CAS-001 Practice Questions

A security administrator wants to verify and improve the security of a business process which is tied to proven company workflow. The security administrator was able to improve sec...

A company receives an e-discovery request for the Chief Information Officer's (CIO's) email data. The storage administrator reports that the data retention policy relevant to their...

The VoIP administrator starts receiving reports that users are having problems placing phone calls. The VoIP administrator cannot determine the issue, and asks the security adminis...

The Chief Information Security Officer (CISO) of a small bank wants to embed a monthly testing regiment into the security management plan specifically for the development area. The...

A large corporation which is heavily reliant on IT platforms and systems is in financial difficulty and needs to drastically reduce costs in the short term to survive. The Chief Fi...

A small customer focused bank with implemented least privilege principles, is concerned about the possibility of branch staff unintentionally aiding fraud in their day to day inter...

A hosting company provides inexpensive guest virtual machines to low-margin customers. Customers manage their own guest virtual machines. Some customers want basic guarantees of lo...

A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSec in transport mode with AH enabled and ESP disabled throughout the internal network. The comp...

A developer is coding the crypto routine of an application that will be installed on a standard headless and diskless server connected to a NAS housed in the datacenter. The develo...

After three vendors submit their requested documentation, the CPO and the SPM can better understand what each vendor does and what solutions that they can provide. But now they wan...

The <nameID> element in SAML can be provided in which of the following predefined formats? (Select TWO).

A corporation has expanded for the first time by integrating several newly acquired businesses. Which of the following are the FIRST tasks that the security team should undertake?...

New zero-day attacks are announced on a regular basis against a broad range of technology systems. Which of the following best practices should a security manager do to manage the...

A WAF without customization will protect the infrastructure from which of the following attack combinations?

(CRM) and marketing / leads management to Company XYZ. Which of the following is the MOST important to be considered before going ahead with the service?

The Linux server at Company A hosts a graphical application widely used by the company designers. One designer regularly connects to the server from a Mac laptop in the designer's...

A data breach has occurred at Company A and as a result, the Chief Information Officer (CIO) has resigned. The CIO's laptop, cell phone and PC were all wiped of data per company po...

A security administrator at a Lab Company is required to implement a solution which will provide the highest level of confidentiality possible to all data on the lab network. The c...

A data processing server uses a Linux based file system to remotely mount physical disks on a shared SAN. The server administrator reports problems related to processing of files w...

databases, web portals, and cloud data sets. Each data store had a unique set of custom developed authentication mechanisms and schemas. Which of the following approaches to combin...

A security researcher is about to evaluate a new secure VoIP routing appliance. The appliance manufacturer claims the new device is hardened against all known attacks and several u...

Customer Need: "We need the system to produce a series of numbers with no discernible mathematical progression for use by our Java based, PKI-enabled, customer facing website." Whi...

A security engineer is implementing a new solution designed to process e-business transactions and record them in a corporate audit database. The project has multiple technical sta...

A large financial company has a team of security-focused architects and designers that contribute into broader IT architecture and design solutions. Concerns have been raised due t...

A University uses a card transaction system that allows students to purchase goods using their student ID . Students can put money on their ID at terminals throughout the campus. T...

Which of the following attacks does Unicast Reverse Path Forwarding prevent?

Which of the following authentication types is used primarily to authenticate users through the use of tickets?

A security consultant is evaluating forms which will be used on a company website. Which of the following techniques or terms is MOST effective at preventing malicious individuals...

A security audit has uncovered that some of the encryption keys used to secure the company B2B financial transactions with its partners may be too weak. The security administrator...

A company provides on-demand virtual computing for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two-factor authenticat...

Company XYZ provides residential television cable service across a large region. The company's board of directors is in the process of approving a deal with the following three com...

The security administrator at a bank is receiving numerous reports that customers are unable to login to the bank website. Upon further investigation, the security administrator di...

A security administrator has finished building a Linux server which will host multiple virtual machines through hypervisor technology. Management of the Linux server, including mon...

A breach at a government agency resulted in the public release of top secret information. The Chief Information Security Officer has tasked a group of security professionals to dep...

financial system. The audit report indicates that the accounts receivable department has not followed proper record disposal procedures during a COOP/BCP tabletop exercise involvin...

The security administrator is receiving numerous alerts from the internal IDS of a possible Conficker infection spreading through the network via the Windows file sharing services....

A company currently does not use any type of authentication or authorization service for remote access. The new security policy states that all remote access must be locked down to...

Which of the following displays an example of a buffer overflow attack?

Which of the following displays an example of a XSS attack?

Several critical servers are unresponsive after an update was installed. Other computers that have not yet received the same update are operational, but are vulnerable to certain b...

A business is currently in the process of upgrading its network infrastructure to accommodate a personnel growth of over fifty percent within the next six months. All preliminary p...

Which of the following must be taken into consideration for e-discovery purposes when a legal case is first presented to a company?

A company has purchased a new system, but security personnel are spending a great deal of time on system maintenance. A new third party vendor has been selected to maintain and man...

The security administrator of a small private firm is researching and putting together a proposal to purchase an IPS to replace an existing IDS. A specific brand and model has been...

A security administrator of a large private firm is researching and putting together a proposal to purchase an IPS. The specific IPS type has not been selected, and the security ad...

Wireless users are reporting issues with the company's video conferencing and VoIP systems. The security administrator notices DOS attacks on the network that are affecting the com...

A company has decided to use the SDLC for the creation and production of a new information system. The security administrator is training all users on how to protect company inform...

A company contracts with a third party to develop a new web application to process credit cards. Which of the following assessments will give the company the GREATEST level of assu...

A system designer needs to factor in CIA requirements for a new SAN. Which of the CIA requirements is BEST met by multipathing?

An internal employee has sold a copy of the production customer database that was being used for upgrade testing to outside parties via HTTP file upload. The Chief Information Offi...