CAS-001 Practice Questions

speed private research network. Local businesses in the area are seeking sponsorship from (CIO) believes that this is an opportunity to increase revenues and visibility for the com...

A security analyst at Company A has been trying to convince the Information Security Officer (ISO) to allocate budget towards the purchase of a new intrusion prevention system (IPS...

The IT department of a pharmaceutical research company is considering whether the company should allow or block access to social media websites during lunch time. The company is co...

A security audit has uncovered a lack of security controls with respect to employees' network account management. Specifically, the audit reveals that employee's network accounts a...

Which of the following is true about an unauthenticated SAMLv2 transaction?

A company which manufactures ASICs for use in an IDS wants to ensure that the ASICs' code is not prone to buffer and integer overflows. The ASIC technology is copyrighted and the c...

As part of the testing phase in the SDLC, a software developer wants to verify that an application is properly handling user error exceptions. Which of the following is the BEST to...

Which of the following is the MOST appropriate control measure for lost mobile devices?

Which of the following is the MOST cost-effective solution for sanitizing a DVD with sensitive information on it?

GET /disp_reports.php?SectionEntered=57&GroupEntered=- 1&report_type=alerts&to_date=01-01- 0101&Run= Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10- 2010&TypesEntered=1...

Driven mainly by cost, many companies outsource computing jobs which require a large amount of processor cycles over a short duration to cloud providers. This allows the company to...

A security administrator needs a secure computing solution to use for all of the company's security audit log storage, and to act as a central server to execute security functions...

After implementing port security, restricting all network traffic into and out of a network, migrating to IPv6, installing NIDS, firewalls, spam and application filters, a security...

A security architect is assigned to a major software development project. The software development team has a history of writing bug prone, inefficient code, with multiple security...

A number of security incidents have been reported involving mobile web-based code developed by a consulting company. Performing a root cause analysis, the security administrator of...

A security administrator has been conducting a security assessment of Company XYZ for the past two weeks. All of the penetration tests and other assessments have revealed zero flaw...

mobile device which the Chief Information Officer (CIO) wants to immediately deploy to all employees in the company. The product is commercially available, runs a popular mobile op...

The security administrator is worried about possible SPIT attacks against the VoIP system. Which of the following security controls would MOST likely need to be implemented to dete...

The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance department. The network administrator reviews the tickets and compiles the fol...

On Monday, the Chief Information Officer (CIO) of a state agency received an e-discovery request for the release of all emails sent and received by the agency board of directors fo...

A company is evaluating a new marketing strategy involving the use of social networking sites to reach its customers. The marketing director wants to be able to report important co...

A telecommunication company has recently upgraded their teleconference systems to multicast. Additionally, the security team has instituted a new policy which requires VPN to acces...

An Information Security Officer (ISO) has asked a security team to randomly retrieve discarded computers from the warehouse dumpster. The security team was able to retrieve two old...

Which of the following precautions should be taken to harden network devices in case of VMEscape?

Which of the following should be used with caution because of its ability to provide access to block level data instead of file level data?

Which of the following can aid a buffer overflow attack to execute when used in the creation of applications?

The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and wants to connect it to the company's internal network. The Chief Information Security Offi...

The Chief Executive Officer (CEO) of a corporation decided to move all email to a cloud computing environment. The Chief Information Security Officer (CISO) was told to research th...

The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and wants to connect it to the internal network. The Chief Information Security Officer (CISO)...

The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and connected it to the internal network. The CEO proceeded to download sensitive financial do...

An employee was terminated and promptly escorted to their exit interview, after which the employee left the building. It was later discovered that this employee had started a consu...

A technician states that workstations that are on the network in location B are unable to validate certificates, while workstations that are on the main location A's network are ha...

A system administrator needs to develop a policy for when an application server is no longer needed. Which of the following policies would need to be developed?

A web administrator develops a web form for users to respond to the company via a web page. Which of the following should be practiced to avoid a security risk?

A large enterprise is expanding through the acquisition of a second corporation. Which of the following should be undertaken FIRST before connecting the networks of the newly forme...

The company is considering issuing non-standard tablet computers to executive management. Which of the following is the FIRST step the security manager should perform?

When authenticating over HTTP using SAML, which of the following is issued to the authenticating user?

Which of the following activities could reduce the security benefits of mandatory vacations?

A database is hosting information assets with a computed CIA aggregate value of high. The database is located within a secured network zone where there is flow control between the...

An organization recently upgraded its wireless infrastructure to support WPA2 and requires all clients to use this method. After the upgrade, several critical wireless clients fail...

The Chief Information Security Officer (CISO) is researching ways to reduce the risk associated with administrative access of six IT staff members while enforcing separation of dut...

A company has a primary DNS server at address 192.168.10.53 and a secondary server at 192.168.20.53. An administrator wants to secure a company by only allowing secure zone transfe...

An employee of a company files a complaint with a security administrator. While sniffing network traffic, the employee discovers that financially confidential emails were passing b...

An administrator of a secure web server has several clients with top security clearance and prefers security over performance. By default, which of the following cipher suites woul...

An administrator wants to integrate the Credential Security Support Provider (CredSSP) protocol network level authentication (NLA) into the remote desktop terminal services environ...

A systems security consultant is hired by Corporation X to analyze the current enterprise network environment and make recommendations for increasing network security. It is the co...

The Chief Executive Officer (CEO) has asked a security project manager to provide recommendations on the breakout of tasks for the development of a new product. The CEO thinks that...

Which of the following is the MOST secure way to ensure third party applications and introduce only acceptable risk?

A software vendor has had several zero-day attacks against its software, due to previously unknown security defects being exploited by attackers. The attackers have been able to pe...

A new vendor product has been acquired to replace a legacy perimeter security product. There are significant time constraints due to the existing solution nearing end-of-life with...