CAS-003 Free Practice Test

The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO).

1. A. Block traffic from the ISP’s networks destined for blacklisted IPs.
2. B. Prevent the ISP’s customers from querying DNS servers other than those hosted by the ISP.
3. C. Scan the ISP’s customer networks using an up-to-date vulnerability scanner.
4. D. Notify customers when services they run are involved in an attack.
5. E. Block traffic with an IP source not allocated to customers from exiting the ISP's network.

Correct Answer: DE
Since DDOS attacks can originate from nay different devices and thus makes it harder to defend against, one way to limit the company’s contribution to DDOS attacks is to notify customers about any DDOS attack when they run services that are under attack. The company can also block IP sources that are not allocated to customers from the existing SIP’s network.
Incorrect Answers:
A: Blocking traffic is in essence denial of service and this should not be implemented by the company.
B: Preventing the ISP’s customers from querying/accessing other DNS serves is also a denial of service.
C: Making use of vulnerability scanners does not limit a company’s contribution to the DDOS attacks. References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, p. 286

Providers at a healthcare system with many geographically dispersed clinics have been fined five times this year after an auditor received notice of the following SMS messages:

Which of the following represents the BEST solution for preventing future files?

1. A. Implement a secure text-messaging application for mobile devices and workstations.
2. B. Write a policy requiring this information to be given over the phone only.
3. C. Provide a courier service to deliver sealed documents containing public health informatics.
4. D. Implement FTP services between clinics to transmit text documents with the information.
5. E. Implement a system that will tokenize patient number

Correct Answer: A

The technology steering committee is struggling with increased requirements stemming from an increase in telecommuting. The organization has not addressed telecommuting in the past. The implementation of a new SSL-VPN and a VOIP phone solution enables personnel to work from remote locations with corporate assets. Which of the following steps must the committee take FIRST to outline senior management’s directives?

1. A. Develop an information classification scheme that will properly secure data on corporate systems.
2. B. Implement database views and constrained interfaces so remote users will be unable to access PII from personal equipment.
3. C. Publish a policy that addresses the security requirements for working remotely with company equipment.
4. D. Work with mid-level managers to identify and document the proper procedures for telecommuting.

Correct Answer: C
The question states that “the organization has not addressed telecommuting in the past”. It is therefore unlikely that a company policy exists for telecommuting workers.
There are many types of company policies including Working time, Equality and diversity, Change management, Employment policies, Security policies and Data Protection policies.
In this question, a new method of working has been employed: remote working or telecommuting. Policies should be created to establish company security requirements (and any other requirements) for users working remotely.
Incorrect Answers:
A: The data should already be secure on the corporate systems. If an information classification scheme is used as part of the security, it should already have been created. Remote working does not add the requirement for an information classification scheme.
B: The personnel work from remote locations with corporate assets; their personal computers are not used. Therefore, we do not require database views and constrained interfaces so remote users will be unable to access PII from personal equipment.
D: You should identify and document the proper procedures for telecommuting. However, the security requirements for working remotely with company equipment should be addressed first. Furthermore, you would not necessarily work with mid-level managers to identify and document the proper procedures for telecommuting if the company has a technology steering committee.

The legal department has required that all traffic to and from a company’s cloud-based word processing and email system is logged. To meet this requirement, the Chief Information Security Officer (CISO) has implemented a next-generation firewall to perform inspection of the secure traffic and has decided to use a cloud-based log aggregation solution for all traffic that is logged. Which of the following presents a long-term risk to user privacy in this scenario?

1. A. Confidential or sensitive documents are inspected by the firewall before being logged.
2. B. Latency when viewing videos and other online content may increase.
3. C. Reports generated from the firewall will take longer to produce due to more information from inspected traffic.
4. D. Stored logs may contain non-encrypted usernames and passwords for personal website

Correct Answer: A

Two competing companies experienced similar attacks on their networks from various threat actors. To improve response times, the companies wish to share some threat intelligence about the sources and methods of attack. Which of the following business documents would be BEST to document this engagement?

1. A. Business partnership agreement
2. B. Memorandum of understanding
3. C. Service-level agreement
4. D. Interconnection security agreement

Correct Answer: D