CAS-003 Free Practice Test

An administrator wants to install a patch to an application. INSTRUCTIONS
Given the scenario, download, verify, and install the patch in the most secure manner. The last install that is completed will be the final submission.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

1. A. In this case the second link should be used (This may vary in actual exam). The first link showed the following error so it should not be used.Also, Two of the link choices used HTTP and not HTTPS as shown when hovering over the links as shown:Since we need to do this in the most secure manner possible, they should not be used.Finally, the second link was used and the MD5 utility of MD5sum should be used on the install.exe file as show
2. B. Make sure that the hash matches.Finally, type in install.exe to install it and make sure there are no signature verification errors.
3. C. In this case the second link should be used (This may vary in actual exam). The first link showed the following error so it should not be used.Also, Two of the link choices used HTTP and not HTTPS as shown when hovering over the links as shown.Since we need to do this in the most secure manner possible, they should not be used.Finally, the second link was used and the MD5 utility of MD5sum should be used on the install.exe file as show
4. D. Make sure that the hash matches.Finally, type in install.exe to install it and make sure there are no signature verification error

Correct Answer: A

At a meeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company’s web servers can be obtained publicly and is not proprietary in any way. The next day the company’s website is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website. Which of the following is the FIRST action the company should take?

1. A. Refer to and follow procedures from the company’s incident response plan.
2. B. Call a press conference to explain that the company has been hacked.
3. C. Establish chain of custody for all systems to which the systems administrator has access.
4. D. Conduct a detailed forensic analysis of the compromised system.
5. E. Inform the communications and marketing department of the attack detail

Correct Answer: A

Following a merger, the number of remote sites for a company has doubled to 52. The company has decided to secure each remote site with an NGFW to provide web filtering, NIDS/NIPS, and network antivirus. The Chief Information Officer (CIO) has requested that the security engineer provide recommendations on sizing for the firewall with the requirements that it be easy to manage and provide capacity for growth.
The tables below provide information on a subset of remote sites and the firewall options:


Which of the following would be the BEST option to recommend to the CIO?

1. A. Vendor C for small remote sites, and Vendor B for large sites.
2. B. Vendor B for all remote sites
3. C. Vendor C for all remote sites
4. D. Vendor A for all remote sites
5. E. Vendor D for all remote sites

Correct Answer: D

Wireless users are reporting issues with the company’s video conferencing and VoIP systems. The security administrator notices internal DoS attacks from infected PCs on the network causing the VoIP system to drop calls. The security administrator also notices that the SIP servers are unavailable
during these attacks. Which of the following security controls will MOST likely mitigate the VoIP DoS attacks on the network? (Select TWO).

1. A. Install a HIPS on the SIP servers
2. B. Configure 802.1X on the network
3. C. Update the corporate firewall to block attacking addresses
4. D. Configure 802.11e on the network
5. E. Configure 802.1q on the network

Correct Answer: AD
Host-based intrusion prevention system (HIPS) is an installed software package that will monitor a single host for suspicious activity by analyzing events taking place within that host.
IEEE 802.11e is deemed to be of significant consequence for delay-sensitive applications, such as Voice over Wireless LAN and streaming multimedia.
Incorrect Answers:
B: 802.1X is used by devices to attach to a LAN or WLAN.
C: Updating the corporate firewall will not work as the DoS attacks are from an internal source. E: 802.1q is used for VLAN tagging.
References: https:HYPERLINK
"https://en.wikipedia.org/wiki/Intrusion_prevention_system"//en.wikipedia.org/wiki/Intrusion_pre vention_system
https://en.wikipedia.orHYPERLINK "https://en.wikipedia.org/wiki/IEEE_802.11e- 2005"g/wiki/IEEE_802.11e-2005
https://en.wikipedia.org/wiki/IEEE_802.1X https://en.wikipedia.org/wiki/IEEE_802.1Q

Two new technical SMB security settings have been enforced and have also become policies that increase secure communications.
Network Client: Digitally sign communication Network Server: Digitally sign communication
A storage administrator in a remote location with a legacy storage array, which contains timesensitive data, reports employees can no longer connect to their department shares. Which of the following mitigation strategies should an information security manager recommend to the data owner?

1. A. Accept the risk, reverse the settings for the remote location, and have the remote location file a risk exception until the legacy storage device can be upgraded
2. B. Accept the risk for the remote location, and reverse the settings indefinitely since the legacy storage device will not be upgraded
3. C. Mitigate the risk for the remote location by suggesting a move to a cloud service provide
4. D. Have the remote location request an indefinite risk exception for the use of cloud storage
5. E. Avoid the risk, leave the settings alone, and decommission the legacy storage device

Correct Answer: A