CompTIA CompTIA Advanced Security Practitioner CAS-003 Questions & Answers

• Question 781:

  Drag and drop the cloud deployment model to the associated use-case scenario. Options may be used only once or not at all.

  Select and Place:

  

  Correct Answer:

  

• Question 782:

  A security administrator must configure the database server shown below the comply with the four requirements listed. Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement. Answer options may be used once or not at all.

  

  Select and Place:

  

  Correct Answer:

  

• Question 783:

  DRAG DROP

  A vulnerability scan with the latest definitions was performed across Sites A and B.

  INSTRUCTIONS

  Match each relevant finding to the affected host.

  After associating the finding with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

  Each finding may be used more than once.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. Select and Place:

  

  Correct Answer:

  

• Question 784:

  SIMULATION

  Compliance with company policy requires a quarterly review of firewall rules. A new administrator is asked to conduct this review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more

  restrictive. Given the following information answer the questions below:

  User Subnet: 192.168.1.0/24 Server Subnet: 192.168.2.0/24 Finance Subnet:192.168.3.0/24

  Instructions: To perform the necessary tasks, please modify the DST port, Protocol, Action, and/or Rule Order columns. Firewall ACLs are read from the top down

  Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working. Identify the rule and correct this issue.

  Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to allow communications.

  Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue.

  Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is allowed.

  Check the solution below.

  

  Check the answer below

  

  Correct Answer: Check the answer in explanation.

  Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working. Identify the rule and correct this issue.

  The rule shown in the image below is the rule in question. It is not working because the action is set to Deny.

  This needs to be set to Permit.

  Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to allow communications.

  The web servers rule is shown in the image below. Port 80 (HTTP) needs to be changed to port 443 for HTTPS (HTTP over SSL).

  Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue.

  The SQL Server rule is shown in the image below. It is not working because the protocol is wrong. It should be TCP, not UDP.

  Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is allowed.

  The network time rule is shown in the image below.

  However, this rule is not being used because the `any' rule shown below allows all traffic and the rule is placed above the network time rule. To block all other traffic, the `any' rule needs to be set to Deny, not Permit and the rule needs to be

  placed below all the other rules (it needs to be placed at the bottom of the list to the rule is enumerated last).

• Question 785:

  SIMULATION

  As a security administrator, you are asked to harden a server running Red Hat Enterprise Server 5.5 64-bit.

  This server is being used as a DNS and time server. It is not used as a database, web server, or print server. There are no wireless connections to the server, and it does not need to print.

  The command window will be provided along with root access. You are connected via a secure shell with root access.

  You may query help for a list of commands.

  Instructions:

  You need to disable and turn off unrelated services and processes.

  It is possible to simulate a crash of your server session. The simulation can be reset, but the server cannot be rebooted. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  Correct Answer: Check the answer in explanation.

  See the explanation below In Order to deactivate web services, database services and print service, we can do following things 1) deactivate its services /etc/init.d/apache2 stop /etc/init.d/mysqld stop 2) close ports for these services Web Server

  iptables -I INPUT -p tcp -m tcp --dport 443 -j REJECTservice iptables save Print Server iptables -I INPUT -p tcp -m tcp --dport 631 -j REJECTservice iptables save

  Database Server iptables -I INPUT -p tcp -m tcp --dport <> -j REJECTservice iptables save 3) Kill the process any running for the same ps -aef|grep mysql kill -9 <>

• Question 786:

  SIMULATION

  Correct Answer: Check the answer in explanation.

  

  

  Please see the explanation below

  Step 1: Verify that the certificate is valid or not. In case of any warning message, cancel the download.

  Step 2: If certificate issue is not there then, download the file in your system.

  Step 3: Calculate the hash value of the downloaded file.

  Step 4: Match the hash value of the downloaded file with the one which you selected on the website.

  Step 5: Install the file if the hash value matches.

• Question 787:

  SIMULATION

  

  Compliance with company policy requires a quarterly review of firewall rules. You are asked to conduct a review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more secure. Given

  the following information perform the tasks listed below:

  Untrusted zone: 0.0.0.0/0

  User zone: USR 10.1.1.0/24

  User zone: USR2 10.1.2.0/24

  DB zone: 10.1.0/24

  Web application zone: 10.1.5.0/24

  Management zone: 10.1.10.0/24 Web server: 10.1.5.50 MS-SQL server: 10.1.4.70

  MGMT platform: 10.1.10.250

  Task 1) A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.

  Task 2) The firewall must be configured so that the SQL server can only receive requests from the web server.

  Task 3) The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.

  Task 4) Ensure the final rule is an explicit deny.

  Task 5) Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.

  Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation

  requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

  Correct Answer: Check the answer in explanation.

  Explanation:

  Task 1: A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.

  In Rule no. 1 edit the Action to Deny to block internet access from the management platform.

  

  Task 2: The firewall must be configured so that the SQL server can only receive requests from the web server. In Rule no. 6 from top, edit the Action to be Permit.

  

  Task 3: The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.

  In rule no. 5 from top, change the DST port to Any from 80 to allow all unencrypted traffic.

  

  Task 4: Ensure the final rule is an explicit deny

  Enter this at the bottom of the access list i.e. the line at the bottom of the rule:

  

  Task 5: Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only. In Rule number 4 from top, edit the DST port to 443 from 80

  

• Question 788:

  SIMULATION

  An administrator wants to install a patch to an application.

  INSTRUCTIONS

  Given the scenario, download, verify, and install the patch in the most secure manner.

  The last install that is completed will be the final submission.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  Correct Answer: See the explanation below.

  In this case the second link should be used (This may vary in actual exam). The first link showed the following error so it should not be used.

  

  Also, Two of the link choices used HTTP and not HTTPS as shown when hovering over the links as shown:

  

  Since we need to do this in the most secure manner possible, they should not be used.

  Finally, the second link was used and the MD5 utility of MD5sum should be used on the install.exe file as shown. Make sure that the hash matches.

  

  Finally, type in install.exe to install it and make sure there are no signature verification errors.

• Question 789:

  SIMULATION

  As a security administrator, you are asked to harden a server running Red Hat Enterprise Server 5.5 64-bit.

  This server is being used as a DNS and time server. It is not used as a database, web server, or print server. There are no wireless connections to the server, and it does not need to print.

  The command window will be provided along with root access. You are connected via a secure shell with root access.

  You may query help for a list of commands.

  Instructions:

  You need to disable and turn off unrelated services and processes.

  It is possible to simulate a crash of your server session. The simulation can be reset, but the server cannot be rebooted.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  Correct Answer: See the explanation below.

  

  

• Question 790:

  SIMULATION

  You are a security analyst tasked with interpreting an Nmap scan output from Company A's privileged network.

  The company's hardening guidelines indicate the following:

  1.

  There should be one primary server or service per device.

  2.

  Only default ports should be used.

  3.

  Non-secure protocols should be disabled.

  INSTRUCTIONS

  Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed. For each device found, add a device entry to the Devices Discovered list, with the following information:

  1.

  The IP address of the device

  2.

  The primary server or service of the device

  3.

  The protocol(s) that should be disabled based on the hardening guidelines

  To select multiple protocols, use CTRL+CLICK.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  Correct Answer: Check the answer in explanation.

  10.1.45.65 -FTP Server -Disable 8080

  10.1.45.66 -Email Serve -Disable 25 and 415

  10.1.45.67 -Web Server -Disable 21, 80

  10.1.45.68 -UTM Appliance -Disable 21