CAS-001 Practice Questions

Which of the following BEST explains SAML?

The organization has an IT driver on cloud computing to improve delivery times for IT solution provisioning. Separate to this initiative, a business case has been approved for repl...

The Universal Research Association has just been acquired by the Association of Medical Business Researchers. The new conglomerate has funds to upgrade or replace hardware as part...

A large enterprise introduced a next generation firewall appliance into the Internet facing DMZ. All Internet traffic passes through this appliance. Four hours after implementation...

A company has implemented data retention policies and storage quotas in response to their legal department's requests and the SAN administrator's recommendation. The retention poli...

A security administrator is tasked with securing a company's headquarters and branch offices move to unified communications. The Chief Information Officer (CIO) wants to integrate...

Ann, a Physical Security Manager, is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. Ann has several security guard desks on diffe...

A general insurance company wants to set up a new online business. The requirements are that the solution needs to be: - Extendable for new products to be developed and added - Ext...

A retail bank has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the bank's share price decr...

Company XYZ has employed a consultant to perform a controls assessment of the HR system, backend business operations, and the SCADA system used in the factory. Which of the followi...

Company XYZ has had repeated vulnerability exploits of a critical nature released to the company's flagship product. The product is used by a number of large customers. At the Chie...

A system administrator has installed a new Internet facing secure web application that consists of a Linux web server and Windows SQL server into a new corporate site. The administ...

The lead systems architect on a software development project developed a design which is optimized for a distributed computing environment. The security architect assigned to the p...

Company XYZ plans to donate 1,000 used computers to a local school. The company has a large research and development section and some of the computers were previously used to store...

Continuous monitoring is a popular risk reduction technique in many large organizations with formal certification processes for IT projects. In order to implement continuous monito...

The Chief Information Security Officer (CISO) regularly receives reports of a single department repeatedly violating the corporate security policy. The head of the department in qu...

A security administrator at Company XYZ is trying to develop a body of knowledge to enable heuristic and behavior based security event monitoring of activities on a geographically...

A new IDS device is generating a very large number of irrelevant events. Which of the following would BEST remedy this problem?

The Chief Information Security Officer (CISO) at a software development company is concerned about the lack of introspection during a testing cycle of the company's flagship produc...

A security code reviewer has been engaged to manually review a legacy application. A number of systemic issues have been uncovered relating to buffer overflows and format string vu...

A bank now has a major initiative to virtualize as many servers as possible, due to power and rack space capacity at both data centers. The bank has prioritized by virtualizing old...

After being informed that the company DNS is unresponsive, the system administrator issues the following command from a Linux workstation: - SSH-p 2020 -l user dnsserver.company.co...

Which of the following is an example of single sign-on?

decision has been made to integrate the two company's networks, application, and several basic services. The initial integration of the two companies has specified the following re...

In developing a new computing lifecycle process for a large corporation, the security team is developing the process for decommissioning computing equipment. In order to reduce the...

A Security Manager is part of a team selecting web conferencing systems for internal use. The system will only be used for internal employee collaboration. Which of the following a...

The security administrator has just installed an active\passive cluster of two firewalls for enterprise perimeter defense of the corporate network. Stateful firewall inspection is...

activities have uncovered systemic security issues in the flagship product of Company average estimates indicating a cost of $1.6millon. Which of the following approaches should th...

Which of the following are components defined within an Enterprise Security Architecture Framework? (Select THREE).

An audit at a popular on-line shopping site reveals that a flaw in the website allows customers to purchase goods at a discounted rate. To improve security the Chief Information Se...

An external auditor has found that IT security policies in the organization are not maintained and in some cases are nonexistent. As a result of the audit findings, the CISO has be...

In a SPML exchange, which of the following BEST describes the three primary roles?

A trust relationship has been established between two organizations with web based services. One organization is acting as the Requesting Authority (RA) and the other acts as the P...

A Security Administrator has some concerns about the confidentiality of data when using SOAP. Which of the following BEST describes the Security Administrator's concerns?

Which of the following protocols only facilitates access control?

upcoming merger and are both concerned with minimizing security exposures to each others network throughout the test. Which of the following is the FIRST thing both sides should do...

Company management has indicated that instant messengers (IM) add to employee productivity. Management would like to implement an IM solution, but does not have a budget for the pr...

An administrator attempts to install the package "named.9.3.6-12-x86_64.rpm" on a server. Even though the package was downloaded from the official repository, the server states the...

Two storage administrators are discussing which SAN configurations will offer the MOST confidentiality. Which of the following configurations would the administrators use? (Select...

When generating a new key pair, a security application asks the user to move the mouse and type random characters on the keyboard. Which of the following BEST describes why this is...

Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the inves...

A medium-sized company has recently launched an online product catalog. It has decided to keep the credit card purchasing in-house as a secondary potential income stream has been i...

a different manufacturing ICS platform. Company XYZ has strict ICS security regulations while Which of the following approaches would the network security administrator for Company...

An Association is preparing to upgrade their firewalls at five locations around the United States. Each of the three vendor's RFP responses is in-line with the security and other r...

At 10:35 a.m. a malicious user was able to obtain a valid authentication token which allowed read/write access to the backend database of a financial company. At 10:45 a.m. the sec...

Company A is purchasing Company B. Company A uses a change management system for all IT processes while Company B does not have one in place. Company B's IT staff needs to purchase...

The marketing department at Company A regularly sends out emails signed by the company's Chief Executive Officer (CEO) with announcements about the company. The CEO sends company a...

A security administrator must implement a SCADA style network overlay to ensure secure remote management of all network management and infrastructure devices. Which of the followin...

A helpdesk manager at a financial company has received multiple reports from employees and customers that their phone calls sound metallic on the voice system. The helpdesk has bee...

Which of the following provides the HIGHEST level of security for an integrated network providing services to authenticated corporate users?