BraindumpStudy. BraindumpStudy Exam Dumps, High Pass Rate!

Transcription

1 BraindumpStudy BraindumpStudy Exam Dumps, High Pass Rate!

2 Exam : CAS-003 Title : CompTIA Advanced Security Practitioner (CASP) Vendor : CompTIA Version : DEMO Get Latest & Valid CAS-003 Exam's Question and Answers 1 from Braindumpstudy.com. 1

3 NO.1 An organization is concerned with potential data loss in the event of a disaster, and created a backup datacenter as a mitigation strategy. The current storage method is a single NAS used by all servers in both datacenters. Which of the following options increases data availability in the event of a datacenter failure? A. Ensure each server has two HBAs connected through two routes to the NAS. B. Establish deduplication across diverse storage paths. C. Establish a SAN that replicates between datacenters. D. Replicate NAS changes to the tape backups at the other datacenter. Answer: C A SAN is a Storage Area Network. It is an alternative to NAS storage. SAN replication is a technology that replicates the data on one SAN to another SAN; in this case, it would replicate the data to a SAN in the backup datacenter. In the event of a disaster, the SAN in the backup datacenter would contain all the data on the original SAN. Array-based replication is an approach to data backup in which compatible storage arrays use built-in software to automatically copy data from one storage array to another. Array-based replication software runs on one or more storage controllers resident in disk storage systems, synchronously or asynchronously replicating data between similar storage array models at the logical unit number (LUN) or volume block level. The term can refer to the creation of local copies of data within the same array as the source data, as well as the creation of remote copies in an array situated off site. NO.2 Given the following: Which of the following vulnerabilities is present in the above code snippet? A. SQL-based string concatenation B. DOM-based injection C. Disclosure of database credential D. Information disclosure in comments Answer: D NO.3 A database administrator is required to adhere to and implement privacy principles when executing daily tasks. A manager directs the administrator to reduce the number of unique instances of PII stored within an organization's systems to the greatest extent possible. Which of the following principles is being demonstrated? A. Data minimization B. Record transparency C. Administrator accountability D. PII security Answer: A Get Latest & Valid CAS-003 Exam's Question and Answers 2 from Braindumpstudy.com. 2

4 NO.4 Legal counsel has notified the information security manager of a legal matter that will require the preservation of electronic records for 2000 sales force employees. Source records will be , PC, network shares, and applications. After all restrictions have been lifted, which of the following should the information manager review? A. Chain of custody B. Legal hold C. Scope statement D. Data retention policy NO.5 An insurance company has two million customers and is researching the top transactions on its customer portal. It identifies that the top transaction is currently password reset. Due to users not remembering their secret questions, a large number of calls are consequently routed to the contact center for manual password resets. The business wants to develop a mobile application to improve customer engagement in the future, continue with a single factor of authentication, minimize management overhead of the solution, remove passwords, and eliminate to the contact center. Which of the following techniques would BEST meet the requirements? (Choose two.) A. SMS with OTP sent to a mobile number B. Magic link sent to an address C. Certificate sent to be installed on a device D. Third-party social login E. Customer ID sent via push notification F. Hardware tokens sent to customers Answer: A,C NO.6 A security administrator wants to deploy a dedicated storage solution which is inexpensive, can natively integrate with AD, allows files to be selectively encrypted and is suitable for a small number of users at a satellite office. Which of the following would BEST meet the requirement? A. NAS B. Virtual SAN C. SAN D. Virtual storage Answer: A A NAS is an inexpensive storage solution suitable for small offices. Individual files can be encrypted by using the EFS (Encrypted File System) functionality provided by the NTFS file system. NAS typically uses a common Ethernet network and can provide storage services to any authorized devices on that network. Two primary NAS protocols are used in most environments. The choice of protocol depends largely on the type of computer or server connecting to the storage. Network File System (NFS) protocol usually used by servers to access storage in a NAS environment. Common Internet File System (CIFS), also sometimes called Server Message Block (SMB), is usually used for desktops, especially those running Microsoft Windows. Unlike DAS and SAN, NAS is a file-level storage technology. This means the NAS appliance maintains Get Latest & Valid CAS-003 Exam's Question and Answers 3 from Braindumpstudy.com. 3

