Exam 3: CompTIA Advanced Security Practitioner (CASP+) CAS-003

A) The consultant should attempt to gain access to physical offices through social engineering and then attempt data exfiltration
B) The consultant should be granted access to all physical access control systems to review logs and evaluate the likelihood of the threat
C) The company should conduct internal audits of access logs and employee social media feeds to identify potential insider threats
D) The company should install a temporary CCTV system to detect unauthorized access to physical offices

A) Develop a security exemption, as it does not meet the security policies
B) Mitigate the risk by asking the vendor to accept the in-country privacy principles
C) Require the solution owner to accept the identified risks and consequences
D) Review the entire procurement process to determine the lessons learned

A) Update and deploy GPOs
B) Configure and use measured boot
C) Strengthen the password complexity requirements
D) Update the antivirus software and definitions

A) Patch management
B) Antivirus
C) Application firewall
D) Spam filters
E) HIDS

A) These devices can communicate over networks older than HSPA+ and LTE standards, exposing device communications to poor encryptions routines
B) The organization will be unable to restrict the use of NFC, electromagnetic induction, and Bluetooth technologies
C) The associated firmware is more likely to remain out of date and potentially vulnerable
D) The manufacturers of the baseband radios are unable to enforce mandatory access controls within their driver set

A) Identify a third-party source for IDS rules and change the configuration on the applicable IDSs to pull in the new rulesets
B) Encourage cybersecurity analysts to review open-source intelligence products and threat database to generate new IDS rules based on those sources
C) Leverage the latest TCP- and UDP-related RFCs to arm sensors and IDSs with appropriate heuristics for anomaly detection
D) Use annual hacking conventions to document the latest attacks and threats, and then develop IDS rules to counter those threats

A) Install HIPS
B) Enable DLP
C) Install EDR
D) Install HIDS
E) Enable application blacklisting
F) Improve patch management processes

A) VNC, router, and HIPS
B) SIEM, VPN, and firewall
C) Proxy, VPN, and WAF
D) IDS, NAC, and log monitoring

A) Air gaps
B) Access control lists
C) Spanning tree protocol
D) Network virtualization
E) Elastic load balancing

A) Blue team
B) Red team
C) Black box
D) White team

A) Vulnerability scanner
B) TPM
C) Host-based firewall
D) File integrity monitor
E) NIPS

A) Magic link sent to an email address
B) Customer ID sent via push notification
C) SMS with OTP sent to a mobile number
D) Third-party social login
E) Certificate sent to be installed on a device
F) Hardware tokens sent to customers

A) Remotely triggered black hole
B) Route protection
C) Port security
D) Transport security
E) Address space layout randomization

A) Threat modeling
B) Risk assessment
C) Vulnerability data
D) Threat intelligence
E) Risk metrics
F) Exploit frameworks

A) Blue teaming
B) Phishing simulations
C) Lunch-and-learn
D) Random audits
E) Continuous monitoring
F) Separation of duties

A) Install a HIPS on the web servers
B) Disable inbound traffic from offending sources
C) Disable SNMP on the web servers
D) Install anti-DDoS protection in the DMZ

A) ISA
B) BIA
C) SLA
D) RA

A) Too much emphasis has been placed on eliminating low-risk vulnerabilities in the past
B) The enterprise security team has focused exclusively on mitigating high-level risks
C) Because of the significant ALE for each high-risk vulnerability, efforts should be focused on those controls
D) The cybersecurity team has balanced residual risk for both high and medium controls

A) OTA updates
B) Remote wiping
C) Side loading
D) Sandboxing
E) Containerization
F) Signed applications

A) Review the CVE database for critical exploits over the past year
B) Use social media to contact industry analysts
C) Use intelligence gathered from the Internet relay chat channels
D) Request information from security vendors and government agencies
E) Perform a penetration test of the competitor's network and share the results with the board

A) Transfer
B) Mitigate
C) Accept
D) Avoid
E) Reject

A) Implementing regression testing
B) Completing user acceptance testing
C) Verifying system design documentation
D) Using a SRTM

