CAS-003 : CompTIA Advanced Security Practitioner (CASP+) CAS-003 : Part 10

  1. A security manager recently categorized an information system. During the categorization effort, the manager determined the loss of integrity of a specific information type would impact business significantly. Based on this, the security manager recommends the implementation of several solutions. Which of the following, when combined, would BEST mitigate this risk? (Choose two.)

    • Access control
    • Whitelisting
    • Signing
    • Validation
    • Boot attestation
  2. A security analyst is reviewing the following company requirements prior to selecting the appropriate technical control configuration and parameter:

    RTO: 2 days
    RPO: 36 hours
    MTTR: 24 hours
    MTBF: 60 days

    Which of the following solutions will address the RPO requirements?

    • Remote Syslog facility collecting real-time events
    • Server farm behind a load balancer delivering five-nines uptime
    • Backup solution that implements daily snapshots
    • Cloud environment distributed across geographic regions
  3. A penetration test is being scoped for a set of web services with API endpoints. The APIs will be hosted on existing web application servers. Some of the new APIs will be available to unauthenticated users, but some will only be available to authenticated users. Which of the following tools or activities would the penetration tester MOST likely use or do during the engagement? (Choose two.)

    • Static code analyzer
    • Intercepting proxy
    • Port scanner
    • Reverse engineering
    • Reconnaissance gathering
    • User acceptance testing
  4. A recent overview of the network’s security and storage applications reveals a large amount of data that needs to be isolated for security reasons. Below are the critical applications and devices configured on the network:

    – Firewall
    – Core switches
    – RM server
    – Virtual environment
    – NAC solution

    The security manager also wants data from all critical applications to be aggregated to correlate events from multiple sources. Which of the following must be configured in certain applications to help ensure data aggregation and data isolation are implemented on the critical applications and devices? (Choose two.)

    • Routing tables
    • Log forwarding
    • Data remanants
    • Port aggregation
    • NIC teaming
    • Zones
  5. A security analyst who is concerned about sensitive data exfiltration reviews the following:

    CAS-003 Part 10 Q05 061
    CAS-003 Part 10 Q05 061

    Which of the following tools would allow the analyst to confirm if data exfiltration is occuring?

    • Port scanner
    • SCAP tool
    • File integrity monitor
    • Protocol analyzer
  6. As part of the development process for a new system, the organization plans to perform requirements analysis and risk assessment. The new system will replace a legacy system, which the organization has used to perform data analytics.

    Which of the following is MOST likely to be part of the activities conducted by management during this phase of the project?

    • Static code analysis and peer review of all application code
    • Validation of expectations relating to system performance and security
    • Load testing the system to ensure response times is acceptable to stakeholders
    • Design reviews and user acceptance testing to ensure the system has been deployed properly
    • Regression testing to evaluate interoperability with the legacy system during the deployment
  7. A system owner has requested support from data owners to evaluate options for the disposal of equipment containing sensitive data. Regulatory requirements state the data must be rendered unrecoverable via logical means or physically destroyed.

    Which of the following factors is the regulation intended to address?

    • Sovereignty
    • E-waste
    • Remanence
    • Deduplication
  8. During a criminal investigation, the prosecutor submitted the original hard drive from the suspect’s computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected. Which of the following practices should the prosecutor’s forensics team have used to ensure the suspect’s data would be admissible as evidence? (Select TWO.)

    • Follow chain of custody best practices
    • Create an identical image of the original hard drive, store the original securely, and then perform forensics only on the imaged drive.
    • Use forensics software on the original hard drive and present generated reports as evidence
    • Create a tape backup of the original hard drive and present the backup as evidence
    • Create an exact image of the original hard drive for forensics purposes, and then place the original back in service
  9. An organization just merged with an organization in another legal jurisdiction and must improve its network security posture in ways that do not require additional resources to implement data isolation. One recommendation is to block communication between endpoint PCs. Which of the following would be the BEST solution?

    • Installing HIDS
    • Configuring a host-based firewall
    • Configuring EDR
    • Implementing network segmentation
  10. After several industry competitors suffered data loss as a result of cyberattacks, the Chief Operating Officer (COO) of a company reached out to the information security manager to review the organization’s security stance. As a result of the discussion, the COO wants the organization to meet the following criteria:

    – Blocking of suspicious websites
    – Prevention of attacks based on threat intelligence
    – Reduction in spam
    – Identity-based reporting to meet regulatory compliance
    – Prevention of viruses based on signature
    – Protect applications from web-based threats

    Which of the following would be the BEST recommendation the information security manager could make?

