CompTIA Advanced Security Practitioner 認定 CAS-001 試験問題:

1. A security administrator is conducting network forensic analysis of a recent defacement of the company's secure web payment server (HTTPS). The server was compromised around the New Year's holiday when all the company employees were off. The company's network diagram is summarized below:
Internet
Gateway Firewall
IDS
Web SSL Accelerator
Web Server Farm
Internal Firewall
Company Internal Network
The security administrator discovers that all the local web server logs have been deleted. Additionally, the Internal Firewall logs are intact but show no activity from the internal network to the web server farm during the holiday.
-------
Which of the following is true?

A) The security administrator should review the IDS logs to determine the source of the attack and the attack vector used to compromise the web server.
B) The security administrator must correlate logs from all the devices in the network diagram to determine what specific attack led to the web server compromise.
C) The security administrator must correlate the external firewall logs with the intrusion detection system logs to determine what specific attack led to the web server compromise.
D) The security administrator must reconfigure the network and place the IDS between the SSL accelerator and the server farm to be able to determine the cause of future attacks.

2. When attending the latest security conference, an information security administrator noticed only a few people carrying a laptop around. Most other attendees only carried their smartphones.
Which of the following would impact the security of conference's resources?

A) Wireless network security may need to be increased to decrease access of mobile devices.
B) Wireless network security may need to be decreased to allow for increased access of mobile devices.
C) Network security may need to be increased by reducing the number of available physical network jacks.
D) Physical security may need to be increased to deter or prevent theft of mobile devices.

3. An organization is finalizing a contract with a managed security services provider (MSSP) that is responsible for primary support of all security technologies. Which of the following should the organization require as part of the contract to ensure the protection of the organization's technology?

A) A service level agreement
B) An interconnection security agreement
C) A non-disclosure agreement
D) An operational level agreement

4. A security engineer has inherited an authentication project which integrates 1024-bit PKI certificates into the company infrastructure and now has a new requirement to integrate 2048-bit PKI certificates so that the entire company will be interoperable with its vendors when the project is completed. The project is now 25% complete, with 15% of the company staff being issued 1024-bit certificates. The provisioning of network based accounts has not occurred yet due to other project delays. The project is now expected to be over budget and behind its original schedule. Termination of the existing project and beginning a new project is a consideration because of the change in scope. Which of the following is the security engineer's MOST serious concern with implementing this solution?

A) Succession planning
B) Availability
C) Performance
D) Maintainability

5. A programming team is deploying a new PHP module to be run on a Solaris 10 server with trusted extensions. The server is configured with three zones, a management zone, a customer zone, and a backend zone. The security model is constructed so that only programs in the management zone can communicate data between the zones. After installation of the new PHP module, which handles on-line customer payments, it is not functioning correctly. Which of the following is the MOST likely cause of this problem?

A) The PHP module was installed in the management zone, but is trying to call a routine in the customer zone to transfer data directly to a MySQL database in the backend zone.
B) The iptables configuration is not configured correctly to permit zone to zone communications between the customer and backend zones.
C) The ipfilters configuration is configured to disallow loopback traffic between the physical NICs associated with each zone.
D) The PHP module is written to transfer data from the customer zone to the management zone, and then from the management zone to the backend zone.

質問と回答：