CAS-001 Practice Questions

A storage administrator would like to make storage available to some hosts and unavailable to other hosts. Which of the following would be used?

Which of the following is a security advantage of single sign-on? (Select TWO).

After a system update causes significant downtime, the Chief Information Security Officer (CISO) asks the IT manager who was responsible for the update. The IT manager responds tha...

Company A is purchasing Company B, and will import all of Company B's users into its authentication system. Company A uses 802.1x with a RADIUS server, while Company B uses a capti...

A company has a legacy virtual cluster which was added to the datacenter after a small company was acquired. All VMs on the cluster use the same virtual network interface to connec...

A user reports that the workstation's mouse pointer is moving and files are opening automatically. Which of the following should the user perform?

The IT department of a large telecommunications company has developed and finalized a set of security solutions and policies which have been approved by upper management for deploy...

Employees have recently requested remote access to corporate email and shared drives. Remote access has never been offered; however, the need to improve productivity and rapidly re...

A manufacturing company is having issues with unauthorized access and modification of the controls operating the production equipment. A communication requirement is to allow the f...

A small bank is introducing online banking to its customers through its new secured website. The firewall has three interfaces: one for the Internet connection, another for the DMZ...

The Chief Information Officer (CIO) comes to the security manager and asks what can be done to reduce the potential of sensitive data being emailed out of the company. Which of the...

Virtual hosts with different security requirements should be:

Corporate policy states that the systems administrator should not be present during system audits. The security policy that states this is:

When Company A and Company B merged, the network security administrator for Company A was tasked with joining the two networks. Which of the following should be done FIRST?

A legacy system is not scheduled to be decommissioned for two years and requires the use of the standard Telnet protocol. Which of the following should be used to mitigate the secu...

An ISP is peering with a new provider and wishes to disclose which autonomous system numbers should be allowed through BGP for network transport. Which of the following should cont...

A wholesaler has decided to increase revenue streams by selling direct to the public through an on- line system. Initially this will be run as a short term trial and if profitable,...

Unit testing for security functionality and resiliency to attack, as well as developing secure code and exploit mitigation, occur in which of the following phases of the Secure Sof...

Which of the following are security components provided by an application security library or framework? (Select THREE).

Which of the following are examples of privilege escalation? Each correct answer represents a complete solution. Choose two.

Which of the following is used to provide for the systematic review, retention and destruction of documents received or created in the course of business?

Which of the following statements are true about OCSP and CRL? Each correct answer represents a complete solution. Choose all that apply.

Cloud computing is significantly impacting the definition of network perimeters. Which of the following is NOT a network perimeter issue with cloud computing?

Which of the following types of Incident Response Teams (IRT) is responsible for a logical or physical segment of the infrastructure, usually of a large organization or one that is...

Denise works as a Security Administrator for a community college. She is assessing the various risks to her network. Which of the following is not a category of risk assessment?

A Chief Information Security Officer (CISO) of a major consulting firm has significantly increased the company's security posture; however, the company is still plagued by data bre...

The security administrator is responsible for the confidentiality of all corporate data. The company's servers are located in a datacenter run by a different vendor. The vendor dat...

Which of the following should be used to identify overflow vulnerabilities?

When attending the latest security conference, an information security administrator noticed only a few people carrying a laptop around. Most other attendees only carried their sma...

A network administrator notices a security intrusion on the web server. Which of the following is noticed by file?

The Chief Technology Officer (CTO) has decided that servers in the company datacenter should be virtualized to conserve physical space. The risk assurance officer is concerned that...

Due to cost and implementation time pressures, a security architect has allowed a NAS to be used instead of a SAN for a non-critical, low volume database. Which of the following wo...

An IT administrator wants to restrict DNS zone transfers between two geographically dispersed, external company DNS name servers, and has decided to use TSIG. Which of the followin...

As part of the ongoing information security plan in a large software development company, the Chief Information officer (CIO) has decided to review and update the company's privacy...

Which of the following is the BEST place to contractually document security priorities, responsibilities, guarantees, and warranties when dealing with outsourcing providers?

Staff from the sales department have administrator rights to their corporate standard operating environment, and often connect their work laptop to customer networks when onsite du...

The risk committee has endorsed the adoption of a security system development life cycle (SSDLC) designed to ensure compliance with PCI-DSS, HIPAA, and meet the organization's miss...

An organization determined that each of its remote sales representatives must use a smartphone for email access. The organization provides the same centrally manageable model to ea...

An organization did not know its internal customer and financial databases were compromised until the attacker published sensitive portions of the database on several popular attac...

An administrator has a system hardening policy to only allow network access to certain services, to always use similar hardware, and to protect from unauthorized application config...

About twice a year a switch fails in a company's network center. Under the maintenance contract, the switch would be replaced in two hours losing the business $1,000 per hour. The...

An administrator receives reports that the network is running slow for users connected to a certain switch. Viewing the network traffic, the administrator reviews the following: 18...

An intrusion detection system logged an attack attempt from a remote IP address. One week later, the attacker successfully compromised the network. Which of the following MOST like...

A company receives a subpoena for email that is four years old. Which of the following should the company consult to determine if it can provide the email in question?

A new company requirement mandates the implementation of multi-factor authentication to access network resources. The security administrator was asked to research and implement the...

The internal audit department is investigating a possible breach of security. One of the auditors is sent to interview the following employees: - Employee A. Works in the accounts...

A company's security policy states that its own internally developed proprietary Internet facing software must be resistant to web application attacks. Which of the following metho...

An organization is preparing to upgrade its firewall and NIPS infrastructure and has narrowed the vendor choices down to two platforms. The integrator chosen to assist the organiza...

An administrator has four virtual guests on a host server. Two of the servers are corporate SQL servers, one is a corporate mail server, and one is a testing web server for a small...

An administrator receives a notification from legal that an investigation is being performed on members of the finance department. As a precaution, legal has advised a legal hold o...