CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education
Question No: 111 – (Topic 2)
The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation shows that a single 24 hours downtime in a critical business function will cost the business $2.3 million. Additionally, the business unit which depends on the critical business function has determined that there is a high probability that a threat will materialize based on historical data. The CIO’s budget does not allow for full system hardware replacement in case of a catastrophic failure, nor does it allow for the purchase of additional compensating controls. Which of the following should the CIO recommend to the finance director to minimize financial loss?
The company should mitigate the risk.
The company should transfer the risk.
The company should avoid the risk.
The company should accept the risk.
Answer: B Explanation:
To transfer the risk is to deflect it to a third party, by taking out insurance for example.
Question No: 112 – (Topic 2)
Anne, the security administrator, at a company has received a subpoena for the release of all the email received and sent by the company Chief Information Officer (CIO) for the past three years. Anne is only able to find one year’s worth of email records on the server and is now concerned about the possible legal implications of not complying with the request.
Which of the following should Anne check BEFORE responding to the request?
The company data privacy policies
The company backup logs and archives
The company data retention policies and guidelines
The company data retention procedures
Question No: 113 – (Topic 2)
A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization’s customer database. The database will be accessed by both the company’s users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO).
Physical penetration test of the datacenter to ensure there are appropriate controls.
Penetration testing of the solution to ensure that the customer data is well protected.
Security clauses are implemented into the contract such as the right to audit.
Review of the organizations security policies, procedures and relevant hosting certifications.
Code review of the solution to ensure that there are no back doors located in the software.
Answer: C,D Explanation:
Due diligence refers to an investigation of a business or person prior to signing a contract. Due diligence verifies information supplied by vendors with regards to processes, financials, experience, and performance. Due diligence should verify the data supplied in the RFP and concentrate on the following:
Company profile, strategy, mission, and reputation
Financial status, including reviews of audited financial statements
Customer references, preferably from companies that have outsourced similar processes Management qualifications, including criminal background checks
Process expertise, methodology, and effectiveness Quality initiatives and certifications
Technology, infrastructure stability, and applications Security and audit controls
Legal and regulatory compliance, including any outstanding complaints or litigation Use of subcontractors
Disaster recovery and business continuity policies C and D form part of Security and audit controls.
Question No: 114 – (Topic 2)
The network administrator at an enterprise reported a large data leak. One compromised server was used to aggregate data from several critical application servers and send it out to the Internet using HTTPS. Upon investigation, there have been no user logins over the previous week and the endpoint protection software is not reporting any issues. Which of the following BEST provides insight into where the compromised server collected the information?
Review the flow data against each server’s baseline communications profile.
Configure the server logs to collect unusual activity including failed logins and restarted services.
Correlate data loss prevention logs for anomalous communications from the server.
Setup a packet capture on the firewall to collect all of the server communications.
Answer: A Explanation:
Network logging tools such as Syslog, DNS, NetFlow, behavior analytics, IP reputation, honeypots, and DLP solutions provide visibility into the entire infrastructure. This visibility is important because signature-based systems are no longer sufficient for identifying the advanced attacker that relies heavily on custom malware and zero-day exploits. Having knowledge of each host’s communications, protocols, and traffic volumes as well as the content of the data in question is key to identifying zero-day and APT (advance persistent threat) malware and agents. Data intelligence allows forensic analysis to identify anomalous or suspicious communications by comparing suspected traffic patterns against normal data communication behavioral baselines. Automated network intelligence and next-generation live forensics provide insight into network events and rely on analytical decisions based on known vs. unknown behavior taking place within a corporate network.
Question No: 115 – (Topic 2)
The finance department for an online shopping website has discovered that a number of customers were able to purchase goods and services without any payments. Further analysis conducted by the security investigations team indicated that the website allowed customers to update a payment amount for shipping. A specially crafted value could be entered and cause a roll over, resulting in the shipping cost being subtracted from the balance and in some instances resulted in a negative balance. As a result, the system processed the negative balance as zero dollars. Which of the following BEST describes the application issue?
Use after free
Answer: C Explanation:
Integer overflow errors can occur when a program fails to account for the fact that an arithmetic operation can result in a quantity either greater than a data type#39;s maximum value or less than its minimum value.
Question No: 116 – (Topic 2)
An insurance company has an online quoting system for insurance premiums. It allows potential customers to fill in certain details about their car and obtain a quote. During an investigation, the following patterns were detected:
Pattern 1 – Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated.
Pattern 2 – For every quote completed, a new customer number is created; due to legacy systems, customer numbers are running out.
Which of the following is the attack type the system is susceptible to, and what is the BEST way to defend against it? (Select TWO).
Apply a hidden field that triggers a SIEM alert
Cross site scripting attack
Resource exhaustion attack
Input a blacklist of all known BOT malware IPs into the firewall
Implement an inline WAF and integrate into SIEM
Distributed denial of service
Implement firewall rules to block the attacking IP addresses
Answer: C,F Explanation:
A resource exhaustion attack involves tying up predetermined resources on a system, thereby making the resources unavailable to others.
Implementing an inline WAF would allow for protection from attacks, as well as log and
alert admins to what#39;s going on. Integrating in into SIEM allows for logs and other security- related documentation to be collected for analysis.
Question No: 117 – (Topic 2)
Company policy requires that all company laptops meet the following baseline requirements:
Antivirus Anti-malware Anti-spyware
Terminal services enabled for RDP Administrative access for local users
Hardware restrictions: Bluetooth disabled FireWire disabled WiFi adapter disabled
Ann, a web developer, reports performance issues with her laptop and is not able to access any network resources. After further investigation, a bootkit was discovered and it was trying to access external websites. Which of the following hardening techniques should be applied to mitigate this specific issue from reoccurring? (Select TWO).
Group policy to limit web access
Restrict VPN access for all mobile users
Remove full-disk encryption
Remove administrative access to local users
Restrict/disable TELNET access to network resources
Perform vulnerability scanning on a daily basis
Restrict/disable USB access
Answer: D,G Explanation:
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed (for example, to an unauthorized user) while at the same time masking its existence or the existence of other software. A bootkit is similar to a rootkit except the malware infects the master boot record on a hard disk. Malicious software such as bootkits or rootkits typically require administrative privileges to be installed.
Therefore, one method of preventing such attacks is to remove administrative access for local users.
A common source of malware infections is portable USB flash drives. The flash drives are often plugged into less secure computers such as a user’s home computer and then taken to work and plugged in to a work computer. We can prevent this from happening by restricting or disabling access to USB devices.
Question No: 118 – (Topic 2)
Due to a new regulation, a company has to increase active monitoring of security-related events to 24 hours a day. The security staff only has three full time employees that work during normal business hours. Instead of hiring new security analysts to cover the remaining shifts necessary to meet the monitoring requirement, the Chief Information Officer (CIO) has hired a Managed Security Service (MSS) to monitor events. Which of the following should the company do to ensure that the chosen MSS meets expectations?
Develop a memorandum of understanding on what the MSS is responsible to provide.
Create internal metrics to track MSS performance.
Establish a mutually agreed upon service level agreement.
Issue a RFP to ensure the MSS follows guidelines.
Question No: 119 – (Topic 2)
A critical system audit shows that the payroll system is not meeting security policy due to
missing OS security patches. Upon further review, it appears that the system is not being patched at all. The vendor states that the system is only supported on the current OS patch level. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system?
Isolate the system on a secure network to limit its contact with other systems
Implement an application layer firewall to protect the payroll system interface
Monitor the system’s security log for unauthorized access to the payroll application
Perform reconciliation of all payroll transactions on a daily basis
Answer: A Explanation:
The payroll system is not meeting security policy due to missing OS security patches. We cannot apply the patches to the system because the vendor states that the system is only supported on the current OS patch level. Therefore, we need another way of securing the system.
We can improve the security of the system and the other systems on the network by isolating the payroll system on a secure network to limit its contact with other systems. This will reduce the likelihood of a malicious user accessing the payroll system and limit any damage to other systems if the payroll system is attacked.
Question No: 120 – (Topic 2)
A large enterprise acquires another company which uses antivirus from a different vendor. The CISO has requested that data feeds from the two different antivirus platforms be combined in a way that allows management to assess and rate the overall effectiveness of antivirus across the entire organization. Which of the following tools can BEST meet the CISO’s requirement?
Answer: A Explanation:
GRC is a discipline that aims to coordinate information and activity across governance, risk management and compliance with the purpose of operating more efficiently, enabling
effective information sharing, more effectively reporting activities and avoiding wasteful overlaps. An integrated GRC (iGRC) takes data feeds from one or more sources that detect or sense abnormalities, faults or other patterns from security or business applications.
100% Ensurepass Free Download!
–Download Free Demo:RC0-C02 Demo PDF
100% Ensurepass Free Guaranteed!
–Download 2017 EnsurePass RC0-C02 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|