CAS-004 Security Engineering • Complete Question Bank
Complete CAS-004 Security Engineering question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
```
-- AppArmor Profile: /usr/bin/somebin
#include <tunables/global>
profile somebin /usr/bin/somebin {
capability dac_override,
network inet dgram,
/etc/config/* r,
/var/log/app.log w,
}
```Refer to the exhibit.
```
# iptables -L FORWARD -v -n
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth0 eth1 10.0.1.0/24 0.0.0.0/0 state NEW,ESTABLISHED
0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 10.0.1.0/24 state ESTABLISHED
```Refer to the exhibit.
```
# iptables -L -n -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
```Refer to the exhibit.
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::corporate-data/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/8"
}
}
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::corporate-data/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
```Refer to the exhibit. === syslog excerpt === Mar 15 14:23:45 firewall1 %ASA-4-106023: Deny tcp src inside:192.168.1.10/54321 dst outside:10.0.0.1/80 by access-group "OUTSIDE_IN" [0x0, 0x0] Mar 15 14:23:46 firewall1 %ASA-4-106023: Deny tcp src inside:192.168.1.10/54322 dst outside:10.0.0.1/80 by access-group "OUTSIDE_IN" [0x0, 0x0] Mar 15 14:23:47 firewall1 %ASA-4-106023: Deny tcp src inside:192.168.1.10/54323 dst outside:10.0.0.1/80 by access-group "OUTSIDE_IN" [0x0, 0x0]
Refer to the exhibit. Exhibit: ``` Filtering rules for interface eth0 (direction inbound): Rule 1: deny tcp 10.0.1.0/24 any eq 22 Rule 2: permit tcp any host 10.0.1.10 eq 443 Rule 3: deny ip any 10.0.2.0/24 Rule 4: permit tcp 10.0.1.0/24 host 10.0.2.10 eq 3306 Rule 5: deny ip any any ```
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
DNS query and lookup
Display network connections and listening ports
Capture and analyze network traffic
Perform SSL/TLS cryptographic operations
Network discovery and port scanning
Drag a concept onto its matching description — or click a concept then click the description.
Software delivered over the internet
Platform for application development and deployment
Virtualized computing resources over the internet
Disaster recovery as a service
Security services delivered via the cloud
Refer to the exhibit. show security policies Policy Name: Web-Server-Access Source Zone: untrust Dest Zone: dmz Source Address: any Dest Address: 10.1.1.100 Application: http, https Action: permit Log: session-init Policy Name: Remote-Admin Source Zone: vpn Dest Zone: mgmt Source Address: 10.2.2.0/24 Dest Address: 192.168.1.1 Application: ssh, https Action: permit Log: session-close
Refer to the exhibit. Aug 15 14:23:10 server1 sshd[1234]: Failed password for root from 192.168.1.200 port 56789 ssh2 Aug 15 14:23:12 server1 sshd[1234]: Failed password for root from 192.168.1.200 port 56790 ssh2 Aug 15 14:23:15 server1 sshd[1234]: Failed password for root from 192.168.1.200 port 56791 ssh2 ... Aug 15 14:25:30 server1 sshd[1234]: Accepted password for admin from 10.0.0.50 port 34821 ssh2
Refer to the exhibit.
<security>
<authentication type="OAuth2">
<client-id>abc123</client-id>
<client-secret>secret!</client-secret>
<token-endpoint>https://auth.example.com/token</token-endpoint>
<redirect-uri>http://app.example.com/callback</redirect-uri>
<grant-type>authorization_code</grant-type>
</authentication>
</security>Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0x1234567890abcdef
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Example Corp, CN=Example Root CA
Validity
Not Before: Jan 1 00:00:00 2024 GMT
Not After : Dec 31 23:59:59 2024 GMT
Subject: C=US, O=Example Corp, CN=server01.example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus: ...
X509v3 extensions:
...Firewall Rule Base: 1. permit tcp any any eq 80 2. permit tcp any any eq 443 3. permit udp any any eq 53 4. permit icmp any any
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*"
}
]
}Refer to the exhibit. Exhibit: ``` ssl_cert_path = /etc/ssl/certs/server.pem ssl_key_path = /etc/ssl/private/server.key ssl_protocols = TLSv1.2 TLSv1.3 ssl_ciphers = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256 ssl_verify_client = optional ```
Refer to the exhibit. Exhibit: ``` Cipher: AES256-GCM Mode: GCM Key size: 256 bits IV size: 12 bytes Tag size: 16 bytes AAD: "" ```
Refer to the exhibit. Exhibit: ``` [openvpn] port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh2048.pem tls-server tls-version-min 1.2 cipher AES-256-CBC auth SHA256 ```
access-list 100 permit tcp any any eq 22 access-list 100 permit tcp host 10.0.0.10 any eq 443 access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80 access-list 100 deny ip any any