CompTIA CAS-002 問題集

質問 1：
Which of the following technologies prevents an unauthorized HBA from viewing iSCSI target information?
A. Data snapshots
B. Deduplication
C. LUN masking
D. Storage multipaths
正解：C

質問 2：
A security architect is locked into a given cryptographic design based on the allowable software at the company. The key length for applications is already fixed as is the cipher and algorithm in use. The security architect advocates for the use of well-randomized keys as a mitigation to brute force and rainbow attacks. Which of the following is the security architect trying to increase in the design?
A. Integrity
B. Availability
C. Key stretching
D. Entropy
E. Root of trust
正解：D

質問 3：
A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The doctors and specialists access patient records over the hospital's guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records management system can be accessed from the guest network and requires two factor authentication. Using a remote desktop type interface, the doctors and specialists can interact with the hospital's system.
Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO).
A. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable.
B. Malware may be on BYOD devices which can extract data via key logging and screen scrapes.
C. Privacy could be compromised as patient records can be viewed in uncontrolled areas.
D. Device encryption has not been enabled and will result in a greater likelihood of data loss.
E. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data.
正解：B,C

質問 4：
An educational institution would like to make computer labs available to remote students.
The labs are used for various IT networking, security, and programming courses. The requirements are:
1 . Each lab must be on a separate network segment.
2 . Labs must have access to the Internet, but not other lab networks.
3 . Student devices must have network access, not simple access to hosts on the lab networks.
4. Students must have a private certificate installed before gaining access.
5. Servers must have a private certificate installed locally to provide assurance to the students.
6. All students must use the same VPN connection profile.
Which of the following components should be used to achieve the design in conjunction with directory services?
A. Cloud service remote access tool for remote connectivity, OAuth for authentication, ACL on routing equipment
B. IPSec VPN with mutual authentication for remote connectivity, RADIUS for authentication, ACLs on network equipment
C. L2TP VPN over TLS for remote connectivity, SAML for federated authentication, firewalls between each lab segment
D. SSL VPN for remote connectivity, directory services groups for each lab group, ACLs on routing equipment
正解：B

質問 5：
The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the company's wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the exception form? (Select THREE).
A. Business or technical justification for not implementing the requirements.
B. Risks associated with the inability to implement the requirements.
C. Internal procedures that may justify a budget submission to implement the new requirement.
D. A revised DRP and COOP plan to the exception form.
E. All sections of the policy that may justify non-implementation of the requirements.
F. Industry best practices with respect to the technical implementation of the current controls.
G. Current and planned controls to mitigate the risks.
正解：A,B,G

質問 6：
The threat abatement program manager tasked the software engineer with identifying the fastest implementation of a hash function to protect passwords with the least number of collisions. Which of the following should the software engineer implement to best meet the requirements?
A. hash = md5(password + salt);for (k = 0; k < 5000; k++) {hash = md5 (hash);}
B. hash = sha512(password + salt);for (k = 0; k < 3000; k++) {hash = sha512 (hash + password + salt);}
C. hash1 = sha1(password + salt);hash = sha1 (hash1);
D. hash = sha512(password + salt);for (k = 0; k < 4000; k++) {hash = sha512 (hash);}
正解：B

質問 7：
Which of the following provides the BEST risk calculation methodology?
A. Impact x Threat x Vulnerability
B. Risk Likelihood x Annual Loss Expectancy (ALE)
C. Annual Loss Expectancy (ALE) x Value of Asset
D. Potential Loss x Event Probability x Control Failure Probability
正解：D

質問 8：
A retail bank has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the bank's share price decreasing in value by 50% and regulatory intervention and monitoring.
The new Chief Information Security Officer (CISO) as a result has initiated a program of work to solve the issues.
The business has specified that the solution needs to be enterprise grade and meet the following requirements:
Be across all major platforms, applications and infrastructure.
Be able to track user and administrator activity.
Does not significantly degrade the performance of production platforms, applications, and infrastructures.
Real time incident reporting.
Manageable and has meaningful information.
Business units are able to generate reports in a timely manner of the unit's system assets.
In order to solve this problem, which of the following security solutions will BEST meet the above requirements? (Select THREE).
A. Implement a security operations center to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capability.
B. Ensure that the network operations center has the tools to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capabilities.
C. Ensure appropriate auditing is enabled to capture the required information.
D. Implement an aggregation based SIEM solution to be deployed on the log servers of the major platforms, applications, and infrastructure.
E. Implement an agent only based SIEM solution to be deployed on all major platforms, applications, and infrastructures.
F. Implement a security operations center to provide real time monitoring and incident response with self service reporting capability.
G. Manually pull the logs from the major platforms, applications, and infrastructures to a central secure server.
正解：A,C,D