Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CASP Bootcamp > 51 CASP Questions > Flashcards

51 CASP Questions Flashcards

1
Q

A red team is able to connect a laptop with penetration testing tools directly into an open network port. The team then is able to take advantage of a vulnerability on the domain controller to create and promote a new enterprise administrator. Which of the following technologies would MOST likely eliminate this attack vector in the future?

  • Monitor for anomalous creations of privileged domain accounts
  • Install a NIPS with rules appropriate to drop most exploit traffic
  • Ensure the domain controller has the latest security patches
  • Implement 802.1x with certificate-based authentication
A

• Implement 802.1x with certificate-based authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Following a recent security incident on a web server, the security analyst takes HTTP traffic captures for further investigation. The analyst suspects certain .jpg files have important data hidden within them. Which of the following tools will help get all the pictures from within the HTTP traffic captured to a specified folder?

  • tshark
  • memdump
  • nbstat
  • dd
A

• tshark

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A financial services company has proprietary trading algorithms, which were created and are maintained by a team of developers on their private source repository. If the details of this operation became known to competitors, the company’s ability to profit from its trading would disappear immediately. Which of the following would the company MOST likely use to protect its trading algorithms?

  • Single-tenancy cloud
  • Managed security service providers
  • Virtual desktop infrastructure
  • Cloud security broker
A

• Single-tenancy cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A company’s user community is being adversely affected by various types of email whose authenticity cannot be trusted. The Chief Information Security Officer must address the problem. Which of the following solutions would BEST support trustworthy communication solutions?

  • Enabling spam filtering and DMARC
  • Using MFA when logging into email clients and the domain
  • Enforcing HTTPS everywhere so web traffic, including email, is secure
  • Enabling SPF and DKIM on company servers
  • Enforcing data classification labels before an email is sent to an outside party
A

• Enabling SPF and DKIM on company servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

While the code is still in the development environment, a security architect is testing the code stored in the code respository to ensure the top ten OWASP secure coding practices are being followed. Which of the following code analyzers will produce the desired results?

  • Static
  • Dynamic
  • Fuzzer
  • Peer review
A

• Static

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A security administrator is opening connectivity on a firewall between Organization A and Organization B. Organization B just acquired Organization A. Which of the following risk mitigation strategies should the administrator implement to reduce the risk involved with this change?

  • DLP on internal network nodes
  • A network traffic analyzer for incoming traffic
  • A proxy server to examine outgoing web traffic
  • IPS/IDS monitoring on the new connection
A

• IPS/IDS monitoring on the new connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An organization implemented a secure boot on its most critical application servers, which produce content and capability for other consuming servers. A recent incident, however, led the organization to implement a centralized attestation service for these critical servers. Which of the following MOST likely explains the nature of the incident that caused the organization to implement this remediation?

  • An attacker masqueraded as an internal DNS server
  • An attacker leveraged a heap overflow vulnerability in the OS
  • An attacker was able to overwrite an OS integrity measurement register
  • An attacker circumvented IEEE 802.1x network-level authentication requirements
A

• An attacker was able to overwrite an OS integrity measurement register

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A security administrator is investigating an incident involving suspicious word processing documents on an employee’s computer, which was found powered off in the employee’s office. Which of the following tools is BEST suited for extracting full or partial word processing documents form unallocated disk space?

  • memdump
  • foremost
  • dd
  • nc
A

• foremost

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A company makes consumer health devices and needs to maintain strict confidentiality of unreleased product designs. Recently, unauthorized photos of products still in development have been for sale on the dark web. The Chief Information Security Officer suspects an insider threat, but the team that uses the secret outdoor testing area has been vetted many times, and nothing suspicious has been found. Which of the following is the MOST likely cause of the unauthorized photos?

  • The location of the testing facility was discovered by analyzing fitness device information the test engineers posted on a website
  • One of the test engineers is working for a competitor and covertly installed a RAT on the marketing department’s servers
  • The company failed to implement least privilege on network devices, and a hactivist published stolen public relations photos
  • Pre-release marketing materials for a single device were accidentally left in a public location
A

• The company failed to implement least privilege on network devices, and a hactivist published stolen public relations photos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Joe, an application security engineer, is performing an audit of an environmental control application. He has implemented a robust SDLC process and is reviewing API calls available to the application. During the review, Joe finds the following in a log file:

POST /API/Data/Username=Jim&Password=Rustly&PowerKW&Efficiency
POST/API/Data/Username=John&Password=Doe&Uptime&temperature
POST/API/Data/Username=OTManager&Password=1gudPW&sector5Sensor2=Off&Sector5sensor2status

Which of the following would BEST mitigate the issue Joe has found?

  • Ensure the API uses SNMPv1
  • Perform authentication via a secure channel
  • Verify the API uses HTTP Get instead of POST
  • Deploy a WAF in front of the API and implement rate limiting
A

• Perform authentication via a secure channel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is the BEST reason to implement a separation of duties policy?

  • It minimizes the risk of DOS due to continous monitoring
  • It eliminates the need to enforce least privilege by logging all actions
  • It increases the level of difficutly for a single employee to perpetrate fraud
  • It removes barriers to collusion and collaboration between business units
A

• It increases the level of difficulty for a single employee to perpetrate fraud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An organization’s mobile device inventory recently provided notification that a zero-day vulnerability was identified in the code used to control the baseband of the devices. The device manufacturer is expediting a patch, but the rollout will take several months. Additionally, several mobile users recently returned from an overseas trip and report their phones now contain unknown applications, slowing device performance. Users have been unable to uninstall these application, which persist after wiping the devices. Which of the following MOST likely occurred and provides mitigation until the patches are released?

  • Unauthentic firmware was installed; disable OTA updates and carrier roaming via MDM
  • Users opened a spear-phishing email; disable third-party application stores and validate all signed code prior to execution
  • An attacker downloaded monitoring applications; perform a full factory reset of the affected devices
  • Users received an improperly encoded emergency broadcast message, leading to an integrity loss condition; disable emergency broadcast messages
A

• An attacker downloaded monitoring applications; perform a full factory reset of the affected devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An organization is facing budget constraints. The Chief Technology Officer wants to add a new marketing platform, but the organization does not have the resources to obtain separate servers to run the new platform. The CTO recommends running the new marketing platform on a virtualized video-conferencing server because video conferencing is rarely used. The Chief Information Security Officer denies this request. Which of the following BEST explains the reason why the CISO has not approved the request?

  • Privilege escalation attacks
  • Performance and availability
  • Weak DAR encryption
  • Disparate security requirements
A

• Disparate security requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

During an audit, it was determined form a sample that four out of 20 former employees were sill accessing their email accounts. An information security analyst is reviewing the access to determine if the audit was valid. Which of the following would assist with the validation and provide the necessary documentation to audit?

  • Examining the termination notification process from human resources and employee account access logs
  • Checking social media platforms for disclosure of company sensitive and proprietary information
  • Sending the test email to the former employees to document and undeliverable email and review the ERP access
  • Reviewing the email global account list and the collaboration platform for recent activity
A

• Examining the termination notification process from human resources and employee account access logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:

  • Be based on open-source Android for user familiarity and ease
  • Provide a single application for inventory management of physical assets
  • Permit use of the camera by only the inventory application for the purposes of scanning
  • Disallow any and all configuration baseline modifications
  • Restrict all access to any device resource other than those required for use of the inventory management application

Which of the following approaches would BEST meet these security requirements?

  • Set an application wrapping policy, wrap the application, distribute the inventory APK via the MAM tool, and test the application restrictions.
  • Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode
  • Swap out Android’s Linux kernel version for >2.4.0, build the kernel, build the Android, remove unnecessary functions via MDM, configure to block network access, and perform integration testing.
  • Build and install an Android middleware policy with requirements added, copy the file into /usr/init, and then build the inventory application
A

• Build and install an Android middleware policy with requirements added, copy the file into /usr/init, and then build the inventory application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A hospital is using a functional magnetic resonance imaging (fMRI) scanner, which is controlled by a legacy desktop connected to the network. The manufacturer of the fMRI will not support patching of the legacy system. The legacy desktop needs to be network accessible on TCP port 445. A security administrator is concerned the legacy system will be vulnerable to exploits. Which of the following would be the BEST strategy to reduce the risk of an outage while still providing for security?

  • Install HIDS and disable unused services
  • Enable application whitelisting and disable SMB
  • Segment the network and configure a controlled interface
  • Apply only critical security patches for known vulnerabilities
A

• Segment the network and configure a controlled interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A developer implements the following code snippet:

catch(Exception e){
if(log.isDebugEnabled()) log.debug(context, EVENTS.ADHOC, “Caught InvalidGSMException Exception –” + e.toString());
}

Which of the following vulnerabilities does this code snippet resolve?

  • SQL injection
  • Buffer overflow
  • Missing session limit
  • Information leakage
A

• Missing session limit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A secure facility has a server room that currently is controlled by a simple lock and key, and several administrators have copies of the key. To maintain regulatory compliance, a second lock, which is controlled by an application on the administrators’ smartphones, is purchased and installed. The application has various authentication methods that can be used. The criteria for choosing the most appropriate method are:

  • It cannot be invasive to the end user
  • It must be utilized as a second factor
  • Information sharing must be avoided
  • It must have a low false acceptance rate

Which of the following BEST meets the criteria?

  • Facial recognition
  • Swipe pattern
  • Fingerprint scanning
  • Complex passcode
  • Token Card
A

• Facial recognition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The Chief Executive Officer of a fast-growing company no longer knows all the employees and is concerned about the company’s intellectual property being stolen by an employee. Employees are allowed to work remotely with flexible hours, creating unpredictable schedules. Roles are poorly defined due to frequent shifting needs across the company. Which of the following new initiatives by the information security team would BEST secure the company and mitigate the CEO’s concerns?

  • Begin simulated phishing campaigns for employees and follow up with additional security awareness training.
  • Seed company fileshares and servers with text documents containing fake passwords and then monitor for their use.
  • Implement DLP to monitor data transfer between employee accounts and external parties and services
  • Report data from a user-behavior monitoring tool and assign security analysis to review it daily
A

• Implement DLP to monitor data transfer between employee accounts and external parties and services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A manufacturing company’s security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently proposed some techniques to reduce the attack surface of the ICS to the Chief Information Security Officer. Which of the following would BEST track the reductions to show the CISO the engineer’s plan is successful during each phase?

  • Conducting tabletop exercises to evaluate system risk
  • Contracting a third-party auditor after the project is finished
  • Performing pre- and post-implementation penetration tests
  • Running frequent vulnerability scans during the project
A

• Running frequent vulnerability scans during the project

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A security engineer is investigating a compromise that occurred between two internal computers. The engineer has determined during the investigation that one computer infected another. While reviewing the IDS logs, the engineer can view the outbound callback traffic but sees no traffic between the two computers. Which of the following would BEST address the IDS visibility gap?

  • Install network taps at the edge of the network
  • Send syslog from the IDS into the SIEM
  • Install an enterprise antivirus system on each computer
  • SPAN traffic from the network core into the IDS
A

• SPAN traffic from the network core into the IDS

22
Q

An enterprise is configuring an SSL client-based VPN for certificate authentication. The trusted root certificate from the CA is imported into the firewall, and the VPN configuration in the firewall is configured for certificate authentication. Signed certificates from the trusted CA are distributed to user devices. The CA certificate is set as trusted on the end-user devices, and the VPN client is configured on the end-user devices. When the end users attempt to connect, however, the firewall rejects the connection after a brief period. Which of the following is the MOST likely reason the firewall rejects the connection?

  • In the firewall, compatible cipher suites must be enabled
  • In the VPN client, the CA CRL address needs to be specified manually
  • In the router, IPSec traffic needs to be allowed in bridged mode
  • In the CA, the SAN field must be set for the root CA certificate, and then reissued
A

• In the firewall, compatible cipher suites must be enabled

23
Q

An organization is integrating an ICS and wants to ensure the system is cyber resilient. Unfortuantely, many of the specialized components are legacy systems that cannot be patched. The existing enterprise consists of mission-critical systems that require 99.9% uptime. To assist in the appropriate design of the system given the constraints, which of the following MUST be assumed?

  • Vulnerable components
  • Operational impact due to attack
  • Time criticality of systems
  • Presence of open-source software
A

• Operational impact due to attack

24
Q

An organization based in the United States is planning to expand its operations into the European market later in the year. Legal counsel is exploring the additional requirements that must be established as a result of the expansion. The BEST course of action would be to:

  • Revise the employee provisioning and deprovisioning procedures
  • Complete a quatitative risk assessment
  • Draft a memorandum of understanding
  • Complete a security quiestionnaire focused on data privacy
A

• Complete a security quiestionnaire focused on data privacy

25
Q

A company is in the process of re-architecting its sensitive system infrastructure to take advantage of on-demand computing through a public cloud provider. The system to be migrated is sensitive with respect to latency, availability, and integrity. The infrastructure team agreed to the following:

  • Application and middleware servers will migrate to the cloud
  • Database servers will remain on-site
  • Data backup will be stored in the cloud

Which of the following solutions would ensure system and security requirements are met?

  • Implement a direct connection from the company to the cloud provider
  • Use a cloud orchestration tool and implement appropriate change control processes
  • Implement a standby database on the cloud using a CASB for data-at-rest security
  • Use multizone geographic distribution with satellite relays
A

• Use a cloud orchestration tool and implement appropriate change control processes

26
Q

The Chief Information Security Officer is preparing a requirements matrix scorecard for a new security tool the company plans to purchase. Feedback from which of the following documents will provide input for the requirements matrix scorecard during the vendor selection process?

  • MSA
  • RFQ
  • RFI
  • RFP
A

• RFI

27
Q

An engineer wants to assess the OS security configurations on a company’s servers. The engineer has downloaded some files to orchestrate configuration checks. When the engineer opens a file in a text editor, the following excerpt appears:

❮?xml version=”1.0” encoding=”UTF-8”? ❯
❮cdf:Benchmark id=”server-check” resolved=”0” xml:lang=”en” ❯

xsi:shemaLocation=http://checklists.nisct.gov/xccdf/1.1 xccdf-1.1.xsd

❮/cdf:Benachmark ❯

which of the following capabilities would a configuration compliance checker need to support to interpret this file?

  • Nessus
  • Swagger file
  • SCAP
  • Netcat
  • WSDL
A

• SCAP

28
Q

The email administrator must reduce the number of phishing emails by utilizing more appropriate security controls. The following configurations already are in place:

  • Keyword blocking based on word lists
  • URL rewriting and protection
  • Stripping executable files from messages

Which of the following is the BEST configuration change for the administrator to make?

  • Configure more robust word lists for blocking suspicious emails
  • Configure appropriate regular expression rules per suspicious email received
  • Configure Bayesian filtering to block suspicious inbound email
  • Configure the email gateway to strip any attachments
A

• Configure Bayesian filtering to block suspicious inbound email

29
Q

An attacker wants to gain information about a company’s database structure by probing the database structure by probing the database listener. The attacker tries to manipulate the company’s database to see if it has any vulnerabilities that can be exploited to help carry out an attack. To prevent this type of attack, which of the following should the company do to secure its database?

  • Mask the database banner
  • Tighten database authentication and limit table access
  • Harden web and internet resources
  • Implement challenge-based authentication
A

• Mask the database banner

30
Q

An information security officer reviews a report and notices a steady increase in outbound network traffic over the past ten months. There is no clear explanation for the increase. The security officer interviews several business units and discovers an unsanctioned cloud storage provider was used to share marketing materials with potential customers. Which of the following services would be BEST for the security officer to recommend to the company?

  • NIDS
  • HIPS
  • CASB
  • SFTP
A

• CASB

31
Q

An enterprise solution requires a central monitoring platform to address the growing networks of various departments and agencies that connect to the network. The current vendor products are not adequate due to the growing number of heterogeneous devices. Which of the following is the primary concern?

  • Scalability
  • Usability
  • Accountability
  • Performance
A

• Performance

32
Q

32.) A security administrator is performing an audit of a local network used by company guests and executes a series of commands that generates the following output:

On Host A
Internet Address Physical Address Type
10.100.0.1 00:0a:91:45:0a:1b Dynamic

On Host B

08: 0a:di:fa:b1:00 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.11.0.1 is-at: 08:0a:di:fa:b1:00
08: 0a:di:fa:b1:00 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.11.0.1 is-at: 08:0a:di:fa:b1:00
08: 0a:di:fa:b1:00 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.11.0.1 is-at: 08:0a:di:fa:b1:00
08: 0a:di:fa:b1:00 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.11.0.1 is-at: 08:0a:di:fa:b1:00

On Host A
Internet Address Physical Address Type
10.100.0.1 08:0a:di:fa:b1:00 Dynamic

which of the following actions should the security administrator take to BEST mitigate the issue that transpires from the above information?

  • Implement switchport security
  • Implement 802.1X
  • Enforce static ARP mappings using GPO
  • Enable unicast RPF
A

• Enforce static ARP mappings using GPO

33
Q

A healthcare company wants to increase the value of the data it collects on its patients by making the data available to third-party researchers for a fee. Which of the following BEST mitigates the risk to the company?

  • Log all access to the data and correlate with the researcher
  • Anonymize identifiable information using keyed strings
  • Ensure all data is encrypted in transit to the researcher
  • Ensure all researchers sign and abide by non-disclosure agreements
  • Sanitize date and time stamp information in the records
A

• Ensure all researchers sign and abide by non-disclosure agreements

34
Q

The SOC has noticed an unusual volume of traffic coming from an open WiFi gues network that appears correlated with a broader network slowdown. The network team is unavailable to capture traffic, but logs from network services are available.

  • No users have authenticated recently through the guest network’s captive portal
  • DDoS mitigation systems are not alerting
  • DNS resolver logs show some very long domain names

Which of the following is the BEST step for a security analyst to take next?

  • Block all outbound traffic from the guest network at the border firewall
  • Verify the passphrase on the guest network has not been changed
  • Search antivirus logs for evidence of a compromised company device
  • Review access point logs to identify potential zombie services
A

• Review access point logs to identify potential zombie services

35
Q

An employee decides to log into an authorized system. The system does not prompt the employee for authentication prior to granting access to the console, and it cannot authenticate the network resources. Which of the following attack types can this lead to if it is not mitigated?

  • Memory leak
  • Race condition
  • Smurf
  • Resource exhaustion
A
  • Memory leak
36
Q

A developer needs to provide feedback on a peer’s work during the SDLC. While reviewing the code changes, the developer discovers session ID tokens for a web application will be transmitted over an unsecure connection. Which of the following code snippets should the developer recommend implementing to correct the vulnerability?

  • Cookie cookie = new cookie (“primary”); cookie.secure (true);
  • String input = request.getParameter (“input”); String character Pattern = “[./a-zA-zo-9?”=&]”; If (! Input. Matches (character Pattern)) { out.println (“Invalid Input”); }
  • ❮webapp❯ ❮session-cong❯ ❮session-timeout❯15❮/session-timeout❯ ❮/session-cong❯ ❮/webapp❯
  • ❮input type=”text” maxlength=”30” name=”ecsSessionPW” size=”40” redonly=”true” value=’❮%=ESAPI.encoder() .encoderForHTML (request.getParameter (“SessionPW”))%❯’/❯
A

• ❮webapp❯ ❮session-cong❯ ❮session-timeout❯15❮/session-timeout❯ ❮/session-cong❯ ❮/webapp❯

37
Q

Which of the following risks does expanding business into a foreign country carry?

  • Data sovereignty laws could result in unexpected liability
  • Export controls might decrease software costs
  • Data ownership might revert to the regulatory entities in the new country
  • Some security tools might be monitored by legal authorities
A

• Data sovereignty laws could result in unexpected liability

38
Q

An application development company implements object reuse to reduce life-cycle costs for the company and its clients. Despite the overall cost savings, which of the following BEST describes a security risk to customers inherent within this model?

  • Configurations of applications will affect multiple products
  • Reverse engineering of applications will lead to intellectual property loss
  • Software patch deployment will occur less often
  • Homogeneous vulnerabilities will occur across multiple products
A

• Homogeneous vulnerabilities will occur across multiple products

39
Q

As part of the asset management life cycle, a company engages a certified equipment disposal vendor to appropriately recycle and destroy company assets that are no longer in use. As part of the company’s vendor due diligence, which of the following would be MOST important to obtain from the vendor?

  • A copy of the vendor’s information security policies
  • A copy of the current audit reports and certifications held by the vendor
  • A signed NDA that covers all the data contained on the corporate systems
  • A copy of the procedures used to demonstrate compliance with certification requirements
A

• A signed NDA that covers all the data contained on the corporate systems

40
Q

A regional transportation and logistics company recently hired its first Chief Information Security Officer. The CISO’s first project after onboarding involved performing a vulnerability assessment against the company’s public-facing network. The completed scan found a legacy collaboration platform application with a critically rated vulnerability. While discussing this issue with the line of business, the CISO learns the vulnerable application cannot be updated without the company incurring significant losses due to downtime or new software purchases. Which of the following BEST addresses these concerns?

