michael smith0754
Quiz por , criado more than 1 year ago

CASP PreTest study guide

157
6
0
michael smith0754
Criado por michael smith0754 quase 9 anos atrás
Fechar

CASP PreTest #2

Questão 1 de 20

1

The Chief Information Security Officer (CISO) at a company knows that many users store business documents on public cloud-based storage, and realizes this is a risk to the company. In response, the CISO implements a mandatory training course in which all employees are instructed on the proper use of cloud-based storage. Which of the following risk strategies did the CISO implement?

Selecione uma das seguintes:

  • Avoid

  • Accept

  • Mitigate

  • Transfer

Explicação

Questão 2 de 20

1

A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?

Selecione uma das seguintes:

  • The malware file’s modify, access, change time properties.

  • The timeline analysis of the file system.

  • The time stamp of the malware in the swap file.

  • The date/time stamp of the malware detection in the antivirus logs.

Explicação

Questão 3 de 20

1

The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the Chief Security Officer’s (CSO) request to harden the corporate network’s perimeter. The CEO argues that the company cannot protect its employees at home, so the risk at work is no different. Which of the following BEST explains why this company should proceed with protecting its corporate network boundary?

Selecione uma das seguintes:

  • The corporate network is the only network that is audited by regulators and customers.

  • The aggregation of employees on a corporate network makes it a more valuable target for attackers.

  • Home networks are unknown to attackers and less likely to be targeted directly.

  • Employees are more likely to be using personal computers for general web browsing when they are at home.

Explicação

Questão 4 de 20

1

A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO).

Selecione uma ou mais das seguintes:

  • Demonstration of IPS system

  • Review vendor selection process

  • Calculate the ALE for the event

  • Discussion of event timeline

  • Assigning of follow up items

Explicação

Questão 5 de 20

1

An assessor identifies automated methods for identifying security control compliance through validating sensors at the endpoint and at Tier 2. Which of the following practices satisfy continuous monitoring of authorized information systems?

Selecione uma das seguintes:

  • Independent verification and validation

  • Security test and evaluation

  • Risk assessment

  • Ongoing authorization

Explicação

Questão 6 de 20

1

The source workstation image for new accounting PCs has begun blue-screening. A technician notices that the date/time stamp of the image source appears to have changed. The desktop support director has asked the Information Security department to determine if any changes were made to the source image. Which of the following methods would BEST help with this process? (Select TWO).

Selecione uma ou mais das seguintes:

  • Retrieve source system image from backup and run file comparison analysis on the two images.

  • Parse all images to determine if extra data is hidden using steganography.

  • Calculate a new hash and compare it with the previously captured image hash.

  • Ask desktop support if any changes to the images were made.

  • Check key system files to see if date/time stamp is in the past six months.

Explicação

Questão 7 de 20

1

A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. This requirement is BEST described as an implementation of:

Selecione uma das seguintes:

  • an administrative control

  • dual control

  • separation of duties

  • least privilege

  • collusion

Explicação

Questão 8 de 20

1

The technology steering committee is struggling with increased requirements stemming from an increase in telecommuting. The organization has not addressed telecommuting in the past. The implementation of a new SSL-VPN and a VOIP phone solution enables personnel to work from remote locations with corporate assets. Which of the following steps must the committee take FIRST to outline senior management’s directives?

Selecione uma das seguintes:

  • Develop an information classification scheme that will properly secure data on corporate systems.

  • Implement database views and constrained interfaces so remote users will be unable to access PII from personal equipment.

  • Publish a policy that addresses the security requirements for working remotely with company equipment.

  • Work with mid-level managers to identify and document the proper procedures for telecommuting.

Explicação

Questão 9 de 20

1

A company is facing penalties for failing to effectively comply with e-discovery requests. Which of the following could reduce the overall risk to the company from this issue?

Selecione uma das seguintes:

  • Establish a policy that only allows filesystem encryption and disallows the use of individual file encryption.

  • Require each user to log passwords used for file encryption to a decentralized repository.

  • Permit users to only encrypt individual files using their domain password and archive all old user passwords.

  • Allow encryption only by tools that use public keys from the existing escrowed corporate PKI.

Explicação

Questão 10 de 20

1

There have been some failures of the company’s internal facing website. A security engineer has found the WAF to be the root cause of the failures. System logs show that the WAF has been unavailable for 14 hours over the past month, in four separate situations. One of these situations was a two hour scheduled maintenance time, aimed at improving the stability of the WAF. Using the MTTR based on the last month’s performance figures, which of the following calculations is the percentage of uptime assuming there were 722 hours in the month?

Selecione uma das seguintes:

  • 92.24 percent

  • 98.06 percent

  • 98.34 percent

  • 99.72 percent

Explicação

Questão 11 de 20

1

A security firm is writing a response to an RFP from a customer that is building a new network based software product. The firm’s expertise is in penetration testing corporate networks. The RFP explicitly calls for all possible behaviors of the product to be tested, however, it does not specify any particular method to achieve this goal. Which of the following should be used to ensure the security and functionality of the product? (Select TWO).

Selecione uma ou mais das seguintes:

  • Code review

  • Penetration testing

  • Grey box testing

  • Code signing

  • White box testing

Explicação

Questão 12 de 20

1

Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client and server components of the proprietary web application before launch. Which of the following is the penetration tester MOST likely to use while performing black box testing of the security of the company’s purchased application? (Select TWO).

Selecione uma das seguintes:

  • Code review

  • Sandbox

  • Local proxy

  • Fuzzer

  • Port scanner

Explicação

Questão 13 de 20

1

The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router’s external interface is maxed out. The security engineer then inspects the following piece of log to try and determine the reason for the downtime, focusing on the company’s external router’s IP which is 128.20.176.19:
11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400
Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration?

Selecione uma das seguintes:

  • After the senior engineer used a network analyzer to identify an active Fraggle attack, the company’s ISP should be contacted and instructed to block the malicious packets.

  • After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication.

  • After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGP sinkhole should be configured to drop traffic at the source networks.

  • After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the company’s external router to block incoming UDP port 19 traffic.

Explicação

Questão 14 de 20

1

An external penetration tester compromised one of the client organization’s authentication servers and retrieved the password database. Which of the following methods allows the penetration tester to MOST efficiently use any obtained administrative credentials on the client organization’s other systems, without impacting the integrity of any of the systems?

Selecione uma das seguintes:

  • Use the pass the hash technique

  • Use rainbow tables to crack the passwords

  • Use the existing access to change the password

  • Use social engineering to obtain the actual password

Explicação

Questão 15 de 20

1

A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the following would MOST appropriately address Joe's concerns?

Selecione uma das seguintes:

  • Ensure web services hosting the event use TCP cookies and deny_hosts.

  • Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions.

  • Contract and configure scrubbing services with third-party DDoS mitigation providers.

  • Purchase additional bandwidth from the company’s Internet service provider.

Explicação

Questão 16 de 20

1

The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO).

Selecione uma ou mais das seguintes:

  • Block traffic from the ISP’s networks destined for blacklisted IPs.

  • Prevent the ISP’s customers from querying DNS servers other than those hosted by the ISP.

  • Scan the ISP’s customer networks using an up-to-date vulnerability scanner.

  • Notify customers when services they run are involved in an attack.

  • Block traffic with an IP source not allocated to customers from exiting the ISP's network.

Explicação

Questão 17 de 20

1

Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology.
Which of the following would be the advantage of conducting this kind of penetration test?

Selecione uma das seguintes:

  • The risk of unplanned server outages is reduced.

  • Using documentation provided to them, the pen-test organization can quickly determine areas to focus on.

  • The results will show an in-depth view of the network and should help pin-point areas of internal weakness.

  • The results should reflect what attackers may be able to learn about the company.

Explicação

Questão 18 de 20

1

Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her investigative work, she runs the following nmap command string:
user@hostname:~$ sudo nmap –O 192.168.1.54
Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on the device:
TCP/22 TCP/111 TCP/512-514 TCP/2049 TCP/32778
Based on this information, which of the following operating systems is MOST likely running on the unknown node?

Selecione uma das seguintes:

  • Linux

  • Windows

  • Solaris

  • OSX

Explicação

Questão 19 de 20

1

A security engineer is responsible for monitoring company applications for known vulnerabilities. Which of the following is a way to stay current on exploits and information security news?

Selecione uma das seguintes:

  • Update company policies and procedures

  • Subscribe to security mailing lists

  • Implement security awareness training

  • Ensure that the organization vulnerability management plan is up-to-date

Explicação

Questão 20 de 20

1

The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the country for the sales staff to generate business. The company needs an effective communication solution to remain in constant contact with each other, while maintaining a secure business environment. A junior-level administrator suggests that the company and the sales staff stay connected via free social media. Which of the following decisions is BEST for the CEO to make?

Selecione uma das seguintes:

  • Social media is an effective solution because it is easily adaptable to new situations.

  • Social media is an ineffective solution because the policy may not align with the business.

  • Social media is an effective solution because it implements SSL encryption.

  • Social media is an ineffective solution because it is not primarily intended for business applications.

Explicação