Comptia (CAS-003) Exam Questions And Answers page 12
A company is not familiar with the risks associated with IPv6. The systems administrator wants to isolate IPv4 from IPv6 traffic between two different network segments. Which of the following should the company implement? (Choose two.)
Disable network discovery protocol on all company routers.
Block IP protocol 41 using Layer 3 switches.
Disable the DHCPv6 service from all routers.
Drop traffic for ::/0 at the edge firewall.
Implement a 6in4 proxy server.
Risk Management
Enterprise Security Operations
A company wants to confirm sufficient executable space protection is in place for scenarios in which malware may be attempting buffer overflow attacks. Which of the following should the security engineer check?
NX/XN
ASLR
strcpy
ECC
Risk Management
Enterprise Security Operations
A security administrator adding a NAC requirement for all VPN users to ensure the connecting devices are compliant with company policy. Which of the following items provides the HIGHEST assurance to meet this requirement?
Implement a permanent agent.
Install antivirus software.
Use an agentless implementation.
Implement PKI.
Risk Management
Enterprise Security Operations
A security engineer discovers a PC may have been breached and accessed by an outside agent. The engineer wants to find out how this breach occurred before remediating the damage. Which of the following should the security engineer do FIRST to begin this investigation?
Create an image of the hard drive
Capture the incoming and outgoing network traffic
Dump the contents of the RAM
Parse the PC logs for information on the attacker
Risk Management
Enterprise Security Operations
A company has created a policy to allow employees to use their personally owned devices. The Chief Information Security Officer (CISO) is getting reports of company data appearing on unapproved forums and an increase in theft of personal electronic devices.
Which of the following security controls would BEST reduce the risk of exposure?
Which of the following security controls would BEST reduce the risk of exposure?
Disk encryption on the local drive
Group policy to enforce failed login lockout
Multifactor authentication
Implementation of email digital signatures
Risk Management
Enterprise Security Operations
A software development company lost customers recently because of a large number of software issues. These issues were related to integrity and availability defects, including buffer overflows, pointer dereferences, and others. Which of the following should the company implement to improve code quality? (Choose two.)
Development environment access controls
Continuous integration
Code comments and documentation
Static analysis tools
Application containerization
Code obfuscation
Enterprise Security Operations
Technical Integration of Enterprise Security
Following a recent and very large corporate merger, the number of log files an SOC needs to review has approximately tripled. The Chief Information Security Officer (CISO) has not been allowed to hire any more staff for the SOC, but is looking for other ways to automate the log review process so the SOC receives less noise. Which of the following would BEST reduce log noise for the SOC?
SIEM filtering
Machine learning
Outsourcing
Centralized IPS
Enterprise Security Operations
Enterprise Security Operations
A security architect is determining the best solution for a new project. The project is developing a new intranet with advanced authentication capabilities, SSO for users, and automated provisioning to streamline Day 1 access to systems. The security architect has identified the following requirements:
1. Information should be sourced from the trusted master data source.
2. There must be future requirements for identity proofing of devices and users.
3. A generic identity connector that can be reused must be developed.
4. The current project scope is for internally hosted applications only.
Which of the following solution building blocks should the security architect use to BEST meet the requirements?
1. Information should be sourced from the trusted master data source.
2. There must be future requirements for identity proofing of devices and users.
3. A generic identity connector that can be reused must be developed.
4. The current project scope is for internally hosted applications only.
Which of the following solution building blocks should the security architect use to BEST meet the requirements?
LDAP, multifactor authentication, OAuth, XACML
AD, certificate-based authentication, Kerberos, SPML
SAML, context-aware authentication, OAuth, WAYF
NAC, radius, 802.1x, centralized active directory
Enterprise Security Architecture
Enterprise Security Operations
A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate RTO and RPO for the organization s ERP. Which of the following should the CISO interview as MOST qualified to provide RTO/RPO metrics?
Data custodian
Data owner
Security analyst
Business unit director
Chief Executive Officer (CEO)
Risk Management
Risk Management
Due to a recent acquisition, the security team must find a way to secure several legacy applications. During a review of the applications, the following issues are documented:
• The applications are considered mission-critical.
• The applications are written in code languages not currently supported by the development staff.
• Security updates and patches will not be made available for the applications.
• Username and passwords do not meet corporate standards.
• The data contained within the applications includes both PII and PHI.
• The applications communicate using TLS 1.0.
• Only internal users access the applications.
Which of the following should be utilized to reduce the risk associated with these applications and their current architecture?
• The applications are considered mission-critical.
• The applications are written in code languages not currently supported by the development staff.
• Security updates and patches will not be made available for the applications.
• Username and passwords do not meet corporate standards.
• The data contained within the applications includes both PII and PHI.
• The applications communicate using TLS 1.0.
• Only internal users access the applications.
Which of the following should be utilized to reduce the risk associated with these applications and their current architecture?
Update the company policies to reflect the current state of the applications so they are not out of compliance.
Create a group policy to enforce password complexity and username requirements.
Use network segmentation to isolate the applications and control access.
Move the applications to virtual servers that meet the password and account standards.
Risk Management
Enterprise Security Architecture
Comments