5 and controls the files, folder structures, permission, and attributes of the data it holds. A typical NAS deployment integrates the NAS appliance with a user database, such as Active Directory, so file permissions can be assigned based on established users and groups. With Active Directory integration, most Windows New Technology File System (NTFS) permissions can be set on the files contained on a NAS device. NO.7 The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company's contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO). A. Notify customers when services they run are involved in an attack. B. Scan the ISP's customer networks using an up-to-date vulnerability scanner. C. Prevent the ISP's customers from querying DNS servers other than those hosted by the ISP. D. Block traffic from the ISP's networks destined for blacklisted IPs. E. Block traffic with an IP source not allocated to customers from exiting the ISP's network. Answer: A,E Since DDOS attacks can originate from nay different devices and thus makes it harder to defend against, one way to limit the company's contribution to DDOS attacks is to notify customers about any DDOS attack when they run services that are under attack. The company can also block IP sources that are not allocated to customers from the existing SIP's network. NO.8 A company is transitioning to a new VDI environment, and a system engineer is responsible for developing a sustainable security strategy for the VDIs. Which of the following is the MOST appropriate order of steps to be taken? A. Baseline, antivirus, OS patching, monitoring agent, HIDS, firmware update B. OS patching, baseline, HIDS, antivirus, monitoring agent, firmware update C. Firmware update, OS patching, HIDS, antivirus, baseline, monitoring agent D. Firmware update, OS patching, HIDS, antivirus, monitoring agent, baseline Answer: C NO.9 Which of the following technologies prevents an unauthorized HBA from viewing iscsi target information? A. Deduplication B. LUN masking C. Storage multipaths D. Data snapshots A logical unit number (LUN) is a unique identifier that designates individual hard disk devices or grouped devices for address by a protocol associated with a SCSI, iscsi, Fibre Channel (FC) or similar interface. LUNs are central to the management of block storage arrays shared over a storage area network (SAN). LUN masking subdivides access to a given port. Then, even if several LUNs are accessed through the Get Latest & Valid CAS-003 Exam's Question and Answers 4 from Braindumpstudy.com. 4

6 same port, the server masks can be set to limit each server's access to the appropriate LUNs. LUN masking is typically conducted at the host bus adapter (HBA) or switch level. NO.10 The risk manager has requested a security solution that is centrally managed, can easily be updated, and protects end users' workstations from both known and unknown malicious attacks when connected to either the office or home network. Which of the following would BEST meet this requirement? A. UTM B. NIPS C. HIPS D. Antivirus E. DLP Answer: C In this question, we need to protect the workstations when connected to either the office or home network. Therefore, we need a solution that stays with the workstation when the user takes the computer home. A HIPS (Host Intrusion Prevention System) is software installed on a host which monitors the host for suspicious activity by analyzing events occurring within that host with the aim of detecting and preventing intrusion. Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. NO.11 Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in secure environment? A. SLA B. MOU C. BIA D. NDA Answer: A NO.12 A security technician is incorporating the following requirements in an RFP for a new SIEM: * New security notifications must be dynamically implemented by the SIEM engine * The SIEM must be able to identify traffic baseline anomalies * Anonymous attack data from all customers must augment attack detection and risk scoring Based on the above requirements, which of the following should the SIEM support? (Choose two.) Get Latest & Valid CAS-003 Exam's Question and Answers 5 from Braindumpstudy.com. 5

7 A. Cloud-based management B. Big Data analytics C. Multisensor deployment D. Autoscaling search capability E. Machine learning F. Centralized log aggregation,e NO.13 A security engineer is a new member to a configuration board at the request of management. The company has two new major IT projects starting this year and wants to plan security into the application deployment. The board is primarily concerned with the applications' compliance with federal assessment and authorization standards. The security engineer asks for a timeline to determine when a security assessment of both applications should occur and does not attend subsequent configuration board meetings. If the security engineer is only going to perform a security assessment, which of the following steps in system authorization has the security engineer omitted? A. Consult with the stakeholders to determine which standards can be omitted B. Establish the security control baseline C. Build the application according to software development security standards D. Review the results of user acceptance testing A security baseline is the minimum level of security that a system, network, or device must adhere to. It is the initial point of reference for security and the document against which assessments would be done. NO.14 A user is suspected of engaging in potentially illegal activities. Law enforcement has requested that the user continue to operate on the network as normal. However, they would like to have a copy of any communications from the user involving certain key terms. Additionally, the law enforcement agency has requested that the user's ongoing communication be retained in the user's account for future investigations. Which of the following will BEST meet the goals of law enforcement? A. Perform a back up of the user's account. Next, export the applicable s that match the search terms. B. Place a legal hold on the user's account. Next, perform e-discovery searches to collect applicable s. C. Begin a chain-of-custody on for the user's communication. Next, place a legal hold on the user's account. D. Perform an e-discover using the applicable search terms. Next, back up the user's for a future investigation. A legal hold is a process that an organization uses to maintain all forms of pertinent information when legal action is reasonably expected. E-discovery refers to discovery in litigation or government investigations that manages the exchange of electronically stored information (ESI). ESI includes Get Latest & Valid CAS-003 Exam's Question and Answers 6 from Braindumpstudy.com. 6

8 and office documents, photos, video, databases, and other filetypes. NO.15 An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data leakage. Given that the ARO is twice per year, the ALE resulting from a data leak is $25,000 and the ALE after implementing the web filter is $15,000. The web filtering solution will cost the organization $10,000 per year. Which of the following values is the single loss expectancy of a data leakage event after implementing the web filtering solution? A. $15,000 B. $0 C. $7,500 D. $12,500 E. $10,000 Answer: C The annualized loss expectancy (ALE) is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as: ALE = ARO x SLE Single Loss Expectancy (SLE) is mathematically expressed as: Asset value (AV) x Exposure Factor (EF) SLE = AV x EF - Thus the Single Loss Expectancy (SLE) = ALE/ARO = $15,000 / 2 = $ 7,500 References: NO.16 A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented. The CISO wants to know upfront what the projected TCO would be before looking further into this concern. Two vendor proposals have been received: Vendor A: product-based solution which can be purchased by the pharmaceutical company. Capital expenses to cover central log collectors, correlators, storage and management consoles expected to be $150,000. Operational expenses are expected to be a 0.5 full time employee (FTE) to manage the solution, and 1 full time employee to respond to incidents per year. Vendor B: managed service-based solution which can be the outsourcer for the pharmaceutical company's needs. Bundled offering expected to be $100,000 per year. Operational expenses for the pharmaceutical company to partner with the vendor are expected to be a 0.5 FTE per year. Internal employee costs are averaged to be $80,000 per year per FTE. Based on calculating TCO of the two vendor proposals over a 5 year period, which of the following options is MOST accurate? A. Based on cost alone, both outsourced an in-sourced solutions appear to be the same. B. Based on cost alone, having an outsourced solution appears cheaper. C. Based on cost alone, having an outsourced solution appears to be more expensive. D. Based on cost alone, having a purchased product solution appears cheaper. The costs of making use of an outsources solution will actually be a savings for the company thus the outsourced solution is a cheaper option over a 5 year period because it amounts to 0,5 FTE per year for the company and at present the company expense if $80,000 per year per FTE. Get Latest & Valid CAS-003 Exam's Question and Answers 7 from Braindumpstudy.com. 7

9 For the company to go alone it will cost $80,000 per annum per FTE = $400,000 over 5 years. With Vendor a $150,000 + $200,000 (1/2 FTE) = $350,000 With Vendor B = $100,000 it will be more expensive. References: Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, p. 130 NO.17 Company policy requires that all company laptops meet the following baseline requirements: Software requirements: Antivirus Anti-malware Anti-spyware Log monitoring Full-disk encryption Terminal services enabled for RDP Administrative access for local users Hardware restrictions: Bluetooth disabled FireWire disabled WiFi adapter disabled Ann, a web developer, reports performance issues with her laptop and is not able to access any network resources. After further investigation, a bootkit was discovered and it was trying to access external websites. Which of the following hardening techniques should be applied to mitigate this specific issue from reoccurring? (Select TWO). A. Restrict VPN access for all mobile users B. Remove full-disk encryption C. Restrict/disable USB access D. Remove administrative access to local users E. Perform vulnerability scanning on a daily basis F. Group policy to limit web access G. Restrict/disable TELNET access to network resources Answer: C,D A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed (for example, to an unauthorized user) while at the same time masking its existence or the existence of other software. A bootkit is similar to a rootkit except the malware infects the master boot record on a hard disk. Malicious software such as bootkits or rootkits typically require administrative privileges to be installed. Therefore, one method of preventing such attacks is to remove administrative access for local users. A common source of malware infections is portable USB flash drives. The flash drives are often plugged into less secure computers such as a user's home computer and then taken to work and plugged in to a work computer. We can prevent this from happening by restricting or disabling access Get Latest & Valid CAS-003 Exam's Question and Answers 8 from Braindumpstudy.com. 8

10 to USB devices. NO.18 The Chief Information Security Officer (CISO) for an organization wants to develop custom IDS rulesets faster, prior to new rules being released by IDS vendors. Which of the following BEST meets this objective? A. Encourage cybersecurity analysts to review open-source intelligence products and threat database to generate new IDS rules based on those sources B. Use annual hacking conventions to document the latest attacks and threats, and then develop IDS rules to counter those threats C. Identify a third-party source for IDS rules and change the configuration on the applicable IDSs to pull in the new rulesets D. Leverage the latest TCP- and UDP-related RFCs to arm sensors and IDSs with appropriate heuristics for anomaly detection Answer: A NO.19 ABC Corporation uses multiple security zones to protect systems and information, and all of the VM hosts are part of a consolidated VM infrastructure. Each zone has different VM administrators. Which of the following restricts different zone administrators from directly accessing the console of a VM host from another zone? A. Ensure hypervisor layer firewalling between all VM hosts regardless of security zone. B. Organize VM hosts into containers based on security zone and restrict access using an ACL. C. Maintain a separate virtual switch for each security zone and ensure VM hosts bind to only the correct virtual NIC(s). D. Require multi-factor authentication when accessing the console at the physical VM host. Access Control Lists (ACLs) are used to restrict access to the console of a virtual host. Virtual hosts are often managed by centralized management servers (for example: VMware vcenter Server). You can create logical containers that can contain multiple hosts and you can configure ACLs on the containers to provide access to the hosts within the container. NO.20 The marketing department has developed a new marketing campaign involving significant social media outreach. The campaign includes allowing employees and customers to submit blog posts and pictures of their day-to-day experiences at the company. The information security manager has been asked to provide an informative letter to all participants regarding the security risks and how to avoid privacy and operational security issues. Which of the following is the MOST important information to reference in the letter? A. After-action reports from prior incidents. B. Data classification processes C. Social engineering techniques D. Company policies and employee NDAs Answer: D Get Latest & Valid CAS-003 Exam's Question and Answers 9 from Braindumpstudy.com. 9