CAS-001 Practice Questions

A security architect is seeking to outsource company server resources to a commercial cloud service provider. The provider under consideration has a reputation for poorly controlli...

The root cause analysis of a recent security incident reveals that an attacker accessed a printer from the Internet. The attacker then accessed the print server, using the printer...

Existing enterprise architecture included an enclave where sensitive research and development work was conducted. This network enclave also served as a storage location for proprie...

At one time, security architecture best practices led to networks with a limited number (1-3) of network access points. This restriction allowed for the concentration of security r...

An administrator notices the following file in the Linux server's /tmp directory. -rwsr-xr-x. 4 root root 234223 Jun 6 22:52 bash* Which of the following should be done to prevent...

ABC will share some of its customer information with XYZ. However, XYZ can only contact ABC customers who explicitly agreed to being contacted by third parties. Which of the follow...

200km (123 miles) away. This connection is provided by the local cable television company. ABC would like to extend a secure VLAN to the remote office, but the cable company says t...

Company A has a remote work force that often includes independent contractors and out of state full time employees. Company A's security engineer has been asked to implement a solu...

An ecommerce application on a Linux server does not properly track the number of incoming connections to the server and may leave the server vulnerable to which of following?

A startup company offering software on demand has hired a security consultant to provide expertise on data security. The company's clients are concerned about data confidentiality....

A financial institution wants to reduce the costs associated with managing and troubleshooting employees' desktops and applications, while keeping employees from copying data onto...

A health service provider is considering the impact of allowing doctors and nurses access to the internal email system from their personal smartphones. The Information Security Off...

The security administrator at a company has received a subpoena for the release of all the email received and sent by the company Chief Information Officer (CIO) for the past three...

A database administrator comes across the below records in one of the databases during an internal audit of the payment system: UserID Address Credit Card No. Password jsmith 123 f...

A security administrator is redesigning, and implementing a service-oriented architecture to replace an old, in-house software processing system, tied to a corporate sales website....

A team of security engineers has applied regulatory and corporate guidance to the design of a corporate network. The engineers have generated an SRTM based on their work and a thor...

A small company hosting multiple virtualized client servers on a single host is considering adding a new host to create a cluster. The new host hardware and operating system will b...

A security administrator is conducting network forensic analysis of a recent defacement of the company's secure web payment server (HTTPS). The server was compromised around the Ne...

The security manager of a company has hired an external consultant to conduct a security assessment of the company network. The contract stipulates that the consultant is not allow...

A security consultant is called into a small advertising business to recommend which security policies and procedures would be most helpful to the business. The business is compris...

When attending the latest security conference, an information security administrator noticed only a few people carrying a laptop around. Most other attendees only carried their sma...

A process allows a LUN to be available to some hosts and unavailable to others. Which of the following causes such a process to become vulnerable?

In order for a company to boost profits by implementing cost savings on non-core business activities, the IT manager has sought approval for the corporate email system to be hosted...

A large organization has gone through several mergers, acquisitions, and de-mergers over the past decade. As a result, the internal networks have been integrated but have complex d...

The Chief Information Officer (CIO) of a technology company is likely to move away from a de- perimeterized model for employee owned devices. This is because there were too many is...

An architect has been engaged to write the security viewpoint of a new initiative. Which of the following BEST describes a repeatable process that can be used for establishing the...

Within the company, there is executive management pressure to start advertising to a new target market. Due to the perceived schedule and budget inefficiencies of engaging a techno...

Several business units have requested the ability to use collaborative web-based meeting places with third party vendors. Generally these require user registration, installation of...

A new web application system was purchased from a vendor and configured by the internal development team. Before the web application system was moved into production, a vulnerabili...

A security consultant is hired by a company to determine if an internally developed web application is vulnerable to attacks. The consultant spent two weeks testing the application...

In an effort to reduce internal email administration costs, a company is determining whether to outsource its email to a managed service provider that provides email, spam, and mal...

A company is preparing to upgrade its NIPS at five locations around the world. The three platforms the team plans to test, claims to have the most advanced features and lucrative p...

An organization has had component integration related vulnerabilities exploited in consecutive releases of the software it hosts. The only reason the company was able to identify t...

A company has a single subnet in a small office. The administrator wants to limit non-web related traffic to the corporate intranet server as well as prevent abnormal HTTP requests...

An administrator is reviewing logs and sees the following entry: Message: Access denied with code 403 (phase 2). Pattern match "\bunion\b.{1,100}?\bselect\b" at ARGS:$id. [data "un...

A team is established to create a secure connection between software packages in order to list employee's remaining or unused benefits on their paycheck stubs. Which of the followi...

An administrator is notified that contract workers will be onsite assisting with a new project. The administrator wants each worker to be aware of the corporate policy pertaining t...

A new startup company with very limited funds wants to protect the organization from external threats by implementing some type of best practice security controls across a number o...

A security manager is developing new policies and procedures. Which of the following is a best practice in end user security?

If a technician must take an employee's workstation into custody in response to an investigation, which of the following can BEST reduce the likelihood of related legal issues?

An organization has had six security incidents over the past year against their main web application. Each time the organization was able to determine the cause of the incident and...

A company runs large computing jobs only during the overnight hours. To minimize the amount of capital investment in equipment, the company relies on the elastic computing services...

A business wants to start using social media to promote the corporation and to ensure that customers have a good experience with their products. Which of the following security ite...

An administrator at a small company replaces servers whenever budget money becomes available. Over the past several years the company has acquired and still uses 20 servers and 50...

A Physical Security Manager is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. The Security Manager has several security guard des...

In single sign-on, the secondary domain needs to trust the primary domain to do which of the following? (Select TWO).

A corporation has Research and Development (R&D) and IT support teams, each requiring separate networks with independent control of their security boundaries to support department...

A manager who was attending an all-day training session was overdue entering bonus and payroll information for subordinates. The manager felt the best way to get the changes entere...

After connecting to a secure payment server at https://pay.xyz.com, an auditor notices that the SSL certificate was issued to *.xyz.com. The auditor also notices that many of the i...

A morphed worm carrying a 0-day payload has infiltrated the company network and is now spreading across the organization. The security administrator was able to isolate the worm co...