CompTIA Advanced Security Practitioner Sample Questions:

1. Employees have recently requested remote access to corporate email and shared drives. Remote access has never been offered; however, the need to improve productivity and rapidly responding to customer demands means staff now requires remote access. Which of the following controls will BEST protect the corporate network?

A) Plan and develop security policies based on the assumption that external environments have active hostile threats.
B) Secure remote access systems to ensure shared drives are read only and access is provided through a SSL portal. Perform regular audits of user accounts and reviews of system logs.
C) Implement a DLP program to log data accessed by users connecting via remote access. Regularly perform user revalidation.
D) Develop a security policy that defines remote access requirements. Perform regular audits of user accounts and reviews of system logs.

2. A large international business has completed the acquisition of a small business and it is now in the process of integrating the small business' IT department. Both parties have agreed that the large business will retain 95% of the smaller business' IT staff. Additionally, the larger business has a strong interest in specific processes that the smaller business has in place to handle its regional interests. Which of the following IT security related objectives should the small business' IT staff consider reviewing during the integration process? (Select TWO).

A) Service level agreements between the small and the large business.
B) The memorandum of understanding between the two businesses.
C) New regulatory compliance requirements.
D) How the large business operational procedures are implemented.
E) The initial request for proposal drafted during the merger.
F) The business continuity plan in place at the small business.

3. A healthcare company recently purchased the building next door located on the same campus. The building previously did not have any IT infrastructure. The building manager has selected four potential locations to place IT equipment consisting of a half height open server rack with five switches, a router, a firewall, and two servers. Given the descriptions below, where would the security engineer MOST likely recommend placing the rack?
The Boiler Room: The rack can be placed 5 feet (1.5 meters) up on the wall, between the second and third boiler. The room is locked and only maintenance has access to it.
The Reception AreA.The reception area is an open area right as customers enter. There is a closet 5 feet by 5 feet (1.5 meters by 1.5 meters) that the rack will be placed in with floor mounts. There is a 3 digit PIN lock that the receptionist sets.
The Rehabilitation AreA.The rack needs to be out of the way from patients using the whirlpool bath, so it will be wall mounted 8 feet (2.4 meters) up as the area has high ceilings. The rehab area is staffed full time and admittance is by key card only.
The Finance AreA.There is an unused office in the corner of the area that can be used for the server rack. The rack will be floor mounted. The finance area is locked and alarmed at night.

A) The Boiler Room
B) The Reception Area
C) The Rehabilitation Area
D) The Finance Area

4. A security researcher is about to evaluate a new secure VoIP routing appliance. The appliance manufacturer claims the new device is hardened against all known attacks and several un-disclosed zero day exploits. The code base used for the device is a combination of compiled C and TC/TKL scripts. Which of the following methods should the security research use to enumerate the ports and protocols in use by the appliance?

A) Switchport analyzer
B) Penetration testing
C) Grey box testing
D) Device fingerprinting

5. News outlets are beginning to report on a number of retail establishments that are experiencing payment card data breaches. The data exfiltration is enabled by malware on a compromised computer. After the initial exploit network mapping and fingerprinting occurs in preparation for further exploitation. Which of the following is the MOST effective solution to protect against unrecognized malware infections, reduce detection time, and minimize any damage that might be done?

A) Update router configuration to pass all network traffic through a new proxy server with advanced malware detection.
B) Deploy a network based heuristic IDS, configure all layer 3 switches to feed data to the IDS for more effective monitoring.
C) Implement an application whitelist at all levels of the organization.
D) Remove local admin permissions from all users and change anti-virus to a cloud aware, push technology.

Solutions: