CompTIA Advanced Security Practitioner (CASP) v6.1

Page:    1 / 36   
Total 532 questions Expand All

A company is in the process of implementing a new front end user interface for its
customers, the goal is to provide them with more self service functionality. The application
has been written by developers over the last six months and the project is currently in the
test phase.
Which of the following security activities should be implemented as part of the SDL in order
to provide the MOST security coverage over the solution? (Select TWO).

  • A. Perform unit testing of the binary code
  • B. Perform code review over a sampling of the front end source code
  • C. Perform black box penetration testing over the solution
  • D. Perform grey box penetration testing over the solution
  • E. Perform static code review over the front end source code


Answer : D,E

Question discussion

A security engineer is responsible for monitoring company applications for known
vulnerabilities. Which of the following is a way to stay current on exploits and information
security news?

  • A. Update company policies and procedures
  • B. Subscribe to security mailing lists
  • C. Implement security awareness training
  • D. Ensure that the organization vulnerability management plan is up-to-date


Answer : B

Question discussion

The helpdesk manager wants to find a solution that will enable the helpdesk staff to better
serve company employees who call with computer-related problems. The helpdesk staff is
currently unable to perform effective troubleshooting and relies on callers to describe their
technology problems. Given that the helpdesk staff is located within the company
headquarters and 90% of the callers are telecommuters, which of the following tools should
the helpdesk manager use to make the staff more effective at troubleshooting while at the
same time reducing company costs? (Select TWO).

  • A. Web cameras
  • B. Email
  • C. Instant messaging
  • D. BYOD
  • E. Desktop sharing
  • F. Presence


Answer : C,E

Question discussion

An extensible commercial software system was upgraded to the next minor release version
to patch a security vulnerability. After the upgrade, an unauthorized intrusion into the
system was detected. The software vendor is called in to troubleshoot the issue and
reports that all core components were updated properly. Which of the following has been
overlooked in securing the system? (Select TWO).

  • A. The company’s IDS signatures were not updated.
  • B. The company’s custom code was not patched.
  • C. The patch caused the system to revert to http.
  • D. The software patch was not cryptographically signed.
  • E. The wrong version of the patch was used.
  • F. Third-party plug-ins were not patched.


Answer : B,F

Question discussion

A university requires a significant increase in web and database server resources for one
week, twice a year, to handle student registration. The web servers remain idle for the rest
of the year. Which of the following is the MOST cost effective way for the university to
securely handle student registration?

  • A. Virtualize the web servers locally to add capacity during registration.
  • B. Move the database servers to an elastic private cloud while keeping the web servers local.
  • C. Move the database servers and web servers to an elastic private cloud.
  • D. Move the web servers to an elastic public cloud while keeping the database servers local.


Answer : D

Question discussion

An organization is selecting a SaaS provider to replace its legacy, in house Customer
Resource Management (CRM) application. Which of the following ensures the organization
mitigates the risk of managing separate user credentials?

  • A. Ensure the SaaS provider supports dual factor authentication.
  • B. Ensure the SaaS provider supports encrypted password transmission and storage.
  • C. Ensure the SaaS provider supports secure hash file exchange.
  • D. Ensure the SaaS provider supports role-based access control.
  • E. Ensure the SaaS provider supports directory services federation.


Answer : E

Question discussion

A large organization has recently suffered a massive credit card breach. During the months
of Incident Response, there were multiple attempts to assign blame for whose fault it was
that the incident occurred. In which part of the incident response phase would this be
addressed in a controlled and productive manner?

  • A. During the Identification Phase
  • B. During the Lessons Learned phase
  • C. During the Containment Phase
  • D. During the Preparation Phase


Answer : B

Question discussion

During a recent audit of servers, a company discovered that a network administrator, who
required remote access, had deployed an unauthorized remote access application that
communicated over common ports already allowed through the firewall. A network scan
showed that this remote access application had already been installed on one third of the
servers in the company. Which of the following is the MOST appropriate action that the
company should take to provide a more appropriate solution?

  • A. Implement an IPS to block the application on the network
  • B. Implement the remote application out to the rest of the servers
  • C. Implement SSL VPN with SAML standards for federation
  • D. Implement an ACL on the firewall with NAT for remote access


Answer : C

Question discussion

After being notified of an issue with the online shopping cart, where customers are able to
arbitrarily change the price of listed items, a programmer analyzes the following piece of
code used by a web based shopping cart.
SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT);
The programmer found that every time a user adds an item to the cart, a temporary file is
created on the web server /tmp directory. The temporary file has a name which is
generated by concatenating the content of the $USERINPUT variable and a timestamp in
the form of MM-DD-YYYY, (e.g. smartphone-12-25-2013.tmp) containing the price of the
item being purchased. Which of the following is MOST likely being exploited to manipulate
the price of a shopping carts items?

