A Review Of Simulation CAS-003 Free Download

NEW QUESTION 1
A penetration tester is inspecting traffic on a new mobile banking application and sends the following web request:
POST http://www.example.com/resources/NewBankAccount HTTP/1.1 Content-type: application/json
{
“account”: [
{ “creditAccount”:”Credit Card Rewards account”}
{ “salesLeadRef”:”www.example.com/badcontent/explogtme.exe”}
],
“customer”: [
{ “name”:”Joe Citizen”}
{ “custRef”:”3153151”}
]
}
The banking website responds with: HTTP/1.1 200 OK
{
“newAccountDetails”:
[
{ “cardNumber”:”1234123412341234”}
{ “cardExpiry”:”2020-12-31”}
{ “cardCVV”:”909”}
],
“marketingCookieTracker”:“JSESSIONID=000000001” “returnCode”:“Account added successfully”
}
Which of the following are security weaknesses in this example? (Select TWO).

• A. Missing input validation on some fields
• B. Vulnerable to SQL injection
• C. Sensitive details communicated in clear-text
• D. Vulnerable to XSS
• E. Vulnerable to malware file uploads
• F. JSON/REST is not as secure as XML

Answer: AC

Explanation:
The SalesLeadRef field has no input validation. The penetration tester should not be able to enter “www.example.com/badcontent/explogtme.exe” in this field.
The credit card numbers are communicated in clear text which makes it vulnerable to an attacker. This kind of information should be encrypted.
Incorrect Answers:
B: There is nothing to suggest the system is vulnerable to SQL injection.
D: There is nothing to suggest the system is vulnerable to XSS (cross site scripting).
E: Although the tester was able to post a URL to malicious software, it does not mean the system is vulnerable to malware file uploads.
F: JSON/REST is no less secure than XML.

NEW QUESTION 2
The latest independent research shows that cyber attacks involving SCADA systems grew an average of 15% per year in each of the last four years, but that this year’s growth has slowed to around 7%. Over the same time period, the number of attacks against applications has decreased or stayed flat each year. At the start of the measure period, the incidence of PC boot loader or BIOS based attacks was negligible. Starting two years ago, the growth in the number of PC boot loader attacks has grown exponentially. Analysis of these trends would seem to suggest which of the following strategies should be employed?

• A. Spending on SCADA protections should stay steady; application control spending should increase substantially and spending on PC boot loader controls should increase substantially.
• B. Spending on SCADA security controls should stay steady; application control spending should decrease slightly and spending on PC boot loader protections should increase substantially.
• C. Spending all controls should increase by 15% to start; spending on application controls should be suspended, and PC boot loader protection research should increase by 100%.
• D. Spending on SCADA security controls should increase by 15%; application control spending should increase slightly, and spending on PC boot loader protections should remain steady.

Answer: B

Explanation:
Spending on the security controls should stay steady because the attacks are still ongoing albeit reduced in occurrence Due to the incidence of BIOS-based attacks growing exponentially as the application attacks being decreased or staying flat spending should increase in this field. Incorrect Answers:
A: The SCADA security control spending and not the SCADA protection spending should stay steady. There is no need to in spending on application control.
C: There is no n increase spending on all security controls.
D: This is partly correct, but the spending on application control does not have to increase and the BIOS protections should increase since these attacks are now more prevalent.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, p. 343
https://en.wikipedia.org/wiki/SCADA

NEW QUESTION 3
A new cluster of virtual servers has been set up in a lab environment and must be audited before being allowed on the production network. The security manager needs to ensure unnecessary services are disabled and all system accounts are using strong credentials. Which of the following tools should be used? (Choose two.)

• A. Fuzzer
• B. SCAP scanner
• C. Packet analyzer
• D. Password cracker
• E. Network enumerator
• F. SIEM

Answer: BF

NEW QUESTION 4
A security engineer has implemented an internal user access review tool so service teams can baseline user accounts and group memberships. The tool is functional and popular among its initial set of onboarded teams. However, the tool has not been built to cater to a broader set of internal teams yet. The engineer has sought feedback from internal stakeholders, and a list of summarized requirements is as follows:
The tool needs to be responsive so service teams can query it, and then perform an automated response action.
The tool needs to be resilient to outages so service teams can perform the user access review at any point in time and meet their own SLAs.
The tool will become the system-of-record for approval, reapproval, and removal life cycles of group memberships and must allow for data retrieval after failure.
Which of the following need specific attention to meet the requirements listed above? (Choose three.)

