Comptia (CAS-003) Exam Questions And Answers page 11
A SaaS provider decides to offer data storage as a service. For simplicity, the company wants to make the service available over industry standard APIs, routable over the public Internet. Which of the following controls offers the MOST protection to the company and its customer s information?
Use of non-standard ports
Web application firewall
Multifactor authentication
Risk Management
Enterprise Security Operations
As part of an organization's ongoing vulnerability assessment program, the Chief Information Security Officer (CISO) wants to evaluate the organization's systems, personnel, and facilities for various threats. As part of the assessment, the CISO plans to engage an independent cybersecurity assessment firm to perform social engineering and physical penetration testing against the organization's corporate offices and remote locations. Which of the following techniques would MOST likely be employed as part of this assessment? (Choose three.)
Privilege escalation
SQL injection
TOC/TOU exploitation
Rogue AP substitution
Tailgating
Vulnerability scanning
Vishing
Badge skimming
Risk Management
Enterprise Security Operations
A core router was manipulated by a credentialed bypass to send all network traffic through a secondary router under the control of an unauthorized user connected to the network by WiFi.
Which of the following would BEST reduce the risk of this attack type occurring?
Which of the following would BEST reduce the risk of this attack type occurring?
Implement a strong, complex password policy for user accounts that have access to the core router.
Deploy 802.1X as the NAC system for the WiFi infrastructure.
Add additional port security settings for the switching environment connected to the core router.
Allow access to the core router management interface only through an out-of-band channel.
Risk Management
Enterprise Security Operations
A company s chief cybersecurity architect wants to configure mutual authentication to access an internal payroll website. The architect has asked the administration team to determine the configuration that would provide the best defense against MITM attacks. Which of the following implementation approaches would BEST support the architect s goals?
Utilize a challenge-response prompt as required input at username/password entry.
Implement TLS and require the client to use its own certificate during handshake.
Configure a web application proxy and institute monitoring of HTTPS transactions.
Install a reverse proxy in the corporate DMZ configured to decrypt TLS sessions.
Enterprise Security Architecture
Enterprise Security Operations
Which of the following may indicate a configuration item has reached end-of-life?
The device will no longer turn on and indicated an error.
The vendor has not published security patches recently.
The object has been removed from the Active Directory.
Logs show a performance degradation of the component.
Risk Management
Enterprise Security Operations
A security engineer is assessing the controls that are in place to secure the corporate-Internet-facing DNS server. The engineer notices that security ACLs exist but are not being used properly. The DNS server should respond to any source but only provide information about domains it has authority over. Additionally, the DNS administrator have identified some problematic IP addresses that should not be able to make DNS requests. Given the ACLs below:
Which of the following should the security administrator configure to meet the DNS security needs?
Which of the following should the security administrator configure to meet the DNS security needs?
Risk Management
Enterprise Security Operations
The marketing department has developed a new marketing campaign involving significant social media outreach. The campaign includes allowing employees and customers to submit blog posts and pictures of their day-to-day experiences at the company. The information security manager has been asked to provide an informative letter to all participants regarding the security risks and how to avoid privacy and operational security issues.
Which of the following is the MOST important information to reference in the letter?
Which of the following is the MOST important information to reference in the letter?
After-action reports from prior incidents.
Social engineering techniques
Company policies and employee NDAs
Data classification processes
Risk Management
Enterprise Security Operations
An application has been through a peer review and regression testing and is prepared for release. A security engineer is asked to analyze an application binary to look for potential vulnerabilities prior to wide release. After thoroughly analyzing the application, the engineer informs the developer it should include additional input sanitation in the application to prevent overflows. Which of the following tools did the security engineer MOST likely use to determine this recommendation?
Fuzzer
HTTP interceptor
Vulnerability scanner
SCAP scanner
Risk Management
Enterprise Security Operations
A threat advisory alert was just emailed to the IT security staff. The alert references specific types of host operating systems that can allow an unauthorized person to access files on a system remotely. A fix was recently published, but it requires a recent endpoint protection engine to be installed prior to running the fix.
Which of the following MOST likely need to be configured to ensure the system are mitigated accordingly? (Choose two.)
Which of the following MOST likely need to be configured to ensure the system are mitigated accordingly? (Choose two.)
Antivirus
HIPS
Application whitelisting
Patch management
Group policy implementation
Firmware updates
Risk Management
Enterprise Security Operations
A new database application was added to a company s hosted VM environment. Firewall ACLs were modified to allow database users to access the server remotely. The company s cloud security broker then identified abnormal from a database user on-site. Upon further investigation, the security team noticed the user ran code on a VM that provided access to the hypervisor directly and access to other sensitive data.
Which of the following should the security team do to help mitigate future attacks within the VM environment? (Choose two.)
Which of the following should the security team do to help mitigate future attacks within the VM environment? (Choose two.)
Install the appropriate patches.
Install perimeter NGFW.
Configure VM isolation.
Deprovision database VM.
Change the user s access privileges.
Update virus definitions on all endpoints.
Risk Management
Enterprise Security Operations
Comments