CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education
Question No: 181 – (Topic 3)
As part of a new wireless implementation, the Chief Information Officer’s (CIO’s) main objective is to immediately deploy a system that supports the 802.11r standard, which will help wireless VoIP devices in moving vehicles. However, the 802.11r standard was not ratified by the IETF. The wireless vendor’s products do support the pre-ratification version of 802.11r. The security and network administrators have tested the product and do not see any security or compatibility issues; however, they are concerned that the standard is not yet final. Which of the following is the BEST way to proceed?
Purchase the equipment now, but do not use 802.11r until the standard is ratified.
Do not purchase the equipment now as the client devices do not yet support 802.11r.
Purchase the equipment now, as long as it will be firmware upgradeable to the final 802.11r standard.
Do not purchase the equipment now; delay the implementation until the IETF has ratified the final 802.11r standard.
Question No: 182 – (Topic 3)
Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client and server components of the proprietary web application before launch. Which of the following is the penetration tester MOST likely to use while performing black box testing of the security of the company’s purchased application? (Select TWO).
Answer: C,D Explanation:
C: Local proxy will work by proxying traffic between the web client and the web server. This is a tool that can be put to good effect in this case.
D: Fuzzing is another form of blackbox testing and works by feeding a program multiple input iterations that are specially written to trigger an internal error that might indicate a bug and crash it.
Question No: 183 – (Topic 3)
A security analyst, Ann, states that she believes Internet facing file transfer servers are being attacked. Which of the following is evidence that would aid Ann in making a case to management that action needs to be taken to safeguard these servers?
Provide a report of all the IP addresses that are connecting to the systems and their locations
Establish alerts at a certain threshold to notify the analyst of high activity
Provide a report showing the file transfer logs of the servers
Compare the current activity to the baseline of normal activity
Answer: D Explanation:
In risk assessment a baseline forms the foundation for how an organization needs to increase or enhance its current level of security. This type of assessment will provide Ann
with the necessary information to take to management.
Question No: 184 – (Topic 3)
A security manager looked at various logs while investigating a recent security breach in the data center from an external source. Each log below was collected from various security devices compiled from a report through the company’s security information and event management server.
Logs: Log 1:
Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.2.5.81 3 packets
Security Error Alert
Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client
Encoder oe = new OracleEncoder ();
String query = “Select user_id FROM user_data WHERE user_name = ‘ “
oe.encode ( req.getParameter(“userID”) ) ” ‘ and user_password = ‘ “
oe.encode ( req.getParameter(“pwd”) ) ” ‘ “;
Vulnerabilities Buffer overflow SQL injection
Which of the following logs and vulnerabilities would MOST likely be related to the security breach? (Select TWO).
Answer: B,E Explanation:
Log 2 indicates that the security breach originated from an external source. And the vulnerability that can be associated with this security breach is a buffer overflow that happened when the amount of data written into the buffer exceeded the limit of that particular buffer.
Question No: 185 – (Topic 3)
A human resources manager at a software development company has been tasked with recruiting personnel for a new cyber defense division in the company. This division will require personnel to have high technology skills and industry certifications. Which of the following is the BEST method for this manager to gain insight into this industry to execute the task?
Interview candidates, attend training, and hire a staffing company that specializes in technology jobs
Interview employees and managers to discover the industry hot topics and trends
Attend meetings with staff, internal training, and become certified in software management
Attend conferences, webinars, and training to remain current with the industry and job requirements
Conferences represent an important method of exchanging information between researchers who are usually experts in their respective fields. Together with webinars and training to remain current on the subject the manager will be able to gain valuable insight into the cyber defense industry and be able to recruit personnel.
Question No: 186 – (Topic 3)
The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the country for the sales staff to generate business. The company needs an effective communication solution to remain in constant contact with each other, while maintaining a secure business environment. A junior-level administrator suggests that the company and the sales staff stay connected via free social media. Which of the following decisions is BEST for the CEO to make?
Social media is an effective solution because it is easily adaptable to new situations.
Social media is an ineffective solution because the policy may not align with the business.
Social media is an effective solution because it implements SSL encryption.
Social media is an ineffective solution because it is not primarily intended for business applications.
Answer: B Explanation:
Social media networks are designed to draw people’s attention quickly and to connect people is thus the main focus; security is not the main concern. Thus the CEO should decide that it would be ineffective to use social media in the company as it does not align with the company business.
Question No: 187 – (Topic 3)
A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three changes to deploy a new application onto the network before it is operational. Security now has a significant effect on overall availability. Which of the following would be the FIRST process to perform as a result of these findings?
Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Reuse the firewall infrastructure on other projects.
Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Decrease the current SLA expectations to match the new solution.
Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. As part of the review ask them to review the control effectiveness.
Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution.
Answer: D Explanation:
Checking whether control effectiveness complies with the complexity of the solution and then determining if there is not an alternative simpler solution would be the first procedure to follow in the light of the findings.
Question No: 188 – (Topic 3)
Which of the following would be used in forensic analysis of a compromised Linux system? (Select THREE).
Check log files for logins from unauthorized IPs.
Check /proc/kmem for fragmented memory segments.
Check for unencrypted passwords in /etc/shadow.
Check timestamps for files modified around time of compromise.
Use lsof to determine files with future timestamps.
Use gpg to encrypt compromised data files.
Verify the MD5 checksum of system binaries.
Use vmstat to look for excessive disk I/O.
Answer: A,D,G Explanation:
The MD5 checksum of the system binaries will allow you to carry out a forensic analysis of the compromised Linux system. Together with the log files of logins into the compromised system from unauthorized IPs and the timestamps for those files that were modified around the time that the compromise occurred will serve as useful forensic tools.
Question No: 189 – (Topic 3)
A security administrator is assessing a new application. The application uses an API that is supposed to encrypt text strings that are stored in memory. How might the administrator test that the strings are indeed encrypted in memory?
Use fuzzing techniques to examine application inputs
Run nmap to attach to application memory
Use a packet analyzer to inspect the strings
Initiate a core dump of the application
Use an HTTP interceptor to capture the text strings
Answer: D Explanation:
Applications store information in memory and this information include sensitive data, passwords, and usernames and encryption keys. Conducting memory/core dumping will allow you to analyze the memory content and then you can test that the strings are indeed encrypted.
Question No: 190 – (Topic 3)
An administrator wishes to replace a legacy clinical software product as it has become a security risk. The legacy product generates $10,000 in revenue a month. The new software product has an initial cost of $180,000 and a yearly maintenance of $2,000 after the first year. However, it will generate $15,000 in revenue per month and be more secure. How many years until there is a return on investment for this new package?
Answer: D Explanation:
Return on investment = Net profit / Investment where:
Profit for the first year is $60 000, second year = $ 120 000 ; third year = $ 180 000 ; and fourth year = $ 240 000
investment in first year = $ 180 000, by year 2 = $ 182 000; by year 3 = $ 184 000 ; and by
year 4 = $ 186 000
Thus you will only get a return on the investment in 4 years’ time.
100% Free Download!
–Download Free Demo:RC0-C02 Demo PDF
100% Pass Guaranteed!
–Download 2017 EnsurePass RC0-C02 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|