CompTIA CAS-002 問題集

質問 1：
Which of the following provides the BEST risk calculation methodology?
A. Impact x Threat x Vulnerability
B. Risk Likelihood x Annual Loss Expectancy (ALE)
C. Annual Loss Expectancy (ALE) x Value of Asset
D. Potential Loss x Event Probability x Control Failure Probability
正解：D

質問 2：
An architect has been engaged to write the security viewpoint of a new initiative. Which of the following BEST describes a repeatable process that can be used for establishing the security architecture?
A. Perform a risk analysis of the system. Avoid extreme risks. Mitigate high risks. Transfer medium risks and accept low risks. Perform continuous monitoring to ensure that the system remains at an adequate security posture.
B. Implement controls based on the system needs. Perform a risk analysis of the system.For any remaining risks, perform continuous monitoring.
C. Classify information types used within the system into levels of confidentiality, integrity, and availability. Determine minimum required security controls. Conduct a risk analysis.Decide on which security controls to implement.
D. Inspect a previous architectural document. Based on the historical decisions made, consult the architectural control and pattern library within the organization and select the controls that appear to best fit this new architectural need.
正解：C

質問 3：
Which of the following protocols only facilitates access control?
A. Kerberos
B. XACML
C. SAML
D. SPML
正解：B

質問 4：
A Linux security administrator is attempting to resolve performance issues with new software installed on several baselined user systems. After investigating, the security administrator determines that the software is not initializing or executing correctly. For security reasons, the company has implemented trusted operating systems with the goal of preventing unauthorized changes to the configuration baseline. The MOST likely cause of this problem is that SE Linux is set to:
A. Enforcing mode with no policy configured.
B. Permissive mode with an incorrectly configured policy.
C. Disabled with a correctly configured policy.
D. Enforcing mode with an incorrectly configured policy.
正解：D

質問 5：
A corporation has expanded for the first time by integrating several newly acquired businesses.
Which of the following are the FIRST tasks that the security team should undertake? (Select TWO).
A. Federate identity management systems.
B. Install firewalls between the businesses.
C. Re-image all end user computers to a standard image.
D. Remove acquired companies Internet access.
E. Conduct a risk analysis of each acquired company's networks.
F. Develop interconnection policy.
正解：E,F

質問 6：
An insurance company has an online quoting system for insurance premiums. It allows potential customers to fill in certain details about their car and obtain a quote. During an investigation, the following patterns were detected:
Pattern 1 - Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated.
Pattern 2 - For every quote completed, a new customer number is created; due to legacy systems, customer numbers are running out.
Which of the following is the attack type the system is susceptible to, and what is the BEST way to defend against it? (Select TWO).
A. Distributed denial of service
B. Implement an inline WAF and integrate into SIEM
C. Cross site scripting attack
D. Apply a hidden field that triggers a SIEM alert
E. Resource exhaustion attack
F. SQL injection
G. Input a blacklist of all known BOT malware IPs into the firewall
H. Implement firewall rules to block the attacking IP addresses
正解：B,E

質問 7：
A security administrator is assessing a new application. The application uses an API that is supposed to encrypt text strings that are stored in memory. How might the administrator test that the strings are indeed encrypted in memory?
A. Run nmap to attach to application memory
B. Use fuzzing techniques to examine application inputs
C. Use an HTTP interceptor to capture the text strings
D. Use a packet analyzer to inspect the strings
E. Initiate a core dump of the application
正解：E

質問 8：
A business unit of a large enterprise has outsourced the hosting and development of a new external website which will be accessed by premium customers, in order to speed up the time to market timeline. Which of the following is the MOST appropriate?
A. The external party providing the hosting and website development should be obligated under contract to provide a secure service which is regularly tested (vulnerability and penetration). SLAs should be in place for the resolution of newly identified vulnerabilities and a guaranteed uptime.
B. The use of external organizations to provide hosting and web development services is not recommended as the costs are typically higher than what can be achieved internally. In addition, compliance with privacy regulations becomes more complex and guaranteed uptimes are difficult to track and measure.
C. Outsourcing transfers all the risk to the third party. An SLA should be in place for the resolution of newly identified vulnerabilities and penetration / vulnerability testing should be conducted regularly.
D. Outsourcing transfers the risk to the third party, thereby minimizing the cost and any legal obligations. An MOU should be in place for the resolution of newly identified vulnerabilities and penetration / vulnerability testing should be conducted regularly.
正解：A