CompTIA CAS-002 問題集

質問 1：
Noticing latency issues at its connection to the Internet, a company suspects that it is being targeted in a Distributed Denial of Service attack. A security analyst discovers numerous inbound monlist requests coming to the company's NTP servers. Which of the following mitigates this activity with the LEAST impact to existing operations?
A. Disable the company's NTP servers.
B. Disable monlist on the company's NTP servers.
C. Block in-bound connections to the company's NTP servers.
D. Block IPs making monlist requests.
正解：B

質問 2：
A large international business has completed the acquisition of a small business and it is now in the process of integrating the small business' IT department. Both parties have agreed that the large business will retain 95% of the smaller business' IT staff. Additionally, the larger business has a strong interest in specific processes that the smaller business has in place to handle its regional interests. Which of the following IT security related objectives should the small business' IT staff consider reviewing during the integration process? (Select TWO).
A. Service level agreements between the small and the large business.
B. The memorandum of understanding between the two businesses.
C. The business continuity plan in place at the small business.
D. New regulatory compliance requirements.
E. The initial request for proposal drafted during the merger.
F. How the large business operational procedures are implemented.
正解：D,F

質問 3：
A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSec in transport mode with AH enabled and ESP disabled throughout the internal network. The company has hired a security consultant to analyze the network infrastructure and provide a solution for intrusion prevention. Which of the following recommendations should the consultant provide to the security administrator?
A. Switch IPSec to tunnel mode. Implement HIPS on the internal network, and NIPS on the DMZ.
B. Enable ESP on the internal network, and place NIPS on both networks.
C. Disable AH. Enable ESP on the internal network, and use NIPS on both networks.
D. Switch to TLS in the DMZ. Implement NIPS on the internal network, and HIPS on the DMZ.
正解：D

質問 4：
CORRECT TEXT
Company A has noticed abnormal behavior targeting their SQL server on the network from a rogue IP address. The company uses the following internal IP address ranges:
192.10.1.0/24 for the corporate site and 192.10.2.0/24 for the remote site. The Telco router interface uses the 192.10.5.0/30 IP range.
Instructions: Click on the simulation button to refer to the Network Diagram for Company A.
Click on Router 1, Router 2, and the Firewall to evaluate and configure each device.
Task 1: Display and examine the logs and status of Router 1, Router 2, and Firewall interfaces.
Task 2: Reconfigure the appropriate devices to prevent the attacks from continuing to target the SQL server and other servers on the corporate network.




正解：
Please check the explanation part for the solution.
Explanation:
We need to select the exactly the same to configure and then click on Save as shown below image.


質問 5：
A company's security policy states that its own internally developed proprietary Internet facing software must be resistant to web application attacks. Which of the following methods provides the MOST protection against unauthorized access to stored database information?
A. Require client-side input filtering on all modifiable fields.
B. Escape character sequences at the application tier.
C. Deploy a WAF with application specific signatures.
D. Require all development to follow secure coding practices.
正解：D

質問 6：
After the install process, a software application executed an online activation process. After a few months, the system experienced a hardware failure. A backup image of the system was restored on a newer revision of the same brand and model device. After the restore, the specialized application no longer works. Which of the following is the MOST likely cause of the problem?
A. The binary files used by the application have been modified by malware.
B. The restored image backup was encrypted with the wrong key.
C. The hash key summary of hardware and installed software no longer match.
D. The application is unable to perform remote attestation due to blocked ports.
正解：C

質問 7：
A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented. The CISO wants to know upfront what the projected TCO would be before looking further into this concern. Two vendor proposals have been received:
* Vendor A: product-based solution which can be purchased by the pharmaceutical company.
* Capital expenses to cover central log collectors, correlators, storage and management consoles expected to be $150,000. Operational expenses are expected to be a 0.5 full time employee (FTE) to manage the solution, and 1 full time employee to respond to incidents per year.
* Vendor B: managed service-based solution which can be the outsourcer for the pharmaceutical company's needs.
Bundled offering expected to be $100,000 per year.
Operational expenses for the pharmaceutical company to partner with the vendor are expected to be a 0.5 FTE per year.
Internal employee costs are averaged to be $80,000 per year per FTE. Based on calculating TCO of the two vendor proposals over a 5 year period, which of the following options is MOST accurate?
A. Based on cost alone, having an outsourced solution appears to be more expensive.
B. Based on cost alone, both outsourced an in-sourced solutions appear to be the same.
C. Based on cost alone, having an outsourced solution appears cheaper.
D. Based on cost alone, having a purchased product solution appears cheaper.
正解：C

質問 8：
The Universal Research Association has just been acquired by the Association of Medical Business Researchers. The new conglomerate has funds to upgrade or replace hardware as part of the acquisition, but cannot fund labor for major software projects. Which of the following will MOST likely result in some IT resources not being integrated?
A. Data loss prevention standards in one company may be less stringent.
B. Corporate websites may be optimized for different web browsers.
C. Industry security standards and regulations may be in conflict.
D. One of the companies may use an outdated VDI.
正解：C