CAS-002 | 10 Tips For Improve CAS-002 pdf

Q4. The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the routeru2021s external interface is maxed out. The security engineer then inspects the following piece of log to try and determine the reason for the downtime, focusing on the companyu2021s external routeru2021s IP which is 128.20.176.19:

11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400

11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400

11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400

11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400

11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400

Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration?

A. After the senior engineer used a network analyzer to identify an active Fraggle attack, the companyu2021s ISP should be contacted and instructed to block the malicious packets.

B. After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication.

C. After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGP sinkhole should be configured to drop traffic at the source networks.

D. After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the companyu2021s external router to block incoming UDP port 19 traffic.

Answer: A

Q5. A University uses a card transaction system that allows students to purchase goods using their student ID. Students can put money on their ID at terminals throughout the campus. The security administrator was notified that computer science students have been using the network to illegally put money on their cards. The administrator would like to attempt to reproduce what the students are doing. Which of the following is the BEST course of action?

A. Notify the transaction system vendor of the security vulnerability that was discovered.

B. Use a protocol analyzer to reverse engineer the transaction systemu2021s protocol.

C. Contact the computer science students and threaten disciplinary action if they continue their actions.

D. Install a NIDS in front of all the transaction system terminals.

Answer: B

Q6. A security auditor suspects two employees of having devised a scheme to steal money from the company. While one employee submits purchase orders for personal items, the other employee approves these purchase orders. The auditor has contacted the human resources director with suggestions on how to detect such illegal activities. Which of the following should the human resource director implement to identify the employees involved in these activities and reduce the risk of this activity occurring in the future?

A. Background checks

B. Job rotation

C. Least privilege

D. Employee termination procedures

Answer: B

Q7. The marketing department at Company A regularly sends out emails signed by the companyu2021s Chief Executive Officer (CEO) with announcements about the company. The CEO sends company and personal emails from a different email account. During legal proceedings against the company, the Chief Information Officer (CIO) must prove which emails came from the CEO and which came from the marketing department. The email server allows emails to be digitally signed and the corporate PKI provisioning allows for one certificate per user. The CEO did not share their password with anyone. Which of the following will allow the CIO to state which emails the CEO sent and which the marketing department sent?

A. Identity proofing

B. Non-repudiation

C. Key escrow

D. Digital rights management

Answer: B

Q8. Due to a new regulatory requirement, ABC Company must now encrypt all WAN transmissions. When speaking with the network administrator, the security administrator learns that the existing routers have the minimum processing power to do the required level of encryption. Which of the following solutions minimizes the performance impact on the router?

A. Deploy inline network encryption devices

B. Install an SSL acceleration appliance

C. Require all core business applications to use encryption

D. Add an encryption module to the router and configure IPSec

Answer: A

Q9. The senior security administrator wants to redesign the company DMZ to minimize the risks associated with both external and internal threats. The DMZ design must support security in depth, change management and configuration processes, and support incident reconstruction. Which of the following designs BEST supports the given requirements?

A. A dual firewall DMZ with remote logging where each firewall is managed by a separate administrator.

B. A single firewall DMZ where each firewall interface is managed by a separate administrator and logging to the cloud.

C. A SaaS based firewall which logs to the companyu2021s local storage via SSL, and is managed by the change control team.

D. A virtualized firewall, where each virtual instance is managed by a separate administrator and logging to the same hardware.

Answer: A

Q10. The security manager of a company has hired an external consultant to conduct a security assessment of the company network. The contract stipulates that the consultant is not allowed to transmit any data on the company network while performing wired and wireless security assessments. Which of the following technical means can the consultant use to determine the manufacturer and likely operating system of the company wireless and wired network devices, as well as the computers connected to the company network?

A. Social engineering

B. Protocol analyzer

C. Port scanner

D. Grey box testing

Answer: B

Q11. A security administrator is tasked with implementing two-factor authentication for the company VPN. The VPN is currently configured to authenticate VPN users against a backend RADIUS server. New company policies require a second factor of authentication, and the Information Security Officer has selected PKI as the second factor. Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and ensure that no error messages are displayed to the user during the VPN connection? (Select TWO).

A. The useru2021s certificate private key must be installed on the VPN concentrator.

B. The CAu2021s certificate private key must be installed on the VPN concentrator.

C. The user certificate private key must be signed by the CA.

D. The VPN concentratoru2021s certificate private key must be signed by the CA and installed on the VPN concentrator.

E. The VPN concentratoru2021s certificate private key must be installed on the VPN concentrator.

F. The CAu2021s certificate public key must be installed on the VPN concentrator.

Answer:: E,F

Q12. A security consultant is called into a small advertising business to recommend which security policies and procedures would be most helpful to the business. The business is comprised of 20 employees, operating off of two shared servers. One server houses employee data and the other houses client data. All machines are on the same local network. Often these employees must work remotely from client sites, but do not access either of the servers remotely. Assuming no security policies or procedures are in place right now, which of the following would be the MOST applicable for implementation? (Select TWO).

A. Password Policy

B. Data Classification Policy

C. Wireless Access Procedure

D. VPN Policy

E. Database Administrative Procedure

Answer: A,B

Q13. Three companies want to allow their employees to seamlessly connect to each otheru2021s wireless corporate networks while keeping one consistent wireless client configuration. Each company wants to maintain its own authentication infrastructure and wants to ensure

that an employee who is visiting the other two companies is authenticated by the home office when connecting to the other companiesu2021 wireless network. All three companies have agreed to standardize on 802.1x EAP-PEAP-MSCHAPv2 for client configuration. Which of the following should the three companies implement?

A. The three companies should agree on a single SSID and configure a hierarchical RADIUS system which implements trust delegation.

B. The three companies should implement federated authentication through Shibboleth connected to an LDAP backend and agree on a single SSID.

C. The three companies should implement a central portal-based single sign-on and agree to use the same CA when issuing client certificates.

D. All three companies should use the same wireless vendor to facilitate the use of a shared cloud based wireless controller.

Answer: A