Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CASP Bootcamp > 24 CASP Questions > Flashcards

24 CASP Questions Flashcards

1
Q

A company has decided to replace all the T-1 uplinks at each regional office and move away from using the existing MPLS network. All regional sites will use high-speed connections and VPNs to connect back to the main campus. Which of the following devices would MOST likely be added at each location?

  • SIEM
  • IDS/IPS
  • Proxy server
  • Firewall
  • Router
A
  • Firewall
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The director of sales asked the development team for some small changes to increase the usability of an application used by the sales team. Prior security reviews of the code showed no significant vulnerabilities, and since the changes were small, they were given a peer review and then pushed to the live environment. Subsequent vulnerability scans now show numerous flaws that were not present in the previous versions of the code. Which of the following is an SDLC best practice that should have been followed?

A. Versioning
B. Regression testing
C. Continuous integration
D. Integration testing

A

B. Regression testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A government organization operates and maintains several ICS environments. The categorization of one of the ICS environments led to a moderate baseline. The organization has compiled a set of applicable security controls based on this categorization. Given that this is a unique environment, which of the following should the organization do NEXT to determine if other security controls should be considered?

A. Check for any relevant or required overlays
B. Review enhancements within the current control set
C. Modify to a high-baseline set of controls
D. Perform continuous monitoring

A

C. Modify to a high-baseline set of controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place, as well as allow for the upload of commands from a centralized command and control server. The total cost of the device must be kept to a minimum in case the device is discovered during an assessment. Which of the following tools should the engineer load onto the device being designed?

A. Custom firmware with rotating key generation
B. Automatic MITM proxy
C. TCP beacon broadcast software
D. Reverse shell endpoint listener

A

D. Reverse shell endpoint listener

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An internal application has been developed to increase the efficiency of an operational process of a global manufacturer. New code was implemented to fix a security bug, but it has caused operations to halt. The executive team has decided fixing the security bug is less important than continuing operations. Which of the following would BEST support immediate rollback of the failed fix? (Select TWO).

A.	Version control
B.	Agile development
C.	Waterfall development
D.	Change management
E.	Continuous integration
F.	Regression testing
A

A. Version control

D. Change management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An enterprise is trying to secure a specific web-based application by forcing the use of multifactor authentication. Currently, the enterprise cannot change the application’s sign-in page to include an extra field. However, the web-based application supports SAML. Which of the following would BEST secure the application?

A. Using an SSO application that supports multifactor authentication
B. Enabling the web application to support LDAP integration
C. Forcing higher-complexity passwords and frequent changes
D. Deploying Shibboleth to all web-based applications in the enterprise

A

A. Using an SSO application that supports multifactor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A project manager is working with a software development group to collect and evaluate user scenarios related to the organizations internally designed data analytics tool. While reviewing stakeholder input, the project manager would like to formally document the needs of the various stakeholders and the associated organizational compliance objectives supported by the project. Which of the following would be MOST appropriate to use?

A. Roles Matrix
B. Peer review
C. BIA
D. SRTM

A

D. SRTM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A systems administrator has deployed the latest patches for Windows-based machines. However, the users on the network are experiencing exploits from various threat actors, which the patches should have corrected. Which of the following is the MOST likely scenario?

A. The machines were infected with malware
B. The users did not reboot the computer after the patches were deployed
C. The systems administrator used invalid credentials to deploy the patches
D. The patches were deployed on non-Windows-based machines

A

C. The systems administrator used invalid credentials to deploy the patches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A development team is testing an in-house-developed application for bugs. During the test, the application crashes several times due to null pointer exceptions. Which of the following tools, if integrated into an IDE during coding, would identify these bugs routinely?

  • Issue tracker
  • Static code analyzer
  • Source code repository
  • Fuzzing utility
A
  • Fuzzing utility
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An engineer is reviewing the security architecture for an enterprise network. During the review, the engineer notices an undocumented node on the network. Which of the following approaches can be utilized to determine how this node operates? (Select TWO).

A. Use reverse engineering tools and techniques
B. Assess the node within a continuous integration environment
C. Employ a static code analyzer
D. Review network and traffic logs
E. Use a penetration testing framework to analyze the node
F. Analyze the output of a ping sweep

A

D. Review network and traffic logs

E. Use a penetration testing framework to analyze the node

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A Chief Information Security Officer (CISO) is reviewing technical documentation from various regional offices and notices some key differences between these groups. The CISO has not discovered any governance documentation. The CISO creates the following chart to visualize the differences among the networking used:

Which of the following would be the CISO’s MOST immediate concern?

A. There are open standards in use on the network
B. Network engineers have ignored defacto standards
C. Network engineers are not following SOPs
D. The network has compelling standards in use

A

B. Network engineers have ignored defacto standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Following a recent outage, a systems administrator is conducting a study to determine a suitable bench stock of server hard drives. Which of the following metrics is MOST valuable to the administrator in determining how many hard drives to keep on hand?

A.	TTR
B.	ALE
C.	MTBF
D.	SLE
E.	RPO
A

B. ALE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. The information security manager of an e-commerce company receives an alert over the weekend that all the servers in a datacenter have gone offline. Upon discussing this situation with the facilities manager, the information security manager learns there was planned electrical maintenance. The information security manager is upset at not being of the maintenance planning, as this could have resulted in a loss of:

A. Data confidentiality
B. Data security
C. PCI compliance
D. Business availability

A

D. Business availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A security appliance vendor is reviewing an RFP that is requesting solutions for the defense of a set of web-based applications. This RFP is from a financial institution with very strict performance requirements. The vendor would like to respond with its solutions. Before responding, which of the following factors is MOST likely to have an adverse effect on the vendor’s qualifications?

