CAS-003 Free Practice Test

A threat advisory alert was just emailed to the IT security staff. The alert references specific types of host operating systems that can allow an unauthorized person to access files on a system remotely. A fix was recently published, but it requires a recent endpoint protection engine to be installed prior to running the fix.
Which of the following MOST likely need to be configured to ensure the system are mitigated accordingly? (Select two.)

1. A. Antivirus
2. B. HIPS
3. C. Application whitelisting
4. D. Patch management
5. E. Group policy implementation
6. F. Firmware updates

Correct Answer: DF

The code snippet below controls all electronic door locks to a secure facility in which the doors should only fail open in an emergency. In the code, “criticalValue” indicates if an emergency is underway:

Which of the following is the BEST course of action for a security analyst to recommend to the software developer?

1. A. Rewrite the software to implement fine-grained, conditions-based testing
2. B. Add additional exception handling logic to the main program to prevent doors from being opened
3. C. Apply for a life-safety-based risk exception allowing secure doors to fail open
4. D. Rewrite the software’s exception handling routine to fail in a secure state

Correct Answer: B

A consultant is hired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessment will be considered successful if the consultant can discover the name of one of the IT administrators. Which of the following is MOST likely to produce the needed information?

1. A. Whois
2. B. DNS enumeration
3. C. Vulnerability scanner
4. D. Fingerprinting

Correct Answer: A

A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities. The analyst inspects the following portions of different configuration files:
Configuration file 1: Operator ALL=/sbin/reboot Configuration file 2:
Command=”/sbin/shutdown now”, no-x11-forwarding, no-pty, ssh-dss Configuration file 3:
Operator:x:1000:1000::/home/operator:/bin/bash
Which of the following explains why an intended operator cannot perform the intended action?

1. A. The sudoers file is locked down to an incorrect command
2. B. SSH command shell restrictions are misconfigured
3. C. The passwd file is misconfigured
4. D. The SSH command is not allowing a pty session

Correct Answer: D

A security analyst sees some suspicious entries in a log file from a web server website, which has a form that allows customers to leave feedback on the company’s products. The analyst believes a malicious actor is scanning the web form. To know which security controls to put in place, the analyst first needs to determine the type of activity occurring to design a control. Given the log below:

Which of the following is the MOST likely type of activity occurring?

1. A. SQL injection
2. B. XSS scanning
3. C. Fuzzing
4. D. Brute forcing

Correct Answer: A