View CAS-004 Exam Questions

Q: 11

During a recent breach, an attacker was able to get a user's login credentials by cracking a password that was retrieved via a stolen laptop. The attacker accessed the hashed passwords from the hard drive when it was connected to another device. Which of the following security measures could have helped prevent this account from being compromised?

Options

Q: 12

A security engineer has learned that terminated employees' accounts are not being disabled. The termination dates are updated automatically in the human resources information system software by the appropriate human resources staff. Which of the following would best reduce risks to the organization?

Options

Q: 13

PKI can be used to support security requirements in the change management process. Which of the following capabilities does PKI provide for messages?

Options

Q: 14

The Chief Information Security Officer of a large multinational organization has asked the security risk manager to use risk scenarios during a risk analysis. Which of the following is the most likely reason for this approach?

Options

Q: 15

A security architect discovers the following while reviewing code for a company’s website:

selection = "SELECT Item FROM Catalog WHERE ItemID * " & Request("ItemID”)

Which of the following should the security architect recommend?

Options

Q: 16

After installing an unapproved application on a personal device, a Chief Executive Officer reported an incident to a security analyst. This device is not controlled by the MDM solution, as stated in the BYOD policy. However, the device contained critical confidential information. The cyber incident response team performed the analysis on the device and found the following log:

Which of the following is the most likely reason for the successful attack?

Options

Q: 17

Recently, two large engineering companies in the same line of business decided to approach cyberthreats in a united way. Which of the following best describes this unified approach?

Options

Q: 18

A third-party organization has implemented a system that allows it to analyze customers' data and deliver analysis results without being able to see the raw dat a. Which of the following is the organization implementing?

Options

Q: 19

SIMULATION You have received a report that some users are unable to use their personal devices to authenticate to a protected corporate website. The users have stated that no changes have been made on their personal devices since the last time they were able to authenticate successfully. INSTRUCTIONS Examine the device health policy for the MFA solution, the MFA usage logs, and the device telemetry. Using that information: . Select the policy/policies that were violated. . Select the telemetry log(s) that explain(s) the policy violations.

Your Answer

Correct Answer:

SEE THE

Explanation

part.

Explanation:

Step 1: Understand the Scenario

Issue:Userscannot authenticateusing personal devices.User claim:No changes have been made to

their devices since they were last able to authenticate.

Step 2: Review the Policy Settings

From theGlobal settingstable:

✅Enabled Policies:

Anonymous networks:Blocks Tor (✅)

Operating systems:Blocks:

Android 8.1.0 and below

iOS 13.7 and below

Windows 7 and below

Chrome OS (all)

BlackBerry (all)

Authentication method:Push only (✅)

User location:Only allows regions:

NORTHAMERICA-REGION-7

NORTHAMERICA-REGION-10

NORTHAMERICA-REGION-11

NORTHAMERICA-REGION-12

Disabled Policies:

Browser restriction(Chrome, Firefox, Edge) isdisabled(i.e., any browser is allowed)

New user policyisdisabled

Step 3: Examine the Authentication Results Table

From the access log table:

Subject

Result

Access object

Jacob

Deny - context

Sales_application

Bob

Time-out

IT_intelligence_svc

Jane

Deny - context

Accounting_database

Jenny

Time-out

Sales_application

These four failed. Let's match them with policies.

Step 4: Correlate With Telemetry Logs

Jacob:

OS:iOS 13.0 →Below 13.7→❌Violation ofOperating System policy

Location:REGION not specified fully, assume okay unless proven otherwise✅Policy

violated:Operating system

Bob:

OS:Android 10 →✅Allowed

Location:NORTHAMERICA-REGION-12 →✅Allowed

Behavior:Time-outThis could be aconnectivityorpush timeout, not policy violation.⛔️Not due to

policy violation

Jane:

OS:iOS 14.2 →✅Allowed

Location:NORTHAMERICA-REGION-6 →❌Not in allowed regions✅Policy violated:User location

Jenny:

OS:Android 10 →✅Allowed

Location:NORTHAMERICA-REGION-6 →❌Not in allowed regions✅Policy violated:User location

✅Step 5: Final Answer

Violated Policies:

✅Operating Systems→ Violated byJacob

✅User Location→ Violated byJaneandJenny

Telemetry Logs that explain violations:

Log 3– Jacob (OS iOS 13.0 → blocked)

Log 6– Jane (Region 6 → blocked)

Log 7– Jenny (Region 6 → blocked)

✔️Final Answer Summary:

Policies Violated:

✅Operating systems

✅User location

Relevant Telemetry Logs:

Jacob → Log 3

Jane → Log 6

Jenny → Log 7

Q: 20

SIMULATION A product development team has submitted code snippets for review prior to release. INSTRUCTIONS Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet. Code Snippet 1 Code Snippet 2 Vulnerability 1:

SQL injection

Cross-site request forgery

Server-side request forgery

Indirect object reference

Cross-site scripting

Fix 1:

Perform input sanitization of the userid field.

Perform output encoding of queryResponse,

Ensure usex:ia belongs to logged-in user.

Inspect URLS and disallow arbitrary requests.

Implement anti-forgery tokens.

Vulnerability 2

1) Denial of service

2) Command injection

3) SQL injection

4) Authorization bypass

5) Credentials passed via GET Fix 2

A) Implement prepared statements and bind variables.

B) Remove the serve_forever instruction.

C) Prevent the "authenticated" value from being overridden by a GET parameter.

D) HTTP POST should be used for sensitive parameters.

E) Perform input sanitization of the userid field.

Your Answer

Correct Answer:

SEE THE

Explanation

. Explanation: Code Snippet 1 Vulnerability 1: SQL injection SQL injection is a type of attack that exploits a vulnerability in the code that interacts with a database. An attacker can inject malicious SQL commands into the input fields, such asusername or password, and execute them on the database server. This can result in data theft, data corruption, or unauthorized access. Fix 1: Perform input sanitization of the userid field. Input sanitization is a technique that prevents SQL injection by validating and filtering the user input values before passing them to the database. The input sanitization should remove any special characters, such as quotes, semicolons, or dashes, that can alter the intended SQL query. Alternatively, the input sanitization can use a whitelist of allowed values and reject any other values. Code Snippet 2 Vulnerability 2: Cross-site request forgery Cross-site request forgery (CSRF) is a type of attack that exploits a vulnerability in the code that handles web requests. An attacker can trick a user into sending a malicious web request to a server that performs an action on behalf of the user, such as changing their password, transferring funds, or deleting dat a. This can result in unauthorized actions, data loss, or account compromise. Fix 2: Implement anti-forgery tokens. Anti-forgery tokens are techniques that prevent CSRF by adding a unique and secret value to each web request that is generated by the server and verified by the server before performing the action. The anti-forgery token should be different for each user and each session, and should not be predictable or reusable by an attacker. This way, only legitimate web requests from the user’s browser can be accepted by the server.

Question 11 of 20 · Page 2 / 2

Premium Access Includes

✓ Quiz Simulator
✓ Exam Mode
✓ Progress Tracking
✓ Question Saving
✓ Flash Cards
✓ Drag & Drops
✓ 3 Months Access
✓ PDF Downloads

Get Premium Access

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE