CAS-004 Free Practice Test

The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank’s risk committee is to ensure:

1. A. Budgeting for cybersecurity increases year over year.
2. B. The committee knows how much work is being done.
3. C. Business units are responsible for their own mitigation.
4. D. The bank is aware of the status of cybersecurity risks

Correct Answer: A

A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.
Which of the following techniques would be BEST suited for this requirement?

1. A. Deploy SOAR utilities and runbooks.
2. B. Replace the associated hardware.
3. C. Provide the contractors with direct access to satellite telemetry data.
4. D. Reduce link latency on the affected ground and satellite segments.

Correct Answer: A

A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form? (Select TWO.)

1. A. Text editor
2. B. OOXML editor
3. C. Event Viewer
4. D. XML style sheet
5. E. SCAP tool
6. F. Debugging utility

Correct Answer: BD

SIMULATION
You are a security analyst tasked with interpreting an Nmap scan output from company’s privileged network. The company’s hardening guidelines indicate the following:
There should be one primary server or service per device. Only default ports should be used.
Non-secure protocols should be disabled. INSTRUCTIONS
Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.
For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:
The IP address of the device
The primary server or service of the device (Note that each IP should by associated with one service/port only) The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.


Solution:
* 10.1.45.65 SFTP Server Disable 8080
* 10.1.45.66 Email Server Disable 415 and 443
* 10.1.45.67 Web Server Disable 21, 80
* 10.1.45.68 UTM Appliance Disable 21

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should the analyst use NEXT?

1. A. Software Decomplier
2. B. Network enurrerator
3. C. Log reduction and analysis tool
4. D. Static code analysis

Correct Answer: D