Comptia (CAS-003) Exam Questions And Answers page 37
An organization is deploying IoT locks, sensors, and cameras, which operate over 802.11, to replace legacy building access control systems. These devices are capable of triggering physical access changes, including locking and unlocking doors and gates. Unfortunately, the devices have known vulnerabilities for which the vendor has yet to provide firmware updates.
Which of the following would BEST mitigate this risk?
Which of the following would BEST mitigate this risk?
Require sensors to sign all transmitted unlock control messages digitally.
Associate the devices with an isolated wireless network configured for WPA2 and EAP-TLS.
Implement an out-of-band monitoring solution to detect message injections and attempts.
Risk Management
Enterprise Security Operations
A large company with a very complex IT environment is considering a move from an on-premises, internally managed proxy to a cloud-based proxy solution managed by an external vendor. The current proxy provides caching, content filtering, malware analysis, and URL categorization for all staff connected behind the proxy. Staff members connect directly to the Internet outside of the corporate network. The cloud-based version of the solution would provide content filtering, TLS decryption, malware analysis, and URL categorization. After migrating to the cloud solution, all internal proxies would be decommissioned. Which of the following would MOST likely change the company s risk profile?
1. There would be a loss of internal intellectual knowledge regarding proxy configurations and application data flows.
2. There would be a greater likelihood of Internet access outages due to lower resilience of cloud gateways.
3. There would be data sovereignty concerns due to changes required in routing and proxy PAC files.
2. There would be a greater likelihood of Internet access outages due to lower resilience of cloud gateways.
3. There would be data sovereignty concerns due to changes required in routing and proxy PAC files.
1. The external vendor would have access to inbound and outbound gateway traffic.
2. The service would provide some level of protection for staff working from home.
3. Outages would be likely to occur for systems or applications with hard-coded proxy information.
2. The service would provide some level of protection for staff working from home.
3. Outages would be likely to occur for systems or applications with hard-coded proxy information.
1. The loss of local caching would dramatically increase ISP charges and impact existing bandwidth.
2. There would be a greater likelihood of Internet access outages due to lower resilience of cloud gateways.
3. There would be a loss of internal intellectual knowledge regarding proxy configurations and application data flows.
2. There would be a greater likelihood of Internet access outages due to lower resilience of cloud gateways.
3. There would be a loss of internal intellectual knowledge regarding proxy configurations and application data flows.
1. Outages would be likely to occur for systems or applications with hard-coded proxy information.
2. The service would provide some level of protection for staff members working from home.
3. Malware detection times would decrease due to third-party management of the service.
2. The service would provide some level of protection for staff members working from home.
3. Malware detection times would decrease due to third-party management of the service.
Enterprise Security Operations
Technical Integration of Enterprise Security
Following a recent disaster, a business activates its DRP. The business is operational again within 60 minutes. The business has multiple geographically dispersed locations that have similar equipment and operational capabilities. Which of the following strategies has the business implemented?
Cold site
Reciprocal agreement
Recovery point objective
Internal redundancy
Risk Management
Risk Management
The Chief Financial Officer (CFO) of an organization wants the IT department to add the CFO s account to the domain administrator group. The IT department thinks this is risky and wants support from the security manager before proceeding. Which of the following BEST supports the argument against providing the CFO with domain administrator access?
Discretionary access control
Separation of duties
Data classification
Mandatory access control
Risk Management
Enterprise Security Operations
A security consultant was hired to audit a company s password are account policy. The company implements the following controls:
• Minimum password length: 16
• Maximum password age: 0
• Minimum password age: 0
• Password complexity: disabled
• Store passwords in plain text: disabled
• Failed attempts lockout: 3
• Lockout timeout: 1 hour
The password database uses salted hashes and PBKDF2. Which of the following is MOST likely to yield the greatest number of plain text passwords in the shortest amount of time?
• Minimum password length: 16
• Maximum password age: 0
• Minimum password age: 0
• Password complexity: disabled
• Store passwords in plain text: disabled
• Failed attempts lockout: 3
• Lockout timeout: 1 hour
The password database uses salted hashes and PBKDF2. Which of the following is MOST likely to yield the greatest number of plain text passwords in the shortest amount of time?
Offline hybrid dictionary attack
Offline brute-force attack
Online hybrid dictionary password spraying attack
Rainbow table attack
Online brute-force attack
Pass-the-hash attack
Risk Management
Enterprise Security Operations
A recent overview of the network s security and storage applications reveals a large amount of data that needs to be isolated for security reasons. Below are the critical applications and devices configured on the network:
• Firewall
• Core switches
• RM server
• Virtual environment
• NAC solution
The security manager also wants data from all critical applications to be aggregated to correlate events from multiple sources. Which of the following must be configured in certain applications to help ensure data aggregation and data isolation are implemented on the critical applications and devices? (Choose two.)
• Firewall
• Core switches
• RM server
• Virtual environment
• NAC solution
The security manager also wants data from all critical applications to be aggregated to correlate events from multiple sources. Which of the following must be configured in certain applications to help ensure data aggregation and data isolation are implemented on the critical applications and devices? (Choose two.)
Routing tables
Log forwarding
Data remanants
Port aggregation
NIC teaming
Zones
Risk Management
Enterprise Security Operations
Given the code snippet below:
Which of the following vulnerability types in the MOST concerning?
Which of the following vulnerability types in the MOST concerning?
Only short usernames are supported, which could result in brute forcing of credentials.
Buffer overflow in the username parameter could lead to a memory corruption vulnerability.
Hardcoded usernames with different code paths taken depend on which user is entered.
Format string vulnerability is present for admin users but not for standard users.
A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence. The firm s systems are running modern operating systems and feature UEFI and TPMs. Which of the following technical options would provide the MOST preventive value?
Update and deploy GPOs
Configure and use measured boot
Strengthen the password complexity requirements
Update the antivirus software and definitions
Risk Management
Enterprise Security Operations
An international e-commerce company has identified attack traffic originating from a whitelisted third party s IP address used to mask the third party s internal network. The security team needs to block the attack traffic without impacting the vendor s services. Which of the following is the BEST approach to identify the threat?
Ask the third-party vendor to block the attack traffic
Configure the third party s proxy to begin sending X-Forwarded-For headers
Configure the e-commerce company s IPS to inspect HTTP traffic
Perform a vulnerability scan against the network perimeter and remediate any issues identified
Risk Management
Enterprise Security Operations
A company wants to extend its help desk availability beyond business hours. The Chief Information Officer (CIO) decides to augment the help desk with a third-party service that will answer calls and provide Tier 1 problem resolution, such as password resets and remote assistance. The security administrator implements the following firewall change:
The administrator provides the appropriate path and credentials to the third-party company. Which of the following technologies is MOST likely being used to provide access to the third company?
The administrator provides the appropriate path and credentials to the third-party company. Which of the following technologies is MOST likely being used to provide access to the third company?
LDAP
WAYF
OpenID
RADIUS
SAML
Enterprise Security Operations
Enterprise Security Operations
Comments