Last Updated on July 4, 2021 by Admin 3
CAS-003 : CompTIA Advanced Security Practitioner (CASP+) CAS-003 : Part 11
Within the past six months, a company has experienced a series of attacks directed at various collaboration tools. Additionally, sensitive information was compromised during a recent security breach of a remote access session from an unsecure site. As a result, the company is requiring all collaboration tools to comply with the following:
– Secure messaging between internal users using digital signatures
– Secure sites for video-conferencing sessions
– Presence information for all office employees
– Restriction of certain types of messages to be allowed into the network.
Which of the following applications must be configured to meet the new requirements? (Choose two.)
- Remote desktop
- Remote assistance
- Instant messaging
- Social media websites
Following a recent data breach, a company has hired a new Chief Information Security Officer (CISO). The CISO is very concerned about the response time to the previous breach and wishes to know how the security team expects to react to a future attack. Which of the following is the BEST method to achieve this goal while minimizing disruption?
- Perform a black box assessment
- Hire an external red team audit
- Conduct a tabletop exercise.
- Recreate the previous breach.
- Conduct an external vulnerability assessment.
A technician is validating compliance with organizational policies. The user and machine accounts in the AD are not set to expire, which is non-compliant. Which of the following network tools would provide this type of information?
- SIEM server
- IDS appliance
- SCAP scanner
- HTTP interceptor
A Chief Security Officer (CSO) is reviewing the organization’s incident response report from a recent incident. The details of the event indicate:
1. A user received a phishing email that appeared to be a report from the organization’s CRM tool.
2. The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool.
3. The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials.
4. Several weeks later, the user reported anomalous activity within the CRM tool.
5. Following an investigation, it was determined the account was compromised and an attacker in another country has gained access to the CRM tool.
6. Following identification of corrupted data and successful recovery from the incident, a lessons learned activity was to be led by the CSO.
Which of the following would MOST likely have allowed the user to more quickly identify the unauthorized use of credentials by the attacker?
- Security awareness training
- Last login verification
- Log correlation
- Time-of-check controls
- Time-of-use controls
- WAYF-based authentication
An organization’s Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer (CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO’s inbox from a familiar name with an attachment. Which of the following should the CISO task a security analyst with to determine whether or not the attachment is safe?
- Place it in a malware sandbox.
- Perform a code review of the attachment.
- Conduct a memory dump of the CFO’s PC.
- Run a vulnerability scan on the email server.
A Chief Information Security Officer (CISO) is reviewing technical documentation from various regional offices and notices some key differences between these groups. The CISO has not discovered any governance documentation. The CISO creates the following chart to visualize the differences among the networking used:
Which of the following would be the CISO’s MOST immediate concern?
- There are open standards in use on the network.
- Network engineers have ignored defacto standards.
- Network engineers are not following SOPs.
- The network has competing standards in use.
A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs. The program has highlighted the following requirements:
1. Long-lived sessions are required, as users do not log in very often.
2. The solution has multiple SPs, which include mobile and web applications.
3. A centralized IdP is utilized for all customer digital channels.
4. The applications provide different functionality types such as forums and customer portals.
5. The user experience needs to be the same across both mobile and web-based applications.
Which of the following would BEST improve security while meeting these requirements?
- Social login to IdP, securely store the session cookies, and implement one-time passwords sent to the mobile device
- Certificate-based authentication to IdP, securely store access tokens, and implement secure push notifications.
- Username and password authentication to IdP, securely store refresh tokens, and implement context-aware authentication.
- Username and password authentication to SP, securely store Java web tokens, and implement SMS OTPs.
Given the following:
Which of the following vulnerabilities is present in the above code snippet?
- Disclosure of database credential
- SQL-based string concatenation
- DOM-based injection
- Information disclosure in comments
An organization is currently performing a market scan for managed security services and EDR capability. Which of the following business documents should be released to the prospective vendors in the first step of the process? (Choose two.)
A security analyst, who is working in a Windows environment, has noticed a significant amount of IPv6 traffic originating from a client, even though IPv6 is not currently in use. The client is a stand-alone device, not connected to the AD that manages a series of SCADA devices used for manufacturing. Which of the following is the appropriate command to disable the client’s IPv6 stack?
When reviewing KRIs of the email security appliance with the Chief Information Security Officer (CISO) of an insurance company, the security engineer notices the following:
Which of the following measures should the security engineer take to ensure PII is not intercepted in transit while also preventing interruption to business?
- Quarantine emails sent to external domains containing PII and release after inspection.
- Prevent PII from being sent to domains that allow users to sign up for free webmail.
- Enable transport layer security on all outbound email communications and attachments.
- Provide security awareness training regarding transmission of PII.
A security administrator is troubleshooting RADIUS authentication issues from a newly implemented controller-based wireless deployment. The RADIUS server contains the following information in its logs:
Based on this information, the administrator reconfigures the RADIUS server, which results in the following log data:
To correct this error message, the administrator makes an additional change to the RADIUS server. Which of the following did the administrator reconfigure on the RADIUS server? (Choose two.)
- Added the controller address as an authorized client
- Registered the RADIUS server to the wireless controller
- Corrected a mismatched shared secret
- Renewed the expired client certificate
- Reassigned the RADIUS policy to the controller
- Modified the client authentication method
An organization is improving its web services to enable better customer engagement and self-service. The organization has a native mobile application and a rewards portal provided by a third party. The business wants to provide customers with the ability to log in once and have SSO between each of the applications. The integrity of the identity is important so it can be propagated through to back-end systems to maintain a consistent audit trail. Which of the following authentication and authorization types BEST meet the requirements? (Choose two.)
- Social login
- OpenID connect
After the departure of a developer under unpleasant circumstances, the company is concerned about the security of the software to which the developer has access. Which of the following is the BEST way to ensure security of the code following the incident?
- Hire an external red team to conduct black box testing
- Conduct a peer review and cross reference the SRTM
- Perform white-box testing on all impacted finished products
- Perform regression testing and search for suspicious code
A software company is releasing a new mobile application to a broad set of external customers. Because the software company is rapidly releasing new features, it has built in an over-the-air software update process that can automatically update the application at launch time. Which of the following security controls should be recommended by the company’s security architect to protect the integrity of the update process? (Choose two.)
- Validate cryptographic signatures applied to software updates
- Perform certificate pinning of the associated code signing key
- Require HTTPS connections for downloads of software updates
- Ensure there are multiple download mirrors for availability
- Enforce a click-through process with user opt-in for new features
A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate RTO and RPO for the organization’s ERP. Which of the following should the CISO interview as MOST qualified to provide RTO/RPO metrics?
- Data custodian
- Data owner
- Security analyst
- Business unit director
- Chief Executive Officer (CEO)
A Chief Information Security Officer (CISO) requests the following external hosted services be scanned for malware, unsecured PII, and healthcare data:
– Corporate intranet site
– Online storage application
– Email and collaboration suite
Security policy also is updated to allow the security team to scan and detect any bulk downloads of corporate data from the company’s intranet and online storage site. Which of the following is needed to comply with the corporate security policy and the CISO’s request?
- Port scanner
- DLP agent
- Application sandbox
- SCAP scanner
Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue. The security team needs to find a technical control mechanism that will meet the following requirements and aid in preventing these outbreaks:
– Stop malicious software that does not match a signature
– Report on instances of suspicious behavior
– Protect from previously unknown threats
– Augment existing security capabilities
Which of the following tools would BEST meet these requirements?
- Host-based firewall
- Patch management
A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior. The company must deploy a host solution to meet the following requirements:
– Detect administrative actions
– Block unwanted MD5 hashes
– Provide alerts
– Stop exfiltration of cardholder data
Which of the following solutions would BEST meet these requirements? (Choose two.)
A security engineer is employed by a hospital that was recently purchased by a corporation. Throughout the acquisition process, all data on the virtualized file servers must be shared by departments within both organizations. The security engineer considers data ownership to determine:
- the amount of data to be moved.
- the frequency of data backups.
- which users will have access to which data
- when the file server will be decommissioned