Shortcuts To CAS-002（16 to 22）

Q1. Company A has a remote work force that often includes independent contractors and out of state full time employees.

Company A's security engineer has been asked to implement a solution allowing these users to collaborate on projects with the following goals:

Which of the following solutions should the security engineer recommend to meet the MOST goals?

A. Create an SSL reverse proxy to a collaboration workspace. Use remote installation service to maintain application version. Have users use full desktop encryption. Schedule server downtime from 12:00 to 1:00 PM.

B. Install an SSL VPN to Company A's datacenter, have users connect to a standard virtual workstation image, set workstation time of day restrictions.

C. Create an extranet web portal using third party web based office applications. Ensure that Company A maintains the administrative access.

D. Schedule server downtime from 12:00 to 1:00 PM, implement a Terminal Server

A. Gateway, use remote installation services to standardize application on useru2021s laptops.

Q2. Due to cost and implementation time pressures, a security architect has allowed a NAS to be used instead of a SAN for a non-critical, low volume database. Which of the following would make a NAS unsuitable for a business critical, high volume database application that required a high degree of data confidentiality and data availability? (Select THREE).

A. File level transfer of data

B. Zoning and LUN security

C. Block level transfer of data

D. Multipath

E. Broadcast storms

F. File level encryption

G. Latency

Q3. A security services company is scoping a proposal with a client. They want to perform a general security audit of their environment within a two week period and consequently have the following requirements:

Requirement 1 u2013 Ensure their server infrastructure operating systems are at their latest patch levels

Requirement 2 u2013 Test the behavior between the application and database Requirement 3 u2013 Ensure that customer data can not be exfiltrated

Which of the following is the BEST solution to meet the above requirements?

A. Penetration test, perform social engineering and run a vulnerability scanner

B. Perform dynamic code analysis, penetration test and run a vulnerability scanner

C. Conduct network analysis, dynamic code analysis, and static code analysis

D. Run a protocol analyzer perform static code analysis and vulnerability assessment

Q4. A bank now has a major initiative to virtualize as many servers as possible, due to power and rack space capacity at both data centers. The bank has prioritized by virtualizing older servers first as the hardware is nearing end-of-life.

The two initial migrations include:

Which of the following should the security consultant recommend based on best practices?

A. One data center should host virtualized web servers and the second data center should host the virtualized domain controllers.

B. One virtual environment should be present at each data center, each housing a combination of the converted Windows 2000 and RHEL3 virtual machines.

C. Each data center should contain one virtual environment for the web servers and another virtual environment for the domain controllers.

D. Each data center should contain one virtual environment housing converted Windows 2000 virtual machines and converted RHEL3 virtual machines.

Q5. An organization uses IP address block 203.0.113.0/24 on its internal network. At the border router, the network administrator sets up rules to deny packets with a source address in this subnet from entering the network, and to deny packets with a destination address in this subnet from leaving the network. Which of the following is the administrator attempting to prevent?

A. BGP route hijacking attacks

B. Bogon IP network traffic

C. IP spoofing attacks

A. D. Man-in-the-middle attacks

E. Amplified DDoS attacks

Q6. A system administrator has installed a new Internet facing secure web application that consists of a Linux web server and Windows SQL server into a new corporate site. The administrator wants to place the servers in the most logical network security zones and implement the appropriate security controls. Which of the following scenarios BEST accomplishes this goal?

A. Create an Internet zone, DMZ, and Internal zone on the firewall. Place the web server in the DMZ. Configure IPtables to allow TCP 80 and 443. Set SELinux to permissive. Place the SQL server in the internal zone. Configure the Windows firewall to allow TCP 80 and

443. Configure the Internet zone with ACLs of allow 80 and 443 destination DMZ.

B. Create an Internet zone, DMZ, and Internal zone on the firewall. Place the web server in the DMZ. Configure IPtables to allow TCP 443. Set enforcement threshold on SELinux to one. Place the SQL server in the internal zone. Configure the Windows firewall to allow TCP 1433 and 1443. Configure the Internet zone with ACLs of allow 443 destination DMZ.

A. C. Create an Internet zone and two DMZ zones on the firewall. Place the web server in the DMZ one. Set the enforcement threshold on SELinux to 100, and configure IPtables to allow TCP 80 and 443. Place the SQL server in DMZ two. Configure the Windows firewall to allow TCP 80 and 443. Configure the Internet zone with an ACL of allow 443 destination ANY.

D. Create an Internet zone and two DMZ zones on the firewall. Place the web server in DMZ one. Set enforcement threshold on SELinux to zero, and configure IPtables to allow TCP 80 and 443. Place the SQL server in DMZ two. Configure the Internet zone ACLs with allow 80, 443, 1433, and 1443 destination ANY.

Q7. A medium-sized company has recently launched an online product catalog. It has decided to keep the credit card purchasing in-house as a secondary potential income stream has been identified in relation to sales leads. The company has decided to undertake a PCI assessment in order to determine the amount of effort required to meet the business objectives. Which compliance category would this task be part of?

A. Government regulation

B. Industry standard

C. Company guideline

D. Company policy