CompTIA Advanced Security Practitioner (CASP) v6.1

Page:    1 / 36   
Exam contains 539 questions
Expand All

A company is in the process of implementing a new front end user interface for its customers, the goal is to provide them with more self service functionality. The application has been written by developers over the last six months and the project is currently in the test phase.
Which of the following security activities should be implemented as part of the SDL in order to provide the MOST security coverage over the solution? (Select TWO).

  • A. Perform unit testing of the binary code
  • B. Perform code review over a sampling of the front end source code
  • C. Perform black box penetration testing over the solution
  • D. Perform grey box penetration testing over the solution
  • E. Perform static code review over the front end source code


Answer : D,E

A security engineer is responsible for monitoring company applications for known vulnerabilities. Which of the following is a way to stay current on exploits and information security news?

  • A. Update company policies and procedures
  • B. Subscribe to security mailing lists
  • C. Implement security awareness training
  • D. Ensure that the organization vulnerability management plan is up-to-date


Answer : B

The helpdesk manager wants to find a solution that will enable the helpdesk staff to better serve company employees who call with computer-related problems. The helpdesk staff is currently unable to perform effective troubleshooting and relies on callers to describe their technology problems. Given that the helpdesk staff is located within the company headquarters and 90% of the callers are telecommuters, which of the following tools should the helpdesk manager use to make the staff more effective at troubleshooting while at the same time reducing company costs? (Select TWO).

  • A. Web cameras
  • B. Email
  • C. Instant messaging
  • D. BYOD
  • E. Desktop sharing
  • F. Presence


Answer : C,E

An extensible commercial software system was upgraded to the next minor release version to patch a security vulnerability. After the upgrade, an unauthorized intrusion into the system was detected. The software vendor is called in to troubleshoot the issue and reports that all core components were updated properly. Which of the following has been overlooked in securing the system? (Select TWO).

  • A. The company’s IDS signatures were not updated.
  • B. The company’s custom code was not patched.
  • C. The patch caused the system to revert to http.
  • D. The software patch was not cryptographically signed.
  • E. The wrong version of the patch was used.
  • F. Third-party plug-ins were not patched.


Answer : B,F

A university requires a significant increase in web and database server resources for one week, twice a year, to handle student registration. The web servers remain idle for the rest of the year. Which of the following is the MOST cost effective way for the university to securely handle student registration?

  • A. Virtualize the web servers locally to add capacity during registration.
  • B. Move the database servers to an elastic private cloud while keeping the web servers local.
  • C. Move the database servers and web servers to an elastic private cloud.
  • D. Move the web servers to an elastic public cloud while keeping the database servers local.


Answer : D

An organization is selecting a SaaS provider to replace its legacy, in house Customer
Resource Management (CRM) application. Which of the following ensures the organization mitigates the risk of managing separate user credentials?

  • A. Ensure the SaaS provider supports dual factor authentication.
  • B. Ensure the SaaS provider supports encrypted password transmission and storage.
  • C. Ensure the SaaS provider supports secure hash file exchange.
  • D. Ensure the SaaS provider supports role-based access control.
  • E. Ensure the SaaS provider supports directory services federation.


Answer : E

A large organization has recently suffered a massive credit card breach. During the months of Incident Response, there were multiple attempts to assign blame for whose fault it was that the incident occurred. In which part of the incident response phase would this be addressed in a controlled and productive manner?

  • A. During the Identification Phase
  • B. During the Lessons Learned phase
  • C. During the Containment Phase
  • D. During the Preparation Phase


Answer : B

During a recent audit of servers, a company discovered that a network administrator, who required remote access, had deployed an unauthorized remote access application that communicated over common ports already allowed through the firewall. A network scan showed that this remote access application had already been installed on one third of the servers in the company. Which of the following is the MOST appropriate action that the company should take to provide a more appropriate solution?

