Far Out CAS-003 Preparation Labs 2021

NEW QUESTION 1
An insurance company has an online quoting system for insurance premiums. It allows potential customers to fill in certain details about their car and obtain a quote. During an investigation, the following patterns were detected:
Pattern 1 – Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated.
Pattern 2 – For every quote completed, a new customer number is created; due to legacy systems, customer numbers are running out.
Which of the following is the attack type the system is susceptible to, and what is the BEST way to defend against it? (Select TWO).

• A. Apply a hidden field that triggers a SIEM alert
• B. Cross site scripting attack
• C. Resource exhaustion attack
• D. Input a blacklist of all known BOT malware IPs into the firewall
• E. SQL injection
• F. Implement an inline WAF and integrate into SIEM
• G. Distributed denial of service
• H. Implement firewall rules to block the attacking IP addresses

Answer: CF

Explanation:
A resource exhaustion attack involves tying up predetermined resources on a system, thereby making the resources unavailable to others.
Implementing an inline WAF would allow for protection from attacks, as well as log and alert admins to what's going on. Integrating in into SIEM allows for logs and other security-related documentation to be collected for analysis.
Incorrect Answers:
A: SIEM technology analyses security alerts generated by network hardware and applications. B: Cross site scripting attacks occur when malicious scripts are injected into otherwise trusted websites.
D: Traditional firewalls block or allow traffic. It is not, however, the best way to defend against a resource exhaustion attack.
E: A SQL injection attack occurs when the attacker makes use of a series of malicious SQL queries to directly influence the SQL database.
G: A distributed denial-of-service (DDoS) attack occurs when many compromised systems attack a single target. This results in denial of service for users of the targeted system.
H: Traditional firewalls block or allow traffic. It is not, however, the best way to defend against a resource exhaustion attack.
References:
http://searchsecurity.techtarget.com/feature/Four-questions-to-ask-befoHYPERLINK "http://searchsecurity.techtarget.com/feature/Four-questions-to-ask-before-buying-a-Webapplication- firewall"re-buying-a-Web-application-firewall
http://searchsecurity.techtarget.comHYPERLINK "http://searchsecurity.techtarget.com/definition/security-information-and-event-management- SIEM"/definition/security-information-and-event-management-SIEM https://en.wikipedia.org/wiki/Security_information_and_event_management
http:HYPERLINK "http://searchsecurity.techtarget.com/definition/distributed-denial-of-serviceattack"// searchsecurity.techtarget.com/definitHYPERLINK "http://searchsecurity.techtarget.com/definition/distributed-denial-of-serviceattack"
ion/distributed-denial-of-service-attack
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 150, 153

NEW QUESTION 2
An advanced threat emulation engineer is conducting testing against a client’s network. The engineer conducts the testing in as realistic a manner as possible. Consequently, the engineer has been gradually ramping up the volume of attacks over a long period of time. Which of the following combinations of techniques would the engineer MOST likely use in this testing? (Choose three.)

• A. Black box testing
• B. Gray box testing
• C. Code review
• D. Social engineering
• E. Vulnerability assessment
• F. Pivoting
• G. Self-assessment
• H. White teaming
• I. External auditing

Answer: AEF

NEW QUESTION 3
A security manager looked at various logs while investigating a recent security breach in the data center from an external source. Each log below was collected from various security devices compiled from a report through the company’s security information and event management server.
Logs: Log 1:
Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.2.5.81 3 packets
Log 2: HTTP://www.company.com/index.php?user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Log 3:
Security Error Alert
Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client
Log 4:
Encoder oe = new OracleEncoder ();
String query = “Select user_id FROM user_data WHERE user_name = ‘ ”
+ oe.encode ( req.getParameter(“userID”) ) + “ ‘ and user_password = ‘ “
+ oe.encode ( req.getParameter(“pwd”) ) +” ‘ “; Vulnerabilities
Buffer overflow SQL injection ACL
XSS
Which of the following logs and vulnerabilities would MOST likely be related to the security breach? (Select TWO).