A) Code deduplicators
B) Binary reverse-engineering
C) Fuzz testing
D) Security containers

A) Key risk indicators
B) Lessons learned
C) Recovery point objectives
D) Tabletop exercise

A) Inform the customer that the service provider does not have any control over third-party blacklist entries. The customer should reach out to the blacklist operator directly
B) Perform a takedown of any customer accounts that have entries on email blacklists because this is a strong indicator of hostile behavior
C) Work with the legal department and threaten legal action against the blacklist operator if the netblocks are not removed because this is affecting legitimate traffic
D) Establish relationship with a blacklist operators so broad entries can be replaced with more granular entries and incorrect entries can be quickly pruned

A) SessionStorage should be used so authorized cookies expire after the session ends
B) Cookies should be marked as "secure" and "HttpOnly"
C) Cookies should be scoped to a relevant domain/path
D) Client-side cookies should be replaced by server-side mechanisms

A) 1. Perform the ongoing research of the best practices 2. Determine current vulnerabilities and threats 3. Apply Big Data techniques 4. Use antivirus control
B) 1. Apply artificial intelligence algorithms for detection 2. Inform the CERT team 3. Research threat intelligence and potential adversaries 4. Utilize threat intelligence to apply Big Data techniques
C) 1. Obtain the latest IOCs from the open source repositories 2. Perform a sweep across the network to identify positive matches 3. Sandbox any suspicious files 4. Notify the CERT team to apply a future proof threat model
D) 1. Analyze the current threat intelligence 2. Utilize information sharing to obtain the latest industry IOCs 3. Perform a sweep across the network to identify positive matches 4. Apply machine learning algorithms

A) After-action reports
B) Gap assessment
C) Security requirements traceability matrix
D) Business impact assessment
E) Risk analysis

A) When it is mandated by their legal and regulatory requirements
B) As soon as possible in the interest of the patients
C) As soon as the public relations department is ready to be interviewed
D) When all steps related to the incident response plan are completed
E) Upon the approval of the Chief Executive Officer (CEO) to release information to the public

A) Static code analysis in the IDE environment
B) Penetration testing of the UAT environment
C) Vulnerability scanning of the production environment
D) Penetration testing of the production environment
E) Peer review prior to unit testing

A) Vulnerability scanner
B) SIEM
C) Port scanner
D) SCAP scanner

A) The consolidation of two different IT enterprises increases the likelihood of the data loss because there are now two backup systems
B) Integrating two different IT systems might result in a successful data breach if threat intelligence is not shared between the two enterprises
C) Merging two enterprise networks could result in an expanded attack surface and could cause outages if trust and permission issues are not handled carefully
D) Expanding the set of data owners requires an in-depth review of all data classification decisions, impacting availability during the review

A) Application whitelisting
B) NX/XN bit
C) ASLR
D) TrustZone
E) SCP

A) Multi-tenancy SaaS
B) Hybrid IaaS
C) Single-tenancy PaaS
D) Community IaaS

A) The employee manually changed the email client retention settings to prevent deletion of emails
B) The file that contained the damaging information was mistagged and retained on the server for longer than it should have been
C) The email was encrypted and an exception was put in place via the data classification application
D) The employee saved a file on the computer's hard drive that contained archives of emails, which were more than two years old

A) RA
B) BIA
C) NDA
D) RFI
E) RFQ
F) MSA

A) Issue digital certificates to all users, including owners of group mailboxes, and enable S/MIME
B) Federate with an existing PKI provider, and reject all non-signed emails
C) Implement two-factor email authentication, and require users to hash all email messages upon receipt
D) Provide digital certificates to all systems, and eliminate the user group or shared mailboxes

A) SPF
B) S/MIME
C) TLS
D) DKIM

A) Restrict access to the network share by adding a group only for developers to the share's ACL
B) Implement a new COTS solution that does not use hard-coded credentials and integrates with directory services
C) Obfuscate the username within the script file with encoding to prevent easy identification and the account used
D) Provision a new user account within the enterprise directory and enable its use for authentication to the target applications. Share the username and password with all developers for use in their individual scripts
E) Redesign the web applications to accept single-use, local account credentials for authentication

A) Confidential or sensitive documents are inspected by the firewall before being logged.
B) Latency when viewing videos and other online content may increase.
C) Reports generated from the firewall will take longer to produce due to more information from inspected traffic.
D) Stored logs may contain non-encrypted usernames and passwords for personal websites.

