CAS-003 Online Practice Questions and Answers

A government agency considers confidentiality to be of utmost importance and availability issues to be of least importance. Knowing this, which of the following correctly orders various vulnerabilities in the order of MOST important to LEAST important?

A. Insecure direct object references, CSRF, Smurf

B. Privilege escalation, Application DoS, Buffer overflow

C. SQL injection, Resource exhaustion, Privilege escalation

D. CSRF, Fault injection, Memory leaks

Customers are receiving emails containing a link to malicious software. These emails are subverting spam filters. The email reads as follows:

Delivered-To: [email protected]

Received: by 10.14.120.205

Mon, 1 Nov 2010 11:15:24 -0700 (PDT)

Received: by 10.231.31.193

Mon, 01 Nov 2010 11:15:23 -0700 (PDT)

Return-Path:

Received: from 127.0.0.1 for ; Mon, 1 Nov 2010 13:15:14 -0500 (envelope-from )

Received: by smtpex.example.com (SMTP READY)

with ESMTP (AIO); Mon, 01 Nov 2010 13:15:14 -0500 Received: from 172.18.45.122 by 192.168.2.55; Mon, 1 Nov 2010 13:15:14 -0500 From: Company To: "[email protected]" Date: Mon, 1 Nov 2010 13:15:11 -0500 Subject: New Insurance Application Thread-Topic: New Insurance Application Please download and install software from the site below to maintain full access to your account. www.examplesite.com

Additional information: The authorized mail servers IPs are 192.168.2.10 and 192.168.2.11.

The network's subnet is 192.168.2.0/25.

Which of the following are the MOST appropriate courses of action a security administrator could take to eliminate this risk? (Select TWO).

A. Identify the origination point for malicious activity on the unauthorized mail server.

B. Block port 25 on the firewall for all unauthorized mail servers.

C. Disable open relay functionality.

D. Shut down the SMTP service on the unauthorized mail server.

E. Enable STARTTLS on the spam filter.

Wireless users are reporting issues with the company's video conferencing and VoIP systems. The security administrator notices internal DoS attacks from infected PCs on the network causing the VoIP system to drop calls. The security administrator also notices that the SIP servers are unavailable during these attacks. Which of the following security controls will MOST likely mitigate the VoIP DoS attacks on the network? (Select TWO).

A. Install a HIPS on the SIP servers

B. Configure 802.1X on the network

C. Update the corporate firewall to block attacking addresses

D. Configure 802.11e on the network

E. Configure 802.1q on the network

An organization, which handles large volumes of PII, allows mobile devices that can process, store, and transmit PII and other sensitive data to be issued to employees. Security assessors can demonstrate recovery and decryption of remnant sensitive data from device storage after MDM issues a successful wipe command. Assuming availability of the controls, which of the following would BEST protect against the loss of sensitive data in the future?

A. Implement a container that wraps PII data and stores keying material directly in the container's encrypted application space.

B. Use encryption keys for sensitive data stored in an eF use-backed memory space that is blown during remote wipe.

C. Issue devices that employ a stronger algorithm for the authentication of sensitive data stored on them.

D. Procure devices that remove the bootloader binaries upon receipt of an MDM-issued remote wipe command.

Management is reviewing the results of a recent risk assessment of the organization's policies and procedures. During the risk assessment it is determined that procedures associated with background checks have not been effectively implemented. In response to this risk, the organization elects to revise policies and procedures related to background checks and use a third-party to perform background checks on all new employees.

Which of the following risk management strategies has the organization employed?

A. Transfer

B. Mitigate

C. Accept

D. Avoid

E. Reject

At a meeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company's web servers can be obtained publicly and is not proprietary in any way. The next day the company's website is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website.

Which of the following is the FIRST action the company should take?

A. Refer to and follow procedures from the company's incident response plan.

B. Call a press conference to explain that the company has been hacked.

C. Establish chain of custody for all systems to which the systems administrator has access.

D. Conduct a detailed forensic analysis of the compromised system.

E. Inform the communications and marketing department of the attack details.

A company uses AD and RADIUS to authenticate VPN and WiFi connections The Chief Information Security Officer (CISO) initiates a project to extend a third-party MFA solution to VPN. During the pilot phase, VPN users successfully get an MFA challenge, however they also get the challenge when connecting to WiFi. which is not desirable Which of the following BEST explains why users are getting the MFA challenge when using WiFi?

A. In the RADIUS server, the proxy rule has not specified the NAS-Port-Type attribute that should be matched

B. In the firewall, in the AAA configuration the IP address of the third-party MFA solution needs to be set as a secondary RADIUS server

C. In the third-party MFA solution authentication properties need to be configured to recognize WiFi authentication requests

D. In the WiFi configuration authentication needs to be changed to WPA2 Enterprise using EAP-TLS to support the configuration

An administrator wants to ensure hard drives cannot be removed from hosts and men installed into and read by unauthorized hosts Which of the following techniques would BEST support this?

A. Access control lists

B. TACACS+ server for AAA

C. File-level encryption

D. TPM with sealed storage

A financial institution has several that currently employ the following controls:

1.

The severs follow a monthly patching cycle.

2.

All changes must go through a change management process.

3.

Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.

4.

The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.

An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

A. Require more than one approver for all change management requests.

B. Implement file integrity monitoring with automated alerts on the servers.

C. Disable automatic patch update capabilities on the servers

D. Enhanced audit logging on the jump servers and ship the logs to the SIEM.

A penetration tester is given an assignment to gam physical access to a secure facility with perimeter cameras. The secure facility does not accept visitors, and entry is available only through a door protected by an RFID key and a guard stationed inside the door.

Which of the following would be BEST for the penetration tester to attempt?

A. Gain entry into the building by posing as a contractor who is performing routine building maintenance

B. Tailgate into the facility with an employee who has a valid RFID badge to enter

C. Duplicate an employee's RFID badge and use an IR camera to see when the guard leaves the post

D. Look for an open window that can be used to gain unauthorized entry into the facility.