CompTIA CAS-003 Online Practice Questions and Exam Preparation

CompTIA CAS-003 Online Questions & Answers

• Question 611:

  A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable.

  Which of the following solutions BEST meets all of the architect's objectives?

  A. An internal key infrastructure that allows users to digitally sign transaction logs
  B. An agreement with an entropy-as-a-service provider to increase the amount of randomness in generated keys.
  C. A publicly verified hashing algorithm that allows revalidation of message integrity at a future date.
  D. An open distributed transaction ledger that requires proof of work to append entries.
  A. An internal key infrastructure that allows users to digitally sign transaction logs

• Question 612:

  A security engineer discovers a PC may have been breached and accessed by an outside agent. The engineer wants to find out how this breach occurred before remediating the damage. Which of the following should the security engineer do FIRST to begin this investigation?

  A. Create an image of the hard drive
  B. Capture the incoming and outgoing network traffic
  C. Dump the contents of the RAM
  D. Parse the PC logs for information on the attacker.
  A. Create an image of the hard drive

• Question 613:

  During a security event investigation, a junior analyst fails to create an image of a server's hard drive before removing the drive and sending it to the forensics analyst. Later, the evidence from the analysis is not usable in the prosecution of the attackers due to the uncertainty of tampering. Which of the following should the junior analyst have followed?

  A. Continuity of operations
  B. Chain of custody
  C. Order of volatility
  D. Data recovery
  C. Order of volatility

• Question 614:

  A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place, as well as allow for the upload of commands from a centralized command and control answer. The total cost of the device must be kept to a minimum in case the device is discovered during an assessment. Which of the following tools should the engineer load onto the device being designed?

  A. Custom firmware with rotating key generation
  B. Automatic MITM proxy
  C. TCP beacon broadcast software
  D. Reverse shell endpoint listener
  B. Automatic MITM proxy

• Question 615:

  Following a recent and very large corporate merger, the number of log files an SOC needs to review has approximately tripled. The Chief Information Security Officer (CISO) has not been allowed to hire any more staff for the SOC, but is looking for other ways to automate the log review process so the SOC receives less noise. Which of the following would BEST reduce log noise for the SOC?

  A. SIEM filtering
  B. Machine learning
  C. Outsourcing
  D. Centralized IPS
  A. SIEM filtering

• Question 616:

  A security administrator is updating corporate policies to respond to an incident involving collusion between two systems administrators that went undetected for more than six months.

  Which of the following policies would have MOST likely uncovered the collusion sooner? (Choose two.)

  A. Mandatory vacation
  B. Separation of duties
  C. Continuous monitoring
  D. Incident response
  E. Time-of-day restrictions
  F. Job rotation
  B. Separation of duties
  F. Job rotation

• Question 617:

  An administrator wants to enable policy based flexible mandatory access controls on an open source OS to prevent abnormal application modifications or executions. Which of the following would BEST accomplish this?

  A. Access control lists
  B. SELinux
  C. IPtables firewall
  D. HIPS
  B. SELinux

  ---

  The most common open source operating system is LINUX.

  Security-Enhanced Linux (SELinux) was created by the United States National Security Agency (NSA) and is a Linux kernel security module that provides a mechanism for supporting access control security policies, including United States Department of Defensetyle mandatory access controls (MAC).

  NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications.

• Question 618:

  A pentester must attempt to crack passwords on a windows domain that enforces strong complex passwords. Which of the following would crack the MOST passwords in the shortest time period?

  A. Online password testing
  B. Rainbow tables attack
  C. Dictionary attack
  D. Brute force attack
  B. Rainbow tables attack

  ---

  The passwords in a Windows (Active Directory) domain are encrypted.

  When a password is "tried" against a system it is "hashed" using encryption so that the actual password is never sent in clear text across the communications line. This prevents eavesdroppers from intercepting the password. The hash of a password usually looks like a bunch of garbage and is typically a different length than the original password. Your password might be "shitzu" but the hash of your password would look something like "7378347eedbfdd761619451949225ec1".

  To verify a user, a system takes the hash value created by the password hashing function on the client computer and compares it to the hash value stored in a table on the server. If the hashes match, then the user is authenticated and granted access.

  Password cracking programs work in a similar way to the login process. The cracking program starts by taking plaintext passwords, running them through a hash algorithm, such as MD5, and then compares the hash output with the hashes in the stolen password file. If it finds a match then the program has cracked the password.

  Rainbow Tables are basically huge sets of precomputed tables filled with hash values that are pre-matched to possible plaintext passwords. The Rainbow Tables essentially allow hackers to reverse the hashing function to determine what the plaintext password might be.

  The use of Rainbow Tables allow for passwords to be cracked in a very short amount of time compared with brute-force methods, however, the trade-off is that it takes a lot of storage (sometimes Terabytes) to hold the Rainbow Tables themselves.

• Question 619:

  Within change management, winch of the following ensures functions are earned out by multiple employees?

  A. Least privilege
  B. Mandatory vacation
  C. Separator of duties
  D. Job rotation
  A. Least privilege

• Question 620:

  Given the following information about a company's internal network:

  User IP space: 192.168.1.0/24

  Server IP space: 192.168.192.0/25

  A security engineer has been told that there are rogue websites hosted outside of the proper server space, and those websites need to be identified. Which of the following should the engineer do?

  A. Use a protocol analyzer on 192.168.1.0/24
  B. Use a port scanner on 192.168.1.0/24
  C. Use an HTTP interceptor on 192.168.1.0/24
  D. Use a port scanner on 192.168.192.0/25
  E. Use a protocol analyzer on 192.168.192.0/25
  F. Use an HTTP interceptor on 192.168.192.0/25
  B. Use a port scanner on 192.168.1.0/24