FedVTE CASP Exam 41 Questions with Verified Answers
A flaw in an online sporting goods website allows customers to purchase multiple quantities of
... [Show More] goods and only be charged the single quantity price. To improve the site, management is demanding that the ecommerce application be tested to insure this flaw is corrected. Which of the following is the BEST combination of tools and or methods to use? - CORRECT ANSWER A. Blackbox testing using outside consultants
C. Fuzzer and HTTP interceptor
All adverse impacts of a security event can be measured quantitatively? - CORRECT ANSWER False
An active\passive cluster of redundant routers and firewalls has been installed in the network edge by your enterprise LAN/WAN engineer. The firewalls are using stateful firewall inspection. Even with the redundant equipment, there are still multiple reports of dropped connections with external clients. Which of the following is MOST likely the cause of this problem? - CORRECT ANSWER TCP sessions are being rejected because they are being handled by asynchronous route paths through the firewalls.
Which of the following describes a single sign on implementation? - CORRECT ANSWER A web access load balancer passes the same authentication attributes in a HTTP header to multiple applications.
What does the access control term AAA stand for? - CORRECT ANSWER Authentication, Authorization, Accounting
A government agency has a major new initiative to virtualize as many servers as possible, due to power and rack space capacity at its two data centers. The agency has prioritized virtualizing older servers first as the hardware is nearing end of life. The two initial migrations include Windows 2000 hosts (domain controllers and front-facing web servers) and open source Linux hosts (front facing web servers). Which of the following should occur based on best practices? - CORRECT ANSWER Each data center should contain separate virtual environments for the web servers and for the domain controllers.
Shifting the responsibility for a risk to a third party is which strategy for managing risks? - CORRECT ANSWER Transfer
Audit logs can be used to prevent users from performing unauthorized operations. - CORRECT ANSWER False
The CISO at a software development company is concerned about weaknesses in the review processes his company has for their major product. Testing was performed in house by a small review team, and the previous projects have been found to have that only limited test cases were used and many of the code paths remained untested. The CISO raised concerns that this product cannot fail in an upcoming large scale deployment. Which of the following will provide the MOST thorough additional testing? - CORRECT ANSWER Run a small pilot test at the customers site before rolling out the complete deployment.
Which of the following is the process of determining whether someone or something is who or what it declares itself to be? - CORRECT ANSWER Authentication
Which of the following is an incremental update between service packs or versions to fix outstanding issues? - CORRECT ANSWER Maintenance release
A new IDS appliance is generating a very large number of events, most of which are not security-related. Select the approach which best resolves this issue. - CORRECT ANSWER Adjust IDS filters that are creating false positives.
Which recovery site is fully equipped and is capable of restoring data and configurations within hours? - CORRECT ANSWER B. Hot Site
C. Mirrored Site
Which of the following is the best choice for ensuring continuous availability? - CORRECT ANSWER Redundancy
A retail merchant has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the merchants share price decreasing in value by more than one third and the merchant has been threatened with losing their ability to process credit card transactions. The new Chief Information Security Officer (CISO) as a result has initiated a program of work to solve the issues. The business has specified that the solution needs to be enterprise grade and meet the following requirements: Work across all major platforms, applications and infrastructure; Tracks activity of all users, including administrators; Operates without negatively impacting the performance of production platforms, applications, and infrastructures; Provides real-time incident reporting; Displays incidents in a dashboard view for easy recognition; Includes a report generator where business units are able to query against companys system assets. In order to solve this problem, which of the following security solutions will BEST meet the above requirements? (Select TWO). - CORRECT ANSWER A. Implement a security operations center to provide in depth analysis and incident response with periodic reporting capability.
B. Implement an enterprise-based SIEM solution to process the logs of the major platforms, applications, and infrastructure.
C. Implement a security operations center for real time monitoring and incident response and an event correlation dashboard with self service reporting capability.
D. Ensure the NOC provides real time monitoring and incident response and an event correlation dashboard with self service reporting capabilities.
E. Implement an agent only based SIEM solution to be deployed on all major platforms, applications, and infrastructures.
F. Manually pull the logs from the major platforms, applications, and infrastructures to a central analysis center.
C & E is wrong
A medical group is converting to cloud computing to improve delivery times for IT solution adoption. The accounting department has made a case for replacing the existing banking platform for credit card processing with a newer offering. It is the security departments responsibility to evaluate whether the new credit card processing platform can be hosted within a cloud environment. Which of the following BEST balances the security risk and IT drivers for cloud computing? - CORRECT ANSWER There may be regulatory restrictions with credit cards being processed out of country or processed by shared hosting providers. A private cloud within the company should be considered. An decision paper should be written to outline the risks, advantages and disadvantages of the options.
A contractor is hired to assist in the development of a new application. Which of the following would you use to ensure the contractor does not share information about the project they worked on outside of the company? - CORRECT ANSWER Non-Disclosure Agreement, NDA
A companys security policy states that its internally developed proprietary Internet facing software must be resistant to web application attacks. Which of the following methods provides the MOST protection against unauthorized access to stored database information? - CORRECT ANSWER Require all developers to follow secure coding practices.
A Security Manager is selecting web conferencing systems for internal use. The system will only be used for internal employee collaboration. Which of the following should be the priority issues for the security manager? (Select THREE). - CORRECT ANSWER Security of data storage
System availability
User authentication strategy
The CISO regularly receives reports of a department repeatedly violating the corporate security policy. The head of the department informs the CISO that the offending behaviors are a result of necessary business activities. The CISO assigns a security administrator to find a solution for the issue. Which of the following is the BEST course of action for the security administrator to take? - CORRECT ANSWER Draft an MOU for the department head and CISO to approve, documenting the limits of the necessary behaviour, and actions to be taken by both teams.
