CompTIA Advanced Security Practitioner (CASP)
Question No: 131 – (Topic 2)
Customers are receiving emails containing a link to malicious software. These emails are subverting spam filters. The email reads as follows:
Delivered-To: email@example.com Received: by 10.14.120.205
Mon, 1 Nov 2010 11:15:24 -0700 (PDT)
Received: by 10.231.31.193
Mon, 01 Nov 2010 11:15:23 -0700 (PDT)
Received: by smtpex.example.com (SMTP READY) with ESMTP (AIO); Mon, 01 Nov 2010 13:15:14 -0500
Received: from 172.18.45.122 by 192.168.2.55; Mon, 1 Nov 2010 13:15:14 -0500
To: quot;firstname.lastname@example.org; lt;email@example.com; Date: Mon, 1 Nov 2010 13:15:11 -0500
Subject: New Insurance Application Thread-Topic: New Insurance Application
Please download and install software from the site below to maintain full access to your account.
Additional information: The authorized mail servers IPs are 192.168.2.10 and 192.168.2.11. The network’s subnet is 192.168.2.0/25.
Which of the following are the MOST appropriate courses of action a security administrator could take to eliminate this risk? (Select TWO).
Identify the origination point for malicious activity on the unauthorized mail server.
Block port 25 on the firewall for all unauthorized mail servers.
Disable open relay functionality.
Shut down the SMTP service on the unauthorized mail server.
Enable STARTTLS on the spam filter.
Question No: 132 – (Topic 2)
Which of the following represents important technical controls for securing a SAN storage infrastructure? (Select TWO).
Synchronous copy of data
Storage pool space allocation
Question No: 133 – (Topic 2)
The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance department. The following information is compiled:
Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0
Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0
Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0
All callers are connected to the same switch and are routed by a router with five built-in interfaces. The upstream router interface’s MAC is 00-01-42-32-ab-1a
A packet capture shows the following:
09:05:15.934840 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)
09:06:16.124850 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)
09:07:25.439811 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)
09:08:10.937590 IP 172.16.35.1 gt; 172.16.35.255: ICMP echo request, id 2305, seq 1,
09:08:10.937591 IP 172.16.35.1 gt; 172.16.35.255: ICMP echo request, id 2306, seq 2,
09:08:10.937592 IP 172.16.35.1 gt; 172.16.35.255: ICMP echo request, id 2307, seq 3,
Which of the following is occurring on the network?
A man-in-the-middle attack is underway on the network.
An ARP flood attack is targeting at the router.
The default gateway is being spoofed on the network.
A denial of service attack is targeting at the router.
Question No: 134 – (Topic 2)
VPN users cannot access the active FTP server through the router but can access any server in the data center.
Additional network information:
DMZ network – 192.168.5.0/24 (FTP server is 192.168.5.11) VPN network – 192.168.1.0/24
Datacenter – 192.168.2.0/24 User network – 192.168.3.0/24 HR network – 192.168.4.0/24\
Traffic shaper configuration: VLAN Bandwidth Limit (Mbps) VPN50
Router ACL: ActionSourceDestination Permit192.168.1.0/24192.168.2.0/24 Permit192.168.1.0/24192.168.3.0/24 Permit192.168.1.0/24192.168.5.0/24 Permit192.168.2.0/24192.168.1.0/24 Permit192.168.3.0/24192.168.1.0/24
Permit192.168.5.1/32192.168.1.0/24 Deny192.168.4.0/24192.168.1.0/24 Deny192.168.1.0/24192.168.4.0/24
Which of the following solutions would allow the users to access the active FTP server?
Add a permit statement to allow traffic from 192.168.5.0/24 to the VPN network
Add a permit statement to allow traffic to 192.168.5.1 from the VPN network
IPS is blocking traffic and needs to be reconfigured
Configure the traffic shaper to limit DMZ traffic
Increase bandwidth limit on the VPN network
Question No: 135 – (Topic 2)
A security architect has been engaged during the implementation stage of the SDLC to review a new HR software installation for security gaps. With the project under a tight schedule to meet market commitments on project delivery, which of the following security activities should be prioritized by the security architect? (Select TWO).
Perform penetration testing over the HR solution to identify technical vulnerabilities
Perform a security risk assessment with recommended solutions to close off high-rated risks
Secure code review of the HR solution to identify security gaps that could be exploited
Perform access control testing to ensure that privileges have been configured correctly
Determine if the information security standards have been complied with by the project
Question No: 136 – (Topic 2)
A company provides on-demand cloud computing resources for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two- factor authentication for customer access to the administrative website. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data
from customer A was found on a hidden directory within the VM of company B. Company B is not in the same industry as company A and the two are not competitors. Which of the following has MOST likely occurred?
Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to access each and move the data.
A stolen two factor token was used to move data from one virtual guest to another host on the same network segment.
A hypervisor server was left un-patched and an attacker was able to use a resource exhaustion attack to gain unauthorized access.
An employee with administrative access to the virtual guests was able to dump the guest memory onto a mapped disk.
Question No: 137 – (Topic 2)
Customers have recently reported incomplete purchase history and other anomalies while accessing their account history on the web server farm. Upon investigation, it has been determined that there are version mismatches of key e-commerce applications on the production web servers. The development team has direct access to the production servers and is most likely the cause of the different release versions. Which of the following process level solutions would address this problem?
Implement change control practices at the organization level.
Adjust the firewall ACL to prohibit development from directly accessing the production server farm.
Update the vulnerability management plan to address data discrepancy issues.
Change development methodology from strict waterfall to agile.
Question No: 138 – (Topic 2)
A new IT company has hired a security consultant to implement a remote access system, which will enable employees to telecommute from home using both company issued as well as personal computing devices, including mobile devices. The company wants a flexible system to provide confidentiality and integrity for data in transit to the company’s internally developed application GUI. Company policy prohibits employees from having administrative rights to company issued devices. Which of the following remote access
solutions has the lowest technical complexity?
Question No: 139 – (Topic 2)
A system worth $100,000 has an exposure factor of eight percent and an ARO of four. Which of the following figures is the system’s SLE?
A. $2,000 B. $8,000 C. $12,000 D. $32,000
Question No: 140 – (Topic 2)
Company XYZ finds itself using more cloud-based business tools, and password management is becoming onerous. Security is important to the company; as a result, password replication and shared accounts are not acceptable. Which of the following implementations addresses the distributed login with centralized authentication and has wide compatibility among SaaS vendors?
Establish a cloud-based authentication service that supports SAML.
Implement a new Diameter authentication server with read-only attestation.
Install a read-only Active Directory server in the corporate DMZ for federation.
Allow external connections to the existing corporate RADIUS server.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|