QUESTION 1
Company LEAD2PASS has recently completed the
connection of its network to a national high speed private research network.
Local businesses in the area are seeking sponsorship from Company LEAD2PASS to
connect to the high speed research network by directly connecting through
Company LEAD2PASS’s network. Company LEAD2PASS’s Chief Information Officer (CIO)
believes that this is an opportunity to increase revenues and visibility for the
company, as well as promote research and development in the area. Which of the
following must Company LEAD2PASS require of its sponsored partners in order to
document the technical security requirements of the connection?
A. SLA
B. ISA
C. NDA
D. BPA
Answer: B
QUESTION 2
A security analyst at Company A has been trying
to convince the Information Security Officer (ISO) to allocate budget towards
the purchase of a new intrusion prevention system (IPS) capable of analyzing
encrypted web transactions. Which of the following should the analyst provide to
the ISO to support the request? (Select TWO).
A. Emerging threat reports
B. Company attack
tends
C. Request for Quote (RFQ)
D. Best practices
E. New
technologies report
Answer: AB
QUESTION 3
The IT department of a pharmaceutical research
company is considering whether the company should allow or block access to
social media websites during lunch time. The company is considering the
possibility of allowing access only through the company’s guest wireless
network, which is logically separated from the internal research network. The
company prohibits the use of personal devices; therefore, such access will take
place from company owned laptops. Which of the following is the HIGHEST risk to
the organization?
A. Employee’s professional reputation
B. Intellectual
property confidentiality loss
C. Downloaded viruses on the company
laptops
D. Workstation compromise affecting availability
Answer: B
QUESTION 4
A security audit has uncovered a lack of security
controls with respect to employees’ network account management. Specifically,
the audit reveals that employee’s network accounts are not disabled in a timely
manner once an employee departs the organization. The company policy states that
the network account of an employee should be disabled within eight hours of
termination. However, the audit shows that 5% of the accounts were not
terminated until three days after a dismissed employee departs. Furthermore, 2%
of the accounts are still active. Which of the following is the BEST course of
action that the security officer can take to avoid repeat audit findings?
A. Review the HR termination process and ask the software
developers to review the identity management code.
B. Enforce the company
policy by conducting monthly account reviews of inactive accounts.
C. Review the termination policy with the company managers to ensure prompt
reporting of employee terminations.
D. Update the company policy to
account for delays and unforeseen situations in account deactivation.
Answer: C
QUESTION 5
Which of the following is true about an
unauthenticated SAMLv2 transaction?
A. The browser asks the SP for a resource. The SP provides
the browser with an XHTML format. The browser asks the IdP to validate the user,
and then provides the XHTML back to the SP for access.
B. The browser asks
the IdP for a resource. The IdP provides the browser with an XHTML format. The
browser asks the SP to validate the user, and then provides the XHTML to the IdP
for access.
C. The browser asks the IdP to validate the user. The IdP
sends an XHTML form to the SP and a cookie to the browser. The browser asks for
a resource to the SP, which verifies the cookie and XHTML format for
access.
D. The browser asks the SP to validate the user. The SP sends an
XHTML form to the IdP. The IdP provides the XHTML form back to the SP, and then
the browser asks the SP for a resource.
Answer: A
QUESTION 6
A company which manufactures ASICs for use in an
IDS wants to ensure that the ASICs’ code is not prone to buffer and integer
overflows. The ASIC technology is copyrighted and the confidentiality of the
ASIC code design is exceptionally important. The company is required to conduct
internal vulnerability testing as well as testing by a third party. Which of the
following should be implemented in the SDLC to achieve these requirements?
A. Regression testing by the manufacturer and integration
testing by the third party
B. User acceptance testing by the manufacturer
and black box testing by the third party
C. Defect testing by the
manufacturer and user acceptance testing by the third party
D. White box
unit testing by the manufacturer and black box testing by the third party
Answer: D
QUESTION 7
As part of the testing phase in the SDLC, a
software developer wants to verify that an application is properly handling user
error exceptions. Which of the following is the BEST tool or process for the
developer use?
A. SRTM review
B. Fuzzer
C. Vulnerability
assessment
D. HTTP interceptor
Answer: B
QUESTION 8
Which of the following is the MOST appropriate
control measure for lost mobile devices?
A. Disable unnecessary wireless interfaces such as
Bluetooth.
B. Reduce the amount of sensitive data stored on the
device.
C. Require authentication before access is given to the
device.
D. Require that the compromised devices be remotely wiped.
Answer: D
QUESTION 9
Which of the following is the MOST cost-effective
solution for sanitizing a DVD with sensitive information on it?
