CAS-003 Free Practice Test

A critical system audit shows that the payroll system is not meeting security policy due to missing OS security patches. Upon further review, it appears that the system is not being patched at all. The vendor states that the system is only supported on the current OS patch level. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system?

1. A. Isolate the system on a secure network to limit its contact with other systems
2. B. Implement an application layer firewall to protect the payroll system interface
3. C. Monitor the system’s security log for unauthorized access to the payroll application
4. D. Perform reconciliation of all payroll transactions on a daily basis

Correct Answer: A
The payroll system is not meeting security policy due to missing OS security patches. We cannot apply the patches to the system because the vendor states that the system is only supported on the current OS patch level. Therefore, we need another way of securing the system.
We can improve the security of the system and the other systems on the network by isolating the payroll system on a secure network to limit its contact with other systems. This will reduce the likelihood of a malicious user accessing the payroll system and limit any damage to other systems if the payroll system is attacked.
Incorrect Answers:
B: An application layer firewall may provide some protection to the application. However, the operating system is vulnerable due to being unpatched. It is unlikely that an application layer firewall will protect against the operating system vulnerabilities.
C: Monitoring the system’s security log for unauthorized access to the payroll application will not actually provide any protection against unauthorized access. It would just enable you to see that unauthorized access has occurred.
D: Reconciling the payroll transactions on a daily basis would keep the accounts up to date but it would provide no protection for the system and so does not mitigate the vulnerability of missing OS patches as required in this question.

A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security. The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises. Which of the following should the consultant recommend be performed to evaluate potential risks?

1. A. The consultant should attempt to gain access to physical offices through social engineering and then attempt data exfiltration
2. B. The consultant should be granted access to all physical access control systems to review logs and evaluate the likelihood of the threat
3. C. The company should conduct internal audits of access logs and employee social media feeds to identify potential insider threats
4. D. The company should install a temporary CCTV system to detect unauthorized access to physical offices

Correct Answer: A

The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the Chief Security Officer’s (CSO) request to harden the corporate network’s perimeter. The CEO argues that the company cannot protect its employees at home, so the risk at work is no different. Which of the following BEST explains why this company should proceed with protecting its corporate network boundary?

1. A. The corporate network is the only network that is audited by regulators and customers.
2. B. The aggregation of employees on a corporate network makes it a more valuable target for attackers.
3. C. Home networks are unknown to attackers and less likely to be targeted directly.
4. D. Employees are more likely to be using personal computers for general web browsing when they are at home.

Correct Answer: B
Data aggregation is any process in which information is gathered and expressed in a summary form, for purposes such as statistical analysis. Data aggregation increases the impact and scale of a security breach. The amount of data aggregation on the corporate network is much more that on an employee’s home network, and is therefore more valuable.
Incorrect Answers:
A: Protecting its corporate network boundary is the only network that is audited by regulators and customers is not a good enough reason. Protecting its corporate network boundary because the amount of data aggregation on the corporate network is much more that on an employee’s home network is.
C: Home networks are not less likely to be targeted directly because they are unknown to attackers, but because the amount of data aggregation available on the corporate network is much more.
D: Whether employees are browsing from their personal computers or logged into the corporate network, they could still be attacked. However, the amount of data aggregation on the corporate network is much more that on an employee’s home network, and is therefore more valuable. References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, p. 101
http://searchsqlserver.techtarget.com/definition/data-aggregation

A company is transitioning to a new VDI environment, and a system engineer is responsible for developing a sustainable security strategy for the VDIs.
Which of the following is the MOST appropriate order of steps to be taken?

1. A. Firmware update, OS patching, HIDS, antivirus, baseline, monitoring agent
2. B. OS patching, baseline, HIDS, antivirus, monitoring agent, firmware update
3. C. Firmware update, OS patching, HIDS, antivirus, monitoring agent, baseline
4. D. Baseline, antivirus, OS patching, monitoring agent, HIDS, firmware update

Correct Answer: A

A security consultant is attempting to discover if the company is utilizing databases on client machines to store the customer data.
The consultant reviews the following information:

Which of the following commands would have provided this output?

1. A. arp -s
2. B. netstat -a
3. C. ifconfig -arp
4. D. sqlmap -w

Correct Answer: B