• A. Log 1
• B. Log 2
• C. Log 3
• D. Log 4
• E. Buffer overflow
• F. ACL
• G. XSS
• H. SQL injection

Answer: BE

Explanation:
Log 2 indicates that the security breach originated from an external source. And the vulnerability that can be associated with this security breach is a buffer overflow that happened when the amount of data written into the buffer exceeded the limit of that particular buffer.
Incorrect Answers:
A: Log 1 is not indicative of a security breach from an outside source
C: Log 3 will not be displayed if the breach in security came from an outside source. D: Log 4 does not indicate an outside source responsible for the security breach.
F: The access control lists are mainly used to configure firewall rules and is thus not related to the security breach.
G: XSS would be indicative of an application issue and not a security breach that originated from the outside.
H: A SQL Injection is a type of attack that makes use of a series of malicious SQL queries in an attempt to directly manipulates the SQL database. This is not necessarily a security breach that originated from the outside.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 110-112, 151. 153, 162

NEW QUESTION 4
The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. Functions to be outsourced include: business analysts, testing, software development and back office functions that deal with the processing of customer dat

• A. The Chief Risk Officer (CRO) is concerned about the outsourcingplan
• B. Which of the following risks are MOST likely to occur if adequate controls are not implemented?
• C. Geographical regulation issues, loss of intellectual property and interoperability agreement issues
• D. Improper handling of client data, interoperability agreement issues and regulatory issues
• E. Cultural differences, increased cost of doing business and divestiture issues
• F. Improper handling of customer data, loss of intellectual property and reputation damage

Answer: D

Explanation:
The risk of security violations or compromised intellectual property (IP) rights is inherently elevated when working internationally. A key concern with outsourcing arrangements is making sure that there is sufficient protection and security in place for personal information being transferred and/or accessed under an outsourcing agreement.
Incorrect Answers:
A: Interoperability agreement issues are not a major risk when outsourcing to a third party company in another country.
B: Interoperability agreement issues are not a major risk when outsourcing to a third party company in another country.
C: Divestiture is the disposition or sale of an asset that is not performing well, and which is not vital to the company's core business, or which is worth more to a potential buyer or as a separate entity than as part of the company.
References: http://www.lexology.com/libraryHYPERLINK
"http://www.lexology.com/library/detail.aspx?g=e698d613-af77-4e34-b84e- 940e14e94ce4"/detail.aspx?g=e698d613-af77-4e34-b84e-940e14e94ce4 http://www.investorwords.com/1508/divestiture.html#ixzz3knAHr58A

NEW QUESTION 5
A security manager is looking into the following vendor proposal for a cloud-based SIEM solution. The intention is that the cost of the SIEM solution will be justified by having reduced the number of incidents and therefore saving on the amount spent investigating incidents.
Proposal:
External cloud-based software as a service subscription costing $5,000 per month. Expected to reduce the number of current incidents per annum by 50%.
The company currently has ten security incidents per annum at an average cost of $10,000 per incident. Which of the following is the ROI for this proposal after three years?

• A. -$30,000
• B. $120,000
• C. $150,000
• D. $180,000

Answer: A

Explanation:
Return on investment = Net profit / Investment where: Net profit = gross profit - expenses.
or
Return on investment = (gain from investment – cost of investment) / cost of investment Subscriptions = 5,000 x 12 = 60,000 per annum
10 incidents @ 10,000 = 100.000 per annum reduce by 50% = 50,000 per annum
Thus the rate of Return is -10,000 per annum and that makes for -$30,000 after three years. References:
http://www.finHYPERLINK "http://www.financeformulas.net/Return_on_Investment.html"anceformulas.net/Return_on_Invest ment.html

NEW QUESTION 6
A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. This requirement is BEST described as an implementation of:

• A. an administrative control
• B. dual control
• C. separation of duties
• D. least privilege
• E. collusion

Answer: C

Explanation:
Separation of duties requires more than one person to complete a task. Incorrect Answers:
A: Administrative controls refer policies, procedures, guidelines, and other documents used by an organization.
B: Dual control forces employees who are planning anything illegal to work together to complete critical actions.
D: The principle of least privilege prevents employees from accessing levels not required to perform their everyday function.
E: Collusion is defined as an agreement which occurs between two or more persons to deceive, mislead, or defraud others of legal rights.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 245, 321
https://en.wikipedia.org/wiki/Collusion

NEW QUESTION 7
The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the company’s wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the exception form? (Select THREE).

