensitive information that is protected under several countries' arms trafficking laws. There is new information that malicious nation-state-sponsored activities are targeting the use of encryption between the geographically disparate sites. The organization currently employs ECDSA and ECDH with P-384, SHA-384, and AES-256-GCM on VPNs between sites.
Which of the following techniques would MOST likely improve the resilience of the enterprise to attack on cryptographic implementation?
- A: Add a second-layer VPN from a different vendor between sites.
- B: Upgrade the cipher suite to use an authenticated AES mode of operation.
- C: Use a stronger elliptic curve cryptography algorithm.
- D: Implement an IDS with sensors inside (clear-text) and outside (cipher-text) of each tunnel between sites.
- E: Ensure cryptography modules are kept up to date from vendor supplying them.
Question 53
The government is concerned with remote military missions being negatively impacted by the use of technology that may fail to protect operational security. To remediate this concern, a number of solutions have been implemented, including the following:
✑ End-to-end encryption of all inbound and outbound communication, including personal email and chat sessions that allow soldiers to securely communicate with families.
✑ Layer 7 inspection and TCP/UDP port restriction, including firewall rules to only allow TCP port 80 and 443 and approved applications
✑ A host-based whitelist of approved websites and applications that only allow mission-related tools and sites
✑ The use of satellite communication to include multiple proxy servers to scramble the source IP address
Which of the following is of MOST concern in this scenario?
- A: The unsecure port 80 being used for general web traffic
- B: Family members posting geotagged images on social media that were received via email from soldiers
- C: The effect of communication latency that may negatively impact real-time communication with mission control
- D: The use of centrally managed military network and computers by soldiers when communicating with external parties
Question 54
A security administrator was informed that a server unexpectedly rebooted. The administrator received an export of syslog entries for analysis:
Which of the following does the log sample indicate? (Choose two.)
- A: A root user performed an injection attack via kernel module
- B: Encrypted payroll data was successfully decrypted by the attacker
- C: Jsmith successfully used a privilege escalation attack
- D: Payroll data was exfiltrated to an attacker-controlled host
- E: Buffer overflow in memory paging caused a kernel panic
- F: Syslog entries were lost due to the host being rebooted
Question 55
Given the following code snippet:
Of which of the following is this snippet an example?
- A: Data execution prevention
- B: Buffer overflow
- C: Failure to use standard libraries
- D: Improper filed usage
- E: Input validation
Question 56
A company has created a policy to allow employees to use their personally owned devices. The Chief Information Security Officer (CISO) is getting reports of company data appearing on unapproved forums and an increase in theft of personal electronic devices.
Which of the following security controls would BEST reduce the risk of exposure?
- A: Disk encryption on the local drive
- B: Group policy to enforce failed login lockout
- C: Multifactor authentication
- D: Implementation of email digital signatures
Question 57
After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees' devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees' devices into the network securely?
- A: Distribute a NAC client and use the client to push the company's private key to all the new devices.
- B: Distribute the device connection policy and a unique public/private key pair to each new employee's device.
- C: Install a self-signed SSL certificate on the company's RADIUS server and distribute the certificate's public key to all new client devices.
- D: Install an 802.1X supplicant on all new devices and let each device generate a self-signed certificate to use for network access.
Question 58
A forensic analyst suspects that a buffer overflow exists in a kernel module. The analyst executes the following command:
However, the analyst is unable to find any evidence of the running shell.
Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell?
- A: The NX bit is enabled
- B: The system uses ASLR
- C: The shell is obfuscated
- D: The code uses dynamic libraries
Question 59
Ann, a terminated employee, left personal photos on a company-issued laptop and no longer has access to them. Ann emails her previous manager and asks to get her personal photos back.
Which of the following BEST describes how the manager should respond?
- A: Determine if the data still exists by inspecting to ascertain if the laptop has already been wiped and if the storage team has recent backups.
- B: Inform Ann that the laptop was for company data only and she should not have stored personal photos on a company asset.
