Comptia (CAS-003) Exam Questions And Answers page 39
The Chief Information Security Officer (CISO) developed a robust plan to address both internal and external vulnerabilities due to an increase in ransomware attacks on the network. However, the number of successful attacks continues to increase. Which of the following is the MOST likely failure?
The threat model was not vetted properly.
The IDS/IPS were not updated with the latest malware signatures.
The organization did not conduct a business impact analysis.
Risk Management
Enterprise Security Operations
A firewall specialist has been newly assigned to participate in red team exercises and needs to ensure the skills represent real-world threats.
Which of the following would be the BEST choice to help the new team member learn bleeding-edge techniques?
Which of the following would be the BEST choice to help the new team member learn bleeding-edge techniques?
Attend hacking conventions.
Research methods while using Tor.
Interview current red team members.
Attend web-based training.
Enterprise Security Operations
Enterprise Security Operations
A company recently experienced a security incident in which its domain controllers were the target of a DoS attack. In which of the following steps should technicians connect domain controllers to the network and begin authenticating users again?
Preparation
Identification
Containment
Eradication
Recovery
Lessons learned
Risk Management
Enterprise Security Operations
A security engineer is performing an assessment again for a company. The security engineer examines the following output from the review:
Which of the following tools is the engineer utilizing to perform this assessment?
Which of the following tools is the engineer utilizing to perform this assessment?
Vulnerability scanner
SCAP scanner
Port scanner
Interception proxy
Enterprise Security Operations
Enterprise Security Operations
After embracing a BYOD policy, a company is faced with new security challenges from unmanaged mobile devices and laptops. The company s IT department has seen a large number of the following incidents:
• Duplicate IP addresses
• Rogue network devices
• Infected systems probing the company s network
Which of the following should be implemented to remediate the above issues? (Choose two.)
• Duplicate IP addresses
• Rogue network devices
• Infected systems probing the company s network
Which of the following should be implemented to remediate the above issues? (Choose two.)
Port security
Route protection
NAC
HIPS
NIDS
Enterprise Security Operations
Technical Integration of Enterprise Security
A systems administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?
Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2
Take an MD5 hash of the server
Delete all PHI from the network until the legal department is consulted
Consult the legal department to determine the legal requirements
Risk Management
Enterprise Security Operations
A company wants to implement a cloud-based security solution that will sinkhole malicious DNS requests. The security administrator has implemented technical controls to direct DNS requests to the cloud servers but wants to extend the solution to all managed and unmanaged endpoints that may have user-defined DNS manual settings. Which of the following should the security administrator implement to ensure the solution will protect all connected devices?
Implement firewall ACLs as follows:
PERMIT UDP ANY CLOUD_SERVER EQ 53
DENY UDP ANY ANY EQ 53
PERMIT UDP ANY CLOUD_SERVER EQ 53
DENY UDP ANY ANY EQ 53
Implement NAT as follows:
Implement DHCP options as follows:
DHCP DNS1: CLOUD_SERVER1
DHCP DNS2: CLOUD_SERVER2
DHCP DNS1: CLOUD_SERVER1
DHCP DNS2: CLOUD_SERVER2
Implement policy routing as follows:
100 PERMIT UDP ANY ANY ANY 53
200 PERMIT UDP PAT_POOL ANY CLOUD_SERVER 53
IP ROUTE_MAP 200 200
100 PERMIT UDP ANY ANY ANY 53
200 PERMIT UDP PAT_POOL ANY CLOUD_SERVER 53
IP ROUTE_MAP 200 200
Enterprise Security Operations
Enterprise Security Operations
A security engineer successfully exploits an application during a penetration test. As proof of the exploit, the security engineer takes screenshots of how data was compromised in the application. Given the information below from the screenshot.
Which of the following tools was MOST likely used to exploit the application?
Which of the following tools was MOST likely used to exploit the application?
The engineer captured the data with a protocol analyzer, and then utilized Python to edit the data
The engineer queried the server and edited the data using an HTTP proxy interceptor
The engineer used a cross-site script sent via curl to edit the data
The engineer captured the HTTP headers, and then replaced the JSON data with a banner-grabbing tool
Risk Management
Enterprise Security Operations
A penetration tester is trying to gain access to a remote system. The tester is able to see the secure login page and knows one user account and email address, but has not yet discovered a password.
Which of the following would be the EASIEST method of obtaining a password for the known account?
Which of the following would be the EASIEST method of obtaining a password for the known account?
Man-in-the-middle
Reverse engineering
Social engineering
Hash cracking
Risk Management
Enterprise Security Operations
A vulnerability was recently announced that allows a malicious user to gain root privileges on other virtual machines running within the same hardware cluster. Customers of which of the following cloud-based solutions should be MOST concerned about this vulnerability?
Single-tenant private cloud
Multitenant SaaS cloud
Single-tenant hybrid cloud
Multitenant IaaS cloud
Multitenant PaaS cloud
Single-tenant public cloud
Enterprise Security Operations
Enterprise Security Operations
Comments