QUESTION 1
Company LEAD2PASS has recently completed the connection of its network to a national high speed private research network. Local businesses in the area are seeking sponsorship from Company LEAD2PASS to connect to the high speed research network by directly connecting through Company LEAD2PASS’s network. Company LEAD2PASS’s Chief Information Officer (CIO) believes that this is an opportunity to increase revenues and visibility for the company, as well as promote research and development in the area. Which of the following must Company LEAD2PASS require of its sponsored partners in order to document the technical security requirements of the connection?
A. SLA
B. ISA
C. NDA
D. BPA
Answer: B
QUESTION 2
A security analyst at Company A has been trying to convince the Information Security Officer (ISO) to allocate budget towards the purchase of a new intrusion prevention system (IPS) capable of analyzing encrypted web transactions. Which of the following should the analyst provide to the ISO to support the request? (Select TWO).
A. Emerging threat reports
B. Company attack tends
C. Request for Quote (RFQ)
D. Best practices
E. New technologies report
Answer: AB
QUESTION 3
The IT department of a pharmaceutical research company is considering whether the company should allow or block access to social media websites during lunch time. The company is considering the possibility of allowing access only through the company’s guest wireless network, which is logically separated from the internal research network. The company prohibits the use of personal devices; therefore, such access will take place from company owned laptops. Which of the following is the HIGHEST risk to the organization?
A. Employee’s professional reputation
B. Intellectual property confidentiality loss
C. Downloaded viruses on the company laptops
D. Workstation compromise affecting availability
Answer: B
QUESTION 4
A security audit has uncovered a lack of security controls with respect to employees’ network account management. Specifically, the audit reveals that employee’s network accounts are not disabled in a timely manner once an employee departs the organization. The company policy states that the network account of an employee should be disabled within eight hours of termination. However, the audit shows that 5% of the accounts were not terminated until three days after a dismissed employee departs. Furthermore, 2% of the accounts are still active. Which of the following is the BEST course of action that the security officer can take to avoid repeat audit findings?
A. Review the HR termination process and ask the software developers to review the identity management code.
B. Enforce the company policy by conducting monthly account reviews of inactive accounts.
C. Review the termination policy with the company managers to ensure prompt reporting of employee terminations.
D. Update the company policy to account for delays and unforeseen situations in account deactivation.
Answer: C
QUESTION 5
Which of the following is true about an unauthenticated SAMLv2 transaction?
A. The browser asks the SP for a resource. The SP provides the browser with an XHTML format. The browser asks the IdP to validate the user, and then provides the XHTML back to the SP for access.
B. The browser asks the IdP for a resource. The IdP provides the browser with an XHTML format. The browser asks the SP to validate the user, and then provides the XHTML to the IdP for access.
C. The browser asks the IdP to validate the user. The IdP sends an XHTML form to the SP and a cookie to the browser. The browser asks for a resource to the SP, which verifies the cookie and XHTML format for access.
D. The browser asks the SP to validate the user. The SP sends an XHTML form to the IdP. The IdP provides the XHTML form back to the SP, and then the browser asks the SP for a resource.
Answer: A
QUESTION 6
A company which manufactures ASICs for use in an IDS wants to ensure that the ASICs’ code is not prone to buffer and integer overflows. The ASIC technology is copyrighted and the confidentiality of the ASIC code design is exceptionally important. The company is required to conduct internal vulnerability testing as well as testing by a third party. Which of the following should be implemented in the SDLC to achieve these requirements?
A. Regression testing by the manufacturer and integration testing by the third party
B. User acceptance testing by the manufacturer and black box testing by the third party
C. Defect testing by the manufacturer and user acceptance testing by the third party
D. White box unit testing by the manufacturer and black box testing by the third party
Answer: D
QUESTION 7
As part of the testing phase in the SDLC, a software developer wants to verify that an application is properly handling user error exceptions. Which of the following is the BEST tool or process for the developer use?
A. SRTM review
B. Fuzzer
C. Vulnerability assessment
D. HTTP interceptor
Answer: B
QUESTION 8
Which of the following is the MOST appropriate control measure for lost mobile devices?
A. Disable unnecessary wireless interfaces such as Bluetooth.
B. Reduce the amount of sensitive data stored on the device.
C. Require authentication before access is given to the device.
D. Require that the compromised devices be remotely wiped.
Answer: D
QUESTION 9
Which of the following is the MOST cost-effective solution for sanitizing a DVD with sensitive information on it?
A. Write over the data
B. Purge the data
C. Incinerate the DVD
D. Shred the DVD
Answer: D
QUESTION 10
A network engineer at Company LEAD2PASS observes the following raw HTTP request:
GET /disp_reports.php?SectionEntered=57&GroupEntered=-1&report_type=alerts&to_date=01-01- 0101&Run=
Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10-2010&TypesEntered=1 HTTP/1.1
Host: test.example.net
Accept: */*
Accept-LanguagE. en
Connection: close
CookiE. java14=1; java15=1; java16=1; js=1292192278001;
Which of the following should be the engineer’s GREATEST concern?
A. The HTTPS is not being enforced so the system is vulnerable.
B. The numerical encoding on the session ID is limited to hexadecimal characters, making it susceptible to a brute force attack.
C. Sensitive data is transmitted in the URL.
D. The dates entered are outside a normal range, which may leave the system vulnerable to a denial of service attack.
Answer: C
http://www.passleader.com/cas-001.html
QUESTION 11
Driven mainly by cost, many companies outsource computing jobs which require a large amount of processor cycles over a short duration to cloud providers. This allows the company to avoid a large investment in computing resources which will only be used for a short time. Assuming the provisioned resources are dedicated to a single company, which of the following is the MAIN vulnerability associated with on-demand provisioning?
A. Traces of proprietary data which can remain on the virtual machine and be exploited
B. Remnants of network data from prior customers on the physical servers during a compute job
C. Exposure of proprietary data when in-transit to the cloud provider through IPSec tunnels
D. Failure of the de-provisioning mechanism resulting in excessive charges for the resources
Answer: A
QUESTION 12
A security administrator needs a secure computing solution to use for all of the company’s security audit log storage, and to act as a central server to execute security functions from. Which of the following is the BEST option for the server in this scenario?
A. A hardened Red Hat Enterprise Linux implementation running a software firewall
B. Windows 7 with a secure domain policy and smartcard based authentication
C. A hardened bastion host with a permit all policy implemented in a software firewall
D. Solaris 10 with trusted extensions or SE Linux with a trusted policy
Answer: D
QUESTION 13
After implementing port security, restricting all network traffic into and out of a network, migrating to IPv6, installing NIDS, firewalls, spam and application filters, a security administer is convinced that the network is secure. The administrator now focuses on securing the hosts on the network, starting with the servers. Which of the following is the MOST complete list of end-point security software the administrator could plan to implement?
A. Anti-malware/virus/spyware/spam software, as well as a host based firewall and strong, two- factor authentication.
B. Anti-virus/spyware/spam software, as well as a host based IDS, firewall, and strong three-factor authentication.
C. Anti-malware/virus/spyware/spam software, as well as a host based firewall and biometric authentication.
D. Anti-malware/spam software, as well as a host based firewall and strong, three-factor authentication.
Answer: A
QUESTION 14
A security architect is assigned to a major software development project. The software development team has a history of writing bug prone, inefficient code, with multiple security flaws in every release. The security architect proposes implementing secure coding standards to the project manager. The secure coding standards will contain detailed standards for:
A. error handling, input validation, memory use and reuse, race condition handling, commenting, and preventing typical security problems.
B. error prevention, requirements validation, memory use and reuse, commenting typical security problems, and testing code standards.
C. error elimination, trash collection, documenting race conditions, peer review, and typical security problems.
D. error handling, input validation, commenting, preventing typical security problems, managing customers, and documenting extra requirements.
Answer: A
QUESTION 15
A number of security incidents have been reported involving mobile web-based code developed by a consulting company. Performing a root cause analysis, the security administrator of the consulting company discovers that the problem is a simple programming error that results in extra information being loaded into the memory when the proper format is selected by the user. After repeating the process several times, the security administrator is able to execute unintentional instructions through this method. Which of the following BEST describes the problem that is occurring, a good mitigation technique to use to prevent future occurrences, and why it a security concern?
A. Problem: Cross-site scripting
Mitigation TechniquE. Input validation
Security Concern: Decreases the company’s profits and cross-site scripting can enable malicious actors to compromise the confidentiality of network connections or interrupt the availability of the network.
