Comptia (CAS-003) Exam Questions And Answers page 26
A network engineer is upgrading the network perimeter and installing a new firewall, IDS, and external edge router. The IDS is reporting elevated UDP traffic, and the internal routers are reporting high utilization. Which of the following is the BEST solution?
Establish a security baseline on the IDS.
Block echo reply traffic at the firewall.
Modify the edge router to not forward broadcast traffic.
Enterprise Security Architecture
Enterprise Security Operations
A security assessor is working with an organization to review the policies and procedures associated with managing the organization s virtual infrastructure. During a review of the virtual environment, the assessor determines the organization is using servers to provide more than one primary function, which violates a regulatory requirement. The assessor reviews hardening guides and determines policy allows for this configuration. It would be MOST appropriate for the assessor to advise the organization to:
segment dual-purpose systems on a hardened network segment with no external access
assess the risks associated with accepting non-compliance with regulatory requirements
update system implementation procedures to comply with regulations
review regulatory requirements and implement new policies on any newly provisioned servers
Risk Management
Enterprise Security Architecture
A company has entered into a business agreement with a business partner for managed human resources services. The Chief Information Security Officer (CISO) has been asked to provide documentation that is required to set up a business-to-business VPN between the two organizations. Which of the following is required in this scenario?
ISA
BIA
SLA
RA
Enterprise Security Operations
Enterprise Security Operations
How Did a Malicious Insider Bypass a DLP System with JPEG Files?
Multiple Choice
A company has a DLP system with the following capabilities:
• Text examination
• Optical character recognition
• File type validation
• Multilingual translation of key words and phrases
• Blocking of content encrypted with a known cipher
• Examination of all egress points
Despite the existing protections, a malicious insider was able to exfiltrate confidential information. DLP logs show the malicious insider transferred a number of JPEG files to an external host, but each of those files appears as negative for the presence of confidential information. Which of the following are the MOST likely explanations for this issue? (Choose two.)
• Text examination
• Optical character recognition
• File type validation
• Multilingual translation of key words and phrases
• Blocking of content encrypted with a known cipher
• Examination of all egress points
Despite the existing protections, a malicious insider was able to exfiltrate confidential information. DLP logs show the malicious insider transferred a number of JPEG files to an external host, but each of those files appears as negative for the presence of confidential information. Which of the following are the MOST likely explanations for this issue? (Choose two.)
Translating the confidential information from English into Farsi and then into French to avoid detection.
Scrambling the confidential information using a proprietary obfuscation scheme before sending the files via email.
Changing the extension of Word files containing confidential information to .jpg and uploading them to a file sharing site.
Printing the documents to TIFF images and attaching the files to outbound email messages.
Leveraging stenography to hide the information within the JPEG files
Placing the documents containing sensitive information into an AES-256 encrypted compressed archive files and using FTP to send them to an outside host
Risk Management
Enterprise Security Operations
A technician is configuring security options on the mobile device manager for users who often utilize public Internet connections while travelling. After ensuring that full disk encryption is enabled, which of the following security measures should the technician take? (Choose two.)
Require all mobile device backups to be encrypted
Ensure all mobile devices back up using USB OTG
Issue a remote wipe of corporate and personal partitions
Restrict devices from making long-distance calls during business hours
Implement an always-on VPN
Risk Management
Enterprise Security Operations
The Chief Executive Officers (CEOs) from two different companies are discussing the highly sensitive prospect of merging their respective companies together. Both have invited their Chief Information Officers (CIOs) to discern how they can securely and digitally communicate, and the following criteria are collectively determined:
• Must be encrypted on the email servers and clients
• Must be OK to transmit over unsecure Internet connections
Which of the following communication methods would be BEST to recommend?
• Must be encrypted on the email servers and clients
• Must be OK to transmit over unsecure Internet connections
Which of the following communication methods would be BEST to recommend?
Force TLS between domains.
Enable STARTTLS on both domains.
Use PGP-encrypted emails.
Switch both domains to utilize DNSSEC.
Risk Management
Enterprise Security Architecture
Company leadership believes employees are experiencing an increased number of cyber attacks; however, the metrics do not show this. Currently, the company uses Number of successful phishing attacks as a KRI, but it does not show an increase.
Which of the following additional information should be the Chief Information Security Officer (CISO) include in the report?
Which of the following additional information should be the Chief Information Security Officer (CISO) include in the report?
The ratio of phishing emails to non-phishing emails
The number of phishing attacks per employee
The number of unsuccessful phishing attacks
The percent of successful phishing attacks
Risk Management
Enterprise Security Architecture
A security researcher at an organization is reviewing potential threats to the VoIP phone system infrastructure, which uses a gigabit Internet connection. The researcher finds a vulnerability and knows placing an IPS in front of the phone system will mitigate the risk. The researcher gathers the following information about various IPS systems:
The organization is concerned about cost, but call quality is critical to its operations. Which of the following vendors would be BEST for the organization to choose?
The organization is concerned about cost, but call quality is critical to its operations. Which of the following vendors would be BEST for the organization to choose?
Vendor 1
Vendor 2
Vendor 3
Vendor 4
Vendor 5
Risk Management
Enterprise Security Architecture
A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive analysis attacks.
Which of the following is the BEST solution?
Which of the following is the BEST solution?
Use an entropy-as-a-service vendor to leverage larger entropy pools.
Loop multiple pseudo-random number generators in a series to produce larger numbers.
Increase key length by two orders of magnitude to detect brute forcing.
Shift key generation algorithms to ECC algorithms.
Risk Management
Enterprise Security Operations
A developer emails the following output to a security administrator for review:
Which of the following tools might the security administrator use to perform further security assessment of this issue?
Which of the following tools might the security administrator use to perform further security assessment of this issue?
Port scanner
Vulnerability scanner
Fuzzer
HTTP interceptor
Enterprise Security Operations
Technical Integration of Enterprise Security
Comments