QUESTION 41
The Chief Information Security Officer (CISO) is researching ways to reduce the risk associated with administrative access of six IT staff members while enforcing separation of duties. In the case where an IT staff member is absent, each staff member should be able to perform all the necessary duties of their IT co-workers. Which of the following policies should the CISO implement to reduce the risk?
A. Require the use of an unprivileged account, and a second shared account only for administrative purposes.
B. Require role-based security on primary role, and only provide access to secondary roles on a case- by-case basis.
C. Require separation of duties ensuring no single administrator has access to all systems.
D. Require on-going auditing of administrative activities, and evaluate against risk-based metrics.
Answer: B
QUESTION 42
A company has a primary DNS server at address 192.168.10.53 and a secondary server at 192.168.20.53. An administrator wants to secure a company by only allowing secure zone transfers to the secondary server. Which of the following should appear in the primary DNS configuration file to accomplish this?
A. key company-key.{
algorithm hmac-rc4;
secret “Hdue8du9jdknkhdoLksdlkeYEIks83K=”;
};
allow transfer { 192.168.20.53; }
B. key company-key.{
algorithm hmac-md5;
secret “Hdue8du9jdknkhdoLksdlkeYEIks83K=”;
};
allow transfer { 192.168.10.53; }
C. key company-key.{
algorithm hmac-md5;
secret “Hdue8du9jdknkhdoLksdlkeYEIks83K=”;
};
allow transfer { 192.168.20.53; }
D. key company-key.{
algorithm hmac-rc4;
secret “Hdue8du9jdknkhdoLksdlkeYEIks83K=”;
};
allow transfer { 192.168.10.53; }
Answer: C
QUESTION 43
An employee of a company files a complaint with a security administrator. While sniffing network traffic, the employee discovers that financially confidential emails were passing between two warehouse users. The two users deny sending confidential emails to each other. Which of the following security practices would allow for non-repudiation and prevent network sniffers from reading the confidential mail? (Select TWO).
A. Transport encryption
B. Authentication hashing
C. Digital signature
D. Legal mail hold
E. TSIG code signing
Answer: AC
QUESTION 44
An administrator of a secure web server has several clients with top security clearance and prefers security over performance. By default, which of the following cipher suites would provide strong security, but at the same time the worst performance?
A. 3DES – SHA
B. DES – MD5
C. Camellia – SHA
D. RC4 – MD5
Answer: A
QUESTION 45
An administrator wants to integrate the Credential Security Support Provider (CredSSP) protocol network level authentication (NLA) into the remote desktop terminal services environment. Which of the following are supported authentication or encryption methods to use while implementing this? (Select THREE).
A. Kerberos
B. NTLM
C. RADIUS
D. TACACS+
E. TLS
F. HMAC
G. Camellia
Answer: ABE
QUESTION 46
A systems security consultant is hired by Corporation X to analyze the current enterprise network environment and make recommendations for increasing network security. It is the consultant’s first day on the job. Which of the following network design considerations should the consultant consider? (Select THREE).
A. What hardware and software would work best for securing the network?
B. What corporate assets need to be protected?
C. What are the business needs of the organization?
D. What outside threats are most likely to compromise network security?
E. What is the budget for this project?
F. What time and resources are needed to carry out the security plan?
Answer: BCD
QUESTION 47
The Chief Executive Officer (CEO) has asked a security project manager to provide recommendations on the breakout of tasks for the development of a new product. The CEO thinks that by assigning areas of work appropriately the overall security of the product will be increased, because staff will focus on their areas of expertise. Given the below groups and tasks select the BEST list of assignments. Groups: Networks, Development, Project Management, Security, Systems Engineering, Testing Tasks: Decomposing requirements, Secure coding standards, Code stability, Functional validation, Stakeholder engagement, Secure transport
A. Systems Engineering. Decomposing requirements
Development: Secure coding standards
Testing. Code stability
Project Management: Stakeholder engagement
Security: Secure transport
Networks: Functional validation
B. Systems Engineering. Decomposing requirements
Development: Code stability
Testing. Functional validation
Project Management: Stakeholder engagement
Security: Secure coding standards
Networks: Secure transport
C. Systems Engineering. Functional validation
Development: Stakeholder engagement
Testing. Code stability
Project Management: Decomposing requirements
Security: Secure coding standards
Networks: Secure transport
D. Systems Engineering. Decomposing requirements
Development: Stakeholder engagement
Testing. Code stability
Project Management: Functional validation
Security: Secure coding standards
Networks: Secure transport
Answer: B
QUESTION 48
Which of the following is the MOST secure way to ensure third party applications and introduce only acceptable risk?
A. Line by line code review and simulation; uncovers hidden vulnerabilities and allows for behavior to be observed with minimal risk.
B. Technical exchange meetings with the application’s vendor; vendors have more in depth knowledge of the product.
C. Pilot trial; minimizes the impact to the enterprise while still providing services to enterprise users.
D. Full deployment with crippled features; allows for large scale testing and observation of the applications security profile.
Answer: A
QUESTION 49
A software vendor has had several zero-day attacks against its software, due to previously unknown security defects being exploited by attackers. The attackers have been able to perform operations at the same security level as the trusted application. The vendor product management team has decided to re-design the application with security as a priority. Which of the following is a design principle that should be used to BEST prevent these types of attacks?
A. Application sandboxing
B. Input validation
C. Penetration testing
D. Code reviews
Answer: A
QUESTION 50
A new vendor product has been acquired to replace a legacy perimeter security product. There are significant time constraints due to the existing solution nearing end-of-life with no options for extended support. It has been emphasized that only essential activities be performed. Which of the following sequences BEST describes the order of activities when balancing security posture and time constraints?
A. Install the new solution, migrate to the new solution, and test the new solution.
B. Purchase the new solution, test the new solution, and migrate to the new solution.
C. Decommission the old solution, install the new solution, and test the new solution.
D. Test the new solution, migrate to the new solution, and decommission the old solution.
Answer: D
![PassLeader[11]](http://examgod.com/plimages/66ec7b7afb18_CAFD/PassLeader11.png "PassLeader[11]")
http://www.passleader.com/cas-001.html
QUESTION 51
A bank has just outsourced the security department to a consulting firm, but retained the security architecture group. A few months into the contract the bank discovers that the consulting firm has sub-contracted some of the security functions to another provider. Management is pressuring the sourcing manager to ensure adequate protections are in place to insulate the bank from legal and service exposures. Which of the following is the MOST appropriate action to take?
A. Directly establish another separate service contract with the sub-contractor to limit the risk exposure and legal implications.
B. Ensure the consulting firm has service agreements with the sub-contractor; if the agreement does not exist, exit the contract when possible.
C. Log it as a risk in the business risk register and pass the risk to the consulting firm for acceptance and responsibility.
D. Terminate the contract immediately and bring the security department in-house again to reduce legal and regulatory exposure.
Answer: B
QUESTION 52
Company XYZ has invested an increasing amount in security due to the changing threat landscape. The company is going through a cost cutting exercise and the Chief Financial Officer (CFO) has queried the security budget allocated to the Chief Information Security Officer (CISO). At the same time, the CISO is actively promoting business cases for additional funding to support new initiatives. These initiatives will mitigate several security incidents that have occurred due to ineffective controls. A security advisor is engaged to assess the current controls framework and to provide recommendations on whether preventative, detective, or corrective controls should be implemented. How should the security advisor respond when explaining which controls to implement?
A. Preventative controls are useful before an event occurs, detective controls are useful during an event, and corrective controls are useful after an event has occurred. A combination of controls can be used.
B. Corrective controls are more costly to implement, but are only needed for real attacks or high value assets; therefore, controls should only be put in place after a real attack has occurred.
C. Detective controls are less costly to implement than preventative controls; therefore, they should be encouraged wherever possible. Corrective controls are used during an event or security incident. Preventative controls are hard to achieve in practice due to current market offerings.
D. Always advise the use of preventative controls as this will prevent security incidents from occurring in the first place. Detective and corrective controls are redundant compensating controls and are not required if preventative controls are implemented.
Answer: A
QUESTION 53
There has been a recent security breach which has led to the release of sensitive customer information. As part of improving security and reducing the disclosure of customer data, a training company has been employed to educate staff. Which of the following should be the primary focus of the privacy compliance training program?
A. Explain how customer data is gathered, used, disclosed, and managed.
B. Remind staff of the company’s data handling policy and have staff sign an NDA.
C. Focus on explaining the “how” and “why” customer data is being collected.
D. Republish the data classification and the confidentiality policy.
Answer: A
QUESTION 54
A new malware spreads over UDP Port 8320 and several network hosts have been infected. A new security administrator has determined a possible cause, and the infected machines have been quarantined. Which of the following actions could a new security administrator take to further mitigate this issue?