B. Problem: Buffer overflow
Mitigation TechniquE. Secure coding standards
Security Concern: Exposes the company to liability buffer overflows and can enable malicious actors to compromise the confidentiality/availability of the data.
C. Problem: SQL injection
Mitigation TechniquE. Secure coding standards
Security Concern: Exposes the company to liability SQL injection and can enable malicious actors to compromise the confidentiality of data or interrupt the availability of a system.
D. Problem: Buffer overflow
Mitigation TechniquE. Output validation
Security Concern: Exposing the company to public scrutiny buffer overflows can enable malicious actors to interrupt the availability of a system.
Answer: B
QUESTION 16
A security administrator has been conducting a security assessment of Company XYZ for the past two weeks. All of the penetration tests and other assessments have revealed zero flaws in the systems at Company XYZ. However, Company XYZ reports that it has been the victim of numerous security incidents in the past six months. In each of these incidents, the criminals have managed to exfiltrate large volumes of data from the secure servers at the company. Which of the following techniques should the investigation team consider in the next phase of their assessment in hopes of uncovering the attack vector the criminals used?
A. Vulnerability assessment
B. Code review
C. Social engineering
D. Reverse engineering
Answer: C
QUESTION 17
A security manager at Company LEAD2PASS, needs to perform a risk assessment of a new mobile device which the Chief Information Officer (CIO) wants to immediately deploy to all employees in the company. The product is commercially available, runs a popular mobile operating system, and can connect to IPv6 networks wirelessly. The model the CIO wants to procure also includes the upgraded 160GB solid state hard drive. The producer of the device will not reveal exact numbers but experts estimate that over 73 million of the devices have been sold worldwide. Which of the following is the BEST list of factors the security manager should consider while performing a risk assessment?
A. Ability to remotely wipe the devices, apply security controls remotely, and encrypt the SSD; the track record of the vendor in publicizing and correcting security flaws in their products; predicted costs associated with maintaining, integrating and securing the devices.
B. Ability to remotely administer the devices, apply security controls remotely, and remove the SSD; the track record of the vendor in securely implementing IPv6 with IPSec; predicted costs associated with securing the devices.
C. Ability to remotely monitor the devices, remove security controls remotely, and decrypt the SSD; the track record of the vendor in publicizing and preventing security flaws in their products; predicted costs associated with maintaining, destroying and tracking the devices.
D. Ability to remotely sanitize the devices, apply security controls locally, encrypt the SSD; the track record of the vendor in adapting the open source operating system to their platform; predicted costs associated with inventory management, maintaining, integrating and securing the devices.
Answer: A
QUESTION 18
The security administrator is worried about possible SPIT attacks against the VoIP system. Which of the following security controls would MOST likely need to be implemented to detect this type of attack?
A. SIP and SRTP traffic analysis
B. QoS audit on Layer 3 devices
C. IP and MAC filtering logs
D. Email spam filter log
Answer: A
QUESTION 19
The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance department. The network administrator reviews the tickets and compiles the following information for the security administrator:
——
Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0
Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0
Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0
All callers are connected to the same switch and are routed by a router with five built-in interfaces. The upstream router interface’s MAC is 00-01-42-32-ab-1a
——
The security administrator brings a laptop to the finance office, connects it to one of the wall jacks, starts up a network analyzer, and notices the following:
09:05:10.937590 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)
09:05:15.934840 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)
09:05:19.931482 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)
Which of the following can the security administrator determine from the above information?
A. A man in the middle attack is underway – implementing static ARP entries is a possible solution.
B. An ARP flood attack targeted at the router is causing intermittent communication ?implementing IPS is a possible solution.
C. The default gateway is being spoofed – implementing static routing with MD5 is a possible solution.
D. The router is being advertised on a separate network – router reconfiguration is a possible solution.
Answer: A
QUESTION 20
On Monday, the Chief Information Officer (CIO) of a state agency received an e-discovery request for the release of all emails sent and received by the agency board of directors for the past five years. The CIO has contacted the email administrator and asked the administrator to provide the requested information by end of day on Friday. Which of the following has the GREATEST impact on the ability to fulfill the e-discovery request?
A. Data retention policy
B. Backup software and hardware
C. Email encryption software
D. Data recovery procedures
Answer: A
http://www.passleader.com/cas-001.html