Comptia (CAS-003) Exam Questions And Answers page 15
A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet:
Which of the following should the penetration tester conclude about the command output?
Which of the following should the penetration tester conclude about the command output?
Comptia.org is running an older mail server, which may be vulnerable to exploits
The DNS SPF records have not been updated for Comptia.org
192.168.102.67 is a backup mail server that may be more vulnerable to attack
Enterprise Security Operations
Enterprise Security Operations
A manufacturing company recently recovered from an attack on its ICS devices. It has since reduced the attack surface by isolating the affected components. The company now wants to implement detection capabilities. It is considering a system that is based on machine learning. Which of the following features would BEST describe the driver to adopt such nascent technology over mainstream commercial IDSs?
Trains on normal behavior and identifies deviations therefrom
Identifies and triggers upon known bad signatures and behaviors
Classifies traffic based on logical protocols and messaging formats
Automatically reconfigures ICS devices based on observed behavior
A company has made it a spending priority to implement security architectures that will be resilient during an attack. Recent incidents have involved attackers leveraging latent vulnerabilities in cryptographic implementations and VPN concentrators to be able to compromise sensitive information. Patches have been slowly released for these emergent vulnerabilities, leaving weeks to months of exposed and vulnerable attack surface. Which of the following approaches would be BEST to increase enterprise resilience during similar future attacks?
Implement appliances and software from diverse manufacturers
Segment remote VPN users logically from the production LAN
Maximize open-source software to benefit from swifter patch releases
Upgrade the cryptographic ciphers used on the VPN concentrators
Enterprise Security Architecture
Enterprise Security Operations
The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation. The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board meeting. Which of the following would be the BEST methods to prepare this report? (Choose two.)
Review the CVE database for critical exploits over the past year
Use social media to contact industry analysts
Use intelligence gathered from the Internet relay chat channels
Request information from security vendors and government agencies
Perform a penetration test of the competitor s network and share the results with the board
Risk Management
Enterprise Security Architecture
A newly hired security analyst has joined an established SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concerned about it.
Which of the following is the MOST likely reason for the team lead s position?
Which of the following is the MOST likely reason for the team lead s position?
The organization has accepted the risks associated with web-based threats.
The attack type does not meet the organization s threat model.
Web-based applications are on isolated network segments.
Corporate policy states that NIPS signatures must be updated every hour.
Enterprise Security Operations
Enterprise Security Operations
SIMULATION
You are a security analyst tasked with interpreting an Nmap scan output from Company A s privileged network.
The company s hardening guidelines indicate the following:
• There should be one primary server or service per device.
• Only default ports should be used.
• Non-secure protocols should be disabled.
INSTRUCTIONS
Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed. For each device found, add a device entry to the Devices Discovered list, with the following information:
• The IP address of the device
• The primary server or service of the device
• The protocol(s) that should be disabled based on the hardening guidelines
To select multiple protocols, use CTRL+CLICK.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
You are a security analyst tasked with interpreting an Nmap scan output from Company A s privileged network.
The company s hardening guidelines indicate the following:
• There should be one primary server or service per device.
• Only default ports should be used.
• Non-secure protocols should be disabled.
INSTRUCTIONS
Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed. For each device found, add a device entry to the Devices Discovered list, with the following information:
• The IP address of the device
• The primary server or service of the device
• The protocol(s) that should be disabled based on the hardening guidelines
To select multiple protocols, use CTRL+CLICK.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Risk Management
Enterprise Security Architecture
A small firm s newly created website has several design flaws. The developer created the website to be fully compatible with ActiveX scripts in order to use various digital certificates and trusting certificate authorities. However, vulnerability testing indicates sandboxes were enabled, which restricts the code s access to resources within the user s computer. Which of the following is the MOST likely cause of the error?
The developer inadvertently used Java applets
The developer established a corporate account with a non-reputable certification authority
The developer used fuzzy logic to determine how the web browser would respond once ports 80 and 443 were both open
The developer did not consider that mobile code would be transmitted across the network
Risk Management
Enterprise Security Operations
An organization is moving internal core data-processing functions related to customer data to a global public cloud provider that uses aggregated services from other partner organizations. Which of the following compliance issues will MOST likely be introduced as a result of the migration?
Internal data integrity standards and outsourcing contracts and partnerships
Data ownership, internal data classification, and risk profiling of outsourcers
Company audit functions, cross-boarding jurisdictional challenges, and export controls
Data privacy regulations, data sovereignty, and third-party providers
Risk Management
Enterprise Security Operations
A company is deploying laptops to replace all current desktop endpoints. This increases the risk of data loss. Which of the following is the BEST solution to address this risk?
File-level encryption
Transit encryption
Record-level encryption
Full disk encryption
Risk Management
Risk Management
As part of incident response, a technician is taking an image of a compromised system and copying the image to a remote image server (192.168.45.82). The system drive is very large but does not contain the sensitive data. The technician has limited time to complete this task. Which of the following is the BEST command for the technician to run?
tar cvf - / | ssh 192.168.45.82 cat - > /images/image.tar
dd if=/dev/mem | scp - 192.168.45.82:/images/image.dd
memdump /dev/sda1 | nc 192.168.45.82 3000
dd if=/dev/sda | nc 192.168.45.82 3000
Enterprise Security Operations
Enterprise Security Operations
Comments