  • A. Input validation
  • B. SQL injection
  • C. TOCTOU
  • D. Session hijacking


Answer : C

Question discussion

A small retail company recently deployed a new point of sale (POS) system to all 67 stores.
The core of the POS is an extranet site, accessible only from retail stores and the corporate
office over a split-tunnel VPN. An additional split-tunnel VPN provides bi-directional
connectivity back to the main office, which provides voice connectivity for store VoIP
phones. Each store offers guest wireless functionality, as well as employee wireless. Only
the staff wireless network has access to the POS VPN. Recently, stores are reporting poor
response times when accessing the POS application from store computers as well as
degraded voice quality when making phone calls. Upon investigation, it is determined that
three store PCs are hosting malware, which is generating excessive network traffic. After
malware removal, the information security department is asked to review the configuration
and suggest changes to prevent this from happening again. Which of the following denotes
the BEST way to mitigate future malware risk?

  • A. Deploy new perimeter firewalls at all stores with UTM functionality.
  • B. Change antivirus vendors at the store and the corporate office.
  • C. Move to a VDI solution that runs offsite from the same data center that hosts the new POS solution.
  • D. Deploy a proxy server with content filtering at the corporate office and route all traffic through it.


Answer : A

Question discussion

Company A needs to export sensitive data from its financial system to company Bs
database, using company Bs API in an automated manner. Company As policy prohibits
the use of any intermediary external systems to transfer or store its sensitive data,
therefore the transfer must occur directly between company As financial system and
company Bs destination server using the supplied API. Additionally, company As legacy
financial software does not support encryption, while company Bs API supports encryption.
Which of the following will provide end-to-end encryption for the data transfer while
adhering to these requirements?

  • A. Company A must install an SSL tunneling software on the financial system.
  • B. Company As security administrator should use an HTTPS capable browser to transfer the data.
  • C. Company A should use a dedicated MPLS circuit to transfer the sensitive data to company B.
  • D. Company A and B must create a site-to-site IPSec VPN on their respective firewalls.


Answer : A

Question discussion

The technology steering committee is struggling with increased requirements stemming
from an increase in telecommuting. The organization has not addressed telecommuting in
the past. The implementation of a new SSL-VPN and a VOIP phone solution enables
personnel to work from remote locations with corporate assets. Which of the following
steps must the committee take FIRST to outline senior managements directives?

  • A. Develop an information classification scheme that will properly secure data on corporate systems.
  • B. Implement database views and constrained interfaces so remote users will be unable to access PII from personal equipment.
  • C. Publish a policy that addresses the security requirements for working remotely with company equipment.
  • D. Work with mid-level managers to identify and document the proper procedures for telecommuting.


Answer : C

Question discussion

A network administrator with a companys NSP has received a CERT alert for targeted
adversarial behavior at the company. In addition to the companys physical security, which
of the following can the network administrator use to detect the presence of a malicious
actor physically accessing the companys network or information systems from within?
(Select TWO).

  • A. RAS
  • B. Vulnerability scanner
  • C. HTTP intercept
  • D. HIDS
  • E. Port scanner
  • F. Protocol analyzer


Answer : D,F

Question discussion

A forensic analyst receives a hard drive containing malware quarantined by the antivirus
application. After creating an image and determining the directory location of the malware
file, which of the following helps to determine when the system became infected?

  • A. The malware file’s modify, access, change time properties.
  • B. The timeline analysis of the file system.
  • C. The time stamp of the malware in the swap file.
  • D. The date/time stamp of the malware detection in the antivirus logs.


Answer : B

Question discussion

A security policy states that all applications on the network must have a password length of
eight characters. There are three legacy applications on the network that cannot meet this
policy. One system will be upgraded in six months, and two are not expected to be
upgraded or removed from the network. Which of the following processes should be
followed?

  • A. Establish a risk matrix
  • B. Inherit the risk for six months
  • C. Provide a business justification to avoid the risk
  • D. Provide a business justification for a risk exception


Answer : D

Question discussion

Page:    1 / 36   
Total 532 questions Expand All

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us