CompTIA CompTIA Certifications CAS-003 Questions & Answers

• Question 581:

  A security manager for a service provider has approved two vendors for connections to the service provider backbone. One vendor will be providing authentication services for its payment card service, and the other vendor will be providing maintenance to the service provider infrastructure sites. Which of the following business agreements is MOST relevant to the vendors and service provider's relationship?

  A. Memorandum of Agreement

  B. Interconnection Security Agreement

  C. Non-Disclosure Agreement

  D. Operating Level Agreement

  Correct Answer: B

  The Interconnection Security Agreement (ISA) is a document that identifies the requirements for connecting systems and networks and details what security controls are to be used to protect the systems and sensitive data.

• Question 582:

  A risk manager has decided to use likelihood and consequence to determine the risk of an event occurring to a company asset. Which of the following is a limitation of this approach to risk management?

  A. Subjective and based on an individual's experience.

  B. Requires a high degree of upfront work to gather environment details.

  C. Difficult to differentiate between high, medium, and low risks.

  D. Allows for cost and benefit analysis.

  E. Calculations can be extremely complex to manage.

  Correct Answer: A

  Using likelihood and consequence to determine risk is known as qualitative risk analysis.

  With qualitative risk analysis, the risk would be evaluated for its probability and impact using a numbered ranking system such as low, medium, and high or perhaps using a 1 to 10 scoring system.

  After qualitative analysis has been performed, you can then perform quantitative risk analysis. A Quantitative risk analysis is a further analysis of the highest priority risks during which a numerical or quantitative rating is assigned to the risk.

  Qualitative risk analysis is usually quick to perform and no special tools or software is required. However, qualitative risk analysis is subjective and based on the user's experience.

• Question 583:

  Company policy requires that all company laptops meet the following baseline requirements:

  Software requirements:

  Antivirus Anti-malware Anti-spyware Log monitoring Full-disk encryption Terminal services enabled for RDP Administrative access for local users

  Hardware restrictions:

  Bluetooth disabled FireWire disabled WiFi adapter disabled

  Ann, a web developer, reports performance issues with her laptop and is not able to access any network resources. After further investigation, a bootkit was discovered and it was trying to access external websites. Which of the following hardening techniques should be applied to mitigate this specific issue from reoccurring? (Select TWO).

  A. Group policy to limit web access

  B. Restrict VPN access for all mobile users

  C. Remove full-disk encryption

  D. Remove administrative access to local users

  E. Restrict/disable TELNET access to network resources

  F. Perform vulnerability scanning on a daily basis

  G. Restrict/disable USB access

  Correct Answer: DG

  A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed (for example, to an unauthorized user) while at the same time masking its existence or the existence of other software. A bootkit is similar to a rootkit except the malware infects the master boot record on a hard disk. Malicious software such as bootkits or rootkits typically require administrative privileges to be installed.

  Therefore, one method of preventing such attacks is to remove administrative access for local users.

  A common source of malware infections is portable USB flash drives. The flash drives are often plugged into less secure computers such as a user's home computer and then taken to work and plugged in to a work computer. We can prevent this from happening by restricting or disabling access to USB devices.

• Question 584:

  A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. Where would the consultant find this information and why would it be valuable?

  A. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection.

  B. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network.

  C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections.

  D. This information can be found by querying the network's DNS servers, and is valuable because backup DNS servers typically allow recursive queries from Internet hosts.

  Correct Answer: A

  A routing table is a set of rules, often viewed in table format that is used to determine where data packets traveling over an Internet Protocol (IP) network will be directed. All IP-enabled devices, including routers and switches, use routing tables. Each packet contains information about its origin and destination. When a packet is received, a network device examines the packet and matches it to the routing table entry providing the best match for its destination. The table then provides the device with instructions for sending the packet to the next hop on its route across the network. Thus the security consultant can use the global routing table to get the appropriate information.

• Question 585:

  A small company's Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company's security posture quickly with regard to targeted attacks. Which of the following should the CSO conduct FIRST?

  A. Survey threat feeds from services inside the same industry.

  B. Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic.

  C. Conduct an internal audit against industry best practices to perform a qualitative analysis.

  D. Deploy a UTM solution that receives frequent updates from a trusted industry vendor.

  Correct Answer: A

  Security posture refers to the overall security plan from planning through to implementation and comprises technical and non-technical policies, procedures and controls to protect from both internal and external threats. From a security standpoint, one of the first questions that must be answered in improving the overall security posture of an organization is to identify where data resides. All the advances that were made by technology make this very difficult. The best way then to improve your company's security posture is to first survey threat feeds from services inside the same industry.

• Question 586:

  Joe is a security architect who is tasked with choosing a new NIPS platform that has the ability to perform SSL inspection, analyze up to 10Gbps of traffic, can be centrally managed and only reveals inspected application payload data to specified internal security employees. Which of the following steps should Joe take to reach the desired outcome?

  A. Research new technology vendors to look for potential products. Contribute to an RFP and then evaluate RFP responses to ensure that the vendor product meets all mandatory requirements. Test the product and make a product recommendation.

  B. Evaluate relevant RFC and ISO standards to choose an appropriate vendor product. Research industry surveys, interview existing customers of the product and then recommend that the product be purchased.

  C. Consider outsourcing the product evaluation and ongoing management to an outsourced provider on the basis that each of the requirements are met and a lower total cost of ownership (TCO) is achieved.

  D. Choose a popular NIPS product and then consider outsourcing the ongoing device management to a cloud provider. Give access to internal security employees so that they can inspect the application payload data.

  E. Ensure that the NIPS platform can also deal with recent technological advancements, such as threats emerging from social media, BYOD and cloud storage prior to purchasing the product.

  Correct Answer: A

  A request for a Proposal (RFP) is in essence an invitation that you present to vendors asking them to submit proposals on a specific commodity or service. This should be evaluated, then the product should be tested and then a product recommendation can be made to achieve the desired outcome.

• Question 587:

  The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53?

  A. PING

  B. NESSUS

  C. NSLOOKUP

  D. NMAP

  Correct Answer: D

  NMAP works as a port scanner and is used to check if the DNS server is listening on port 53.

• Question 588:

  Using SSL, an administrator wishes to secure public facing server farms in three subdomains:

  dc1.east.company.com, dc2.central.company.com, and dc3.west.company.com. Which of the following is the number of wildcard SSL certificates that should be purchased?

  A. 0

  B. 1

  C. 3

  D. 6

  Correct Answer: C

  You would need three wildcard certificates:

  *. east.company.com

  *. central.company.com

  *. west.company.com

  The common domain in each of the domains is company.com. However, a wildcard covers only one level of subdomain. For example: *. company.com will cover ".company.com" but it won't cover

  "..company.com".

  You can only have one wildcard in a domain. For example: *.company.com. You cannot have *.*.company.com. Only the leftmost wildcard (*) is counted.

• Question 589:

  An administrator wishes to replace a legacy clinical software product as it has become a security risk. The legacy product generates $10,000 in revenue a month. The new software product has an initial cost of $180,000 and a yearly maintenance of $2,000 after the first year. However, it will generate $15,000 in revenue per month and be more secure. How many years until there is a return on investment for this new package?

  A. 1

  B. 2

  C. 3

  D. 4

  Correct Answer: D

  Return on investment = Net profit / Investment where: Profit for the first year is $60 000, second year = $ 120 000 ; third year = $ 180 000 ; and fourth year = $ 240 000 investment in first year = $ 180 000, by year 2 = $ 182 000; by year 3 = $ 184 000 ; and by year 4 = $ 186 000 Thus you will only get a return on the investment in 4 years' time. References: http://www.financeformulas.net/Return_on_Investment.html

• Question 590:

  ABC Company must achieve compliance for PCI and SOX. Which of the following would BEST allow the organization to achieve compliance and ensure security? (Select THREE).

  A. Establish a list of users that must work with each regulation

  B. Establish a list of devices that must meet each regulation

  C. Centralize management of all devices on the network

  D. Compartmentalize the network

  E. Establish a company framework

  F. Apply technical controls to meet compliance with the regulation

  Correct Answer: BDF

  Payment card industry (PCI) compliance is adherence to a set of specific security standards that were developed to protect card information during and after a financial transaction. PCI compliance is required by all card brands. There are six main requirements for PCI compliance. The vendor must: Build and maintain a secure network Protect cardholder data Maintain a vulnerability management program Implement strong access control measures Regularly monitor and test networks Maintain an information security policy

  To achieve PCI and SOX compliance you should:

  Establish a list of devices that must meet each regulation. List all the devices that contain the sensitive data. Compartmentalize the network. Compartmentalize the devices that contain the sensitive data to form a security boundary.

  Apply technical controls to meet compliance with the regulation. Secure the data as required.