CAS-003 : CompTIA Advanced Security Practitioner (CASP+) CAS-003 : Part 06

  1. A new cluster of virtual servers has been set up in a lab environment and must be audited before being allowed on the production network. The security manager needs to ensure unnecessary services are disabled and all system accounts are using strong credentials.

    Which of the following tools should be used? (Choose two.)

    • Fuzzer
    • SCAP scanner
    • Packet analyzer
    • Password cracker
    • Network enumerator
    • SIEM
  2. A security engineer is embedded with a development team to ensure security is built into products being developed. The security engineer wants to ensure developers are not blocked by a large number of security requirements applied at specific schedule points.

    Which of the following solutions BEST meets the engineer’s goal?

    • Schedule weekly reviews of al unit test results with the entire development team and follow up between meetings with surprise code inspections.
    • Develop and implement a set of automated security tests to be installed on each development team leader’s workstation.
    • Enforce code quality and reuse standards into the requirements definition phase of the waterfall development process.
    • Deploy an integrated software tool that builds and tests each portion of code committed by developers and provides feedback.
  3. A security engineer is working with a software development team. The engineer is tasked with ensuring all security requirements are adhered to by the developers.

    Which of the following BEST describes the contents of the supporting document the engineer is creating?

    • A series of ad-hoc tests that each verify security control functionality of the entire system at once.
    • A series of discrete tasks that, when viewed in total, can be used to verify and document each individual constraint from the SRTM.
    • A set of formal methods that apply to one or more of the programing languages used on the development project.
    • A methodology to verify each security control in each unit of developed code prior to committing the code.
  4. A security technician is incorporating the following requirements in an RFP for a new SIEM:

    – New security notifications must be dynamically implemented by the SIEM engine
    – The SIEM must be able to identify traffic baseline anomalies
    – Anonymous attack data from all customers must augment attack detection and risk scoring

    Based on the above requirements, which of the following should the SIEM support? (Choose two.)

    • Autoscaling search capability
    • Machine learning
    • Multisensor deployment
    • Big Data analytics
    • Cloud-based management
    • Centralized log aggregation
  5. An organization enables BYOD but wants to allow users to access the corporate email, calendar, and contacts from their devices. The data associated with the user’s accounts is sensitive, and therefore, the organization wants to comply with the following requirements:

    – Active full-device encryption
    – Enabled remote-device wipe
    – Blocking unsigned applications
    – Containerization of email, calendar, and contacts

    Which of the following technical controls would BEST protect the data from attack or loss and meet the above requirements?

    • Require frequent password changes and disable NFC.
    • Enforce device encryption and activate MAM.
    • Install a mobile antivirus application.
    • Configure and monitor devices with an MDM.
  6. Given the following information about a company’s internal network:

    User IP space: 192.168.1.0/24
    Server IP space: 192.168.192.0/25

    A security engineer has been told that there are rogue websites hosted outside of the proper server space, and those websites need to be identified.

    Which of the following should the engineer do?

    • Use a protocol analyzer on 192.168.1.0/24
    • Use a port scanner on 192.168.1.0/24
    • Use an HTTP interceptor on 192.168.1.0/24
    • Use a port scanner on 192.168.192.0/25
    • Use a protocol analyzer on 192.168.192.0/25
    • Use an HTTP interceptor on 192.168.192.0/25
  7. The Chief Information Officer (CIO) wants to increase security and accessibility among the organization’s cloud SaaS applications. The applications are configured to use passwords, and two-factor authentication is not provided natively.

    Which of the following would BEST address the CIO’s concerns?

    • Procure a password manager for the employees to use with the cloud applications.
    • Create a VPN tunnel between the on-premises environment and the cloud providers.
    • Deploy applications internally and migrate away from SaaS applications.
    • Implement an IdP that supports SAML and time-based, one-time passwords.
  8. During a security assessment, activities were divided into two phases: internal and external exploitation. The security assessment team set a hard time limit on external activities before moving to a compromised box within the enterprise perimeter.

    Which of the following methods is the assessment team most likely to employ NEXT?

    • Pivoting from the compromised, moving laterally through the enterprise, and trying to exfiltrate data and compromise devices.
    • Conducting a social engineering attack attempt with the goal of accessing the compromised box physically.
    • Exfiltrating network scans from the compromised box as a precursor to social media reconnaissance
    • Open-source intelligence gathering to identify the network perimeter and scope to enable further system compromises.
  9. An organization’s network engineering team recently deployed a new software encryption solution to ensure the confidentiality of data at rest, which was found to add 300ms of latency to data read-write requests in storage, impacting business operations.

    Which of the following alternative approaches would BEST address performance requirements while meeting the intended security objective?

    • Employ hardware FDE or SED solutions.
    • Utilize a more efficient cryptographic hash function.
    • Replace HDDs with SSD arrays.
    • Use a FIFO pipe a multithreaded software solution.
  10. While attending a meeting with the human resources department, an organization’s information security officer sees an employee using a username and password written on a memo pad to log into a specific service. When the information security officer inquires further as to why passwords are being written down, the response is that there are too many passwords to remember for all the different services the human resources department is required to use.