  • A. Implement an IPS to block the application on the network
  • B. Implement the remote application out to the rest of the servers
  • C. Implement SSL VPN with SAML standards for federation
  • D. Implement an ACL on the firewall with NAT for remote access


Answer : C

After being notified of an issue with the online shopping cart, where customers are able to arbitrarily change the price of listed items, a programmer analyzes the following piece of code used by a web based shopping cart.
SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT);
The programmer found that every time a user adds an item to the cart, a temporary file is created on the web server /tmp directory. The temporary file has a name which is generated by concatenating the content of the $USERINPUT variable and a timestamp in the form of MM-DD-YYYY, (e.g. smartphone-12-25-2013.tmp) containing the price of the item being purchased. Which of the following is MOST likely being exploited to manipulate the price of a shopping carts items?

  • A. Input validation
  • B. SQL injection
  • C. TOCTOU
  • D. Session hijacking


Answer : C

A small retail company recently deployed a new point of sale (POS) system to all 67 stores.
The core of the POS is an extranet site, accessible only from retail stores and the corporate office over a split-tunnel VPN. An additional split-tunnel VPN provides bi-directional connectivity back to the main office, which provides voice connectivity for store VoIP phones. Each store offers guest wireless functionality, as well as employee wireless. Only the staff wireless network has access to the POS VPN. Recently, stores are reporting poor response times when accessing the POS application from store computers as well as degraded voice quality when making phone calls. Upon investigation, it is determined that three store PCs are hosting malware, which is generating excessive network traffic. After malware removal, the information security department is asked to review the configuration and suggest changes to prevent this from happening again. Which of the following denotes the BEST way to mitigate future malware risk?

  • A. Deploy new perimeter firewalls at all stores with UTM functionality.
  • B. Change antivirus vendors at the store and the corporate office.
  • C. Move to a VDI solution that runs offsite from the same data center that hosts the new POS solution.
  • D. Deploy a proxy server with content filtering at the corporate office and route all traffic through it.


Answer : A

Company A needs to export sensitive data from its financial system to company Bs database, using company Bs API in an automated manner. Company As policy prohibits the use of any intermediary external systems to transfer or store its sensitive data, therefore the transfer must occur directly between company As financial system and company Bs destination server using the supplied API. Additionally, company As legacy financial software does not support encryption, while company Bs API supports encryption.
Which of the following will provide end-to-end encryption for the data transfer while adhering to these requirements?

  • A. Company A must install an SSL tunneling software on the financial system.
  • B. Company As security administrator should use an HTTPS capable browser to transfer the data.
  • C. Company A should use a dedicated MPLS circuit to transfer the sensitive data to company B.
  • D. Company A and B must create a site-to-site IPSec VPN on their respective firewalls.


Answer : A

The technology steering committee is struggling with increased requirements stemming from an increase in telecommuting. The organization has not addressed telecommuting in the past. The implementation of a new SSL-VPN and a VOIP phone solution enables personnel to work from remote locations with corporate assets. Which of the following steps must the committee take FIRST to outline senior managements directives?

  • A. Develop an information classification scheme that will properly secure data on corporate systems.
  • B. Implement database views and constrained interfaces so remote users will be unable to access PII from personal equipment.
  • C. Publish a policy that addresses the security requirements for working remotely with company equipment.
  • D. Work with mid-level managers to identify and document the proper procedures for telecommuting.


Answer : C

A network administrator with a companys NSP has received a CERT alert for targeted adversarial behavior at the company. In addition to the companys physical security, which of the following can the network administrator use to detect the presence of a malicious actor physically accessing the companys network or information systems from within?
(Select TWO).

  • A. RAS
  • B. Vulnerability scanner
  • C. HTTP intercept
  • D. HIDS
  • E. Port scanner
  • F. Protocol analyzer


Answer : D,F

A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?

  • A. The malware file’s modify, access, change time properties.
  • B. The timeline analysis of the file system.
  • C. The time stamp of the malware in the swap file.
  • D. The date/time stamp of the malware detection in the antivirus logs.


Answer : B

A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One system will be upgraded in six months, and two are not expected to be upgraded or removed from the network. Which of the following processes should be followed?

  • A. Establish a risk matrix
  • B. Inherit the risk for six months
  • C. Provide a business justification to avoid the risk
  • D. Provide a business justification for a risk exception


Answer : D

Page:    1 / 36   
Exam contains 539 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy