CAS-001 Practice Questions

A security manager has provided a Statement of Work (SOW) to an external penetration testing firm for a web application security test. The web application starts with a very simple...

An online banking application has had its source code updated and is soon to be re-launched. The underlying infrastructure has not been changed. In order to ensure that the applica...

Within a large organization, the corporate security policy states that personal electronic devices are not allowed to be placed on the company network. There is considerable pressu...

A replacement CRM has had its business case approved. In preparation for a requirements workshop, an architect is working with a business analyst to ensure that appropriate securit...

Which of the following BEST defines the term e-discovery?

A new project initiative involves replacing a legacy core HR system, and is expected to touch many major operational systems in the company. A security administrator is engaged in...

SDLC is being used for the commissioning of a new platform. To provide an appropriate level of assurance the security requirements that were specified at the project origin need to...

An IT administrator has installed new DNS name servers (Primary and Secondary), which are used to host the company MX records and resolve the web server's public address. In order...

The Chief Executive Officer (CEO) has decided to outsource systems which are not core business functions; however, a recent review by the risk officer has indicated that core busin...

A data breach occurred which impacted the HR and payroll system. It is believed that an attack from within the organization resulted in the data breach. Which of the following shou...

A production server has been compromised. Which of the following is the BEST way to preserve the non-volatile evidence?

A project has been established in a large bank to develop a new secure online banking platform. Half way through the development it was discovered that a key piece of software used...

A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which...

A small company has a network with 37 workstations, 3 printers, a 48 port switch, an enterprise class router, and a firewall at the boundary to the ISP. The workstations have the l...

Statement: "The system shall implement measures to notify system administrators prior to a security incident occurring." Which of the following BEST restates the above statement to...

A corporate executive lost their smartphone while on an overseas business trip. The phone was equipped with file encryption and secured with a strong passphrase. The phone containe...

A user logs into domain A using a PKI certificate on a smartcard protected by an 8 digit PIN. The credential is cached by the authenticating server in domain A . Later, the user at...

A certain script was recently altered by the author to meet certain security requirements, and needs to be executed on several critical servers. Which of the following describes th...

A company has asked their network engineer to list the major advantages for implementing a virtual environment in regards to cost. Which of the following would MOST likely be selec...

The security administrator has been tasked with providing a solution that would not only eliminate the need for physical desktops, but would also centralize the location of all des...

A company has decided to relocate and the security manager has been tasked to perform a site survey of the new location to help in the design of the physical infrastructure. The cu...

Which of the following refers to programs running in an isolated space to run untested code and prevents the code from making permanent changes to the OS kernel and other data on t...

The company is about to upgrade a financial system through a third party, but wants to legally ensure that no sensitive information is compromised throughout the project. The proje...

A company is developing a new web application for its Internet users and is following a secure coding methodology. Which of the following methods would BEST assist the developers i...

An organization must comply with a new regulation that requires the organization to determine if an external attacker is able to gain access to its systems from outside the network...

The sales division within a large organization purchased touch screen tablet computers for all 250 sales representatives in an effort to showcase the use of technology to its custo...

Based on the results of a recent audit, a company rolled out a standard computer image in an effort to provide consistent security configurations across all computers. Which of the...

Due to a new regulation, a company has to increase active monitoring of security-related events to 24 hours a day. The security staff only has three full time employees that work d...

The company's marketing department needs to provide more real-time interaction with its partners and consumers and decides to move forward with a presence on multiple social networ...

Company Z is merging with Company A to expand its global presence and consumer base. This purchase includes several offices in different countries. To maintain strict internal secu...

An administrator wants to virtualize the company's web servers, application servers, and database servers. Which of the following should be done to secure the virtual host machines...

A security incident happens three times a year on a company's web server costing the company $1,500 in downtime, per occurrence. The web server is only for archival access and is s...

An administrator is assessing the potential risk impact on an accounting system and categorizes it as follows: Administrative Files = {(Confidentiality, Moderate), (Integrity, Mode...

An administrator is reviewing a recent security audit and determines that two users in finance also have access to the human resource data. One of those users fills in for any HR e...

After a security incident, an administrator revokes the SSL certificate for their web server generating certificate errors: ftp.company.com, mail.company.com, and partners.company....

A user on a virtual machine downloads a large file using a popular peer-to-peer torrent program. The user is unable to execute the program on their VM. A security administrator sca...

An administrator is troubleshooting availability issues on a FCoE based storage array that uses deduplication. An administrator has access to the raw data from the SAN and wants to...

The security administrator has noticed a range of network problems affecting the proxy server. Based on reviewing the logs, the administrator notices that the firewall is being tar...

Company A is merging with Company B. Company B uses mostly hosted services from an outside vendor, while Company A uses mostly in-house products. The project manager of the merger...

The new security policy states that only authorized software will be allowed on the corporate network and all personally owned equipment needs to be configured by the IT security s...

The increasing complexity of attacks on corporate networks is a direct result of more and more corporate employees connecting to corporate networks with mobile and personal devices...

A security engineer at a major financial institution is prototyping multiple secure network configurations. The testing is focused on understanding the impact each potential design...

The sales staff at a software development company has received the following requirements from a customer: "We need the system to notify us in advance of all software errors and re...

A programming team is deploying a new PHP module to be run on a Solaris 10 server with trusted extensions. The server is configured with three zones, a management zone, a customer...

Company XYZ is selling its manufacturing business consisting of one plant to a competitor, Company QRS. All of the people will become QRS employees, but will retain permissions to...

200 internal custom web applications having standalone identity stores. In order to reduce costs and improve operational efficiencies a project has been initiated to implement a ce...

Within an organization, there is a known lack of governance for solution designs. As a result there are inconsistencies and varying levels of quality for the artifacts that are pro...

During a specific incident response and recovery process action, the response team determines that it must first speak to the person ultimately responsible for the data. With whom...

A growing corporation is responding to the needs of its employees to access corporate email and other resources while traveling. The company is implementing remote access for compa...

In order to reduce cost and improve employee satisfaction, a large corporation has decided to allow personal communication devices to access email and to remotely connect to the co...