    Additionally, each password has specific complexity requirements and different expiration time frames.
    Which of the following would be the BEST solution for the information security officer to recommend?

    • Utilizing MFA
    • Implementing SSO
    • Deploying 802.1X
    • Pushing SAML adoption
    • Implementing TACACS
  11. Which of the following is the GREATEST security concern with respect to BYOD?

    • The filtering of sensitive data out of data flows at geographic boundaries.
    • Removing potential bottlenecks in data transmission paths.
    • The transfer of corporate data onto mobile corporate devices.
    • The migration of data into and out of the network in an uncontrolled manner.
  12. Given the following code snippet:

    CAS-003 Part 06 Q12 037
    CAS-003 Part 06 Q12 037

    Which of the following failure modes would the code exhibit?

    •  Open
    • Secure
    • Halt
    • Exception
  13. A medical facility wants to purchase mobile devices for doctors and nurses. To ensure accountability, each individual will be assigned a separate mobile device. Additionally, to protect patients’ health information, management has identified the following requirements:

    – Data must be encrypted at rest.
    – The device must be disabled if it leaves the facility.
    – The device must be disabled when tampered with.

    Which of the following technologies would BEST support these requirements? (Choose two.)

    • eFuse
    • NFC
    • GPS
    • Biometric
    • USB 4.1
    • MicroSD
  14. A security administrator wants to implement two-factor authentication for network switches and routers. The solution should integrate with the company’s RADIUS server, which is used for authentication to the network infrastructure devices. The security administrator implements the following:

    – An HOTP service is installed on the RADIUS server.
    – The RADIUS server is configured to require the HOTP service for authentication.

    The configuration is successfully tested using a software supplicant and enforced across all network devices. Network administrators report they are unable to log onto the network devices because they are not being prompted for the second factor.

    Which of the following should be implemented to BEST resolve the issue?

    • Replace the password requirement with the second factor. Network administrators will enter their username and then enter the token in place of their password in the password field.
    • Configure the RADIUS server to accept the second factor appended to the password. Network administrators will enter a password followed by their token in the password field.
    • Reconfigure network devices to prompt for username, password, and a token. Network administrators will enter their username and password, and then they will enter the token.
    • Install a TOTP service on the RADIUS server in addition to the HOTP service. Use the HOTP on older devices that do not support two-factor authentication. Network administrators will use a web portal to log onto these devices.
  15. Following a merger, the number of remote sites for a company has doubled to 52. The company has decided to secure each remote site with an NGFW to provide web filtering, NIDS/NIPS, and network antivirus. The Chief Information Officer (CIO) has requested that the security engineer provide recommendations on sizing for the firewall with the requirements that it be easy to manage and provide capacity for growth.

    The tables below provide information on a subset of remote sites and the firewall options:

    CAS-003 Part 06 Q15 038
    CAS-003 Part 06 Q15 038
    CAS-003 Part 06 Q15 039
    CAS-003 Part 06 Q15 039

    Which of the following would be the BEST option to recommend to the CIO?

    • Vendor C for small remote sites, and Vendor B for large sites.
    • Vendor B for all remote sites
    • Vendor C for all remote sites
    • Vendor A for all remote sites
    • Vendor D for all remote sites
  16. Given the following output from a security tool in Kali:

    CAS-003 Part 06 Q16 040
    CAS-003 Part 06 Q16 040
    • Log reduction
    • Network enumerator
    • Fuzzer
    • SCAP scanner
  17. Due to a recent breach, the Chief Executive Officer (CEO) has requested the following activities be conducted during incident response planning:

    – Involve business owners and stakeholders
    – Create an applicable scenario
    – Conduct a biannual verbal review of the incident response plan
    – Report on the lessons learned and gaps identified

    Which of the following exercises has the CEO requested?

    • Parallel operations
    • Full transition
    • Internal review
    • Tabletop
    • Partial simulation
  18. A government organization operates and maintains several ICS environments. The categorization of one of the ICS environments led to a moderate baseline. The organization has complied a set of applicable security controls based on this categorization.

    Given that this is a unique environment, which of the following should the organization do NEXT to determine if other security controls should be considered?

    • Check for any relevant or required overlays.
    • Review enhancements within the current control set.
    • Modify to a high-baseline set of controls.
    • Perform continuous monitoring.
  19. A security researcher is gathering information about a recent spoke in the number of targeted attacks against multinational banks. The spike is on top of already sustained attacks against the banks. Some of the previous attacks have resulted in the loss of sensitive data, but as of yet the attackers have not successfully stolen any funds.

    Based on the information available to the researcher, which of the following is the MOST likely threat profile?

    • Nation-state-sponsored attackers conducting espionage for strategic gain.
    • Insiders seeking to gain access to funds for illicit purposes.
    • Opportunists seeking notoriety and fame for personal gain.
    • Hacktivists seeking to make a political statement because of socio-economic factors.
  20. A security analyst is inspecting pseudocode of the following multithreaded application:

    CAS-003 Part 06 Q20 041
    CAS-003 Part 06 Q20 041

    Which of the following security concerns is evident in the above pseudocode?

    • Time of check/time of use 
    • Resource exhaustion
    • Improper storage of sensitive data
    • Privilege escalation