• A. Scalability
• B. Latency
• C. Availability
• D. Usability
• E. Recoverability
• F. Maintainability

Answer: BCE

NEW QUESTION 5
Legal authorities notify a company that its network has been compromised for the second time in two years. The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks. Which of the following would have allowed the security team to use historical information to protect against the second attack?

• A. Key risk indicators
• B. Lessons learned
• C. Recovery point objectives
• D. Tabletop exercise

Answer: A

NEW QUESTION 6
A company has entered into a business agreement with a business partner for managed human resources services. The Chief Information Security Officer (CISO) has been asked to provide documentation that is required to set up a business-to-business VPN between the two organizations. Which of the following is required in this scenario?

• A. ISA
• B. BIA
• C. SLA
• D. RA

Answer: C

NEW QUESTION 7
An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the final negotiations, there are a number of outstanding issues, including:
1. Indemnity clauses have identified the maximum liability
2. The data will be hosted and managed outside of the company’s geographical location
The number of users accessing the system will be small, and no sensitive data will be hosted in the solution. As the security consultant on the project, which of the following should the project’s security consultant recommend as the NEXT step?

• A. Develop a security exemption, as it does not meet the security policies
• B. Mitigate the risk by asking the vendor to accept the in-country privacy principles
• C. Require the solution owner to accept the identified risks and consequences
• D. Review the entire procurement process to determine the lessons learned

Answer: C

NEW QUESTION 8
A systems administrator has installed a disk wiping utility on all computers across the organization and configured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. The company has also instituted a policy that requires users to erase files containing sensitive information when they are no longer needed.
To ensure the process provides the intended results, an auditor reviews the following content from a randomly selected decommissioned hard disk:

Which of the following should be included in the auditor’s report based in the above findings?

• A. The hard disk contains bad sectors
• B. The disk has been degaussed.
• C. The data represents part of the disk BIOS.
• D. Sensitive data might still be present on the hard drive

Answer: A

NEW QUESTION 9
Which of the following describes a risk and mitigation associated with cloud data storage?

• A. Risk: Shared hardware caused data leakage Mitigation: Strong encryption at rest
• B. Risk: Offsite replication Mitigation: Multi-site backups
• C. Risk: Data loss from de-duplication Mitigation: Dynamic host bus addressing
• D. Risk: Combined data archivingMitigation: Two-factor administrator authentication

Answer: A

Explanation:
With cloud data storage, the storage provider will have large enterprise SANs providing large pools of storage capacity. Portions of the storage pools are assigned to customers. The risk is that multiple customers are storing their data on the same physical hardware storage devices. This presents a risk (usually a very small risk, but a risk all the same) of other customers using the same cloud storage hardware being able to view your data.
The mitigation of the risk is to encrypt your data stored on the SAN. Then the data would be unreadable even if another customer was able to access it.
Incorrect Answers:
B: Offsite replication is used for disaster recovery purposes. It is not considered to be a risk as long as the data is secure in the other site. Multi-site backups are not a risk mitigation.
C: Data loss from de-duplication is not considered to be a risk. De-duplication removes duplicate copies of data to reduce the storage space required for the dat
A. Dynamic host bus addressing is not a risk mitigation.
D: Combined data archiving is not considered to be a risk. The archived data would be less accessible to other customers than the live data on the shared storage.

NEW QUESTION 10
The legal department has required that all traffic to and from a company’s cloud-based word processing and email system is logged. To meet this requirement, the Chief Information Security Officer (CISO) has implemented a next-generation firewall to perform inspection of the secure traffic and has decided to use a cloud-based log aggregation solution for all traffic that is logged. Which of the following presents a long-term risk to user privacy in this scenario?

• A. Confidential or sensitive documents are inspected by the firewall before being logged.
• B. Latency when viewing videos and other online content may increase.
• C. Reports generated from the firewall will take longer to produce due to more information from inspected traffic.
• D. Stored logs may contain non-encrypted usernames and passwords for personal website

Answer: A

NEW QUESTION 11
An insurance company is looking to purchase a smaller company in another country. Which of the following tasks would the security administrator perform as part of the security due diligence?

