CompTIA CAS-003 Online Practice Questions and Exam Preparation

CompTIA CAS-003 Online Questions & Answers

• Question 591:

  The finance department has started to use a new payment system that requires strict PII security restrictions on various network devices. The company decides to enforce the restrictions and configure all devices appropriately. Which of the following risk response strategies is being used?

  A. Avoid
  B. Mitigate
  C. Transfer
  D. Accept
  D. Accept

• Question 592:

  A company contracts a security engineer to perform a penetration test of its client-facing web portal. Which of the following activities would be MOST appropriate?

  A. Use a protocol analyzer against the site to see if data input can be replayed from the browser
  B. Scan the website through an interception proxy and identify areas for the code injection
  C. Scan the site with a port scanner to identify vulnerable services running on the web server
  D. Use network enumeration tools to identify if the server is running behind a load balancer
  C. Scan the site with a port scanner to identify vulnerable services running on the web server

• Question 593:

  Joe is a security architect who is tasked with choosing a new NIPS platform that has the ability to perform SSL inspection, analyze up to 10Gbps of traffic, can be centrally managed and only reveals inspected application payload data to specified internal security employees. Which of the following steps should Joe take to reach the desired outcome?

  A. Research new technology vendors to look for potential products. Contribute to an RFP and then evaluate RFP responses to ensure that the vendor product meets all mandatory requirements. Test the product and make a product recommendation.
  B. Evaluate relevant RFC and ISO standards to choose an appropriate vendor product. Research industry surveys, interview existing customers of the product and then recommend that the product be purchased.
  C. Consider outsourcing the product evaluation and ongoing management to an outsourced provider on the basis that each of the requirements are met and a lower total cost of ownership (TCO) is achieved.
  D. Choose a popular NIPS product and then consider outsourcing the ongoing device management to a cloud provider. Give access to internal security employees so that they can inspect the application payload data.
  E. Ensure that the NIPS platform can also deal with recent technological advancements, such as threats emerging from social media, BYOD and cloud storage prior to purchasing the product.
  A. Research new technology vendors to look for potential products. Contribute to an RFP and then evaluate RFP responses to ensure that the vendor product meets all mandatory requirements. Test the product and make a product recommendation.

  ---

  A request for a Proposal (RFP) is in essence an invitation that you present to vendors asking them to submit proposals on a specific commodity or service. This should be evaluated, then the product should be tested and then a product recommendation can be made to achieve the desired outcome.

• Question 594:

  A security analyst is reviewing the following pseudo-output snippet after running the command less /tmp/file.tmp.

  

  The information above was obtained from a public-facing website and used to identify military assets. Which of the following should be implemented to reduce the risk of a similar compromise?

  A. Deploy a solution to sanitize geotagging information
  B. Install software to wipe data remnants on servers
  C. Enforce proper input validation on mission-critical software
  D. Implement a digital watermarking solution
  A. Deploy a solution to sanitize geotagging information

• Question 595:

  A developer has implemented a piece of client-side JavaScript code to sanitize a user's provided input to a web page login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web server log:

  10.235.62.11 ?- [02/Mar/2014:06:13:04] "GET /site/script.php?user=admiand;pass=pass%20or%201=1 HTTP/1.1" 200 5724

  Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer?

  A. The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters.
  B. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side.
  C. The security administrator is concerned with SQL injection, and the developer should implement server side input validation.
  D. The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced.
  C. The security administrator is concerned with SQL injection, and the developer should implement server side input validation.

  ---

  The code in the question is an example of a SQL Injection attack. The code `1=1' will always provide a value of true. This can be included in statement designed to return all rows in a SQL table.

  In this question, the administrator has implemented client-side input validation. Client-side validation can be bypassed. It is much more difficult to bypass server-side input validation.

  SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

• Question 596:

  A security administrator is confirming specific ports and IP addresses that are monitored by the IPS- IDS system as well as the firewall placement on the perimeter network between the company and a new business partner Which of the following business documents defines the parameters the security administrator must confirm?

  A. BIA
  B. ISA
  C. NDA
  D. MOU
  A. BIA

• Question 597:

  An engineer is reviewing the security architecture for an enterprise network. During the review, the engineer notices an undocumented node on the network. Which of the following approaches can be utilized to determine how this node operates? (Choose two.)

  A. Use reverse engineering and techniques
  B. Assess the node within a continuous integration environment
  C. Employ a static code analyzer
  D. Review network and traffic logs
  E. Use a penetration testing framework to analyze the node
  F. Analyze the output of a ping sweep
  D. Review network and traffic logs
  E. Use a penetration testing framework to analyze the node

• Question 598:

  A penetration tester is trying to gain access to a building after hours as part of a physical assessment of an office complex. The tester notes that each employee touches a badge near a small black box outside the side door, and the door unlocks. The tester uses a software-defined radio tool to determine a 125kHz signal is used during this process. Which of the following technical solutions would be BEST to help the penetration tester gain access to the building?

  A. Generate a 125kHz tone.
  B. Compromise the ICS/SCADA system.
  C. Utilize an RFID duplicator.
  D. Obtain a lock pick set.
  A. Generate a 125kHz tone.

• Question 599:

  A multi-national company has a highly mobile workforce and minimal IT infrastructure. The company utilizes a BYOD and social media policy to integrate presence technology into global collaboration tools by individuals and teams. As a result of the dispersed employees and frequent international travel, the company is concerned about the safety of employees and their families when moving in and out of certain countries. Which of the following could the company view as a downside of using presence technology?

  A. Insider threat
  B. Network reconnaissance
  C. Physical security
  D. Industrial espionage
  C. Physical security

  ---

  If all company users worked in the same office with one corporate network and using company supplied laptops, then it is easy to implement all sorts of physical security controls. Examples of physical security include intrusion detection systems, fire protection systems, surveillance cameras or simply a lock on the office door.

  However, in this question we have dispersed employees using their own devices and frequently traveling internationally. This makes it extremely difficult to implement any kind of physical security.

  Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism.

• Question 600:

  While conducting a BIA for a proposed acquisition, the IT integration team found that both companies outsource CRM services to competing and incompatible third-party cloud services. The decision has been made to bring the CRM service in-house, and the IT team has chosen a future solution. With which of the following should the Chief Information Security Officer (CISO) be MOST concerned? (Choose two.)

  A. Data remnants
  B. Sovereignty
  C. Compatible services
  D. Storage encryption
  E. Data migration
  F. Chain of custody
  A. Data remnants
  E. Data migration