• A. Business or technical justification for not implementing the requirements.
• B. Risks associated with the inability to implement the requirements.
• C. Industry best practices with respect to the technical implementation of the current controls.
• D. All sections of the policy that may justify non-implementation of the requirements.
• E. A revised DRP and COOP plan to the exception form.
• F. Internal procedures that may justify a budget submission to implement the new requirement.
• G. Current and planned controls to mitigate the risk

Answer: ABG

Explanation:
The Exception Request must include: A description of the non-compliance.
The anticipated length of non-compliance (2-year maximum). The proposed assessment of risk associated with non-compliance.
The proposed plan for managing the risk associated with non-compliance.
The proposed metrics for evaluating the success of risk management (if risk is significant). The proposed review date to evaluate progress toward compliance.
An endorsement of the request by the appropriate Information Trustee (VP or Dean). Incorrect Answers:
C: The policy exception form is not for implementation, but for non-implementation.
D: All sections of the policy that may justify non-implementation of the requirements is not required, a description of the non-compliance is.
E: A Disaster recovery plan (DRP) and a Continuity of Operations (COOP) plan is not required, a proposed plan for managing the risk associated with non-compliance is.
F: The policy exception form requires justification for not implementing the requirements, not the other way around.
References: http://www.rit.edu/security/sites/rit.edu.security/files/exception%20process.pdf

NEW QUESTION 8
A company sales manager received a memo from the company’s financial department which stated that the company would not be putting its software products through the same security testing as previous years to reduce the research and development cost by 20 percent for the upcoming year. The memo also stated that the marketing material and service level agreement for each product would remain unchanged. The sales manager has reviewed the sales goals for the upcoming year and identified an increased target across the software products that will be affected by the financial department’s change. All software products will continue to go through new development in the coming year. Which of the following should the sales manager do to ensure the company stays out of trouble?

• A. Discuss the issue with the software product's user groups
• B. Consult the company’s legal department on practices and law
• C. Contact senior finance management and provide background information
• D. Seek industry outreach for software practices and law

Answer: B

Explanation:
To ensure that the company stays out of trouble, the sales manager should enquire about the legal ramifications of the change by consulting with the company’s legal department, particularly as the marketing material is not being amended.
Incorrect Answers:
A: The software product's user groups would not have insight on the legal ramifications of the change by the company, and they might not have knowledge of the service-level agreements or any contracts that the company has with other customers.
C: The sales manager does not have additional background information to provide.
D: Legal information pertaining to internal operations should be obtained from the company’s legal department.

NEW QUESTION 9
The Chief Information Security Officer (CISO) has asked the security team to determine whether the organization is susceptible to a zero-day explogt utilized in the banking industry and whether attribution is possible. The CISO has asked what process would be utilized to gather the information, and then wants to apply signatureless controls to stop these kinds of attacks in the future. Which of the following are the MOST appropriate ordered steps to take to meet the CISO’s request?

• A. 1. Perform the ongoing research of the best practices2. Determine current vulnerabilities and threats3. Apply Big Data techniques4. Use antivirus control
• B. 1. Apply artificial intelligence algorithms for detection2. Inform the CERT team3. Research threat intelligence and potential adversaries4. Utilize threat intelligence to apply Big Data techniques
• C. 1. Obtain the latest IOCs from the open source repositories2. Perform a sweep across the network to identify positive matches3. Sandbox any suspicious files4. Notify the CERT team to apply a future proof threat model
• D. 1. Analyze the current threat intelligence2. Utilize information sharing to obtain the latest industry IOCs3. Perform a sweep across the network to identify positive matches4. Apply machine learning algorithms

Answer: C

NEW QUESTION 10
Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin
her investigative work, she runs the following nmap command string: user@hostname:~$ sudo nmap –O 192.168.1.54
Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on the device:
TCP/22 TCP/111 TCP/512-514 TCP/2049 TCP/32778
Based on this information, which of the following operating systems is MOST likely running on the unknown node?