• A. Review switch and router configurations
• B. Review the security policies and standards
• C. Perform a network penetration test
• D. Review the firewall rule set and IPS logs

Answer: B

Explanation:
IT security professionals should have a chance to review the security controls and practices of a company targeted for acquisition. Any irregularities that are found should be reported to management so that expenses and concerns are properly identified.
Incorrect Answers:
A: Due diligence entails ensuring controls implemented by an organization continues to provide the required level of protection. Reviewing switch and router configurations are not part of this process. C: Due diligence entails ensuring controls implemented by an organization continues to provide the required level of protection. Performing a network penetration test is not part of this process.
D: Due diligence entails ensuring controls implemented by an organization continues to provide the required level of protection. Reviewing the firewall rule set and IPS logs are not part of this process. References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 270, 332

NEW QUESTION 12
An SQL database is no longer accessible online due to a recent security breach. An investigation reveals that unauthorized access to the database was possible due to an SQL injection vulnerability. To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two.)

• A. Secure storage policies
• B. Browser security updates
• C. Input validation
• D. Web application firewall
• E. Secure coding standards
• F. Database activity monitoring

Answer: CF

NEW QUESTION 13
There have been several explogts to critical devices within the network. However, there is currently no process to perform vulnerability analysis. Which the following should the security analyst implement during production hours to identify critical threats and vulnerabilities?

• A. asset inventory of all critical devices
• B. Vulnerability scanning frequency that does not interrupt workflow
• C. Daily automated reports of explogted devices
• D. Scanning of all types of data regardless of sensitivity levels

Answer: B

NEW QUESTION 14
A vulnerability scanner report shows that a client-server host monitoring solution operating in the credit card corporate environment is managing SSL sessions with a weak algorithm which does not meet corporate policy. Which of the following are true statements? (Select TWO).

• A. The X509 V3 certificate was issued by a non trusted public CA.
• B. The client-server handshake could not negotiate strong ciphers.
• C. The client-server handshake is configured with a wrong priority.
• D. The client-server handshake is based on TLS authentication.
• E. The X509 V3 certificate is expired.
• F. The client-server implements client-server mutual authentication with different certificate

Answer: BC

Explanation:
The client-server handshake could not negotiate strong ciphers. This means that the system is not configured to support the strong ciphers provided by later versions of the SSL protocol. For example, if the system is configured to support only SSL version 1.1, then only a weak cipher will be supported. The client-server handshake is configured with a wrong priority. The client sends a list of SSL versions it supports and priority should be given to the highest version it supports. For example, if the client supports SSL versions 1.1, 2 and 3, then the server should use version 3. If the priority is not configured correctly (if it uses the lowest version) then version 1.1 with its weak algorithm will be used.
Incorrect Answers:
A: If the X509 V3 certificate was issued by a non-trusted public CA, then the client would receive an error saying the certificate is not trusted. However, an X509 V3 certificate would not cause a weak algorithm.
D: TLS provides the strongest algorithm; even stronger than SSL version 3.
E: If the X509 V3 certificate had expired, then the client would receive an error saying the certificate is not trusted due to being expired. However, an X509 V3 certificate would not cause a weak algorithm.
F: SSL does not mutual authentication with different certificates. References:
http://www.slashroot.in/uHYPERLINK "http://www.slashroot.in/understanding-ssl-handshakeprotocol" nderstanding-ssl-hHYPERLINK "http://www.slashroot.in/understanding-ssl-handshakeprotocol" andshake-protocol

NEW QUESTION 15
A security auditor suspects two employees of having devised a scheme to steal money from the company. While one employee submits purchase orders for personal items, the other employee approves these purchase orders. The auditor has contacted the human resources director with suggestions on how to detect such illegal activities. Which of the following should the human resource director implement to identify the employees involved in these activities and reduce the risk of this activity occurring in the future?

• A. Background checks
• B. Job rotation
• C. Least privilege
• D. Employee termination procedures

Answer: B

Explanation:
Job rotation can reduce fraud or misuse by preventing an individual from having too much control over an area.
Incorrect Answers:
A: To verify that a potential employee has a clean background and that any negative history is exposed prior to employment, a background check is used.
C: The principle of least privilege prevents employees from accessing levels not required to perform their everyday function.
D: The employee termination procedures will not identify the employees involved in these activities and reduce the risk of this activity occurring in the future.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 243, 245, 246

NEW QUESTION 16
The code snippet below controls all electronic door locks to a secure facility in which the doors should only fail open in an emergency. In the code, “criticalValue” indicates if an emergency is underway:

Which of the following is the BEST course of action for a security analyst to recommend to the software developer?

• A. Rewrite the software to implement fine-grained, conditions-based testing
• B. Add additional exception handling logic to the main program to prevent doors from being opened
• C. Apply for a life-safety-based risk exception allowing secure doors to fail open
• D. Rewrite the software’s exception handling routine to fail in a secure state

Answer: B

NEW QUESTION 17
The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the Chief Security Officer’s (CSO) request to harden the corporate network’s perimeter. The CEO argues that the company cannot protect its employees at home, so the risk at work is no different. Which of the following BEST explains why this company should proceed with protecting its corporate network boundary?

• A. The corporate network is the only network that is audited by regulators and customers.
• B. The aggregation of employees on a corporate network makes it a more valuable target for attackers.
• C. Home networks are unknown to attackers and less likely to be targeted directly.
• D. Employees are more likely to be using personal computers for general web browsing when they are at home.

Answer: B

Explanation:
Data aggregation is any process in which information is gathered and expressed in a summary form, for purposes such as statistical analysis. Data aggregation increases the impact and scale of a security breach. The amount of data aggregation on the corporate network is much more that on an employee’s home network, and is therefore more valuable.
Incorrect Answers:
A: Protecting its corporate network boundary is the only network that is audited by regulators and customers is not a good enough reason. Protecting its corporate network boundary because the amount of data aggregation on the corporate network is much more that on an employee’s home network is.
C: Home networks are not less likely to be targeted directly because they are unknown to attackers, but because the amount of data aggregation available on the corporate network is much more.
D: Whether employees are browsing from their personal computers or logged into the corporate network, they could still be attacked. However, the amount of data aggregation on the corporate network is much more that on an employee’s home network, and is therefore more valuable. References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, p. 101
http://searchsqlserver.techtarget.com/definition/data-aggregation

NEW QUESTION 18
A security technician is incorporating the following requirements in an RFP for a new SIEM: New security notifications must be dynamically implemented by the SIEM engine
The SIEM must be able to identify traffic baseline anomalies
Anonymous attack data from all customers must augment attack detection and risk scoring
Based on the above requirements, which of the following should the SIEM support? (Choose two.)

• A. Autoscaling search capability
• B. Machine learning
• C. Multisensor deployment
• D. Big Data analytics
• E. Cloud-based management
• F. Centralized log aggregation

Answer: BD

NEW QUESTION 19
Which of the following provides the BEST risk calculation methodology?

• A. Annual Loss Expectancy (ALE) x Value of Asset
• B. Potential Loss x Event Probability x Control Failure Probability
• C. Impact x Threat x Vulnerability
• D. Risk Likelihood x Annual Loss Expectancy (ALE)

Answer: B

Explanation:
Of the options given, the BEST risk calculation methodology would be Potential Loss x Event Probability x Control Failure Probability. This exam is about computer and data security so ‘loss’ caused by risk is not necessarily a monetary value.
For example:
Potential Loss could refer to the data lost in the event of a data storage failure. Event probability could be the risk a disk drive or drives failing.
Control Failure Probability could be the risk of the storage RAID not being able to handle the number of failed hard drives without losing data.
Incorrect Answers:
A: Annual Loss Expectancy (ALE) is a monetary value used to calculate how much is expected to be lost in one year. For example, if the cost of a failure (Single Loss Expectancy (SLE)) is $1000 and the failure is expected to happen 5 times in a year (Annualized Rate of Occurrence (ARO)), then the Annual Loss Expectancy is $5000. ALE is not the best calculation for I.T. risk calculation.
C: Impact x Threat x Vulnerability looks like a good calculation at first glance. However, for a risk calculation there needs to be a definition of the likelihood (probability) of the risk.
D: Annual Loss Expectancy (ALE) is a monetary value used to calculate how much is expected to be lost in one year. ALE is not the best calculation for I.T. risk calculation.
References:
https://iaonline.theiia.org/understanding-the-risk-management-process

NEW QUESTION 20
......