CAS-002 Online Practice Questions and Answers

During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy. Six months later, the company is audited for compliance to regulations. The audit discovers that 40% of the desktops do not meet requirements. Which of the following is the cause of the noncompliance?

A. The devices are being modified and settings are being overridden in production.

B. The patch management system is causing the devices to be noncompliant after issuing the latest patches.

C. The desktop applications were configured with the default username and password.

D. 40% of the devices have been compromised.

A large enterprise acquires another company which uses antivirus from a different vendor. The CISO has requested that data feeds from the two different antivirus platforms be combined in a way that allows management to assess and rate the overall effectiveness of antivirus across the entire organization. Which of the following tools can BEST meet the CISO's requirement?

A. GRC

B. IPS

C. CMDB

D. Syslog-ng

E. IDS

Which of the following activities is commonly deemed "OUT OF SCOPE" when undertaking a penetration test?

A. Test password complexity of all login fields and input validation of form fields

B. Reverse engineering any thick client software that has been provided for the test

C. Undertaking network-based denial of service attacks in production environment

D. Attempting to perform blind SQL injection and reflected cross-site scripting attacks

E. Running a vulnerability scanning tool to assess network and host weaknesses

A security services company is scoping a proposal with a client. They want to perform a general security audit of their environment within a two week period and consequently have the following requirements:

Requirement 1 -Ensure their server infrastructure operating systems are at their latest patch levels

Requirement 2 -Test the behavior between the application and database

Requirement 3 -Ensure that customer data can not be exfiltrated

Which of the following is the BEST solution to meet the above requirements?

A. Penetration test, perform social engineering and run a vulnerability scanner

B. Perform dynamic code analysis, penetration test and run a vulnerability scanner

C. Conduct network analysis, dynamic code analysis, and static code analysis

D. Run a protocol analyzer perform static code analysis and vulnerability assessment

A manager who was attending an all-day training session was overdue entering bonus and payroll information for subordinates. The manager felt the best way to get the changes entered while in training was to log into the payroll system, and then activate desktop sharing with a trusted subordinate. The manager granted the subordinate control of the desktop thereby giving the subordinate full access to the payroll system. The subordinate did not have authorization to be in the payroll system. Another employee reported the incident to the security team. Which of the following would be the MOST appropriate method for dealing with this issue going forward?

A. Provide targeted security awareness training and impose termination for repeat violators.

B. Block desktop sharing and web conferencing applications and enable use only with approval.

C. Actively monitor the data traffic for each employee using desktop sharing or web conferencing applications.

D. Permanently block desktop sharing and web conferencing applications and do not allow its use at the company.

Every year, the accounts payable employee, Ann, takes a week off work for a vacation. She typically completes her responsibilities remotely during this week. Which of the following policies, when implemented, would allow the company to audit this employee's work and potentially discover improprieties?

A. Job rotation

B. Mandatory vacations

C. Least privilege

D. Separation of duties

A security administrator notices a recent increase in workstations becoming compromised by malware. Often, the malware is delivered via drive-by downloads, from malware hosting websites, and is not being detected by the corporate antivirus. Which of the following solutions would provide the BEST protection for the company?

A. Increase the frequency of antivirus downloads and install updates to all workstations.

B. Deploy a cloud-based content filter and enable the appropriate category to prevent further infections.

C. Deploy a NIPS to inspect and block all web traffic which may contain malware and exploits.

D. Deploy a web based gateway antivirus server to intercept viruses before they enter the network.

A security consultant is investigating acts of corporate espionage within an organization. Each time the organization releases confidential information to high- ranking engineers, the information is soon leaked to competing companies. Which of the following techniques should the consultant use to discover the source of the information leaks?

A. Digital watermarking

B. Steganography

C. Enforce non-disclosure agreements

D. Digital rights management

The security administrator at `company.com' is reviewing the network logs and notices a new UDP port pattern where the amount of UDP port 123 packets has increased by 20% above the baseline. The administrator runs a packet capturing tool from a server attached to a SPAN port and notices the following. UDP 192.168.0.1:123 -> 172.60.3.0:123 UDP 192.168.0.36:123 -> time.company.com UDP 192.168.0.112:123 -> 172.60.3.0:123 UDP 192.168.0.91:123 -> time.company.com UDP 192.168.0.211:123 -> 172.60.3.0:123 UDP 192.168.0.237:123 -> time.company.com UDP 192.168.0.78:123 -> 172.60.3.0:123

The corporate HIPS console reports an MD5 hash mismatch on the svchost.exe file of the following computers:

192.168.0.1

192.168.0.112

192.168.0.211

192.168.0.78

Which of the following should the security administrator report to upper management based on the above output?

A. An NTP client side attack successfully exploited some hosts.

B. A DNS cache poisoning successfully exploited some hosts.

C. An NTP server side attack successfully exploited some hosts.

D. A DNS server side attack successfully exploited some hosts.

An administrator notices the following file in the Linux server's /tmp directory.

-rwsr-xr-x. 4 root root 234223 Jun 6 22:52 bash*

Which of the following should be done to prevent further attacks of this nature?

A. Never mount the /tmp directory over NFS

B. Stop the rpcidmapd service from running

C. Mount all tmp directories nosuid, noexec

D. Restrict access to the /tmp directory