  • The company should plan future maintenance windows where such legacy applications can be updated as needed.
  • Then CISO must accept the risk of the legacy application, as the cost of replacing the application greatly exceeds the risk to the company
  • The company should implement a WAF in front of the vulnerable application to filter out any traffic attempting to exploit the vulnerability
  • The company should build a parallel system and perform a cutover from the old application to the new application, with less downtime that an upgrade
A

• The company should build a parallel system and perform a cutover from the old application to the new application, with less downtime that an upgrade

41
Q

Confidential information related to application a, application B, and Project X appears to have been leaked to a competitor. After consulting with the legal team, the IR team is advised to take immediate action to preserve evidence for possible litigation and criminal changes. While reviewing the rights and group ownership of the data involved in the breach, the IR team inspects the following distribution group access lists: which of the following actions should the IR team take FIRST?

  • Remove all members from the distribution groups immediately
  • Place the mailbox for jsmith on legal hold
  • Implement a proxy server on the network to inspect all outbound SMTP traffic for the DevOps group
  • Install DLP software on all developer laptops to prevent data from leaving the network
A

• Place the mailbox for jsmith on legal hold

42
Q

A Chief Information Security Officer is creating a security committee involving multiple business units of the cooperation. Which of the following is the BEST justification to ensure collaboration across business units?

  • A risk to one business unit is a risk avoided by all business units, and liberal BYOD policies create new and unexpected avenues for attackers to exploit enterprises.
  • A single point of coordination is required to ensure cybersecurity issues are addressed in protected, compartmentalized groups
  • Without business unit collaboration, risks introduced by one unit that affect another unit may go without compensating controls
  • The CISO is uniquely positioned to control the flow of vulnerability information between business units
A

• Without business unit collaboration, risks introduced by one unit that affect another unit may go without compensating controls

43
Q

A security engineer reviews the table below:

Switchport MAC address IP address Lease start Lease length
Gi1/0 EB:04:18:20:18:54 192.168.1.5 4/16 14:00 24 hours
Gi1/0 EB:04:18:20:18:55 192.168.1.6 4/16 14:00 24 hours
Gi1/0 EB:04:18:20:18:56 192.168.1.8 4/16 14:00 24 hours
Gi1/0 EB:04:18:20:18:57 192.168.1.9 4/16 14:00 24 hours
Gi1/0 EB:04:18:20:18:58 192.168.1.13 4/16 14:00 24 hours
Gi1/0 EB:04:18:20:18:59 192.168.1.14 4/16 14:00 24 hours
Gi1/1 01:49:D9:B2:22:F6 192.168.1.11 4/15 17:00 24 hours
Gi1/2 C3:59:29:B9:A2:F3 192.168.1.4 4/15 12:30 24 hours
Gi1/2 98:82:11:F1:E9:AA 192.168.1.7 4/16 9:20 24 hours
Gi1/2 28:48:29:CA:B2:31 192.168.1.2 4/15 11:15 24 hours
Gi1/3 E3:FA:B0:82:18:BD 192.168.1.12 4/15 18:29 24 hours
Gi1/4 DB:29:D7:A3:32:03 192.168.1.3 4/15 22:30 24 hours

The engineer realizes there is an active attack occurring on the network. Which of the following would BEST reduce the risk of this attack reoccurring in the future?

  • Upgrading device firmware
  • Enabling port security
  • Increasing DHCP pool size
  • Disabling dynamic trunking
  • Reducing DHCP lease length
A

• Reducing DHCP lease length

44
Q

The Chief Information Security Officer of a company that has highly sensitive corporate locations wants its security engineers to find a solution to growing concerns regarding mobile devices. The CISO mandates the following requirements:

  • The devices must be owned by the company for legal purposes
  • The device must be as full functional as possible when off site
  • Corporate email must be maintained separately from personal email
  • Employees must be able to install their own applications

Which of the following will BEST meet the CISO’s mandate? (Select TWO)

  • Disable the device’s camera
  • Allow only corporate resources in a container
  • Use an MDM to wipe the devices remotely
  • Block all sideloading of applications on devices
  • Use geofencing on certain applications
  • Deploy phones in a BYOD model
A
  • Allow only corporate resources in a container

* Use geofencing on certain applications

45
Q

Following the most recent patch deployment, a security engineer receives reports that the ERP application is no longer accessible. The security engineer reviews the situation and determines a critical security patch that was applied to the ERP server is the cause. The patch is subsequently back out. Which of the following security controls would be BEST to implement to mitigate the threat caused by the missing patch?

  • Anti-malware
  • Patch testing
  • HIPS
  • Vulnerability scanner
A

• Patch testing

46
Q

A company’s Chief Operating Officer is concerned about the potential for competitors to infer proprietary information gathered from employees’ social media accounts. Which of the following methods should the company use to gauge its own social media threat level without targeting individual employees?

  • Utilize insider threat consultants to provide expertise
  • Require that employees divulge social media accounts
  • Detect employee use of open-source intelligence reconnaissance tools
  • Perform social engineering test to evaluate employee awareness
A

• Perform social engineering test to evaluate employee awareness

47
Q

A penetration tester is given an assignment to gain physical access to a secure facility with perimeter cameras. The secure facility does not accept visitors, and entry is available only through a door protected by an RFID key and a guard stationed inside the door. Which of the following would be BEST for the penetration tester to attempt?

  • Gain entry into the building by posing as a contractor who is performing routine building maintenance
  • Tailgate into the facility with an employee who has a valid RFID badge to enter
  • Duplicate an employee’s RFID badge and use an IR camera to see when the guard leaves the post
  • Look for an open window that can be used to gain unauthorized entry into the facility
A

• Gain entry into the building by posing as a contractor who is performing routine building maintenance

48
Q

An organization contracts a security consultant to perform an external test against the organization’s overall security posture. The consultant is asked to access a secured, public-facing customer management database, while generating the fewest log files or alerts possible. Which of the following would BEST meet the requirements?

  • Pivoting from a vulnerability found in a legacy hosting platform
  • Performing a spear-phishing attack against a known database user
  • Running a passive vulnerability scan against the database server
  • Breaking into the datacenter and accessing the console directly
A

• Running a passive vulnerability scan against the database server

49
Q

A security analyst has been assigned incident response duties and must instigate the response on a Windows device that appears to be compromised. Which of the following commands should be executed on the client FIRST?

  • c:\❯psexec.exe \localhost –u Acct\IRSRVAcct –p IRResponse1! –c mdd_1.3.exe –oo F:\memory.dmp
  • c:\❯dc3dd.exe if=\.\c: of=d: \response\img1.dd hash=md5 log=F:\response\logs.log
  • c:\❯fciv.exe –v –md5sum –xml hashlogs.xml
  • c:\❯wmic.exe /ActPC01:\root\default path SystemRestore Call createRestorePoint “10Jan208” Allowsr /t
A

• c:\❯dc3dd.exe if=\.\c: of=d: \response\img1.dd hash=md5 log=F:\response\logs.log

50
Q

50.) A security engineer is helping the web developers assess a new corporate web application. The application will be internet facing, so the engineer makes the following recommendation:

In an .htaccess file or the site config, add: HeadereditSet_Cookie ^(.*)$ $1;HttpOnly; Secure or add to the location block: proxy_cookie_path / “/; HttpOnly; Secure; SameSite=strict”;

Which of the following is the security engineer trying to accomplish via cookies? (Select TWO)

  • Ensure session IDs are generated dynamically with each cookie request
  • Prevent cookies from being transmitted to other domain names
  • Create a temporary space on the user’s drive root for erhemeral cookie storage
  • Enforce the use of plain text HTTP transmission with secure local cooked storage
  • Add a sequence ID to the cookie session ID while in transit to prevent CSRF
  • Allow cookie creation or updates only over TLS connections
A
  • Prevent cookies from being transmitted to other domain names
  • Enforce the use of plain text HTTP transmission with secure local cooked storage
51
Q

A manufacturing company employs SCADA systems to drive assembly lines across geographically dispersed sites. Therefore, the company must use the internet to transport control messages and responses. Which of the following architectural changes, when integrated, will BEST reduce the manufacturing control system’s attack surface? (Select TWO)

  • Design a patch management capability for control systems
  • Implement supply chain security
  • Integrate message authentication
  • Add sensors and collectors at the internet boundary
  • Isolate control systems from enterprise systems
  • Implement a site-to-site VPN across sites
A
  • Isolate control systems from enterprise systems

* Implement a site-to-site VPN across sites

CASP Bootcamp (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions