Comptia (CAS-003) Exam Questions And Answers page 23
A company contracts a security consultant to perform a remote white-box penetration test. The company wants the consultant to focus on Internet-facing services without negatively impacting production services. Which of the following is the consultant MOST likely to use to identify the company s attack surface? (Choose two.)
WHOIS registry
DNS records
Company s firewall ACL
Internal routing tables
Directory service queries
Risk Management
Enterprise Security Architecture
While an employee is on vacation, suspicion arises that the employee has been involved in malicious activity on the network. The security engineer is concerned the investigation may need to continue after the employee returns to work. Given this concern, which of the following should the security engineer recommend to maintain the integrity of the investigation?
Create archival copies of all documents and communications related to the employee
Create a forensic image of network infrastructure devices
Create an image file of the employee s network drives and store it with hashes
Install a keylogger to capture the employee s communications and contacts
Risk Management
Enterprise Security Operations
An aircraft manufacturer is developing software that will perform automatic flight control (auto-pilot). Given the high safety criticality of the software, the developer can BEST prove software correctness to a requirement s specification by employing:
static code analyzers
formal methods
test harnesses
dynamic analysis methods
Risk Management
Risk Management
After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees devices into the network securely?
Distribute a NAC client and use the client to push the company s private key to all the new devices.
Distribute the device connection policy and a unique public/private key pair to each new employee s device.
Install a self-signed SSL certificate on the company s RADIUS server and distribute the certificate s public key to all new client devices.
Install an 802.1X supplicant on all new devices and let each device generate a self-signed certificate to use for network access.
Risk Management
Enterprise Security Operations
A Chief Information Security Officer (CISO) of a large financial institution undergoing an IT transformation program wants to embed security across the business rapidly and across as many layers of the business as possible to achieve quick wins and reduce risk to the organization. Which of the following business areas should the CISO target FIRST to best meet the objective?
Programmers and developers should be targeted to ensure secure coding practices, including automated code reviews with remediation processes, are implemented immediately.
Human resources should be targeted to ensure all new employees undertake security awareness and compliance training to reduce the impact of phishing and ransomware attacks.
The project management office should be targeted to ensure security is managed and included at all levels of the project management cycle for new and in-flight projects.
Risk assurance teams should be targeted to help identify key business unit security risks that can be aggregated across the organization to produce a risk posture dashboard for executive management.
Risk Management
Enterprise Security Operations
A Chief Information Security Officer (CISO) is running a test to evaluate the security of the corporate network and attached devices. Which of the following components should be executed by an outside vendor?
Penetration tests
Vulnerability assessment
Tabletop exercises
Blue-team operations
Enterprise Security Operations
Enterprise Security Operations
An organization that develops military technology is considering expansion into a foreign country. The organization's owners want to understand the risks associated with such an expansion, and the organization does not want to fund an intensive assessment. Which of the following approaches should be taken?
Penetration test
Tabletop assessment
Compliance assessment
Configuration security test
Risk Management
Risk Management
A forensic analyst must image the hard drive of a computer and store the image on a remote server. The analyst boots the computer with a live Linux distribution. Which of the following will allow the analyst to copy and transfer the file securely to the remote server?
dd if=/dev/sda | sha256 | ssh o username=user, password=mypass p 2000 remote.server.com
dcfldd if=/dev/sda hash=sha256 sha256log=sha.log | cryptcat k $key remote.server.com 2000
nc remote.server.com 5555 e dcfldd if=/dev/sda of=./image.dd | sha256 > sha256.log
ssh D 5555 [email protected]; dd if=/dev/sda* | nc localhost 5555 sha256 > sha.txt
Enterprise Security Architecture
Enterprise Security Operations
A company recently implemented a variety of security services to detect various types of traffic that pose a threat to the company. The following services were enabled within the network:
" Scan of specific subsets for vulnerabilities
" Categorizing and logging of website traffic
" Enabling specific ACLs based on application traffic
" Sending suspicious files to a third-party site for validation
A report was sent to the security team that identified multiple incidents of users sharing large amounts of data from an on-premise server to a public site. A small percentage of that data also contained malware and spyware
Which of the following services MOST likely identified the behavior and sent the report?
" Scan of specific subsets for vulnerabilities
" Categorizing and logging of website traffic
" Enabling specific ACLs based on application traffic
" Sending suspicious files to a third-party site for validation
A report was sent to the security team that identified multiple incidents of users sharing large amounts of data from an on-premise server to a public site. A small percentage of that data also contained malware and spyware
Which of the following services MOST likely identified the behavior and sent the report?
Content filter
User behavioral analytics
Application sandbox
Web application firewall
Endpoint protection
Cloud security broker
Enterprise Security Operations
Enterprise Security Operations
Users have reported that an internally developed web application is acting erratically, and the response output is inconsistent. The issue began after a web application dependency patch was applied to improve security. Which of the following would be the MOST appropriate tool to help identify the issue?
Fuzzer
SCAP scanner
Vulnerability scanner
HTTP interceptor
Enterprise Security Operations
Technical Integration of Enterprise Security
Comments