CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education
Question No: 141 – (Topic 2)
The internal audit department is investigating a possible breach of security. One of the auditors is sent to interview the following employees:
Employee A: Works in the accounts receivable office and is in charge of entering data into the finance system.
Employee B: Works in the accounts payable office and is in charge of approving purchase orders.
Employee C: Is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Employee A and Employee B.
Which of the following should the auditor suggest be done to avoid future security breaches?
All employees should have the same access level to be able to check on each others.
The manager should only be able to review the data and approve purchase orders.
Employee A and Employee B should rotate jobs at a set interval and cross-train.
The manager should be able to both enter and approve information.
Question No: 142 – (Topic 2)
A new IDS device is generating a very large number of irrelevant events. Which of the following would BEST remedy this problem?
Change the IDS to use a heuristic anomaly filter.
Adjust IDS filters to decrease the number of false positives.
Change the IDS filter to data mine the false positives for statistical trending data.
Adjust IDS filters to increase the number of false negatives.
Topic 3, Research and Analysis
Question No: 143 – (Topic 3)
A security analyst at Company A has been trying to convince the Information Security Officer (ISO) to allocate budget towards the purchase of a new intrusion prevention system (IPS) capable of analyzing encrypted web transactions. Which of the following should the analyst provide to the ISO to support the request? (Select TWO).
Emerging threat reports
Company attack trends
Request for Quote (RFQ)
New technologies report
Question No: 144 – (Topic 3)
News outlets are beginning to report on a number of retail establishments that are experiencing payment card data breaches. The data exfiltration is enabled by malware on a compromised computer. After the initial exploit, network mapping and fingerprinting is conducted to prepare for further exploitation. Which of the following is the MOST effective solution to protect against unrecognized malware infections?
Remove local admin permissions from all users and change anti-virus to a cloud aware, push technology.
Implement an application whitelist at all levels of the organization.
Deploy a network based heuristic IDS, configure all layer 3 switches to feed data to the IDS for more effective monitoring.
Update router configuration to pass all network traffic through a new proxy server with advanced malware detection.
Answer: B Explanation:
In essence a whitelist screening will ensure that only acceptable applications are passed / or granted access.
Question No: 145 – (Topic 3)
The risk manager at a small bank wants to use quantitative analysis to determine the ALE of running a business system at a location which is subject to fires during the year. A risk analyst reports to the risk manager that the asset value of the business system is $120,000 and, based on industry data, the exposure factor to fires is only 20% due to the fire suppression system installed at the site. Fires occur in the area on average every four years. Which of the following is the ALE?
Answer: A Explanation:
Single Loss Expectancy (SLE) is mathematically expressed as: Asset value (AV) x Exposure Factor (EF)
SLE = AV x EF = $120 000 x 20% = $ 24,000 (this is over 4 years) Thus ALE = $ 24,000 / 4 = $ 6,000
References: http://www.financeformulas.net/Return_on_Investment.html https://en.wikipedia.org/wiki/Risk_assessment
Project Management Institute, A Guide to the Project Management Body of Knowledge (PMBOK Guide), 5th Edition, Project Management Institute, Inc., Newtown Square, 2013, p. 198
McMillan, Troy and Robin Abernathy, CompTIA Advanced Security Practitioner (CASP) CAS-002 Cert Guide, Pearson Education, Indianapolis, 2015, p. 305
Question No: 146 – (Topic 3)
New zero-day attacks are announced on a regular basis against a broad range of technology systems. Which of the following best practices should a security manager do to manage the risks of these attack vectors? (Select TWO).
Establish an emergency response call tree.
Create an inventory of applications.
Backup the router and firewall configurations.
Maintain a list of critical systems.
Update all network diagrams.
Question No: 147 – (Topic 3)
Since the implementation of IPv6 on the company network, the security administrator has been unable to identify the users associated with certain devices utilizing IPv6 addresses,
even when the devices are centrally managed.
en1: flags=8863lt;UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICASTgt; mtu 1500
inet6 fw80::fa1e:dfff:fee6:9d8%en1 prefixlen 64 scopeid 0x5 inet 192.168.1.14 netmask 0xffffff00 broadcast 192.168.1.255 inet6 2001:200:5:922:1035:dfff:fee6:9dfe prefixlen 64 autoconf
inet6 2001:200:5:922:10ab:5e21:aa9a:6393 prefixlen 64 autoconf temporary nd6 options=1lt;PERFORMNUDgt;
media: autoselect status: active
Given this output, which of the following protocols is in use by the company and what can the system administrator do to positively map users with IPv6 addresses in the future? (Select TWO).
The devices use EUI-64 format
The routers implement NDP
The network implements 6to4 tunneling
The router IPv6 advertisement has been disabled
The administrator must disable IPv6 tunneling
The administrator must disable the mobile IPv6 router flag
The administrator must disable the IPv6 privacy extensions
The administrator must disable DHCPv6 option code 1
Answer: B,G Explanation:
IPv6 makes use of the Neighbor Discovery Protocol (NDP). Thus if your routers implement NDP you will be able to map users with IPv6 addresses. However to be able to positively map users with IPv6 addresses you will need to disable IPv6 privacy extensions.
Question No: 148 – (Topic 3)
A security engineer is responsible for monitoring company applications for known vulnerabilities. Which of the following is a way to stay current on exploits and information
Update company policies and procedures
Subscribe to security mailing lists
Implement security awareness training
Ensure that the organization vulnerability management plan is up-to-date
Answer: B Explanation:
Subscribing to bug and vulnerability, security mailing lists is a good way of staying abreast and keeping up to date with the latest in those fields.
Question No: 149 – (Topic 3)
An external penetration tester compromised one of the client organization’s authentication servers and retrieved the password database. Which of the following methods allows the penetration tester to MOST efficiently use any obtained administrative credentials on the client organization’s other systems, without impacting the integrity of any of the systems?
Use the pass the hash technique
Use rainbow tables to crack the passwords
Use the existing access to change the password
Use social engineering to obtain the actual password
Answer: A Explanation:
With passing the hash you can grab NTLM credentials and you can manipulate the Windows logon sessions maintained by the LSA component. This will allow you to operate as an administrative user and not impact the integrity of any of the systems when running your tests.
Question No: 150 – (Topic 3)
The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53?
Answer: D Explanation:
NMAP works as a port scanner and is used to check if the DNS server is listening on port 53.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|