CAS-003 Free Practice Test

An organization is in the process of integrating its operational technology and information technology areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents. The following observations have been identified:
The ICS supplier has specified that any software installed will result in lack of support.
There is no documented trust boundary defined between the SCADA and corporate networks.
Operational technology staff have to manage the SCADA equipment via the engineering workstation. There is a lack of understanding of what is within the SCADA network.
Which of the following capabilities would BEST improve the security position?

1. A. VNC, router, and HIPS
2. B. SIEM, VPN, and firewall
3. C. Proxy, VPN, and WAF
4. D. IDS, NAC, and log monitoring

Correct Answer: A

A software development team is conducting functional and user acceptance testing of internally developed web applications using a COTS solution. For automated testing, the solution uses valid user credentials from the enterprise directory to authenticate to each application. The solution stores the username in plain text and the corresponding password as an encoded string in a script within a file, located on a globally accessible network share. The account credentials used belong to the development team lead. To reduce the risks associated with this scenario while minimizing disruption to ongoing testing, which of the following are the BEST actions to take? (Choose two.)

1. A. Restrict access to the network share by adding a group only for developers to the share’s ACL
2. B. Implement a new COTS solution that does not use hard-coded credentials and integrates with directory services
3. C. Obfuscate the username within the script file with encoding to prevent easy identification and the account used
4. D. Provision a new user account within the enterprise directory and enable its use for authentication to the target application
5. E. Share the username and password with all developers for use in their individual scripts
6. F. Redesign the web applications to accept single-use, local account credentials for authentication

Correct Answer: AB

A mature organization with legacy information systems has incorporated numerous new processes and dependencies to manage security as its networks and infrastructure are modernized. The Chief Information Office has become increasingly frustrated with frequent releases, stating that the organization needs everything to work completely, and the vendor should already have those desires built into the software product. The vendor has been in constant communication with personnel and groups within the organization to understand its business process and capture new software requirements from users. Which of the following methods of software development is this organization’s configuration management process using?

1. A. Agile
2. B. SDL
3. C. Waterfall
4. D. Joint application development

Correct Answer: A
In agile software development, teams of programmers and business experts work closely together, using an iterative approach.
Incorrect Answers:
B: The Microsoft developed security development life cycle (SDL) is designed to minimize the security-related design and coding bugs in software. An organization that implements SDL has a central security team that performs security functions.
C: The waterfall model is a sequential software development processes, in which progress is seen as flowing steadily downwards through the phases of conception, initiation, analysis, design, construction, testing, production/implementation and maintenance.
D: The vendor is still responsible for developing the solution, Therefore this is not an example of joint application development.
References:
BOOK pp. 371, 374
https://en.wikipedia.org/wiki/Waterfall_model

A user is suspected of engaging in potentially illegal activities. Law enforcement has requested that the user continue to operate on the network as normal. However, they would like to have a copy of any communications from the user involving certain key terms. Additionally, the law enforcement agency has requested that the user's ongoing communication be retained in the user's account for future investigations. Which of the following will BEST meet the goals of law enforcement?

1. A. Begin a chain-of-custody on for the user's communicatio
2. B. Next, place a legal hold on the user's email account.
3. C. Perform an e-discover using the applicable search term
4. D. Next, back up the user's email for a future investigation.
5. E. Place a legal hold on the user's email accoun
6. F. Next, perform e-discovery searches to collect applicable emails.
7. G. Perform a back up of the user's email accoun
8. H. Next, export the applicable emails that match the search terms.

Correct Answer: C
A legal hold is a process that an organization uses to maintain all forms of pertinent information when legal action is reasonably expected. E-discovery refers to discovery in litigation or government
investigations that manages the exchange of electronically stored information (ESI). ESI includes email and office documents, photos, video, databases, and other filetypes.
Incorrect Answers:
A: Chain of custody (CoC) refers to the chronological documentation showing the seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence.
B: Potentially relevant data has to be placed on hold before e-discovery takes place. D: This option could still allow the email to be tampered with.
References: https://en.wikipedia.org/wiki/Electronic_discovery#Types_of_ESI https://en.wikipediHYPERLINK "https://en.wikipedia.org/wiki/Chain_of_custody"a.org/wiki/Chain_of_custody https://en.wikipedia.org/wiki/Legal_hold

A security researches is gathering information about a recent spoke in the number of targeted attacks against multinational banks. The spike is on top of already sustained attacks against the banks. Some of the previous attacks have resulted in the loss of sensitive data, but as of yet the attackers have not successfully stolen any funds.
Based on the information available to the researcher, which of the following is the MOST likely threat profile?

1. A. Nation-state-sponsored attackers conducting espionage for strategic gain.
2. B. Insiders seeking to gain access to funds for illicit purposes.
3. C. Opportunists seeking notoriety and fame for personal gain.
4. D. Hackvisits seeking to make a political statement because of socio-economic factor

Correct Answer: D