A) Conduct role-based training for privileged users that highlights common threats against them and covers best practices to thwart attacks
B) Increase the frequency at which host operating systems are scanned for vulnerabilities, and decrease the amount of time permitted between vulnerability identification and the application of corresponding patches
C) Enforce command shell restrictions via group policies for all workstations by default to limit which native operating system tools are available for use
D) Modify the existing rules of behavior to include an explicit statement prohibiting users from enumerating user and file directories using available tools and/or accessing visible resources that do not directly pertain to their job functions
E) For all workstations, implement full-disk encryption and configure UEFI instances to require complex passwords for authentication
F) Implement application blacklisting enforced by the operating systems of all machines in the enterprise

A) Only short usernames are supported, which could result in brute forcing of credentials.
B) Buffer overflow in the username parameter could lead to a memory corruption vulnerability.
C) Hardcoded usernames with different code paths taken depend on which user is entered.
D) Format string vulnerability is present for admin users but not for standard users.

A) BPA
B) OLA
C) MSA
D) MOU

A) Employ hardware FDE or SED solutions.
B) Utilize a more efficient cryptographic hash function.
C) Replace HDDs with SSD arrays.
D) Use a FIFO pipe a multithreaded software solution.

A) Access control list
B) Security requirements traceability matrix
C) Data owner matrix
D) Roles matrix
E) Data design document
F) Data access policies

A) Capacity planning policy
B) Data retention policy
C) Data classification standard
D) Legal compliance policy
E) Data sovereignty policy
F) Backup policy
G) Acceptable use policy
H) Encryption standard

A) LDAP
B) WAYF
C) OpenID
D) RADIUS
E) SAML

A) Gap analysis
B) Benchmarks and baseline results
C) Risk assessment
D) Lessons learned report

A) Antivirus
B) HIPS
C) Application whitelisting
D) Patch management
E) Group policy implementation
F) Firmware updates

A) Isolate the systems on their own network
B) Install a firewall and IDS between systems and the LAN
C) Employ own stratum-0 and stratum-1 NTP servers
D) Upgrade the software on critical systems
E) Configure the systems to use government-hosted NTP servers

A) Conduct a penetration test on each function as it is developed
B) Develop a set of basic checks for common coding errors
C) Adopt a waterfall method of software development
D) Implement unit tests that incorporate static code analyzers

A) Use a protocol analyzer against the site to see if data input can be replayed from the browser
B) Scan the website through an interception proxy and identify areas for the code injection
C) Scan the site with a port scanner to identify vulnerable services running on the web server
D) Use network enumeration tools to identify if the server is running behind a load balancer

A) Fuzzer
B) SCAP scanner
C) Packet analyzer
D) Password cracker
E) Network enumerator
F) SIEM

A) Utilizing MFA
B) Implementing SSO
C) Deploying 802.1X
D) Pushing SAML adoption
E) Implementing TACACS

A) Require frequent password changes and disable NFC.
B) Enforce device encryption and activate MAM.
C) Install a mobile antivirus application.
D) Configure and monitor devices with an MDM.

A) SQL injection
B) XSS scanning
C) Fuzzing
D) Brute forcing

A) Implement a reverse proxy for VPN traffic that is defended and monitored by the organization's SOC with near-real-time alerting to administrators.
B) Subscribe to a managed service provider capable of supporting the mitigation of advanced DDoS attacks on the enterprise's pool of VPN concentrators.
C) Distribute the VPN concentrators across multiple systems at different physical sites to ensure some backup services are available in the event of primary site loss.
D) Employ a second VPN layer concurrently where the other layer's cryptographic implementation is sourced from a different vendor.