• A. Linux
• B. Windows
• C. Solaris
• D. OSX

Answer: C

Explanation:
TCP/22 is used for SSH; TCP/111 is used for Sun RPC; TCP/512-514 is used by CMD like exec, but automatic authentication is performed as with a login server, etc. These are all ports that are used when making use of the Sun Solaris operating system.
Incorrect Answers:
A: Linux operating system will not use those TCP ports.
B: The Windows Operating system makes use of different TCP ports. D: The OSX operating system makes use of other TCP ports. References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, p. 174
https://www.iana.org/assignments/service-names-port-numbers/service-names-portnumberHYPERLINK "https://www.iana.org/assignments/service-names-port-numbers/servicenames-
port-numbers.xml"s.xml https://en.wikipedia.org/wiki/Solaris_%28operating_sysHYPERLINK "https://en.wikipedia.org/wiki/Solaris_(operating_system)"tem%29 https://nmap.org/book/inst-windows.html

NEW QUESTION 11
A web developer has implemented HTML5 optimizations into a legacy web application. One of the modifications the web developer made was the following client side optimization: localStorage.setItem(“session-cookie”, document.cookie);
Which of the following should the security engineer recommend?

• A. SessionStorage should be used so authorized cookies expire after the session ends
• B. Cookies should be marked as “secure” and “HttpOnly”
• C. Cookies should be scoped to a relevant domain/path
• D. Client-side cookies should be replaced by server-side mechanisms

Answer: C

NEW QUESTION 12
An attacker attempts to create a DoS event against the VoIP system of a company. The attacker uses a tool to flood the network with a large number of SIP INVITE traffic. Which of the following would be LEAST likely to thwart such an attack?

• A. Install IDS/IPS systems on the network
• B. Force all SIP communication to be encrypted
• C. Create separate VLANs for voice and data traffic
• D. Implement QoS parameters on the switches

Answer: D

Explanation:
Quality of service (QoS) is a mechanism that is designed to give priority to different applications, users, or data to provide a specific level of performance. It is often used in networks to prioritize certain types of network traffic. It is not designed to block traffic, per se, but to give certain types of traffic a lower or higher priority than others. This is least likely to counter a denial of service (DoS) attack.
Incorrect Answers:
A: Denial of Service (DoS) attacks web-based attacks that explogt flaws in the operating system, applications, services, or protocols. These attacks can be mitigated by means of firewalls, routers,
and intrusion detection systems (IDSs) that detect DoS traffic, disabling echo replies on external systems, disabling broadcast features on border systems, blocking spoofed packets on the network, and proper patch management.
B: VoIP makes use of Session Initiation Protocol (SIP) and the attack is making use of SIP INVITE requests to initiate VoIP calls. Forcing SIP communication to be encrypted would reduce SIP INVITE requests.
C: Using virtual local area networks (VLANs), to segregate data traffic from voice traffic can drastically reduce the potential for attacks that utilize automated tools.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 135-138, 355-356, 357, 362, 378

NEW QUESTION 13
Providers at a healthcare system with many geographically dispersed clinics have been fined five times this year after an auditor received notice of the following SMS messages:

Which of the following represents the BEST solution for preventing future files?

• A. Implement a secure text-messaging application for mobile devices and workstations.
• B. Write a policy requiring this information to be given over the phone only.
• C. Provide a courier service to deliver sealed documents containing public health informatics.
• D. Implement FTP services between clinics to transmit text documents with the information.
• E. Implement a system that will tokenize patient number

Answer: A

NEW QUESTION 14
A security engineer is performing an assessment again for a company. The security engineer examines the following output from the review:
Which of the following tools is the engineer utilizing to perform this assessment?

• A. Vulnerability scanner
• B. SCAP scanner
• C. Port scanner
• D. Interception proxy

Answer: B

NEW QUESTION 15
A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One system will be upgraded in six months, and two are not expected to be upgraded or removed from the network. Which of the following processes should be followed?

• A. Establish a risk matrix
• B. Inherit the risk for six months
• C. Provide a business justification to avoid the risk
• D. Provide a business justification for a risk exception

Answer: D

Explanation:
The Exception Request must include: A description of the non-compliance.
The anticipated length of non-compliance (2-year maximum). The proposed assessment of risk associated with non-compliance.
The proposed plan for managing the risk associated with non-compliance.
The proposed metrics for evaluating the success of risk management (if risk is significant). The proposed review date to evaluate progress toward compliance.
An endorsement of the request by the appropriate Information Trustee (VP or Dean). Incorrect Answers:
A: A risk matrix can be used to determine an overall risk ranking before determining how the risk will be dealt with.
B: Inheriting the risk for six months means that it has been decided the benefits of moving forward outweighs the risk.
C: Avoiding the risk is not recommended as the applications are still being used. References:
http://www.rit.edu/security/sHYPERLINK "http://www.rit.edu/security/sites/rit.edu.security/files/exception process.pdf"ites/rit.edu.security/files/exceptionHYPERLINK "http://www.rit.edu/security/sites/rit.edu.security/files/exception process.pdf"%20process.pdf
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, p. 218

NEW QUESTION 16
A security administrator is hardening a TrustedSolaris server that processes sensitive data. The data owner has established the following security requirements:
The data is for internal consumption only and shall not be distributed to outside individuals The systems administrator should not have access to the data processed by the server
The integrity of the kernel image is maintained
Which of the following host-based security controls BEST enforce the data owner’s requirements? (Choose three.)

• A. SELinux
• B. DLP
• C. HIDS
• D. Host-based firewall
• E. Measured boot
• F. Data encryption
• G. Watermarking

Answer: CEF

NEW QUESTION 17
After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of the following would help meet these goals by having co-workers occasionally audit another worker's position?

• A. Least privilege
• B. Job rotation
• C. Mandatory vacation
• D. Separation of duties

Answer: B

Explanation:
Job rotation can reduce fraud or misuse by preventing an individual from having too much control over an area.
Incorrect Answers:
A: The principle of least privilege prevents employees from accessing levels not required to perform their everyday function.
C: Mandatory vacation is used to discover misuse and allow the organization time to audit a suspected employee while they are away from work.
D: Separation of duties requires more than one person to complete a task. References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, p. 245

NEW QUESTION 18
A completely new class of web-based vulnerabilities has been discovered. Claims have been made that all common web-based development frameworks are susceptible to attack. Proof-of-concept details have emerged on the Internet. A security advisor within a company has been asked to provide recommendations on how to respond quickly to these vulnerabilities. Which of the following BEST describes how the security advisor should respond?

• A. Assess the reliability of the information source, likelihood of explogtability, and impact to hosted dat
• B. Attempt to explogt via the proof-of-concept cod
• C. Consider remediation options.
• D. Hire an independent security consulting agency to perform a penetration test of the web server
• E. Advise management of any ‘high’ or ‘critical’ penetration test findings and put forward recommendations for mitigation.
• F. Review vulnerability write-ups posted on the Interne
• G. Respond to management with a recommendation to wait until the news has been independently verified by software vendors providing the web application software.
• H. Notify all customers about the threat to their hosted dat
• I. Bring the web servers down into“maintenance mode” until the vulnerability can be reliably mitigated through a vendor patc

Answer: A

Explanation:
The first thing you should do is verify the reliability of the claims. From there you can assess the likelihood of the vulnerability affecting your systems. If it is determined that your systems are likely to be affected by the explogt, you need to determine what impact an attack will have on your hosted dat
A. Now that you know what the impact will be, you can test the explogt by using the proof-ofconcept code. That should help you determine your options for dealing with the threat
(remediation). Incorrect Answers:
B: While penetration testing your system is a good idea, it is unnecessary to hire an independent security consulting agency to perform a penetration test of the web servers. You know what the vulnerability is so you can test it yourself with the proof-of-concept code.
C: Security response should be proactive. Waiting for the threat to be verified by the software vendor will leave the company vulnerable if the vulnerability is real.
D: Bringing down the web servers would prevent the vulnerability but would also render the system useless. Furthermore, customers would expect a certain level of service and may even have a service level agreement in place with guarantees of uptime.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 375-376

NEW QUESTION 19
A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization’s customer database. The database will be accessed by both the company’s users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO).

