Instant Access CompTIA.CAS-003.v2022-02-23.q648 Actual Practice Test Engine for Free (Page 66)

Question 321

Legal authorities notify a company that its network has been compromised for the second time in two
years. The investigation shows the attackers were able to use the same vulnerability on different systems
in both attacks. Which of the following would have allowed the security team to use historical information to
protect against the second attack?

A.Lessons learned
B.Recovery point objectives
C.Key risk indicators
D.Tabletop exercise

Question 322

A company contracts a security engineer to perform a penetration test of its client-facing web portal. Which
of the following activities would be MOST appropriate?

A.Use network enumeration tools to identify if the server is running behind a load balancer
B.Use a protocol analyzer against the site to see if data input can be replayed from the browser
C.Scan the website through an interception proxy and identify areas for the code injection
D.Scan the site with a port scanner to identify vulnerable services running on the web server

Question 323

An administrator wants to enable policy based flexible mandatory access controls on an open source OS to prevent abnormal application modifications or executions. Which of the following would BEST accomplish this?

A.Access control lists
B.SELinux
C.IPtables firewall
D.HIPS

Correct Answer: B

The most common open source operating system is LINUX.
Security-Enhanced Linux (SELinux) was created by the United States National Security Agency (NSA) and is a Linux kernel security module that provides a mechanism for supporting access control security policies, including United States Department of Defense-style mandatory access controls (MAC).
NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications.
Incorrect Answers:
A: An access control list (ACL) is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. ACLs do not enable policy based flexible mandatory access controls to prevent abnormal application modifications or executions.
C: A firewall is used to control data leaving a network or entering a network based on source and destination IP address and port numbers. IPTables is a Linux firewall. However, it does not enable policy based flexible mandatory access controls to prevent abnormal application modifications or executions.
D: Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. It does not enable policy based flexible mandatory access controls to prevent abnormal application modifications or executions.
References:
https://en.wikipedia.org/wiki/Security-Enhanced_Linux

Question 324

A security manager looked at various logs while investigating a recent security breach in the data center from an external source. Each log below was collected from various security devices compiled from a report through the company's security information and event management server.
Logs:
Log 1:
Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.2.5.81 3 packets Log 2:
HTTP://www.company.com/index.php?user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Log 3:
Security Error Alert
Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client Log 4:
Encoder oe = new OracleEncoder ();
String query = "Select user_id FROM user_data WHERE user_name = ' "
+ oe.encode ( req.getParameter("userID") ) + " ' and user_password = ' "
+ oe.encode ( req.getParameter("pwd") ) +" ' ";
Vulnerabilities
Buffer overflow
SQL injection
ACL
XSS
Which of the following logs and vulnerabilities would MOST likely be related to the security breach? (Select TWO).

A.Log 1
B.Log 2
C.Log 3
D.Log 4
E.Buffer overflow
F.ACL
G.XSS
H.SQL injection

Question 325

A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security. The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises. Which of the following should the consultant recommend be performed to evaluate potential risks?

A.The consultant should attempt to gain access to physical offices through social engineering and then attempt data exfiltration
B.The consultant should be granted access to all physical access control systems to review logs and evaluate the likelihood of the threat
C.The company should conduct internal audits of access logs and employee social media feeds to identify potential insider threats
D.The company should install a temporary CCTV system to detect unauthorized access to physical offices

Question 321

Question 322

Question 323

Question 324

Question 325

Download PDF File