An electrical utility has employed a consultant to perform a controls assessment of the personnel system, backend business operations, and the SCADA system used in their facility. Which of the following correctly states the risk management options that the consultant should use during the assessment? - CORRECT ANSWER B. Avoid, transfer, mitigate, and accept.
D. Calculate risk by determining technical likelihood and potential business impact.
A company has implemented data retention policies and storage quotas in response to their legal departments requests and the SAN administrators recommendation. The retention policy states all email data older than 120 days should be eliminated. As there are no technical controls in place, users have been instructed to stick to a storage quota of 750Mb of network storage and 500Mb of email storage. After being presented with an ediscovery request from an opposing legal council, the security administrator discovers that the user in the suit has 1Tb of files and 800Mb of email spanning over two years. Which of the following should the security administrator provide to opposing council? - CORRECT ANSWER Provide all available data regardless of age.
The internal audit department is investigating a possible accounting breach. One of the auditors is sent to interview the following employees: Employee A works in the accounts receivable office and is in charge of entering data into the finance system; Employee B works in the accounts payable office and is in charge of approving purchase orders; Employee C is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Employee A and Employee B. Which of the following should the auditor suggest be done to avoid future security breaches? - CORRECT ANSWER The manager should only be able to review the data and approve purchase orders.
An intrusion detection system logged an attack attempt from a remote IP address. One week later, the attacker successfully compromised the network. Which of the following MOST likely occurred? - CORRECT ANSWER No one was reviewing the IDS event logs.
A large enterprise introduced a new firewall into the Internet facing POP. All Internet traffic passes through this appliance. Four hours after implementation the network engineering team discovered that traffic through the POP now has unacceptable latency, and is recommending that the new firewall be taken offline. At what point in the implementation process should this problem have been discovered? - CORRECT ANSWER When testing the appliance
New zero day attacks are being discovered on a regular basis against a broad range of IT systems. Which of the following best practices should a security manager do to manage the risks being faced through these attack vectors? (Select TWO). - CORRECT ANSWER A. Establish an emergency response call tree.
B. Create an inventory of applications.
C. Backup the router and firewall configurations.
D. Maintain a list of critical systems.
E. Update all network diagrams.
C & D is wrong
B & C is wrong
The firms CISO has been working with the Purchasing and the Project Management Office on soliciting bids for a series of HIDS and NIDS products for a major installation in the firms new Hong Kong office. After reviewing RFQs received from three vendors, the company has not gained any real data regarding the specifications about any of the solutions and want that data before the procurement continues. Which of the following will the CISO do at this point to get back on track in this procurement process? - CORRECT ANSWER Contact the three submitting vendor firms and have them submit supporting RFIs to provide more detailed information about their product solutions.
Which of the following network filtering devices will rely on signature updates to be effective? - CORRECT ANSWER NIDS
The lead systems architect on a software development project developed a design which is optimized for a distributed computing environment. The security architect assigned to the project has concerns about the integrity of the system if it is deployed in a commercial cloud. The security architects concerns have not been addressed by the systems architect. A network engineer on the project has a security background and is also concerned about the overall success of the project. Which of the following is the BEST course of action for the network engineer to take? - CORRECT ANSWER Document mitigations to the security issues and arrange a meeting between the architects and the project manager.
Which of the following is a true statement concerning NIDS? - CORRECT ANSWER A NIDS monitors and analyses network traffic for possible intrusions.
Which of the following protocols is used to ensure secure transmissions on port 443? - CORRECT ANSWER HTTPS
A Physical Security Manager is ready to replace 30 analog surveillance cameras with IP cameras with built in web management. There are several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should be used to BEST secure this environment? - CORRECT ANSWER Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.
A device is being selected by an administrator to secure an internal network segment from external traffic. Which of the following devices could be selected to provide security to the network segment? - CORRECT ANSWER NIPS
Administrators should always investigate or refer to which of the following to block the use of previously issued PKI credentials that have expired or otherwise become invalid? - CORRECT ANSWER CRL
Which of the following BEST explains SAML? - CORRECT ANSWER A security attestation model built on XML and SOAP based services, which allows for the exchange of AandA data between systems and supports Federated Identity Management.
Which of the following must be used when setting up a DMZ? - CORRECT ANSWER B. NIDS
D. Honeypot
Which of the following is an example of the security mitigation technique of changing roles every couple of months? - CORRECT ANSWER Job rotation
A new company requirement mandates the implementation of multi factor authentication to access network resources. The security administrator was asked to research and implement the most cost effective solution that would allow for the authentication of both hardware and users. The company wants to leverage the PKI infrastructure which is already well established. Which of the following solutions should the security administrator implement? - CORRECT ANSWER Issue individual private and public key pairs to each user, install the public key on the central authentication system, and require each user to install the private key on their computer and protect it with a password.
Virtualized applications such as virtualized browsers are capable of protecting the underlying operating system from which of the following? - CORRECT ANSWER Malware installation from the Internet site of a suspect
A design flaw in a new application was discovered by a software manufacturer. Company management decided to continue manufacturing the product with the flaw rather than recalling the software. Which of the following risk management strategies was adopted? - CORRECT ANSWER Risk acceptance
About twice a year a switch fails in a company's network centre. Under the maintenance contract, the switch would be replaced in two hours losing the business 60K per hour. The cost of a spare switch is 180K with a 12 hour delivery time and would eliminate downtime costs if purchased ahead of time. The maintenance contract is 90K per year. Which of the following is true in this scenario? - CORRECT ANSWER A. It is more cost effective to eliminate the maintenance contract and purchase a replacement upon failure.
D. It is more cost effective to purchase a spare switch prior to an outage and keep the maintenance contract. [Show Less]