    • Reconfigure existing IPS resources
    • Implement a WAF
    • Deploy a SIEM solution
    • Deploy a UTM solution
    • Implement an EDR platform
  11. A company’s chief cybersecurity architect wants to configure mutual authentication to access an internal payroll website. The architect has asked the administration team to determine the configuration that would provide the best defense against MITM attacks. Which of the following implementation approaches would BEST support the architect’s goals?

    • Utilize a challenge-response prompt as required input at username/password entry.
    • Implement TLS and require the client to use its own certificate during handshake.
    • Configure a web application proxy and institute monitoring of HTTPS transactions.
    • Install a reverse proxy in the corporate DMZ configured to decrypt TLS sessions.
  12. A company is not familiar with the risks associated with IPv6. The systems administrator wants to isolate IPv4 from IPv6 traffic between two different network segments. Which of the following should the company implement? (Choose two.)

    • Use an internal firewall to block UDP port 3544.
    • Disable network discovery protocol on all company routers.
    • Block IP protocol 41 using Layer 3 switches.
    • Disable the DHCPv6 service from all routers.
    • Drop traffic for ::/0 at the edge firewall.
    • Implement a 6in4 proxy server.
  13. With which of the following departments should an engineer for a consulting firm coordinate when determining the control and reporting requirements for storage of sensitive, proprietary customer information?

    • Human resources
    • Financial
    • Sales
    • Legal counsel
  14. The Chief Executive Officers (CEOs) from two different companies are discussing the highly sensitive prospect of merging their respective companies together. Both have invited their Chief Information Officers (CIOs) to discern how they can securely and digitally communicate, and the following criteria are collectively determined:

    – Must be encrypted on the email servers and clients
    – Must be OK to transmit over unsecure Internet connections

    Which of the following communication methods would be BEST to recommend?

    • Force TLS between domains.
    • Enable STARTTLS on both domains.
    • Use PGP-encrypted emails.
    • Switch both domains to utilize DNSSEC.
  15. A bank is initiating the process of acquiring another smaller bank. Before negotiations happen between the organizations, which of the following business documents would be used as the FIRST step in the process?

    • MOU
    • OLA
    • BPA
    • NDA
  16. A company wants to confirm sufficient executable space protection is in place for scenarios in which malware may be attempting buffer overflow attacks. Which of the following should the security engineer check?

    • NX/XN
    • ASLR
    • strcpy
    • ECC
  17. Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in a secure environment?

    • NDA
    • MOU
    • BIA
    • SLA
  18. Developers are working on a new feature to add to a social media platform. The new feature involves users uploading pictures of what they are currently doing. The data privacy officer (DPO) is concerned about various types of abuse that might occur due to this new feature. The DPO states the new feature cannot be released without addressing the physical safety concerns of the platform’s users.

    Which of the following controls would BEST address the DPO’s concerns?

    • Increasing blocking options available to the uploader
    • Adding a one-hour delay of all uploaded photos
    • Removing all metadata in the uploaded photo file
    • Not displaying to the public who uploaded the photo
    • Forcing TLS for all connections on the platform
  19. A security technician receives a copy of a report that was originally sent to the board of directors by the Chief Information Security Officer (CISO).
    The report outlines the following KPI/KRI data for the last 12 months:

    CAS-003 Part 10 Q19 062
    CAS-003 Part 10 Q19 062

    Which of the following BEST describes what could be interpreted from the above data?

    • 1. AV coverage across the fleet improved
      2. There is no correlation between infected systems and AV coverage.
      3. There is no correlation between detected phishing attempts and infected systems
      4. A correlation between threat landscape rating and infected systems appears to exist.
      5. Effectiveness and performance of the security team appears to be degrading.
    • 1. AV signature coverage has remained consistently high
      2. AV coverage across the fleet improved
      3. A correlation between phishing attempts and infected systems appears to exist
      4. There is a correlation between the threat landscape rating and the security team’s performance.
      5. There is no correlation between detected phishing attempts and infected systems
    • 1. There is no correlation between infected systems and AV coverage
      2. AV coverage across the fleet improved
      3. A correlation between phishing attempts and infected systems appears to exist
      4. There is no correlation between the threat landscape rating and the security team’s performance.
      5. There is a correlation between detected phishing attempts and infected systems
    • 1. AV coverage across the fleet declined
      2. There is no correlation between infected systems and AV coverage.
      3. A correlation between phishing attempts and infected systems appears to exist
      4. There is no correlation between the threat landscape rating and the security team’s performance
      5. Effectiveness and performance of the security team appears to be degrading.
  20. A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization’s vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to the organization. The CISO determines systems administrators need to participate in industry security events. Which of the following is the CISO looking to improve?

    • Vendor diversification
    • System hardening standards
    • Bounty programs
    • Threat awareness
    • Vulnerability signatures