• A. Physical penetration test of the datacenter to ensure there are appropriate controls.
• B. Penetration testing of the solution to ensure that the customer data is well protected.
• C. Security clauses are implemented into the contract such as the right to audit.
• D. Review of the organizations security policies, procedures and relevant hosting certifications.
• E. Code review of the solution to ensure that there are no back doors located in the softwar

Answer: CD

Explanation:
Due diligence refers to an investigation of a business or person prior to signing a contract. Due diligence verifies information supplied by vendors with regards to processes, financials, experience, and performance. Due diligence should verify the data supplied in the RFP and concentrate on the following:
Company profile, strategy, mission, and reputation
Financial status, including reviews of audited financial statements
Customer references, preferably from companies that have outsourced similar processes Management qualifications, including criminal background checks
Process expertise, methodology, and effectiveness Quality initiatives and certifications
Technology, infrastructure stability, and applications Security and audit controls
Legal and regulatory compliance, including any outstanding complaints or litigation Use of subcontractors
Insurance
Disaster recovery and business continuity policies C and D form part of Security and audit controls. Incorrect Answers:
A: A Physical Penetration Test recognizes the security weaknesses and strengths of the physical security. It will, therefore, not form part of due diligence because due diligence verifies information supplied by vendors with regards to processes, financials, experience, and performance.
B: A penetration test is a software attack on a computer system that looks for security weaknesses. It will, therefore, not form part of due diligence because due diligence verifies information supplied by vendors with regards to processes, financials, experience, and performance.
E: A security code review is an examination of an application that is designed to identify and assess threats to an organization. It will, therefore, not form part of due diligence because due diligence verifies information supplied by vendors with regards to processes, financials, experience, and performance.
References: https://en.wikipedia.org/wiki/Due_diligence httHYPERLINK
"http://www.ftpress.com/articles/article.aspx?p=465313&seqNum=5"p://www.ftpress.com/articles/
article.aspx?p=465313HYPERLINK "http://www.ftpress.com/articles/article.aspx?p=465313&seqNum=5"&HYPERLINK "http://www.ftpress.com/articles/article.aspx?p=465313&seqNum=5"seqNum=5 http://seclists.org/pen-test/2004/Dec/11
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, p. 169

NEW QUESTION 20
A security administrator is assessing a new application. The application uses an API that is supposed to encrypt text strings that are stored in memory. How might the administrator test that the strings are indeed encrypted in memory?

• A. Use fuzzing techniques to examine application inputs
• B. Run nmap to attach to application memory
• C. Use a packet analyzer to inspect the strings
• D. Initiate a core dump of the application
• E. Use an HTTP interceptor to capture the text strings

Answer: D

Explanation:
Applications store information in memory and this information include sensitive data, passwords, and usernames and encryption keys. Conducting memory/core dumping will allow you to analyze the memory content and then you can test that the strings are indeed encrypted.
Incorrect Answers:
A: Fuzzing is a type of black box testing that works by automatically feeding a program multiple input iterations that are specially constructed to trigger an internal error which would indicate that there is
a bug in the program and it could even crash your program that you are testing. B: Tools like NMAP is used mainly for scanning when running penetration tests.
C: Packet analyzers are used to troubleshoot network performance and not check that the strings in the memory are encrypted.
E: A HTTP interceptors are used to assess and analyze web traffic. References:
https://en.wikipedia.org/wHYPERLINK "https://en.wikipedia.org/wiki/Core_dump"iki/Core_dump
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 168-169, 174

NEW QUESTION 21
A systems administrator recently joined an organization and has been asked to perform a security assessment of controls on the organization’s file servers, which contain client data from a number of sensitive systems. The administrator needs to compare documented access requirements to the access implemented within the file system.
Which of the following is MOST likely to be reviewed during the assessment? (Select two.)

