CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education
Question No: 191 – (Topic 3)
An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data leakage. Given that the ARO is twice per year, the ALE resulting from a data leak is $25,000 and the ALE after implementing the web filter is $15,000. The web filtering solution will cost the organization
$10,000 per year. Which of the following values is the single loss expectancy of a data leakage event after implementing the web filtering solution?
B. $7,500 C. $10,000 D. $12,500 E. $15,000
Answer: B Explanation:
The annualized loss expectancy (ALE) is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as: ALE = ARO x SLE
Single Loss Expectancy (SLE) is mathematically expressed as: Asset value (AV) x Exposure Factor (EF)
SLE = AV x EF – Thus the Single Loss Expectancy (SLE) = ALE/ARO = $15,000 / 2 = $ 7,500
References: http://www.financeformulas.net/Return_on_Investment.html https://en.wikipedia.org/wiki/Risk_assessment
Question No: 192 – (Topic 3)
A security administrator wants to calculate the ROI of a security design which includes the purchase of new equipment. The equipment costs $50,000 and it will take 50 hours to install and configure the equipment. The administrator plans to hire a contractor at a rate of
$100/hour to do the installation. Given that the new design and equipment will allow the company to increase revenue and make an additional $100,000 on the first year, which of the following is the ROI expressed as a percentage for the first year?
Answer: D Explanation:
Return on investment = Net profit / Investment where:Net profit = gross profit – expenses
investment = stock market outstanding[when defined as?] claims or
Return on investment = (gain from investment – cost of investment) / cost of investment Thus (100 000 – 55 000)/50 000 = 0,82 = 82 %
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley amp; Sons, Indianapolis, 2012, p. 337 http://www.financeformulas.net/Return_on_Investment.html
Question No: 193 – (Topic 3)
The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s contribution to worldwide Distributed Denial of Service (DDoS) attacks.
Which of the following should the ISP implement? (Select TWO).
Block traffic from the ISP’s networks destined for blacklisted IPs.
Prevent the ISP’s customers from querying DNS servers other than those hosted by the ISP.
Scan the ISP’s customer networks using an up-to-date vulnerability scanner.
Notify customers when services they run are involved in an attack.
Block traffic with an IP source not allocated to customers from exiting the ISP#39;s network.
Answer: D,E Explanation:
Since DDOS attacks can originate from nay different devices and thus makes it harder to defend against, one way to limit the company’s contribution to DDOS attacks is to notify customers about any DDOS attack when they run services that are under attack. The company can also block IP sources that are not allocated to customers from the existing SIP’s network.
Topic 4, Integration of Computing, Communications and Business Disciplines
Question No: 194 – (Topic 4)
A medium-sized company has recently launched an online product catalog. It has decided to keep the credit card purchasing in-house as a secondary potential income stream has been identified in relation to sales leads. The company has decided to undertake a PCI assessment in order to determine the amount of effort required to meet the business objectives. Which compliance category would this task be part of?
Question No: 195 – (Topic 4)
An organization has decided to reduce labor costs by outsourcing back office processing of credit applications to a provider located in another country. Data sovereignty and privacy concerns raised by the security team resulted in the third-party provider only accessing and processing the data via remote desktop sessions. To facilitate communications and improve productivity, staff at the third party has been provided with corporate email
accounts that are only accessible via the remote desktop sessions. Email forwarding is blocked and staff at the third party can only communicate with staff within the organization. Which of the following additional controls should be implemented to prevent data loss? (Select THREE).
Implement hashing of data in transit
Session recording and capture
Disable cross session cut and paste
Monitor approved credit accounts
User access audit reviews
Source IP whitelisting
Answer: C,E,F Explanation:
Data sovereignty is a legal concern where the data is governed by the laws of the country in which the data resides. In this scenario the company does not want the data to fall under the law of the country of the organization to whom back office process has be outsourced to. Therefore we must ensure that data can only be accessed on local servers and no copies are held on computers of the outsource partner. It is important therefore to prevent cut and paste operations.
Privacy concerns can be addressed by ensuring the unauthorized users do not have access to the data. This can be accomplished though user access auditing, which needs to be reviewed on an ongoing basis; and source IP whitelisting, which is a list of IP addresses that are explicitly allowed access to the system.
Question No: 196 – (Topic 4)
A security engineer is working on a large software development project. As part of the design of the project, various stakeholder requirements were gathered and decomposed to an implementable and testable level. Various security requirements were also documented.
Organize the following security requirements into the correct hierarchy required for an SRTM.
Requirement 1: The system shall provide confidentiality for data in transit and data at rest. Requirement 2: The system shall use SSL, SSH, or SCP for all data transport.
Requirement 3: The system shall implement a file-level encryption scheme.
Requirement 4: The system shall provide integrity for all data at rest. Requirement 5: The system shall perform CRC checks on all files.
Level 1: Requirements 1 and 4; Level 2: Requirements 2, 3, and 5
Level 1: Requirements 1 and 4; Level 2: Requirements 2 and 3 under 1, Requirement 5 under 4
Level 1: Requirements 1 and 4; Level 2: Requirement 2 under 1, Requirement 5 under 4; Level 3: Requirement 3 under 2
Level 1: Requirements 1, 2, and 3; Level 2: Requirements 4 and 5
Answer: B Explanation:
Confidentiality and integrity are two of the key facets of data security. Confidentiality ensures that sensitive information is not disclosed to unauthorized users; while integrity ensures that data is not altered by unauthorized users. These are Level 1 requirements.
Confidentiality is enforced through encryption of data at rest, encryption of data in transit, and access control. Encryption of data in transit is accomplished by using secure protocols such as PSec, SSL, PPTP, SSH, and SCP, etc.
Integrity can be enforced through hashing, digital signatures and CRC checks on the files. In the SRTM hierarchy, the enforcement methods would fall under the Level requirement. References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley amp; Sons, Indianapolis, 2012, pp. 17-19, 20, 27-29
Question No: 197 – (Topic 4)
Company A is purchasing Company B. Company A uses a change management system for all IT processes while Company B does not have one in place. Company B’s IT staff needs to purchase a third party product to enhance production. Which of the following NEXT steps should be implemented to address the security impacts this product may cause?
Purchase the product and test it in a lab environment before installing it on any live system.
Allow Company A and B’s IT staff to evaluate the new product prior to purchasing it.
Purchase the product and test it on a few systems before installing it throughout the entire company.
Use Company A’s change management process during the evaluation of the new product.
Question No: 198 – (Topic 4)
The security administrator is responsible for the confidentiality of all corporate data. The company’s servers are located in a datacenter run by a different vendor. The vendor datacenter hosts servers for many different clients, all of whom have access to the datacenter. None of the racks are physically secured. Recently, the company has been the victim of several attacks involving data injection and exfiltatration. The security administrator suspects these attacks are due to several new network based attacks facilitated by having physical access to a system. Which of the following BEST describes how to adapt to the threat?
Apply port security to all switches, switch to SCP, and implement IPSec tunnels between devices.
Apply two factor authentication, require point to point VPNs, and enable log auditing on all devices.
Apply port security to all routers, switch to telnet, and implement point to point VPNs on all servers.
Apply three factor authentication, implement IPSec, and enable SNMP.
Question No: 199 – (Topic 4)
A company with 2000 workstations is considering purchasing a HIPS to minimize the impact of a system compromise from malware. Currently, the company projects a total cost of $50,000 for the next three years responding to and eradicating workstation malware. The Information Security Officer (ISO) has received three quotes from different companies that provide HIPS.
The first quote requires a $10,000 one-time fee, annual cost of $6 per workstation, and a 10% annual support fee based on the number of workstations.
The second quote requires a $15,000 one-time fee, an annual cost of $5 per workstation, and a 12% annual fee based on the number of workstations.
The third quote has no one-time fee, an annual cost of $8 per workstation, and a 15% annual fee based on the number of workstations.
Which solution should the company select if the contract is only valid for three years?
Accept the risk
Answer: B Explanation:
We have 2000 workstations and a budget of $50,000 for the next three years. An annual fee of $5 per workstation works out to $10,000 per year. An additional 12% annual support fee adds another $1,200, which makes it $11,200 a year and $33,600 over three years.
The $15,000 one-time fee pushes the total up to $48,600 over the tree years.
Question No: 200 – (Topic 4)
The risk committee has endorsed the adoption of a security system development life cycle (SSDLC) designed to ensure compliance with PCI-DSS, HIPAA, and meet the organization’s mission. Which of the following BEST describes the correct order of implementing a five phase SSDLC?
Initiation, assessment/acquisition, development/implementation, operations/maintenance and sunset.
Initiation, acquisition/development, implementation/assessment, operations/maintenance and sunset.
Assessment, initiation/development, implementation/assessment, operations/maintenance and disposal.
Acquisition, initiation/development, implementation/assessment, operations/maintenance and disposal.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|