CASP Study Deck 2 (Questions 26 - 50) Flashcards

1
Q

A new piece of ransomware got installed on a company’s backup server which encrypted the hard
drives containing the OS and backup application configuration but did not affect the deduplication
data hard drives. During the incident response, the company finds that all backup tapes for this server are also corrupt. Which of the following is the PRIMARY concern?

A. Determining how to install HIPS across all server platforms to prevent future incidents

B. Preventing the ransomware from re-infecting the server upon restore

C. Validating the integrity of the deduplicated data

D. Restoring the data will be difficult without the application configuration

A

D. Restoring the data will be difficult without the application configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. Functions to be outsourced include: business analysts, testing, software development and back office functions
that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about
the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls are not implemented?

A. Geographical regulation issues, loss of intellectual property and interoperability agreement issues

B. Improper handling of client data, interoperability agreement issues and regulatory issues

C. Cultural differences, increased cost of doing business and divestiture issues

D. Improper handling of customer data, loss of intellectual property and reputation damage

A

D. Improper handling of customer data, loss of intellectual property and reputation damage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the company’s wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the exception form? (Select THREE).

A. Business or technical justification for not implementing the requirements.

B. Risks associated with the inability to implement the requirements.

C. Industry best practices with respect to the technical implementation of the current controls.

D. All sections of the policy that may justify non-implementation of the requirements.

E. A revised DRP and COOP plan to the exception form.

F. Internal procedures that may justify a budget submission to implement the new requirement.

G. Current and planned controls to mitigate the risks.

A

A. Business or technical justification for not implementing the requirements.

B. Risks associated with the inability to implement the requirements.

G. Current and planned controls to mitigate the risks.ts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation shows that a single 24 hours downtime in a critical business function will cost the business $2.3 million. Additionally, the business unit which depends on the critical business function has determined that there is a high probability that a threat will materialize based on
historical data. The CIO’s budget does not allow for full system hardware replacement in case of a
catastrophic failure, nor does it allow for the purchase of additional compensating controls. Which of the following should the CIO recommend to the finance director to minimize financial loss?

A. The company should mitigate the risk.
B. The company should transfer the risk.
C. The company should avoid the risk.
D. The company should accept the risk.

A

B. The company should transfer the risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization’s customer database. The database will be accessed by both the company’s users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO).

A. Physical penetration test of the datacenter to ensure there are appropriate controls.

B. Penetration testing of the solution to ensure that the customer data is well protected.

C. Security clauses are implemented into the contract such as the right to audit.

D. Review of the organizations security policies, procedures and relevant hosting certifications.

E. Code review of the solution to ensure that there are no back doors located in the software.

A

C. Security clauses are implemented into the contract such as the right to audit.

D. Review of the organizations security policies, procedures and relevant hosting certifications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management (CRM) application. Which of the following ensures the organization mitigates the risk of managing separate user credentials?

A. Ensure the SaaS provider supports dual factor authentication.

B. Ensure the SaaS provider supports encrypted password transmission and storage.

C. Ensure the SaaS provider supports secure hash file exchange.

D. Ensure the SaaS provider supports role-based access control.

E. Ensure the SaaS provider supports directory services federation.

A

E. Ensure the SaaS provider supports directory services federation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of the following would help meet these goals by having co-workers occasionally audit another worker’s position?

A. Least privilege
B. Job rotation
C. Mandatory vacation
D. Separation of duties

A

B. Job rotation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A large organization has recently suffered a massive credit card breach. During the months of Incident Response, there were multiple attempts to assign blame for whose fault it was that the incident occurred. In which part of the incident response phase would this be addressed in a controlled and productive manner?

A. During the Identification Phase
B. During the Lessons Learned phase
C. During the Containment Phase
D. During the Preparation Phase

A

B. During the Lessons Learned phase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A security manager for a service provider has approved two vendors for connections to the service
provider backbone. One vendor will be providing authentication services for its payment card
service, and the other vendor will be providing maintenance to the service provider infrastructure
sites. Which of the following business agreements is MOST relevant to the vendors and service
provider’s relationship?

A. Memorandum of Agreement
B. Interconnection Security Agreement
C. Non-Disclosure Agreement
D. Operating Level Agreement

A

B. Interconnection Security Agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A large enterprise acquires another company which uses antivirus from a different vendor. The CISO has requested that data feeds from the two different antivirus platforms be combined in a way that allows management to assess and rate the overall effectiveness of antivirus across the entire organization. Which of the following tools can BEST meet the CISO’s requirement?

A. GRC
B. IPS
C. CMDB
D. Syslog-ng
E. IDS
A

A. GRC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following provides the BEST risk calculation methodology?

A. Annual Loss Expectancy (ALE) x Value of Asset

B. Potential Loss x Event Probability x Control Failure Probability

C. Impact x Threat x Vulnerability

D. Risk Likelihood x Annual Loss Expectancy (ALE)

A

B. Potential Loss x Event Probability x Control Failure Probability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A security policy states that all applications on the network must have a password length of eight
characters. There are three legacy applications on the network that cannot meet this policy. One system will be upgraded in six months, and two are not expected to be upgraded or removed from the network. Which of the following processes should be followed?

A. Establish a risk matrix
B. Inherit the risk for six months
C. Provide a business justification to avoid the risk
D. Provide a business justification for a risk exception

A

D. Provide a business justification for a risk exception

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The senior security administrator wants to redesign the company DMZ to minimize the risks associated with both external and internal threats. The DMZ design must support security in depth, change management and configuration processes, and support incident reconstruction. Which of the following designs BEST supports the given requirements?

A. A dual firewall DMZ with remote logging where each firewall is managed by a separate administrator.

B. A single firewall DMZ where each firewall interface is managed by a separate administrator and logging to the cloud.

C. A SaaS based firewall which logs to the company’s local storage via SSL, and is managed by the change control team.

D. A virtualized firewall, where each virtual instance is managed by a separate administrator and logging to the same hardware.

A

A. A dual firewall DMZ with remote logging where each firewall is managed by a separate administrator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The doctors and specialists access patient records over the hospital’s guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records management system can be accessed from the guest
network and requires two factor authentication. Using a remote desktop type interface, the doctors and specialists can interact with the hospital’s system. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO).

A. Privacy could be compromised as patient records can be viewed in uncontrolled areas.

B. Device encryption has not been enabled and will result in a greater likelihood of data loss.

C. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient
data.

D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes.

E. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable.

A

A. Privacy could be compromised as patient records can be viewed in uncontrolled areas.

D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The Chief Information Security Officer (CISO) at a company knows that many users store business documents on public cloud-based storage, and realizes this is a risk to the company. In response, the CISO implements a mandatory training course in which all employees are instructed on the proper use of cloud-based storage. Which of the following risk strategies did the CISO implement?

A. Avoid
B. Accept
C. Mitigate
D. Transfer

A

C. Mitigate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?

A. The malware file’s modify, access, change time properties.

B. The timeline analysis of the file system.

C. The time stamp of the malware in the swap file.

D. The date/time stamp of the malware detection in the antivirus logs.

A

B. The timeline analysis of the file system.

17
Q

The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the Chief Security Officer’s (CSO) request to harden the corporate network’s perimeter. The CEO argues that the company cannot protect its employees at home, so the risk at work is no different. Which of the following BEST explains why this company should proceed with protecting its corporate network boundary?

A. The corporate network is the only network that is audited by regulators and customers.

B. The aggregation of employees on a corporate network makes it a more valuable target for
attackers.

C. Home networks are unknown to attackers and less likely to be targeted directly.

D. Employees are more likely to be using personal computers for general web browsing when they
are at home.

A

B. The aggregation of employees on a corporate network makes it a more valuable target for
attackers.

18
Q

A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO).

A. Demonstration of IPS system
B. Review vendor selection process
C. Calculate the ALE for the event
D. Discussion of event timeline
E. Assigning of follow up items
A

D. Discussion of event timeline

E. Assigning of follow up items

19
Q

An assessor identifies automated methods for identifying security control compliance through
validating sensors at the endpoint and at Tier 2. Which of the following practices satisfy continuous
monitoring of authorized information systems?

A. Independent verification and validation
B. Security test and evaluation
C. Risk assessment
D. Ongoing authorization

A

D. Ongoing authorization

20
Q

The source workstation image for new accounting PCs has begun blue-screening. A technician notices that the date/time stamp of the image source appears to have changed. The desktop support director has asked the Information Security department to determine if any changes were made to the source image. Which of the following methods would BEST help with this process?
(Select TWO).

A. Retrieve source system image from backup and run file comparison analysis on the two images.

B. Parse all images to determine if extra data is hidden using steganography.

C. Calculate a new hash and compare it with the previously captured image hash.

D. Ask desktop support if any changes to the images were made.

E. Check key system files to see if date/time stamp is in the past six months.

A

A. Retrieve source system image from backup and run file comparison analysis on the two images.

C. Calculate a new hash and compare it with the previously captured image hash.

21
Q

A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. This requirement is BEST described as an implementation of:

A. an administrative control
B. dual control
C. separation of duties
D. least privilege
E. collusion
A

C. separation of duties

22
Q

The technology steering committee is struggling with increased requirements stemming from an
increase in telecommuting. The organization has not addressed telecommuting in the past. The
implementation of a new SSL-VPN and a VOIP phone solution enables personnel to work from remote locations with corporate assets. Which of the following steps must the committee take FIRST to outline senior management’s directives?

A. Develop an information classification scheme that will properly secure data on corporate systems.

B. Implement database views and constrained interfaces so remote users will be unable to access PII from personal equipment.

C. Publish a policy that addresses the security requirements for working remotely with company
equipment.

D. Work with mid-level managers to identify and document the proper procedures for telecommuting.

A

C. Publish a policy that addresses the security requirements for working remotely with company
equipment.

23
Q

A company is facing penalties for failing to effectively comply with e-discovery requests. Which of the following could reduce the overall risk to the company from this issue?

A. Establish a policy that only allows file-system encryption and disallows the use of individual file
encryption.

B. Require each user to log passwords used for file encryption to a decentralized repository.

C. Permit users to only encrypt individual files using their domain password and archive all old user passwords.

D. Allow encryption only by tools that use public keys from the existing escrowed corporate PKI.

A

D. Allow encryption only by tools that use public keys from the existing escrowed corporate PKI.

24
Q

A security analyst has been asked to develop a quantitative risk analysis and risk assessment for
the company’s online shopping application. Based on heuristic information from the Security
Operations Center (SOC), a Denial of Service Attack (DoS) has been successfully executed 5 times a year. The Business Operations department has determined the loss associated to each attack is $40,000. After implementing application caching, the number of DoS attacks was reduced to one time a year. The cost of the countermeasures was $100,000. Which of the following is the monetary value earned during the first year of operation?

A. $60,000
B. $100,000
C. $140,000
D. $200,000

A

A. $60,000

25
Q

There have been some failures of the company’s internal facing website. A security engineer has
found the WAF to be the root cause of the failures. System logs show that the WAF has been
unavailable for 14 hours over the past month, in four separate situations. One of these situations was a two hour scheduled maintenance time, aimed at improving the stability of the WAF. Using the MTTR based on the last month’s performance figures, which of the following calculations is the percentage of uptime assuming there were 722 hours in the month?

A. 92.24 percent
B. 98.06 percent
C. 98.34 percent
D. 99.72 percent

A

C. 98.34 percent