CAS-003 Free Practice Test

A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes. Which of the following controls would BEST mitigate the identified vulnerability?

1. A. Issue digital certificates to all users, including owners of group mailboxes, and enable S/MIME
2. B. Federate with an existing PKI provider, and reject all non-signed emails
3. C. Implement two-factor email authentication, and require users to hash all email messages upon receipt
4. D. Provide digital certificates to all systems, and eliminate the user group or shared mailboxes

Correct Answer: A

A security manager for a service provider has approved two vendors for connections to the service provider backbone. One vendor will be providing authentication services for its payment card service, and the other vendor will be providing maintenance to the service provider infrastructure sites. Which of the following business agreements is MOST relevant to the vendors and service provider’s relationship?

1. A. Memorandum of Agreement
2. B. Interconnection Security Agreement
3. C. Non-Disclosure Agreement
4. D. Operating Level Agreement

Correct Answer: B
The Interconnection Security Agreement (ISA) is a document that identifies the requirements for connecting systems and networks and details what security controls are to be used to protect the systems and sensitive data.
Incorrect Answers:
A: A memorandum of agreement (MOA) is a document composed between parties to cooperate on an agreed upon project or meet an agreed objective.
C: A nondisclosure agreement (NDA) is designed to protect confidential information.
D: An operating level agreement (OLA) defines the responsibilities of each partner's internal support group.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 237, 238

After embracing a BYOD policy, a company is faced with new security challenges from unmanaged mobile devices and laptops. The company’s IT department has seen a large number of the following incidents:
Duplicate IP addresses Rogue network devices
Infected systems probing the company’s network
Which of the following should be implemented to remediate the above issues? (Choose two.)

1. A. Port security
2. B. Route protection
3. C. NAC
4. D. HIPS
5. E. NIDS

Correct Answer: BC

The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO).

1. A. Block traffic from the ISP’s networks destined for blacklisted IPs.
2. B. Prevent the ISP’s customers from querying DNS servers other than those hosted by the ISP.
3. C. Scan the ISP’s customer networks using an up-to-date vulnerability scanner.
4. D. Notify customers when services they run are involved in an attack.
5. E. Block traffic with an IP source not allocated to customers from exiting the ISP's network.

Correct Answer: DE
Since DDOS attacks can originate from nay different devices and thus makes it harder to defend against, one way to limit the company’s contribution to DDOS attacks is to notify customers about any DDOS attack when they run services that are under attack. The company can also block IP sources that are not allocated to customers from the existing SIP’s network.
Incorrect Answers:
A: Blocking traffic is in essence denial of service and this should not be implemented by the company.
B: Preventing the ISP’s customers from querying/accessing other DNS serves is also a denial of service.
C: Making use of vulnerability scanners does not limit a company’s contribution to the DDOS attacks. References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, p. 286

A security engineer is responsible for monitoring company applications for known vulnerabilities. Which of the following is a way to stay current on explogts and information security news?

1. A. Update company policies and procedures
2. B. Subscribe to security mailing lists
3. C. Implement security awareness training
4. D. Ensure that the organization vulnerability management plan is up-to-date

Correct Answer: B
Subscribing to bug and vulnerability, security mailing lists is a good way of staying abreast and keeping up to date with the latest in those fields.
Incorrect Answers:
A: Updating company policies and procedures are not staying current on the topic since attacks are generated from outside sources and the best way to stay current on what is happening in that particular topic is to subscribe to a mailing list on the topic.
C: Security awareness training serves best as an operational control insofar as mitigating risk is concerned and not to stay current on the topic.
D: Making sure the company vulnerability plan is up to date is essential but will not keep you up to date on the topic as a subscription to a security mailing list.
References:
Conklin, Wm. Arthur, Gregory White and Dwayne Williams, CASP CompTIA Advanced Security Practitioner Certification Study Guide (Exam CAS-001), McGraw-Hill, Columbus, 2012, p. 139 Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, p. 219