A. Write over the data
B. Purge the data
C. Incinerate the DVD
D. Shred the DVD
Answer: D
QUESTION 10
A network engineer at Company LEAD2PASS observes
the following raw HTTP request:
GET
/disp_reports.php?SectionEntered=57&GroupEntered=-1&report_type=alerts&to_date=01-01-
0101&Run=
Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10-2010&TypesEntered=1
HTTP/1.1
Host: test.example.net
Accept: */*
Accept-LanguagE.
en
Connection: close
CookiE. java14=1; java15=1; java16=1;
js=1292192278001;
Which of the following should be the engineer’s GREATEST
concern?
A. The HTTPS is not being enforced so the system is
vulnerable.
B. The numerical encoding on the session ID is limited to
hexadecimal characters, making it susceptible to a brute force attack.
C. Sensitive data is transmitted in the URL.
D. The dates entered are outside
a normal range, which may leave the system vulnerable to a denial of service
attack.
Answer: C
http://www.passleader.com/cas-001.html
QUESTION 11
Driven mainly by cost, many companies outsource
computing jobs which require a large amount of processor cycles over a short
duration to cloud providers. This allows the company to avoid a large investment
in computing resources which will only be used for a short time. Assuming the
provisioned resources are dedicated to a single company, which of the following
is the MAIN vulnerability associated with on-demand provisioning?
A. Traces of proprietary data which can remain on the
virtual machine and be exploited
B. Remnants of network data from prior
customers on the physical servers during a compute job
C. Exposure of
proprietary data when in-transit to the cloud provider through IPSec
tunnels
D. Failure of the de-provisioning mechanism resulting in excessive
charges for the resources
Answer: A
QUESTION 12
A security administrator needs a secure
computing solution to use for all of the company’s security audit log storage,
and to act as a central server to execute security functions from. Which of the
following is the BEST option for the server in this scenario?
A. A hardened Red Hat Enterprise Linux implementation
running a software firewall
B. Windows 7 with a secure domain policy and
smartcard based authentication
C. A hardened bastion host with a permit
all policy implemented in a software firewall
D. Solaris 10 with trusted
extensions or SE Linux with a trusted policy
Answer: D
QUESTION 13
After implementing port security, restricting
all network traffic into and out of a network, migrating to IPv6, installing
NIDS, firewalls, spam and application filters, a security administer is
convinced that the network is secure. The administrator now focuses on securing
the hosts on the network, starting with the servers. Which of the following is
the MOST complete list of end-point security software the administrator could
plan to implement?
A. Anti-malware/virus/spyware/spam software, as well as a
host based firewall and strong, two- factor authentication.
B. Anti-virus/spyware/spam software, as well as a host based IDS, firewall, and
strong three-factor authentication.
C. Anti-malware/virus/spyware/spam
software, as well as a host based firewall and biometric
authentication.
D. Anti-malware/spam software, as well as a host based
firewall and strong, three-factor authentication.
Answer: A
QUESTION 14
A security architect is assigned to a major
software development project. The software development team has a history of
writing bug prone, inefficient code, with multiple security flaws in every
release. The security architect proposes implementing secure coding standards to
the project manager. The secure coding standards will contain detailed standards
for:
A. error handling, input validation, memory use and reuse,
race condition handling, commenting, and preventing typical security
problems.
B. error prevention, requirements validation, memory use and
reuse, commenting typical security problems, and testing code
standards.
C. error elimination, trash collection, documenting race
conditions, peer review, and typical security problems.
D. error handling,
input validation, commenting, preventing typical security problems, managing
customers, and documenting extra requirements.
Answer: A
QUESTION 15
A number of security incidents have been
reported involving mobile web-based code developed by a consulting company.
Performing a root cause analysis, the security administrator of the consulting
company discovers that the problem is a simple programming error that results in
extra information being loaded into the memory when the proper format is
selected by the user. After repeating the process several times, the security
administrator is able to execute unintentional instructions through this method.
Which of the following BEST describes the problem that is occurring, a good
mitigation technique to use to prevent future occurrences, and why it a security
concern?
A. Problem: Cross-site scripting
Mitigation TechniquE.
Input validation
Security Concern: Decreases the company’s profits and
cross-site scripting can enable malicious actors to compromise the
confidentiality of network connections or interrupt the availability of the
network.
B. Problem: Buffer overflow
Mitigation TechniquE. Secure
coding standards
Security Concern: Exposes the company to liability buffer
overflows and can enable malicious actors to compromise the
confidentiality/availability of the data.
