CAS-003 Online Practice Questions and Answers

Since the implementation of IPv6 on the company network, the security administrator has been unable to identify the users associated with certain devices utilizing IPv6 addresses, even when the devices are centrally managed. en1: flags=8863 mtu 1500 ether f8:1e:af:ab:10:a3 inet6 fw80::fa1e:dfff:fee6:9d8%en1 prefixlen 64 scopeid 0x5 inet 192.168.1.14 netmask 0xffffff00 broadcast 192.168.1.255 inet6 2001:200:5:922:1035:dfff:fee6:9dfe prefixlen 64 autoconf inet6 2001:200:5:922:10ab:5e21:aa9a:6393 prefixlen 64 autoconf temporary nd6 options=1 media: autoselect status: active Given this output, which of the following protocols is in use by the company and what can the system administrator do to positively map users with IPv6 addresses in the future? (Select TWO).

A. The devices use EUI-64 format

B. The routers implement NDP

C. The network implements 6to4 tunneling

D. The router IPv6 advertisement has been disabled

E. The administrator must disable IPv6 tunneling

F. The administrator must disable the mobile IPv6 router flag

G. The administrator must disable the IPv6 privacy extensions

H. The administrator must disable DHCPv6 option code 1

Which of the following provides the BEST risk calculation methodology?

A. Annual Loss Expectancy (ALE) x Value of Asset

B. Potential Loss x Event Probability x Control Failure Probability

C. Impact x Threat x Vulnerability

D. Risk Likelihood x Annual Loss Expectancy (ALE)

A user has a laptop configured with multiple operating system installations. The operating systems are all installed on a single SSD, but each has its own partition and logical volume. Which of the following is the BEST way to ensure confidentiality of individual operating system data?

A. Encryption of each individual partition

B. Encryption of the SSD at the file level

C. FDE of each logical volume on the SSD

D. FDE of the entire SSD as a single disk

A security consultant is improving the physical security of a sensitive site and takes pictures of the unbranded building to include in the report. Two weeks later, the security consultant misplaces the phone, which only has one hour of charge left on it. The person who finds the phone removes the MicroSD card in an attempt to discover the owner to return it. The person extracts the following data from the phone and EXIF data from some files: DCIM Images folder Audio books folder Torrentz

My TAX.xls Consultancy HR Manual.doc Camera: SM-G950F

Exposure time: 1/60s Location: 3500 Lacey Road USA Which of the following BEST describes the security problem?

A. MicroSD in not encrypted and also contains personal data.

B. MicroSD contains a mixture of personal and work data.

C. MicroSD in not encrypted and contains geotagging information.

D. MicroSD contains pirated software and is not encrypted.

A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline.

Which of the following tools should be implemented to detect similar attacks?

A. Vulnerability scanner

B. TPM

C. Host-based firewall

D. File integrity monitor

E. NIPS

A security engineer has implemented an internal user access review tool so service teams can baseline user accounts and group memberships. The tool is functional and popular among its initial set of onboarded teams. However, the tool has not been built to cater to a broader set of internal teams yet. The engineer has sought feedback from internal stakeholders, and a list of summarized requirements is as follows:

The tool needs to be responsive so service teams can query it, and then perform an automated response action.

The tool needs to be resilient to outages so service teams can perform the user access review at any point in time and meet their own SLAs. The tool will become the system-of-record for approval, reapproval, and removal life cycles of group

memberships and must allow for data retrieval after failure.

Which of the following need specific attention to meet the requirements listed above? (Choose three.)

A. Scalability

B. Latency

C. Availability

D. Usability

E. Recoverability

F. Maintainability

A systems administrator receives an advisory email that a recently discovered exploit is being used in another country and the financial institutions have ceased operations while they find a way to respond to the attack. Which of the following BEST describes where the administrator should look to find information on the attack to determine if a response must be prepared for the systems? (Choose two.)

A. Bug bounty websites

B. Hacker forums

C. Antivirus vendor websites

D. Trade industry association websites

E. CVE database

F. Company's legal department

A company uses an enterprise desktop imaging solution to manage deployment of its desktop computers. Desktop computer users are only permitted to use software that is part of the baseline image. Which of the following technical solutions was MOST likely deployed by the company to ensure only known-good software can be installed on corporate desktops?

A. Network access control

B. Configuration Manager

C. Application whitelisting

D. File integrity checks

A security engineer is making certain URLs from an internal application available on the Internet The development team requires the following

1.

The URLs are accessible only from internal IP addresses

2.

Certain countries are restricted

3.

TLS is implemented.

4.

System users transparently access internal application services in a round robin to maximize performance

Which of the following should the security engineer deploy7

A. DNS to direct traffic and a WAF with only the specific external URLs configured

B. A load balancer with GeolP restrictions and least-load-sensing traffic distribution

C. An application-aware firewall with geofencing and certificate services using DNS for traffic direction

D. A load balancer with IP ACL restrictions and a commercially available PKI certificate

An organization has been notified of a breach related to its sensitive data The point of compromise is the use of weak encryption algorithms on a web server that provides access to a legacy API The organization had previously decided to

accept the nsk of using weak algorithms due to the cost to continually develop the legacy platform.

Other system owners need to be aware of the increased likelihood of this threat.

Which of the following should be reviewed by the CERT and presented to system owners to ensure a proper nsk analysis is performed?

A. Lessons learned

B. Incident log

C. Risk register

D. Root-cause analysis

E. Gap analysis