CompTIA CompTIA Certifications CAS-003 Questions & Answers

• Question 601:

  A security administrator wants to prevent sensitive data residing on corporate laptops and desktops from leaking outside of the corporate network. The company has already implemented full-disk encryption and has disabled all peripheral devices on its desktops and laptops. Which of the following additional controls MUST be implemented to minimize the risk of data leakage? (Select TWO).

  A. A full-system backup should be implemented to a third-party provider with strong encryption for data in transit.

  B. A DLP gateway should be installed at the company border.

  C. Strong authentication should be implemented via external biometric devices.

  D. Full-tunnel VPN should be required for all network communication.

  E. Full-drive file hashing should be implemented with hashes stored on separate storage.

  F. Split-tunnel VPN should be enforced when transferring sensitive data.

  Correct Answer: BD

  Web mail, Instant Messaging and personal networking sites are some of the most common means by which corporate data is leaked.

  Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer.

  DLP software products use business rules to classify and protect confidential and critical information so that unauthorized end users cannot accidentally or maliciously share data whose disclosure could put the organization at risk. For example, if an employee tried to forward a business email outside the corporate domain or upload a corporate file to a consumer cloud storage service like Dropbox, the employee would be denied permission.

  Full-tunnel VPN should be required for all network communication. This will ensure that all data transmitted over the network is encrypted which would prevent a malicious user accessing the data by using packet sniffing.

• Question 602:

  A multi-national company has a highly mobile workforce and minimal IT infrastructure. The company utilizes a BYOD and social media policy to integrate presence technology into global collaboration tools by individuals and teams. As a result of the dispersed employees and frequent international travel, the company is concerned about the safety of employees and their families when moving in and out of certain countries. Which of the following could the company view as a downside of using presence technology?

  A. Insider threat

  B. Network reconnaissance

  C. Physical security

  D. Industrial espionage

  Correct Answer: C

  If all company users worked in the same office with one corporate network and using company supplied laptops, then it is easy to implement all sorts of physical security controls. Examples of physical security include intrusion detection systems, fire protection systems, surveillance cameras or simply a lock on the office door.

  However, in this question we have dispersed employees using their own devices and frequently traveling internationally. This makes it extremely difficult to implement any kind of physical security.

  Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism.

• Question 603:

  Company XYZ finds itself using more cloud-based business tools, and password management is becoming onerous. Security is important to the company; as a result, password replication and shared accounts are not acceptable. Which of the following implementations addresses the distributed login with centralized authentication and has wide compatibility among SaaS vendors?

  A. Establish a cloud-based authentication service that supports SAML.

  B. Implement a new Diameter authentication server with read-only attestation.

  C. Install a read-only Active Directory server in the corporate DMZ for federation.

  D. Allow external connections to the existing corporate RADIUS server.

  Correct Answer: A

  There is widespread adoption of SAML standards by SaaS vendors for single sign-on identity management, in response to customer demands for fast, simple and secure employee, customer and partner access to applications in their environments.

  By eliminating all passwords and instead using digital signatures for authentication and authorization of data access, SAML has become the Gold Standard for single sign-on into cloud applications. SAML-enabled SaaS applications are easier and quicker to user provision in complex enterprise environments, are more secure and help simplify identity management across large and diverse user communities.

  Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

  The SAML specification defines three roles: the principal (typically a user), the Identity provider (IdP), and the service provider (SP). In the use case addressed by SAML, the principal requests a service from the service provider. The service provider requests and obtains an identity assertion from the identity provider. On the basis of this assertion, the service provider can make an access control decision ?in other words it can decide whether to perform some service for the connected principal.

• Question 604:

  A security administrator is performing VDI traffic data collection on a virtual server which migrates from one host to another. While reviewing the data collected by the protocol analyzer, the security administrator notices that sensitive data is present in the packet capture. Which of the following should the security administrator recommend to ensure the confidentiality of sensitive information during live VM migration, while minimizing latency issues?

  A. A separate physical interface placed on a private VLAN should be configured for live host operations.

  B. Database record encryption should be used when storing sensitive information on virtual servers.

  C. Full disk encryption should be enabled across the enterprise to ensure the confidentiality of sensitive data.

  D. Sensitive data should be stored on a backend SAN which uses an isolated fiber channel network.

  Correct Answer: A

  VDI virtual machines can be migrated across physical hosts while the virtual machines are still powered on. In VMware, this is called vMotion. In Microsoft Hyper-V, this is called Live Migration.