A. The solution employs threat information-sharing capabilities using a proprietary data model
B. The RFP is issued by a financial institution that is headquartered outside of the vendor’s own country.
C. The overall solution proposed by the vendor comes in less than the TCO parameter in the RFP
D. The vendor’s proposed solution operates below the KPP’s indicated in the RFP

A

D. The vendor’s proposed solution operates below the KPP’s indicated in the RFP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A security engineer is looking at a DNS server following a known incident. The engineer sees the following command as the most recent entry In the server’s shell history: dd if=dev/sda of=/dec/sdb Which of the following MOST likely occurred?

A. A tap backup of the server was performed
B. The drive was cloned for forensics analysis
C. The hard drive was formatted after the incident
D. The DNS log files were rolled daily as expected

A

B. The drive was cloned for forensics analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

After a recent compromise of a CA, a security administrator is concerned about attacks that are aimed at impersonating the company’s server. Which of the following should the administrator implement to reduce the risk of impersonation from a malicious actor?

A.	OCSP
B.	Stapling
C.	SHTTP
D.	HPKP
E.	QUIC
A

B. Stapling

17
Q

A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The Chief Information Security Officer (CISO) will then present this list to the board to request funding for controls in areas that have insufficient coverage. Which of the following exercise types should the analyst perform?

A. Summarize the most recently disclosed vulnerabilities
B. Research industry best practices and the latest RFC’s
C. Undertake an external vulnerability scan and penetration test
D. Conduct a threat modeling exercise

A

D. Conduct a threat modeling exercise

18
Q

A penetration tester is trying to gain access to a remote system. The tester is able to see the secure login page and knows one user account and email address, but has not yet discovered a password. Which of the following would be the EASIEST method of obtaining a password for the known account?

A. Man-in-the-middle
B. Reverse engineering
C. Social engineering
D. Hash cracking

A

C. Social engineering

19
Q
  1. A developer is reviewing the following transaction logs from a web application:

Username: John Doe Street name: Main ST. Street number: ❮script ❯alert(‘test’) ❮/alert ❯

Which of the following code snippets should the developer implement given the above transaction logs?

A. if ($input != strcmp ($var1,”<>”)) (die(); )
B. ❮form name=”form1” action=”/submit.php” onsubmit=”return validate ()”
C. $input= strip_tags (trim($_POST[‘var1’]));
D. ❮html ❯ ❮form name=”myform” action=”www.server.com/php/submit.php action=GET

A

C. $input= strip_tags (trim($_POST[‘var1’]));

20
Q

A company uses an application in its warehouse that works with several commercially available tablets and can only be accessed inside the warehouse. The support department would like the selection of tablets to be limited to three models to provide better support and ensure spares are on hand. Users’ often keep the tablets after they leave the department, as many of them store personal media items. Which of the following should the security engineer recommend to meet these requirements?

A. COPE with geofencing
B. BYOD with containerization
C. MDM with remote wipe
D. CYOD with VPN

A

A. COPE with geofencing

21
Q

A manufacturing company recently recovered from an attack on its ICS devices. It has since reduced the attack surface by isolating the affected components. The company now wants to implement detection capabilities. It is considering a system that is based on machine learning. Which of the following features would BEST describe the driver to adopt such nascent technology over mainstream commercial IDSs?

A. Trains on normal behavior and identifies deviations there from
B. Identifies and triggers upon known bad signatures and behaviors
C. Classifies traffic based on logical protocols and messaging formats
D. Automatically reconfigures ICS devices based on observed behavior

A

C. Classifies traffic based on logical protocols and messaging formats

22
Q

The Chief Executive Officer (CEO) of a small company decides to use cloud computing to host critical corporate data for protection from natural disasters. The recommended solution is to adopt the public cloud for its cost savings. If the CEO insists on adopting the public cloud model, which of the following would be the BEST advice?

A. Ensure the cloud provider supports a secure virtual desktop infrastructure
B. Ensure the collocation facility implements a robust DRP to help with business continuity planning
C. Ensure the on-premises datacenter employs fault tolerance and load balancing capabilities
D. Ensure the ISP is using a standard help-desk ticketing system to respond to any system outages

A

A. Ensure the cloud provider supports a secure virtual desktop infrastructure

23
Q

An internal penetration tester finds a legacy application that takes measurement input made in a text box and outputs a specific string of text related to industry requirements. There is no documentation about how this application works, and the source code has been lost. Which of the following would BEST allow the penetration tester to determine the input and output relationship?

A. Running an automated fuzzer
B. Constructing a known cipher text attack
C. Attempting SQL injection commands
D. Performing a full packet capture
E. Using the application in a malware sandbox

A

A. Running an automated fuzzer

24
Q

A security analyst works for a defense contractor that produces classified research on drones. The contractor faces nearly constant attacks from sophisticated nation-state actors and other APTs. Which of the following would help protect the confidentiality of the research data?

A. Use diverse components in layers throughout the architecture
B. Implement non-heterogeneous components at the network perimeter
C. Purge all data remnants from client devices’ volatile memory at regularly scheduled intervals
D. Use only in-house-developed applications that adhere to strict SDLC security requirements

A

A. Use diverse components in layers throughout the architecture

CASP Bootcamp (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions