CompTIA CompTIA Certifications CAS-003 Questions & Answers

• Question 671:

  A security administrator is concerned about the increasing number of users who click on malicious links contained within phishing emails. Although the company has implemented a process to block these links at the network perimeter, many accounts are still becoming compromised. Which of the following should be implemented for further reduce the number of account compromises caused by remote users who click these links?

  A. Anti-spam gateways

  B. Security awareness training

  C. URL rewriting

  D. Internal phishing campaign

  Correct Answer: B

• Question 672:

  A university's help desk is receiving reports that Internet access on campus is not functioning. The network administrator looks at the management tools and sees the 1Gbps Internet is completely saturated with ingress traffic. The administrator sees the following output on the Internet router:

  

  The administrator calls the university's ISP for assistance, but it takes more than four hours to speak to a network engineer who can resolve the problem. Based on the information above, which of the following should the ISP engineer do to resolve the issue?

  A. The ISP engineer should null route traffic to the web server immediately to restore Internet connectivity. The university should implement a remotely triggered black hole with the ISP to resolve this more quickly in the future.

  B. A university web server is under increased load during enrollment. The ISP engineer should immediately increase bandwidth to 2Gbps to restore Internet connectivity. In the future, the university should pay for more bandwidth to handle spikes in web server traffic.

  C. The ISP engineer should immediately begin blocking IP addresses that are attacking the web server to restore Internet connectivity. In the future, the university should install a WAF to prevent this attack from happening again.

  D. The ISP engineer should begin refusing network connections to the web server immediately to restore Internet connectivity on campus. The university should purchase an IPS device to stop DDoS attacks in the future.

  Correct Answer: D

• Question 673:

  A Chief Information Security Officer (CISO) of a large financial institution undergoing an IT transformation program wants to embed security across the business rapidly and across as many layers of the business as possible to achieve quick

  wins and reduce risk to the organization. Which of the following business areas should the CISO target FIRST to best meet the objective?

  A. Programmers and developers should be targeted to ensure secure coding practices, including automated code reviews with remediation processes, are implemented immediately.

  B. Human resources should be targeted to ensure all new employees undertake security awareness and compliance training to reduce the impact of phishing and ransomware attacks.

  C. The project management office should be targeted to ensure security is managed and included at all levels of the project management cycle for new and in-flight projects.

  D. Risk assurance teams should be targeted to help identify key business unit security risks that can be aggregated across the organization to produce a risk posture dashboard for executive management.

  Correct Answer: D

• Question 674:

  A Chief Information Security Officer (CISO) implemented MFA for all accounts in parallel with the BYOD policy. After the implementation, employees report the increased authentication method is causing increased time to tasks. This applies both to accessing the email client on the workstation and the online collaboration portal. Which of the following should be the CISO implement to address the employees' concerns?

  A. Create an exception for the company's IPs.

  B. Implement always-on VPN.

  C. Configure the use of employee PKI authentication for email.

  D. Allow the use of SSO.

  Correct Answer: D

• Question 675:

  A security analyst, who is working in a Windows environment, has noticed a significant amount of IPv6 traffic originating from a client, even though IPv6 is not currently in use. The client is a stand-alone device, not connected to the AD that manages a series of SCADA devices used for manufacturing.

  Which of the following is the appropriate command to disable the client's IPv6 stack?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: C

• Question 676:

  A security firm is writing a response to an RFP from a customer that is building a new network based software product. The firm's expertise is in penetration testing corporate networks. The RFP explicitly calls for all possible behaviors of the product to be tested, however, it does not specify any particular method to achieve this goal. Which of the following should be used to ensure the security and functionality of the product? (Select TWO).

  A. Code review

  B. Penetration testing

  C. Grey box testing

  D. Code signing

  E. White box testing

  Correct Answer: AE

  A Code review refers to the examination of an application (the new network based software product in this case) that is designed to identify and assess threats to the organization.

  White box testing assumes that the penetration test team has full knowledge of the network and the infrastructure per se thus rendering the testing to follow a more structured approach.

• Question 677:

  A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?

  A. The malware file's modify, access, change time properties.

  B. The timeline analysis of the file system.

  C. The time stamp of the malware in the swap file.

  D. The date/time stamp of the malware detection in the antivirus logs.

  Correct Answer: B

  Timelines can be used in digital forensics to identify when activity occurred on a computer. Timelines are mainly used for data reduction or identifying specific state changes that have occurred on a computer.

• Question 678:

  An administrator has enabled salting for users' passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO).

  A. /etc/passwd

  B. /etc/shadow

  C. /etc/security

  D. /etc/password

  E. /sbin/logon

  F. /bin/bash

  Correct Answer: AB

  In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes a password or passphrase. In this question, enabling salting for users' passwords means to store the passwords in an encrypted format.

  Traditional Unix systems keep user account information, including one-way encrypted passwords, in a text file called ``/etc/passwd''. As this file is used by many tools (such as ``ls'') to display file ownerships, etc. by matching user id #'s with the user's names, the file needs to be world-readable. Consequentially, this can be somewhat of a security risk.

  Another method of storing account information is with the shadow password format. As with the traditional method, this method stores account information in the /etc/passwd file in a compatible format. However, the password is stored as a single "x" character (ie. not actually stored in this file). A second file, called ``/etc/shadow'', contains encrypted password as well as other information such as account or password expiration values, etc.

• Question 679:

  A company has noticed recently that its corporate information has ended up on an online forum. An investigation has identified that internal employees are sharing confidential corporate information on a daily basis. Which of the following are the MOST effective security controls that can be implemented to stop the above problem? (Select TWO).

  A. Implement a URL filter to block the online forum

  B. Implement NIDS on the desktop and DMZ networks

  C. Security awareness compliance training for all employees

  D. Implement DLP on the desktop, email gateway, and web proxies

  E. Review of security policies and procedures

  Correct Answer: CD

  Security awareness compliance training for all employees should be implemented to educate employees about corporate policies and procedures for working with information technology (IT). Data loss prevention (DLP) should be implemented to make sure that users do not send sensitive or critical information outside the corporate network.

• Question 680:

  The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company's contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select

  TWO).

  A. Block traffic from the ISP's networks destined for blacklisted IPs.

  B. Prevent the ISP's customers from querying DNS servers other than those hosted by the ISP.

  C. Scan the ISP's customer networks using an up-to-date vulnerability scanner.

  D. Notify customers when services they run are involved in an attack.

  E. Block traffic with an IP source not allocated to customers from exiting the ISP's network.

  Correct Answer: DE

  Since DDOS attacks can originate from nay different devices and thus makes it harder to defend against, one way to limit the company's contribution to DDOS attacks is to notify customers about any DDOS attack when they run services that are under attack. The company can also block IP sources that are not allocated to customers from the existing SIP's network.