CAS-003 Free Practice Test

The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. The Chief Information Officer (CIO) wants to determine which additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable. Which of the following BEST describes the scenario presented and the document the ISO is reviewing?

1. A. The ISO is evaluating the business implications of a recent telephone system failure within the BIA.
2. B. The ISO is investigating the impact of a possible downtime of the messaging system within the RA.
3. C. The ISO is calculating the budget adjustment needed to ensure audio/video system redundancy within the RFQ.
4. D. The ISO is assessing the effect of a simulated downtime involving the telecommunication system within the AAR.

Correct Answer: D
VoIP is an integral part of network design and in particular remote access, that enables customers accessing and communicating with the company. If VoIP is unavailable then the company is in a situation that can be compared to downtime. And since the ISO is reviewing he summary of findings from the last COOP tabletop exercise, it can be said that the ISO is assessing the effect of a simulated downtime within the AAR.
Incorrect Answers:
A: Evaluating business implications due to a recent telephone system failure is done as part of Business impact Analysis (BIA) and a BIA is done mainly to, and as part of analyzing business critical business functions, identifying and quantifying the impact of the loss of those functions.
B: Possible downtime within the Risk Assessment (AR) is done to determine the quantitative or qualitative estimate of risk related to a specific situation and establishing an acceptable risk.
C: Requests for Quotations involves the research involved to procure a contract for security requirements; the whole process of inviting suppliers of a service to bid for the contract. References:
http://searchstorage.techtarget.com/definition/business-imHYPERLINK "http://searchstorage.techtarget.com/definition/business-impact-analysis"pact-analysis
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 39, 45-46, 297

A newly hired security analyst has joined an established SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concerned about it. Which of the following is the MOST likely reason for the team lead’s position?

1. A. The organization has accepted the risks associated with web-based threats.
2. B. The attack type does not meet the organization’s threat model.
3. C. Web-based applications are on isolated network segments.
4. D. Corporate policy states that NIPS signatures must be updated every hou

Correct Answer: A

A managed service provider is designing a log aggregation service for customers who no longer want to manage an internal SIEM infrastructure. The provider expects that customers will send all types of logs to them, and that log files could contain very sensitive entries. Customers have indicated they want on-premises and cloud-based infrastructure logs to be stored in this new service. An engineer, who is designing the new service, is deciding how to segment customers. Which of the following is the BEST statement for the engineer to take into consideration?

1. A. Single-tenancy is often more expensive and has less efficient resource utilizatio
2. B. Multi-tenancy may increase the risk of cross-customer exposure in the event of service vulnerabilities.
3. C. The managed service provider should outsource security of the platform to an existing cloud compan
4. D. This will allow the new log service to be launched faster and with well-tested security controls.
5. E. Due to the likelihood of large log volumes, the service provider should use a multi-tenancy model for the data storage tier, enable data deduplication for storage cost efficiencies, and encrypt data at rest.
6. F. The most secure design approach would be to give customers on-premises appliances, install agents on endpoints, and then remotely manage the service via a VPN.

Correct Answer: A

A security auditor suspects two employees of having devised a scheme to steal money from the company. While one employee submits purchase orders for personal items, the other employee approves these purchase orders. The auditor has contacted the human resources director with suggestions on how to detect such illegal activities. Which of the following should the human resource director implement to identify the employees involved in these activities and reduce the risk of this activity occurring in the future?

1. A. Background checks
2. B. Job rotation
3. C. Least privilege
4. D. Employee termination procedures

Correct Answer: B
Job rotation can reduce fraud or misuse by preventing an individual from having too much control over an area.
Incorrect Answers:
A: To verify that a potential employee has a clean background and that any negative history is exposed prior to employment, a background check is used.
C: The principle of least privilege prevents employees from accessing levels not required to perform their everyday function.
D: The employee termination procedures will not identify the employees involved in these activities and reduce the risk of this activity occurring in the future.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 243, 245, 246

A penetration tester noticed special characters in a database table. The penetration tester configured the browser to use an HTTP interceptor to verify that the front-end user registration web form accepts invalid input in the user’s age field. The developer was notified and asked to fix the issue. Which of the following is the MOST secure solution for the developer to implement?

1. A. IF $AGE == “!@#%^&*()_+<>?”:{}[]” THEN ERROR
2. B. IF $AGE == [1234567890] {1,3} THEN CONTINUE
3. C. IF $AGE != “a-bA-Z!@#$%^&*()_+<>?”{}[]”THEN CONTINUE
4. D. IF $AGE == [1-0] {0,2} THEN CONTINUE

Correct Answer: B