Mohamed Fnayou
Quiz von , erstellt am more than 1 year ago

Quizes about CASP examS

81
1
0
Mohamed Fnayou
Erstellt von Mohamed Fnayou vor etwa 8 Jahre
Schließen

In-Class Quizzes

Frage 1 von 35

1

You are moving to a new location and have been asked to assess the security
additions required in the new location. Which of the following concerns could
be addressed with a mantrap?

Wähle eine der folgenden:

  • need to log all visitors

  • prevention of tailgating

  • dim lighting in the parking lot

  • contractors connecting to open ports

Erklärung

Frage 2 von 35

1

You work for a cable company that utilizes VLANs in its internal network
and provides customers with connections between locations. If the company were to
offer MPLS, what additional service would the company be able to offer customers
that it currently cannot offer?

Wähle eine der folgenden:

  • metro Ethernet

  • establishment of VLANs between sites

  • cable TV and Internet service

  • transport encryption

Erklärung

Frage 3 von 35

1

What port number does HTTPS use?

Wähle eine der folgenden:

  • 80

  • 23

  • 443

  • 69

Erklärung

Frage 4 von 35

1

Network access control (NAC) is a service that goes beyond authentication
of the user and includes an examination of the state of the computer?

Wähle eine der folgenden:

  • True

  • False

Erklärung

Frage 5 von 35

1

RAID 3 requires at least three drives, writes the data across all drives, and
then writes parity information across all drives as well, so there is no single
point of failure?

Wähle eine der folgenden:

  • True

  • False

Erklärung

Frage 6 von 35

1

Your company, a healthcare provider, is considering outsourcing its messaging
system to a managed service provider. The proposal presented makes no
mention of a DLP functionality. If this is not present, which of the following are
you in danger of experiencing?

Wähle eine der folgenden:

  • poor messaging performance
    Correct!

  • loss of PII

  • open email relay

  • unauthenticated sessions

Erklärung

Frage 7 von 35

1

Your organization recently deployed a standard operating system image
to all desktop systems and is now scanning the computers weekly against a security
baseline. Which of the following cannot be learned by scanning against the
baseline?

Wähle eine der folgenden:

  • whether security settings have been changed

  • whether user data has been deleted

  • whether security policies have been disabled

  • whether antimalware software has been removed

Erklärung

Frage 8 von 35

1

Input validation is a technique used to prevent which of the following application
attacks?

Wähle eine der folgenden:

  • A. memory leaks

  • B. privilege escalation

  • C. improper error handling

  • D. SQL injection

Erklärung

Frage 9 von 35

1

One of the disadvantages when using sandboxing is the incompatibility issues with the
many different types of applications and other utilities?

Wähle eins der folgenden:

  • WAHR
  • FALSCH

Erklärung

Frage 10 von 35

1

Bluesnarfing is when an unsolicited message is sent to a Bluetooth-enabled device, often
for the purpose of adding a business card to the victim’s contact list?

Wähle eins der folgenden:

  • WAHR
  • FALSCH

Erklärung

Frage 11 von 35

1

The following code is an example of what type of attack?

#include
char *code = "AAAABBBBCCCCDDD"; //including the character '\0'
size = 16 bytes
void main()
{char buf[8];
strcpy(buf, code);
}

Wähle eine der folgenden:

  • SQL injection

  • buffer overflow

  • cross-site scripting

  • integer overflow

Erklärung

Frage 12 von 35

1

In the following raw HTTP request, which part is problematic?

GET /disp_reports.php?SectionEntered=57&GroupEntered=-
1&report_type=alerts&to_date=01-
01-0101&Run=
Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10-
2010&TypesEntered=1
HTTP/1.1
Host: test.example.net
Accept: */*
Accept-Language: en
Connection: close
Cookie: java14=1; java15=1; java16=1; js=1292192278001;

Wähle eine der folgenden:

  • A. Host: test.example.net

  • B. Connection: close

  • C. Run&UserEntered=dsmith&SessionID=5f04189

  • D. Accept: */*

Erklärung

Frage 13 von 35

1

You have been asked to improve the quality of the code produced by the
software development team, so you are creating a secure coding standard document.
Which of the following is NOT a topic that should be covered in the document?

Wähle eine der folgenden:

  • A. error handling

  • B. input validation

  • C. memory use and reuse

  • D. performance metrics

Erklärung

Frage 14 von 35

1

The WASC is the organization that maintains a list of top 10 attacks on an ongoing basis?

Wähle eine der folgenden:

  • True

  • False

Erklärung

Frage 15 von 35

1

Fuzzing is used for testing how an application reacts when injecting invalid or unexpected inputs?

Wähle eins der folgenden:

  • WAHR
  • FALSCH

Erklärung

Frage 16 von 35

1

Companies A and B are merging, with the security administrator for
Company A becoming head of IT. In which of the following scenarios would the
first step be to perform a vulnerability assessment of Company B’s network?

Wähle eine der folgenden:

  • A. The two networks must be joined.

  • B. An application used by Company B must be integrated by Company A.

  • C. The two networks have overlapping IP address ranges.

  • D. An attack is under way in Company A’s network.

Erklärung

Frage 17 von 35

1

Company E has a contract with a smaller company. The smaller company
provides security at a high-security location. Company E discovers that the smaller
company has subcontracted some of the functions. What is the minimum step that
Company E must take in reaction to this situation?

A. Do nothing. It is shielded from liability.
B. Execute a new contract that includes the subcontractor.
C. Require the security contractor to execute a service agreement with the subcontractor.
D. Fire the security consulting company.

Wähle eine der folgenden:

  • A

  • B

  • C

  • D

Erklärung

Frage 18 von 35

1

Which of the following refers to responsibilities that an organization has due to partnerships with other organizations and customers?

A. Due process
B. Downstream liability
C. Due diligence
D. Indirect costs

Wähle eine der folgenden:

  • A

  • B

  • C

  • D

Erklärung

Frage 19 von 35

1

Generally speaking, an increase in security measures in a network is accompanied by an increase in performance?

Wähle eins der folgenden:

  • WAHR
  • FALSCH

Erklärung

Frage 20 von 35

1

Due care is when an organization understands the security risks it faces and has taken reasonable measures to meet those risks?

Wähle eins der folgenden:

  • WAHR
  • FALSCH

Erklärung

Frage 21 von 35

1

Your organization has recently implemented several new security policies
in response to a recent risk analysis. One of the new policies states that controls
must be configured to protect files from unauthorized or accidental deletion. Which
aspect of security does this new policy address?

A. confidentiality
B. integrity
C. availability
D. authorization

Wähle eine der folgenden:

  • A

  • B

  • C

  • D

Erklärung

Frage 22 von 35

1

Your company completes a risk analysis. After the analysis, management
requests that you deploy security controls that will mitigate any of the identified
risks. What is risk mitigation?

A. risk that is left over after safeguards have been implemented
B. terminating the activity that causes a risk or choosing an alternative that is not as risky
C. passing the risk on to a third party
D. defining the acceptable risk level the organization can tolerate and reducing the risk to that level

Wähle eine der folgenden:

  • A

  • B

  • C

  • D

Erklärung

Frage 23 von 35

1

An organization has a research server farm with a value of $12,000. The exposure factor
for a complete power failure is 10%. The annualized rate of occurrence that this will occur
is 5%. What is the ALE for this event?

A. $1,200
B. $12,000
C. $60
D. $600

Wähle eine der folgenden:

  • A

  • B

  • C

  • D

Erklärung

Frage 24 von 35

1

You have been asked to document the different threats to an internal file server.
As part of that documentation, you need to include the monetary impact of each
threat occurrence. You should determine the SLE for each threat occurrence?

Wähle eins der folgenden:

  • WAHR
  • FALSCH

Erklärung

Frage 25 von 35

1

Standards often include step-by-step lists on how polices, guidelines, and procedures are implemented?

Wähle eins der folgenden:

  • WAHR
  • FALSCH

Erklärung

Frage 26 von 35

1

Your company recently had a third party review all internal procedures.
As a result of this review, the third party made several recommendations for procedural
changes. One of the recommendations is that critical financial transactions
should be split between two independent parties. Of which principle is this an
example?

A. job rotation
B. separation of duties
C. least privilege
D. mandatory vacation

Wähle eine der folgenden:

  • A

  • B

  • C

  • D

Erklärung

Frage 27 von 35

1

As part of the process of conducting a business impact analysis (BIA), you
perform the MTD, MTTR, and MTBF calculations. Which step of the BIA are you
performing?

A. Identify critical processes and resources.
B. Identify resource requirements.
C. Identify outage impacts, and estimate downtime.
D. Identify recovery priorities.

Wähle eine der folgenden:

  • A

  • B

  • C

  • D

Erklärung

Frage 28 von 35

1

Which of the following describes the average amount of time it will take to get a device fixed and back online?

A. MTBF
B. MTTR
C. RTO
D. RPO

Wähle eine der folgenden:

  • A

  • B

  • C

  • D

Erklärung

Frage 29 von 35

1

To identify vulnerabilities and threats is the first step of a risk assessment?

Wähle eins der folgenden:

  • WAHR
  • FALSCH

Erklärung

Frage 30 von 35

1

Several invalid password attempts for multiple users is considered an incident?

Wähle eins der folgenden:

  • WAHR
  • FALSCH

Erklärung

Frage 31 von 35

1

The company you work for has implemented the following security controls:
■ All workstations have the latest patches and antivirus.
■ All sensitive data is encrypted in transit.
■ Dual-factor user authentication is used.
■ A firewall at the edge of the network is implemented.
What is missing from this security posture?
A. no local encryption
B. weak user authentication
C. insufficient edge control
D. exposure to viruses

Wähle eine der folgenden:

  • A

  • B

  • C

  • D

Erklärung

Frage 32 von 35

1

If you implement FCoE in your storage network, which of the following
security issues should concern you?

A. a breach of the Fibre Channel network
B. a breach of the Ethernet network
C. the use of iSCSI commands
D. the inability to use encryption

Wähle eine der folgenden:

  • A

  • B

  • C

  • D

Erklärung

Frage 33 von 35

1

Placing older data on low-cost, low-performance storage while keeping
more active data on faster storage systems is called what?

A. multipathing
B. tiering
C. consolidating
D. masking

Wähle eine der folgenden:

  • A

  • B

  • C

  • D

Erklärung

Frage 34 von 35

1

A community cloud is a solution owned and managed by one company solely for that company’s use?

Wähle eins der folgenden:

  • WAHR
  • FALSCH

Erklärung

Frage 35 von 35

1

Synchronous replication provides near-real-time replication but uses more bandwidth and cannot tolerate latency?

Wähle eins der folgenden:

  • WAHR
  • FALSCH

Erklärung