CAS-003 Free Practice Test

During a security assessment, activities were divided into two phases; internal and external explogtation. The security assessment team set a hard time limit on external activities before moving to a compromised box within the enterprise perimeter.
Which of the following methods is the assessment team most likely to employ NEXT?

1. A. Pivoting from the compromised, moving laterally through the enterprise, and trying to exfiltrate data and compromise devices.
2. B. Conducting a social engineering attack attempt with the goal of accessing the compromised box physically.
3. C. Exfiltrating network scans from the compromised box as a precursor to social media reconnaissance
4. D. Open-source intelligence gathering to identify the network perimeter and scope to enable further system compromises.

Correct Answer: A

Which of the following is the GREATEST security concern with respect to BYOD?

1. A. The filtering of sensitive data out of data flows at geographic boundaries.
2. B. Removing potential bottlenecks in data transmission paths.
3. C. The transfer of corporate data onto mobile corporate devices.
4. D. The migration of data into and out of the network in an uncontrolled manne

Correct Answer: D

An internal staff member logs into an ERP platform and clicks on a record. The browser URL changes to:
URL: http://192.168.0.100/ERP/accountId=5&action=SELECT
Which of the following is the MOST likely vulnerability in this ERP platform?

1. A. Brute forcing of account credentials
2. B. Plan-text credentials transmitted over the Internet
3. C. Insecure direct object reference
4. D. SQL injection of ERP back end

Correct Answer: C

A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. Where would the consultant find this information and why would it be valuable?

1. A. This information can be found in global routing tables, and is valuable because backupconnections typically do not have perimeter protection as strong as the primary connection.
2. B. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network.
3. C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections.
4. D. This information can be found by querying the network’s DNS servers, and is valuable because backup DNS servers typically allow recursive queries from Internet hosts.

Correct Answer: A
A routing table is a set of rules, often viewed in table format that is used to determine where data packets traveling over an Internet Protocol (IP) network will be directed. All IP-enabled devices, including routers and switches, use routing tables. Each packet contains information about its origin and destination. When a packet is received, a network device examines the packet and matches it to the routing table entry providing the best match for its destination. The table then provides the device with instructions for sending the packet to the next hop on its route across the network. Thus the security consultant can use the global routing table to get the appropriate information.
Incorrect Answers:
B: Calling the regional Internet registry will not provide you with the correct information.
C: The telecom billing information will not have information as to whether the legacy backup may have Internet connections on the network.
D: DNS server queries are used to resolve the name with each query message containing a DNS domain name, a specified query type and a specified class. This is not what the security consultant requires.
References:
https://technet.microsoft.com/en-us/HYPERLINK "https://technet.microsoft.com/enus/ library/cc958823.aspx"library/cc958823.aspx
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 60-66

A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After invest the new vulnerability, it was determined that the web services providing are being impacted by this new threat. Which of the following data types a MOST likely at risk of exposure based on this new threat? (Select TWO)

1. A. Cardholder data
2. B. intellectual property
3. C. Personal health information
4. D. Employee records
5. E. Corporate financial data

Correct Answer: AC