CAS-001 Practice Questions

A bank has just outsourced the security department to a consulting firm, but retained the security architecture group. A few months into the contract the bank discovers that the co...

Company XYZ has invested an increasing amount in security due to the changing threat landscape. The company is going through a cost cutting exercise and the Chief Financial Officer...

There has been a recent security breach which has led to the release of sensitive customer information. As part of improving security and reducing the disclosure of customer data,...

A new malware spreads over UDP Port 8320 and several network hosts have been infected. A new security administrator has determined a possible cause, and the infected machines have...

A newly-hired Chief Information Security Officer (CISO) is faced with improving security for a company with low morale and numerous disgruntled employees. After reviewing the situa...

A small company has recently placed a newly installed DNS server on the DMZ and wants to secure it by allowing Internet hosts to query the DNS server. Since the company deploys an...

An administrator would like to connect a server to a SAN. Which of the following processes would BEST allow for availability and access control?

A company data center provides Internet based access to email and web services. The firewall is separated into four zones: - RED ZONE is an Internet zone - ORANGE ZONE a Web DMZ -...

An administrator implements a new PHP application into an existing website and discovers the newly added PHP pages do not work. The rest of the site also uses PHP and is functionin...

Company GHI consolidated their network distribution so twelve network VLANs would be available over dual fiber links to a modular L2 switch in each of the company's six IDFs. The I...

After a recent outbreak of malware attacks, the Chief Information Officer (CIO) tasks the new security manager with determining how to keep these attacks from reoccurring. The comp...

The Chief Information Officer (CIO) of Company XYZ has returned from a large IT conference where one of the topics was defending against zero day attacks ?specifically deploying th...

When planning a complex system architecture, it is important to build in mechanisms to secure log information, facilitate audit log reduction, and event correlation. Besides synchr...

Which of the following implementations of a continuous monitoring risk mitigation strategy is correct?

A corporation relies on a server running a trusted operating system to broker data transactions between different security zones on their network. Each zone is a separate domain an...

A system architect has the following constraints from the customer: - Confidentiality, Integrity, and Availability (CIA) are all of equal importance. - Average availability must be...

The security administrator reports that the physical security of the Ethernet network has been breached, but the fibre channel storage network was not breached. Why might this stil...

As part of a new wireless implementation, the Chief Information Officer's (CIO's) main objective is to immediately deploy a system that supports the 802.11r standard, which will he...

A firm's Chief Executive Officer (CEO) is concerned that its IT staff lacks the knowledge to identify complex vulnerabilities that may exist in the payment system being internally...

The security manager is in the process of writing a business case to replace a legacy secure web gateway so as to meet an availability requirement of 99.9% service availability. Ac...

What of the following vulnerabilities is present in the below source code file named `AuthenticatedArea.php'? <html><head><title>AuthenticatedArea</title></head> <? include ("/inc/...

There have been some failures of the company's customer-facing website. A security engineer has analyzed the root cause to be the WAF. System logs show that the WAF has been down f...

To support a software security initiative business case, a project manager needs to provide a cost benefit analysis. The project manager has asked the security consultant to perfor...

During user acceptance testing, the security administrator believes to have discovered an issue in the login prompt of the company's financial system. While entering the username a...

The network administrator has been tracking the cause of network performance problems and decides to take a look at the internal and external router stats. Which of the following s...

A security administrator wants to perform an audit of the company password file to ensure users are not using personal information such as addresses and birthdays as part of their...

The security administrator at `company.com' is reviewing the network logs and notices a new UDP port pattern where the amount of UDP port 123 packets has increased by 20% above the...

A mid-level company is rewriting its security policies and has halted the rewriting progress because the company's executives believe that its major vendors, who have cultivated a...

A Chief Information Security Officer (CISO) has been trying to eliminate some IT security risks for several months. These risks are not high profile but still exist. Furthermore, m...

The firm's CISO has been working with the Chief Procurement Officer (CPO) and the Senior Project Manager (SPM) on soliciting bids for a series of HIPS and NIPS products for a major...

To prevent a third party from identifying a specific user as having previously accessed a service provider through an SSO operation, SAML uses which of the following?

SAML entities can operate in a variety of different roles. Valid SAML roles include which of the following?

A financial institution has decided to purchase a very expensive resource management system and has selected the product and vendor. The vendor is experiencing some minor, but publ...

A company decides to purchase COTS software. This can introduce new security risks to the network. Which of the following is the BEST description of why this is true?

Which of the following is a security concern with deploying COTS products within the network?

The database team has suggested deploying a SOA based system across the enterprise. The Chief Information Officer (CIO) has decided to consult the security manager about the risk i...

The security team for Company XYZ has determined that someone from outside the organization has obtained sensitive information about the internal organization by querying the exter...

Unit testing for security functionality and resiliency to attack, as well as developing secure code and exploit mitigation, occur in which of the following phases of the Secure Sof...

Which of the following are security components provided by an application security library or framework? (Select THREE).

Which of the following potential vulnerabilities exists in the following code snippet? var myEmail = document.getElementById("formInputEmail").value; if (xmlhttp.readyState==4 && x...

The Chief Information Security Officer (CISO) has just returned from attending a security conference and now wants to implement a Security Operations Center (SOC) to improve and co...

The IT Manager has mandated that an extensible markup language be implemented which can be used to exchange provisioning requests and responses for account creation. Which of the f...

A company is planning to deploy an in-house Security Operations Center (SOC). One of the new requirements is to deploy a NIPS solution into the Internet facing environment. The SOC...

A company recently experienced a malware outbreak. It was caused by a vendor using an approved non-company device on the company's corporate network that impacted manufacturing lin...

Capital Reconnaissance, LLC is building a brand new research and testing location, and the physical security manager wants to deploy IP-based access control and video surveillance....

A company has recently implemented a video conference solution that uses the H.323 protocol. The security engineer is asked to make recommendations on how to secure video conferenc...

A healthcare company recently purchased the building next door located on the same campus. The building previously did not have any IT infrastructure. The building manager has sele...

A network security engineer would like to allow authorized groups to access network devices with a shell restricted to only show information while still authenticating the administ...

An administrator is unable to connect to a server via VNC. Upon investigating the host firewall configuration, the administrator sees the following lines: - A INPUT -m state --stat...

Company A is trying to implement controls to reduce costs and time spent on litigation. To accomplish this, Company A has established several goals: - Prevent data breaches from lo...