A) A series of ad-hoc tests that each verify security control functionality of the entire system at once.
B) A series of discrete tasks that, when viewed in total, can be used to verify and document each individual constraint from the SRTM.
C) A set of formal methods that apply to one or more of the programing languages used on the development project.
D) A methodology to verify each security control in each unit of developed code prior to committing the code.

A) Data retention policy
B) Legal hold
C) Chain of custody
D) Scope statement

A) Deploy control plane protections.
B) Use SSH over out-of-band management.
C) Force only TACACS to be allowed.
D) Require the use of certificates for AAA.

A) Following new requirements that result from contractual obligations
B) Answering requests from auditors that relate to e-discovery
C) Responding to changes in regulatory requirements
D) Developing organizational policies that relate to hiring and termination procedures

A) Open
B) Secure
C) Halt
D) Exception

A) Vulnerability scanner
B) SCAP scanner
C) Port scanner
D) Interception proxy

A) Log reduction
B) Network enumerator
C) Fuzzer
D) SCAP scanner

A) The filtering of sensitive data out of data flows at geographic boundaries.
B) Removing potential bottlenecks in data transmission paths.
C) The transfer of corporate data onto mobile corporate devices.
D) The migration of data into and out of the network in an uncontrolled manner.

A) Antivirus  
B) Patch management
C) Log monitoring
D) Application whitelisting
E) Awareness training

A) The organization has accepted the risks associated with web-based threats.
B) The attack type does not meet the organization's threat model.
C) Web-based applications are on isolated network segments.
D) Corporate policy states that NIPS signatures must be updated every hour.

A) IF $AGE == "!@#$%^&*()_+<>?":{}[]" THEN ERROR
B) IF $AGE == [1234567890] {1,3} THEN CONTINUE
C) IF $AGE != "a-bA-Z!@#$%^&*()_+<>?":{}[] "THEN CONTINUE
D) IF $AGE == [1-0] {0,2} THEN CONTINUE

A) LDAP, multifactor authentication, oAuth, XACML
B) AD, certificate-based authentication, Kerberos, SPML
C) SAML, context-aware authentication, oAuth, WAYF
D) NAC, radius, 802.1x, centralized active directory

A) IPSec VPN
B) HIDS
C) Wireless controller
D) Rights management
E) SSL VPN
F) NAC
G) WAF
H) Load balancer

A) The hard disk contains bad sectors
B) The disk has been degaussed.
C) The data represents part of the disk BIOS.
D) Sensitive data might still be present on the hard drives.

A) Check for any relevant or required overlays.
B) Review enhancements within the current control set.
C) Modify to a high-baseline set of controls.
D) Perform continuous monitoring.

A) An internal key infrastructure that allows users to digitally sign transaction logs
B) An agreement with an entropy-as-a-service provider to increase the amount of randomness in generated keys.
C) A publicly verified hashing algorithm that allows revalidation of message integrity at a future date.
D) An open distributed transaction ledger that requires proof of work to append entries.

A) System design documentation
B) User acceptance testing
C) Peer review  
D) Static code analysis testing
E) Change control documentation

A) Lack of adequate in-house testing skills.
B) Requirements for geographically based assessments
C) Cost reduction measures
D) Regulatory insistence on independent reviews.

A) Message 1
B) Message 2
C) Message 3
D) Message 4

A) After-action reports from prior incidents.
B) Social engineering techniques
C) Company policies and employee NDAs
D) Data classification processes

A) a gray-box penetration test
B) a risk analysis
C) a vulnerability assessment
D) an external security audit
E) a red team exercise

A) Replace the password requirement with the second factor. Network administrators will enter their username and then enter the token in place of their password in the password field.
B) Configure the RADIUS server to accept the second factor appended to the password. Network administrators will enter a password followed by their token in the password field.
C) Reconfigure network devices to prompt for username, password, and a token. Network administrators will enter their username and password, and then they will enter the token.
D) Install a TOTP service on the RADIUS server in addition to the HOTP service. Use the HOTP on older devices that do not support two-factor authentication. Network administrators will use a web portal to log onto these devices.