- C: Report the email because it may have been a spoofed request coming from an attacker who is trying to exfiltrate data from the company laptop.
- D: Consult with the legal and/or human resources department and check company policies around employment and termination procedures.
Question 60
During the decommissioning phase of a hardware project, a security administrator is tasked with ensuring no sensitive data is released inadvertently. All paper records are scheduled to be shredded in a crosscut shredder, and the waste will be burned. The system drives and removable media have been removed prior to e-cycling the hardware.
Which of the following would ensure no data is recovered from the system drives once they are disposed of?
- A: Overwriting all HDD blocks with an alternating series of data.
- B: Physically disabling the HDDs by removing the drive head.
- C: Demagnetizing the hard drive using a degausser.
- D: Deleting the UEFI boot loaders from each HDD.
Question 61
A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive analysis attacks.
Which of the following is the BEST solution?
- A: Use an entropy-as-a-service vendor to leverage larger entropy pools.
- B: Loop multiple pseudo-random number generators in a series to produce larger numbers.
- C: Increase key length by two orders of magnitude to detect brute forcing.
- D: Shift key generation algorithms to ECC algorithms.
Question 62
A security engineer is attempting to convey the importance of including job rotation in a company's standard security policies. Which of the following would be the
BEST justification?
- A: Making employees rotate through jobs ensures succession plans can be implemented and prevents single points of failure.
- B: Forcing different people to perform the same job minimizes the amount of time malicious actions go undetected by forcing malicious actors to attempt collusion between two or more people.
- C: Administrators and engineers who perform multiple job functions throughout the day benefit from being cross-trained in new job areas.
- D: It eliminates the need to share administrative account passwords because employees gain administrative rights as they rotate into a new job area.
Question 63
A company is transitioning to a new VDI environment, and a system engineer is responsible for developing a sustainable security strategy for the VDIs.
Which of the following is the MOST appropriate order of steps to be taken?
- A: Firmware update, OS patching, HIDS, antivirus, baseline, monitoring agent
- B: OS patching, baseline, HIDS, antivirus, monitoring agent, firmware update
- C: Firmware update, OS patching, HIDS, antivirus, monitoring agent, baseline
- D: Baseline, antivirus, OS patching, monitoring agent, HIDS, firmware update
Question 64
An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions. Which of the following types of information could be drawn from such participation?
- A: Threat modeling
- B: Risk assessment
- C: Vulnerability data
- D: Threat intelligence
- E: Risk metrics
- F: Exploit frameworks
Question 65
The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review.
Which of the following BEST meets the needs of the board?
- A: KRI: - Compliance with regulations - Backlog of unresolved security investigations - Severity of threats and vulnerabilities reported by sensors - Time to patch critical issues on a monthly basis KPI: - Time to resolve open security items - % of suppliers with approved security control frameworks - EDR coverage across the fleet - Threat landscape rating
- B: KRI: - EDR coverage across the fleet - Backlog of unresolved security investigations - Time to patch critical issues on a monthly basis - Threat landscape rating KPI: - Time to resolve open security items - Compliance with regulations - % of suppliers with approved security control frameworks - Severity of threats and vulnerabilities reported by sensors
- C: KRI: - EDR coverage across the fleet - % of suppliers with approved security control framework - Backlog of unresolved security investigations - Threat landscape rating KPI: - Time to resolve open security items - Compliance with regulations - Time to patch critical issues on a monthly basis - Severity of threats and vulnerabilities reported by sensors
- D: KPI: - Compliance with regulations - % of suppliers with approved security control frameworks - Severity of threats and vulnerabilities reported by sensors - Threat landscape rating KRI: - Time to resolve open security items - Backlog of unresolved security investigations - EDR coverage across the fleet - Time to patch critical issues on a monthly basis
Question 66
As part of an organization's compliance program, administrators must complete a hardening checklist and note any potential improvements. The process of noting improvements in the checklist is MOST likely driven by:
- A: the collection of data as part of the continuous monitoring program.
- B: adherence to policies associated with incident response.
- C: the organization's software development life cycle.
- D: changes in operating systems or industry trends.
Question 67
A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place, as well as allow for the upload of commands from a centralized command and control server . The total cost of the device must be kept to a minimum in case the device is discovered during an assessment.
Which of the following tools should the engineer load onto the device being designed?
- A: Custom firmware with rotating key generation
- B: Automatic MITM proxy
- C: TCP beacon broadcast software
- D: Reverse shell endpoint listener
Question 68
A security consultant is improving the physical security of a sensitive site and takes pictures of the unbranded building to include in the report. Two weeks later, the security consultant misplaces the phone, which only has one hour of charge left on it. The person who finds the phone removes the MicroSD card in an attempt to discover the owner to return it.
The person extracts the following data from the phone and EXIF data from some files:
DCIM Images folder -
Audio books folder -
Torrentz -
My TAX.xls -
Consultancy HR Manual.doc -
Camera: SM-G950F -
Exposure time: 1/60s -
Location: 3500 Lacey Road USA -
Which of the following BEST describes the security problem?
- A: MicroSD in not encrypted and also contains personal data.
- B: MicroSD contains a mixture of personal and work data.
- C: MicroSD in not encrypted and contains geotagging information.
- D: MicroSD contains pirated software and is not encrypted.
Question 69
An engineer needs to provide access to company resources for several offshore contractors. The contractors require:
✑ Access to a number of applications, including internal websites
✑ Access to database data and the ability to manipulate it
✑ The ability to log into Linux and Windows servers remotely
Which of the following remote access technologies are the BEST choices to provide all of this access securely? (Choose two.)
- A: VTC
- B: VRRP
- C: VLAN
- D: VDI
- E: VPN
- F: Telnet
Question 70
A project manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor's cloud-based infrastructure. The organization will maintain responsibility for the software but will not manage the underlying server applications. Which of the following does the organization plan to leverage?
- A: SaaS
- B: PaaS
- C: IaaS
- D: Hybrid cloud
- E: Network virtualization
Question 71
During the deployment of a new system, the implementation team determines that APIs used to integrate the new system with a legacy system are not functioning properly. Further investigation shows there is a misconfigured encryption algorithm used to secure data transfers between systems. Which of the following should the project manager use to determine the source of the defined algorithm in use?
- A: Code repositories
- B: Security requirements traceability matrix
- C: Software development lifecycle
- D: Roles matrix
- E: Implementation guide
Question 72
An administrator has noticed mobile devices from an adjacent company on the corporate wireless network. Malicious activity is being reported from those devices.
To add another layer of security in an enterprise environment, an administrator wants to add contextual authentication to allow users to access enterprise resources only while present in corporate buildings. Which of the following technologies would accomplish this?
- A: Port security
- B: Rogue device detection
- C: Bluetooth
- D: GPS
Question 73
A network engineer is upgrading the network perimeter and installing a new firewall, IDS, and external edge router. The IDS is reporting elevated UDP traffic, and the internal routers are reporting high utilization. Which of the following is the BEST solution?
- A: Reconfigure the firewall to block external UDP traffic.
- B: Establish a security baseline on the IDS.
- C: Block echo reply traffic at the firewall.
- D: Modify the edge router to not forward broadcast traffic.
Question 74
A recent penetration test identified that a web server has a major vulnerability. The web server hosts a critical shipping application for the company and requires
99.99% availability. Attempts to fix the vulnerability would likely break the application. The shipping application is due to be replaced in the next three months.
Which of the following would BEST secure the web server until the replacement web server is ready?
- A: Patch management
- B: Antivirus
- C: Application firewall
- D: Spam filters
- E: HIDS
Question 75
Users have been reporting unusual automated phone calls, including names and phone numbers, that appear to come from devices internal to the company.
Which of the following should the systems administrator do to BEST address this problem?
- A: Add an ACL to the firewall to block VoIP.
- B: Change the settings on the phone system to use SIP-TLS.
- C: Have the phones download new configurations over TFTP.
- D: Enable QoS configuration on the phone VLAN.
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!