Comptia (CAS-003) Exam Questions And Answers page 31
A security administrator receives reports that several workstations are unable to access resources within one network segment. A packet capture shows the segment is flooded with ICMPv6 traffic from the source fe80::21ae:4571:42ab:1fdd and for the destination ff02::1. Which of the following should the security administrator integrate into the network to help prevent this from occurring?
Deploy honeypots on the network segment to identify the sending machine
Ensure routers will use route advertisement guards
Deploy ARP spoofing prevention on routers and switches
Enterprise Security Architecture
Enterprise Security Operations
A Chief Information Security Officer (CISO) implemented MFA for all accounts in parallel with the BYOD policy. After the implementation, employees report the increased authentication method is causing increased time to tasks. This applies both to accessing the email client on the workstation and the online collaboration portal. Which of the following should be the CISO implement to address the employees concerns?
Create an exception for the company s IPs.
Implement always-on VPN.
Configure the use of employee PKI authentication for email.
Allow the use of SSO.
Enterprise Security Operations
Enterprise Security Operations
Ann, a security administrator, is conducting an assessment on a new firewall, which was placed at the perimeter of a network containing PII. Ann runs the following commands on a server (10.0.1.19) behind the firewall:
From her own workstation (192.168.2.45) outside the firewall, Ann then runs a port scan against the server and records the following packet capture of the port scan:
Connectivity to the server from outside the firewall worked as expected prior to executing these commands.
Which of the following can be said about the new firewall?
From her own workstation (192.168.2.45) outside the firewall, Ann then runs a port scan against the server and records the following packet capture of the port scan:
Connectivity to the server from outside the firewall worked as expected prior to executing these commands.
Which of the following can be said about the new firewall?
It is correctly dropping all packets destined for the server.
It is not blocking or filtering any traffic to the server.
Iptables needs to be restarted.
The IDS functionality of the firewall is currently disabled.
Risk Management
Enterprise Security Operations
Providers at a healthcare system with many geographically dispersed clinics have been fined five times this year after an auditor received notice of the following SMS messages:
Which of the following represents the BEST solution for preventing future fines?
Which of the following represents the BEST solution for preventing future fines?
Implement a secure text-messaging application for mobile devices and workstations.
Write a policy requiring this information to be given over the phone only.
Provide a courier service to deliver sealed documents containing public health informatics.
Implement FTP services between clinics to transmit text documents with the information.
Implement a system that will tokenize patient numbers.
Risk Management
Enterprise Security Operations
A penetration tester is on an active engagement and has access to a remote system. The penetration tester wants to bypass the DLP, which is blocking emails that are encrypted or contain sensitive company information. Which of the following cryptographic techniques should the penetration tester use?
GNU Privacy Guard
UUencoding
DNSCrypt
Steganography
Enterprise Security Architecture
Enterprise Security Operations
The director of sales asked the development team for some small changes to increase the usability of an application used by the sales team. Prior security reviews of the code showed no significant vulnerabilities, and since the changes were small, they were given a peer review and then pushed to the live environment. Subsequent vulnerability scans now show numerous flaws that were not present in the previous versions of the code.
Which of the following is an SDLC best practice that should have been followed?
Which of the following is an SDLC best practice that should have been followed?
Versioning
Regression testing
Continuous integration
Integration testing
Risk Management
Enterprise Security Operations
Due to a recent breach, the Chief Executive Officer (CEO) has requested the following activities be conducted during incident response planning:
• Involve business owners and stakeholders
• Create an applicable scenario
• Conduct a biannual verbal review of the incident response plan
• Report on the lessons learned and gaps identified
Which of the following exercises has the CEO requested?
• Involve business owners and stakeholders
• Create an applicable scenario
• Conduct a biannual verbal review of the incident response plan
• Report on the lessons learned and gaps identified
Which of the following exercises has the CEO requested?
Parallel operations
Full transition
Internal review
Tabletop
Partial simulation
Risk Management
Enterprise Security Operations
A creative services firm has a limited security budget and staff. Due to its business model, the company sends and receives a high volume of files every day through the preferred method defined by its customers. These include email, secure file transfers, and various cloud service providers. Which of the following would BEST reduce the risk of malware infection while meeting the company s resource requirements and maintaining its current workflow?
Configure a network-based intrusion prevention system
Contract a cloud-based sandbox security service
Enable customers to send and receive files via SFTP
Implement appropriate DLP systems with strict policies
Risk Management
Enterprise Security Operations
A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:
ls -l -a /usr/heinz/public; cat ./config/db.yml
The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:
system ("ls -l -a #{path}")
Which of the following is an appropriate security control the company should implement?
ls -l -a /usr/heinz/public; cat ./config/db.yml
The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:
system ("ls -l -a #{path}")
Which of the following is an appropriate security control the company should implement?
Restrict directory permissions to read-only access.
Use server-side processing to avoid XSS vulnerabilities in path input.
Separate the items in the system call to prevent command injection.
Parameterize a query in the path variable to prevent SQL injection.
Risk Management
Enterprise Security Operations
A group of security consultants is conducting an assessment of a customer s network across multiple physical locations. To save time, the customer has allowed the consultants to install a single server inside the network perimeter. In addition to open-source intelligence gathering and social engineering, which of the following BEST describes the technique the consultants are employing?
Using persuasion and deception to gain access to systems
Conducting physical attacks by a red team
Moving laterally through a network from compromised hosts
Performing black-box penetration testing
Risk Management
Enterprise Security Operations
Comments