• A. Access control list
• B. Security requirements traceability matrix
• C. Data owner matrix
• D. Roles matrix
• E. Data design document
• F. Data access policies

Answer: DF

NEW QUESTION 22
DRAG DROP
A security consultant is considering authentication options for a financial institution. The following authentication options are available security mechanism to the appropriate use case. Options may be used once.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 23
A firm’s Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the product’s reliability, stability, and performance. Which of the following would provide the MOST thorough testing and satisfy the CEO’s requirements?

• A. Sign a MOU with a marketing firm to preserve the company reputation and use in-house resources for random testing.
• B. Sign a BPA with a small software consulting firm and use the firm to perform Black box testing and address all findings.
• C. Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.
• D. Use the most qualified and senior developers on the project to perform a variety of White box testing and code reviews.

Answer: C

Explanation:
Gray box testing has limited knowledge of the system as an attacker would. The base code would remain confidential. This would further be enhanced by a Non-disclosure agreement (NDA) which is designed to protect confidential information.
Incorrect Answers:
A: A memorandum of understanding (MOU) documents conditions and applied terms for outsourcing partner organizations that must share data and information resources. They do not typically cover vulnerabilities and penetration / vulnerability testing. Furthermore, the CEO is concerned that IT staff lacks the knowledge to identify complex vulnerabilities.
B: A business partnership security agreement (BPA) is a legally binding document that is designed to provide safeguards and compel certain actions among business partners in relation to specific security-related activities. Black box testing is integrity-based testing that uses random user inputs. Code confidentiality is maintained but testing is limited.
D: White box testing requires full access to the code base as it involves validating the program logic. This does not test against vulnerabilities. Furthermore, the CEO is concerned that IT staff lacks the knowledge to identify complex vulnerabilities.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 148, 167-168, 238-239
https://en.wikipedia.org/wiki/Non-discloHYPERLINK "https://en.wikipedia.org/wiki/Nondisclosure_
agreement"sure_agreement https://en.wikipedia.orgHYPERLINK
"https://en.wikipedia.org/wiki/Gray_box_testing"/wiki/Gray_box_testing

NEW QUESTION 24
Two new technical SMB security settings have been enforced and have also become policies that increase secure communications.
Network Client: Digitally sign communication Network Server: Digitally sign communication
A storage administrator in a remote location with a legacy storage array, which contains timesensitive data, reports employees can no longer connect to their department shares. Which of the following mitigation strategies should an information security manager recommend to the data owner?

• A. Accept the risk, reverse the settings for the remote location, and have the remote location file a risk exception until the legacy storage device can be upgraded
• B. Accept the risk for the remote location, and reverse the settings indefinitely since the legacy storage device will not be upgraded
• C. Mitigate the risk for the remote location by suggesting a move to a cloud service provide
• D. Have the remote location request an indefinite risk exception for the use of cloud storage
• E. Avoid the risk, leave the settings alone, and decommission the legacy storage device

Answer: A

NEW QUESTION 25
A company has entered into a business agreement with a business partner for managed human resources services. The Chief Information Security Officer (CISO) has been asked to provide documentation that is required to set up a business-to-business VPN between the two organizations. Which of the following is required in this scenario?

• A. ISA
• B. BIA
• C. SLA
• D. RA

Answer: C

NEW QUESTION 26
The marketing department has developed a new marketing campaign involving significant social media outreach. The campaign includes allowing employees and customers to submit blog posts and pictures of their day-to-day experiences at the company. The information security manager has been asked to provide an informative letter to all participants regarding the security risks and how to avoid privacy and operational security issues. Which of the following is the MOST important information to reference in the letter?

• A. After-action reports from prior incidents.
• B. Social engineering techniques
• C. Company policies and employee NDAs
• D. Data classification processes

Answer: C

NEW QUESTION 27
......