A. Limit source ports on the firewall to specific IP addresses.
B. Add an explicit deny-all and log rule as the final entry of the firewall rulebase.
C. Implement stateful UDP filtering on UDP ports above 1024.
D. Configure the firewall to use IPv6 by default.
Answer: B
QUESTION 55
A newly-hired Chief Information Security Officer (CISO) is faced with improving security for a company with low morale and numerous disgruntled employees. After reviewing the situation for several weeks the CISO publishes a more comprehensive security policy with associated standards. Which of the following issues could be addressed through the use of technical controls specified in the new security policy?
A. Employees publishing negative information and stories about company management on social network sites and blogs.
B. An employee remotely configuring the email server at a relative’s company during work hours.
C. Employees posting negative comments about the company from personal phones and PDAs.
D. External parties cloning some of the company’s externally facing web pages and creating look- alike sites.
Answer: B
QUESTION 56
A small company has recently placed a newly installed DNS server on the DMZ and wants to secure it by allowing Internet hosts to query the DNS server. Since the company deploys an internal DNS server, all DNS queries to that server coming from the company network should be blocked. An IT administrator has placed the following ACL on the company firewall: Testing shows that the DNS server in the DMZ is not working. Which of the following should the administrator do to resolve the problem?
A. Modify the SRC and DST ports of ACL 1
B. Modify the SRC IP of ACL 1 to 0.0.0.0/32
C. Modify the ACTION of ACL 2 to Permit
D. Modify the PROTO of ACL 1 to TCP
Answer: A
QUESTION 57
An administrator would like to connect a server to a SAN. Which of the following processes would BEST allow for availability and access control?
A. Install a dual port HBA on the SAN, create a LUN on the server, and enable deduplication and data snapshots.
B. Install a multipath LUN on the server with deduplication, and enable LUN masking on the SAN.
C. Install 2 LUNs on the server, cluster HBAs on the SAN, and enable multipath and data deduplication.
D. Install a dual port HBA in the server; create a LUN on the SAN, and enable LUN masking and multipath.
Answer: D
QUESTION 58
A company data center provides Internet based access to email and web services. The firewall is separated into four zones:
RED ZONE is an Internet zone
ORANGE ZONE a Web DMZ
YELLOW ZONE an email DMZ
GREEN ZONE is a management interface
There are 15 email servers and 10 web servers. The data center administrator plugs a laptop into the management interface to make firewall changes. The administrator would like to secure this environment but has a limited budget. Assuming each addition is an appliance, which of the following would provide the MOST appropriate placement of security solutions while minimizing the expenses?
A. RED ZONE. None
ORANGE ZONE. WAF
YELLOW ZONE. SPAM Filter
GREEN ZONE. none
B. RED ZONE. Virus Scanner, SPAM Filter
ORANGE ZONE. NIPS
YELLOW ZONE. NIPS
GREEN ZONE. NIPS
C. RED ZONE. WAF, Virus Scanner
ORANGE ZONE. NIPS
YELLOW ZONE. NIPS
GREEN ZONE. SPAM Filter
D. RED ZONE. NIPS
ORANGE ZONE. WAF
YELLOW ZONE. Virus Scanner, SPAM Filter
GREEN ZONE. none
Answer: D
QUESTION 59
An administrator implements a new PHP application into an existing website and discovers the newly added PHP pages do not work. The rest of the site also uses PHP and is functioning correctly. The administrator tested the new application on their personal workstation thoroughly before uploading to the server and did not run into any errors. Checking the Apache configuration file, the administrator verifies that the new virtual directory is added as listed:
<VirtualHost *:80>
DocumentRoot “/var/www”
<Directory “/home/administrator/app”>
AllowOveride none
Order allow, deny
Allow from all
</Directory>
</VirtualHost>
Which of the following is MOST likely occurring so that this application does not run properly?
A. PHP is overriding the Apache security settings.
B. SELinux is preventing HTTP access to home directories.
C. PHP has not been restarted since the additions were added.
D. The directory had an explicit allow statement rather than the implicit deny.
Answer: B
QUESTION 60
Company GHI consolidated their network distribution so twelve network VLANs would be available over dual fiber links to a modular L2 switch in each of the company’s six IDFs. The IDF modular switches have redundant switch fabrics and power supplies. Which of the following threats will have the GREATEST impact on the network and what is the appropriate remediation step?
A. Threat: 802.1q trunking attack
Remediation: Enable only necessary VLANs for each port
B. Threat: Bridge loop
Remediation: Enable spanning tree
C. Threat: VLAN hopping
Remediation: Enable only necessary VLANs for each port
D. Threat: VLAN hopping
Remediation: Enable ACLs on the IDF switch
Answer: B
Achieve High Goals Of The CAS-001 Test By Trying Passleader New CAS-001 Braindumps