cas-003 Flashcards
study questions
A forensics analyst suspects that a breach has occurred. Security logs show the company’s OS patch system may be compromised, and it is serving patches that contain a zero-day exploit and backdoor. The analyst extracts an executable file from a packet capture of communication between a client computer and the patch server. Which of the following should the analyst use to confirm this suspicion?
A. File size
B. Digital signature
C. Checksums
D. Anti-malware software
E. Sandboxing
Answer: B
A company wants to perform analysis of a tool that is suspected to contain a malicious payload. A forensic analyst is given the following snippet:
A32A[34fda 19(fdA43gfd/home/user/lib/module_so_343jkArfvv(342fds43g
Which of the following did the analyst use to determine the location of the malicious payload?
A. Code deduplicators
B. Binary reverse-engineering
C. Fuzz testing
D. Security containers
Answer: B
The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation. The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board meeting.
Which of the following would be the BEST methods to prepare this report? (Choose two.)
A. Review the CVE database for critical exploits over the past year
B. Use social media to contact industry analysts
C. Use intelligence gathered from the Internet relay chat channels
D. Request information from security vendors and government agencies
E. Perform a penetration test of the competitor’s network and share the results with the board
Answer: A, D
An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the final negotiations, there are a number of outstanding issues, including:
1. Indemnity clauses have identified the maximum liability
2. he data will be hosted and managed outside of the company’s geographical location
The number of users accessing the system will be small, and no sensitive data will be hosted in the solution. As the security consultant on the project, which of the following should the project’s security consultant recommend as the NEXT step?
A. Develop a security exemption, as it does not meet the security policies
B. Mitigate the risk by asking the vendor to accept the in-country privacy principles
C. Require the solution owner to accept the identified risks and consequences
D. Review the entire procurement process to determine the lessons learned
Answer: C
An agency has implemented a data retention policy that requires tagging data according to type before storing it in the data repository. The policy requires all business emails be automatically deleted after two years. During an open records investigation, information was found on an employee’s work computer concerning a conversation that occurred three years prior and proved damaging to the agency’s reputation.
Which of the following MOST likely caused the data leak?
A. The employee manually changed the email client retention settings to prevent deletion of emails
B. The file that contained the damaging information was mistagged and retained on the server for longer than it should have been
C. The email was encrypted and an exception was put in place via the data classification application
D. The employee saved a file on the computer’s hard drive that contained archives of emails, which were more than two years old
Answer: D
Due to a recent breach, the Chief Executive Officer (CEO) has requested the following activities be conducted during incident response planning:
• Involve business owners and stakeholders
• Create an applicable scenario
• Conduct a biannual verbal review of the incident response plan
• Report on the lessons learned and gaps identified
Which of the following exercises has the CEO requested?
A. Parallel operations
B. Full transition
C. Internal review
D. Tabletop
E. Partial simulation
Answer: C
Given the following code snippet:
Sec Cond = “1SS”
SecStatus = false
try (
if (SecStatus)
SecCond = “2SS”
console.log (“ship to ship”)
else
SecCond = “normal operations”
console. log ( “nothing to see here”)
} catch (e) {
SecCond = “normal operations”
console.log (e)
console.log (“Exception logged”)
}
Which of the following failure modes would the code exhibit?
A. Open
B. Secure
C. Halt
D. Exception
Answer: D
An insurance company has buo million customers and is researching the top transactions on its customer portal. It identifies that the top transaction is currently password reset.
Due to users not remembering their secret questions, a large number of calls are consequently routed to the contact center for manual password resets. The business wants to develop a mobile application to improve customer engagement in the future, continue with a single factor of authentication, minimize management overhead of the solution, remove passwords, and eliminate to the contact center.
Which of the following techniques would BEST meet the requirements? (Choose two.)
A. Magic link sent to an email address
B. Customer ID sent via push notification
C. SMS with OTP sent to a mobile number
D. Third-party social login
E. Certificate sent to be installed on a device
F. Hardware tokens sent to customers
Answer: C, E
A forensics analyst suspects that a breach has occurred. Security logs show the company’s OS patch system may be compromised, and it is serving patches that contain a zero-day exploit and backdoor. The analyst extracts an executable file from a packet capture of communication bebueen a client computer and the patch server.
Which of the following should the analyst use to confirm this suspicion?
A. File size
B. Digital signature
C. Checksums
D. Anti-malware somvare
E. Sandboxing
Answer: B
Given the following code snippet:
< FORM ACTION=”http://192.168.51. 10/cgi—bin/order.pl” method=”port”>
QUANTITY:
< /FORM>
Of which of the following is this snippet an example?
A. Data execution prevention
B. Buffer overflow
C. Failure to use standard libraries
D. Improper filed usage
E. Input validation
Answer: D
A software development team is conducting functional and user acceptance testing of internally developed web applications using a COTS solution. For automated testing, the solution uses valid user credentials from the enterprise directory to authenticate to each application. The solution stores the username in plain text and the corresponding password as an encoded string in a script within a file, located on a globally accessible network share. The account credentials used belong to the development team lead.
To reduce the risks associated with this scenario while minimizing disruption to ongoing testing, which of the following are the BEST actions to take? (Choose two.)
A. Restrict access to the network share by adding a group only for developers to the share’s ACL
B. Implement a new COTS solution that does not use hard-coded credentials and integrates with directory services
C. Obfuscate the username within the script file with encoding to prevent easy identification and the account used
D. Provision a new user account within the enterprise directory and enable its use for authentication to the target applications. Share the username and password with all developers for use in their individual scripts
E. Redesign the web applications to accept single-use, local account credentials for authentication
Answer: A, B
Which of the following is the GREATEST security concern with respect to BYOD?
A. The filtering of sensitive data out of data flows at geographic boundaries.
B. Removing potential bottlenecks in data transmission paths.
C. The transfer of corporate data onto mobile corporate devices.
D. The migration of data into and out of the network in an uncontrolled manner.
Answer: D
As a result of an acquisition, a new development team is being integrated into the company. The development team has BYOD laptops with IDES installed, build severs, and code repositories that utilize SaaS. To have the team up and running effectively, a separate Internet connection has been procured. A stand up has identified the following additional requirements:
- Reuse of the existing network infrastructure
- Acceptable use policies to be enforced
- Protection of sensitive files
- Access to the corporate applications
Which of the following solution components should be deployed to BEST meet the requirements? (Select three.)
A. IPSec VPN
B. HIDS
C. Wireless controller
D. Rights management
E. SSL VPN
F. NAC
G. WAF
H. Load balancer
Answer: D, E, F
A threat advisory alert was just emailed to the IT security staff. The alert references specific types of host operating systems that can allow an unauthorized person to access files on a system remotely. A fix was recently published, but it requires a recent endpoint protection engine to be installed prior to running the fix.
Which of the following MOST likely need to be configured to ensure the system are mitigated accordingly? (Select two)
A. Antivirus
B. HIPS
C. Application whitelisting
D. Patch management
E. Group policy implementation
F. Firmware updates
Answer: D, F
A server (10.0.0.2) on the corporate network is experiencing a DOS from a number of marketing desktops that have been compromised
and are connected to a separate nebuork segment. The security engineer implements the following configuration on the management
router:
Router (config) # ip route 192.168.3.1 2ss.2ss.2ss.2SS Null0
Router (config) # route—map DATA
Router (config—route—map) #match tag 101
Router (config—route—map) #set ip next—hop 192.168.3.1
Router (config—route—map) # set cornrnunity no—export
Router (config—router) #redistribute static route—map DATA
Router (config) ip route 10.0.0.2 255. 2SS .2SS.2SS Null 0 tag 101
Which of the following is the engineer implementing?
A. Remotely triggered black hole
B. Route protection
C. Port security
D. Transport security
F. Address space layout randomization
Answer: B