C. Problem: SQL
injection
Mitigation TechniquE. Secure coding standards
Security Concern:
Exposes the company to liability SQL injection and can enable malicious actors
to compromise the confidentiality of data or interrupt the availability of a
system.
D. Problem: Buffer overflow
Mitigation TechniquE. Output
validation
Security Concern: Exposing the company to public scrutiny buffer
overflows can enable malicious actors to interrupt the availability of a
system.
Answer: B
QUESTION 16
A security administrator has been conducting a
security assessment of Company XYZ for the past two weeks. All of the
penetration tests and other assessments have revealed zero flaws in the systems
at Company XYZ. However, Company XYZ reports that it has been the victim of
numerous security incidents in the past six months. In each of these incidents,
the criminals have managed to exfiltrate large volumes of data from the secure
servers at the company. Which of the following techniques should the
investigation team consider in the next phase of their assessment in hopes of
uncovering the attack vector the criminals used?
A. Vulnerability assessment
B. Code review
C. Social engineering
D. Reverse engineering
Answer: C
QUESTION 17
A security manager at Company LEAD2PASS, needs
to perform a risk assessment of a new mobile device which the Chief Information
Officer (CIO) wants to immediately deploy to all employees in the company. The
product is commercially available, runs a popular mobile operating system, and
can connect to IPv6 networks wirelessly. The model the CIO wants to procure also
includes the upgraded 160GB solid state hard drive. The producer of the device
will not reveal exact numbers but experts estimate that over 73 million of the
devices have been sold worldwide. Which of the following is the BEST list of
factors the security manager should consider while performing a risk
assessment?
A. Ability to remotely wipe the devices, apply security
controls remotely, and encrypt the SSD; the track record of the vendor in
publicizing and correcting security flaws in their products; predicted costs
associated with maintaining, integrating and securing the devices.
B. Ability to remotely administer the devices, apply security controls remotely,
and remove the SSD; the track record of the vendor in securely implementing IPv6
with IPSec; predicted costs associated with securing the devices.
C. Ability to remotely monitor the devices, remove security controls remotely, and
decrypt the SSD; the track record of the vendor in publicizing and preventing
security flaws in their products; predicted costs associated with maintaining,
destroying and tracking the devices.
D. Ability to remotely sanitize the
devices, apply security controls locally, encrypt the SSD; the track record of
the vendor in adapting the open source operating system to their platform;
predicted costs associated with inventory management, maintaining, integrating
and securing the devices.
Answer: A
QUESTION 18
The security administrator is worried about
possible SPIT attacks against the VoIP system. Which of the following security
controls would MOST likely need to be implemented to detect this type of
attack?
A. SIP and SRTP traffic analysis
B. QoS audit on Layer
3 devices
C. IP and MAC filtering logs
D. Email spam filter log
Answer: A
QUESTION 19
The helpdesk is receiving multiple calls about
slow and intermittent Internet access from the finance department. The network
administrator reviews the tickets and compiles the following information for the
security administrator:
——
Caller 1, IP 172.16.35.217, NETMASK
255.255.254.0
Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0
Caller 3,
IP 172.16.35.173, NETMASK 255.255.254.0
All callers are connected to the same
switch and are routed by a router with five built-in interfaces. The upstream
router interface’s MAC is 00-01-42-32-ab-1a
——
The security
administrator brings a laptop to the finance office, connects it to one of the
wall jacks, starts up a network analyzer, and notices the
following:
09:05:10.937590 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52
(0:12:3f:f1:da:52)
09:05:15.934840 arp reply 172.16.34.1 is-at
0:12:3f:f1:da:52 (0:12:3f:f1:da:52)
09:05:19.931482 arp reply 172.16.34.1
is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)
Which of the following can the
security administrator determine from the above information?
A. A man in the middle attack is underway – implementing
static ARP entries is a possible solution.
B. An ARP flood attack targeted
at the router is causing intermittent communication ?implementing IPS is a
possible solution.
C. The default gateway is being spoofed – implementing
static routing with MD5 is a possible solution.
D. The router is being
advertised on a separate network – router reconfiguration is a possible
solution.
Answer: A
QUESTION 20
On Monday, the Chief Information Officer (CIO)
of a state agency received an e-discovery request for the release of all emails
sent and received by the agency board of directors for the past five years. The
CIO has contacted the email administrator and asked the administrator to provide
the requested information by end of day on Friday. Which of the following has
the GREATEST impact on the ability to fulfill the e-discovery request?
A. Data retention policy
B. Backup software and
hardware
C. Email encryption software
D. Data recovery
procedures
Answer: A