  When a virtual machine is migrated between hosts, the data is unencrypted as it travels across the network. To prevent access to the data as it travels across the network, a dedicated network should be created for virtual machine migrations. The dedicated migration network should only be accessible by the virtual machine hosts to maximize security.

• Question 605:

  A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization's customer database. The database will be accessed by both the company's users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO).

  A. Physical penetration test of the datacenter to ensure there are appropriate controls.

  B. Penetration testing of the solution to ensure that the customer data is well protected.

  C. Security clauses are implemented into the contract such as the right to audit.

  D. Review of the organizations security policies, procedures and relevant hosting certifications.

  E. Code review of the solution to ensure that there are no back doors located in the software.

  Correct Answer: CD

  Due diligence refers to an investigation of a business or person prior to signing a contract. Due diligence verifies information supplied by vendors with regards to processes, financials, experience, and performance. Due diligence should verify the data supplied in the RFP and concentrate on the following: Company profile, strategy, mission, and reputation Financial status, including reviews of audited financial statements Customer references, preferably from companies that have outsourced similar processes Management qualifications, including criminal background checks Process expertise, methodology, and effectiveness

  Quality initiatives and certifications Technology, infrastructure stability, and applications Security and audit controls

  Legal and regulatory compliance, including any outstanding complaints or litigation

  Use of subcontractors Insurance Disaster recovery and business continuity policies C and D form part of Security and audit controls.

• Question 606:

  A developer is determining the best way to improve security within the code being developed. The developer is focusing on input fields where customers enter their credit card details. Which of the following techniques, if implemented in the code, would be the MOST effective in protecting the fields from malformed input?

  A. Client side input validation

  B. Stored procedure

  C. Encrypting credit card details

  D. Regular expression matching

  Correct Answer: D

  Regular expression matching is a technique for reading and validating input, particularly in web software. This question is asking about securing input fields where customers enter their credit card details. In this case, the expected input into the credit card number field would be a sequence of numbers of a certain length. We can use regular expression matching to verify that the input is indeed a sequence of numbers. Anything that is not a sequence of numbers could be malicious code.

• Question 607:

  An insurance company is looking to purchase a smaller company in another country. Which of the following tasks would the security administrator perform as part of the security due diligence?

  A. Review switch and router configurations

  B. Review the security policies and standards

  C. Perform a network penetration test

  D. Review the firewall rule set and IPS logs

  Correct Answer: B

  IT security professionals should have a chance to review the security controls and practices of a company targeted for acquisition. Any irregularities that are found should be reported to management so that expenses and concerns are properly identified.

• Question 608:

  A security tester is testing a website and performs the following manual query:

  https://www.comptia.com/cookies.jsp?products=5%20and%201=1

  The following response is received in the payload:

  "ORA-000001: SQL command not properly ended"

  Which of the following is the response an example of?

  A. Fingerprinting

  B. Cross-site scripting

  C. SQL injection

  D. Privilege escalation

  Correct Answer: A

  This is an example of Fingerprinting. The response to the code entered includes "ORA-000001" which tells the attacker that the database software being used is Oracle.

  Fingerprinting can be used as a means of ascertaining the operating system of a remote computer on a network. Fingerprinting is more generally used to detect specific versions of applications or protocols that are run on network servers. Fingerprinting can be accomplished "passively" by sniffing network packets passing between hosts, or it can be accomplished "actively" by transmitting specially created packets to the target machine and analyzing the response.

• Question 609:

  An administrator believes that the web servers are being flooded with excessive traffic from time to time. The administrator suspects that these traffic floods correspond to when a competitor makes major announcements. Which of the following should the administrator do to prove this theory?

  A. Implement data analytics to try and correlate the occurrence times.

  B. Implement a honey pot to capture traffic during the next attack.

  C. Configure the servers for high availability to handle the additional bandwidth.

  D. Log all traffic coming from the competitor's public IP addresses.

  Correct Answer: A

  There is a time aspect to the traffic flood and if you correlate the data analytics with the times that the incidents happened, you will be able to prove the theory.

• Question 610:

  A security administrator wants to allow external organizations to cryptographically validate the company's domain name in email messages sent by employees. Which of the following should the security administrator implement?

  A. SPF

  B. S/MIME

  C. TLS

  D. DKIM

  Correct Answer: D