CAS-001 Practice Questions

A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which...

Company XYZ has transferred all of the corporate servers, including web servers, to a cloud hosting provider to reduce costs. All of the servers are running unpatched, outdated ver...

You need to ensure that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future?

The Security Development Lifecycle (SDL) consists of various security practices that are grouped under seven phases. Which of the following security practices are included in the R...

Which of the following components of a VoIP network is frequently used to bridge video conferencing connections?

Which of the following is a declarative access control policy language implemented in XML and a processing model, describing how to interpret the policies?

You want to allow some users to access a particular program on the computers in the network. What will you do to accomplish this task?

Which of the following is the most secure authentication scheme and uses a public key cryptography and digital certificate to authenticate a user?

Which of the following security practices are included in the Implementation phase of the Security Development Lifecycle (SDL)? Each correct answer represents a complete solution....

In which of the following activities an organization identifies and prioritizes technical, organizational, procedural, administrative, and physical security weaknesses?

SDLC phases include a minimum set of security tasks that are required to effectively incorporate security in the system development process. Which of the following are the key secu...

Which of the following is an XML-based framework developed by OASIS and used to exchange user, resource and service provisioning information between cooperating organizations?

Which of the following terms is about communicating the user's need and ability to communicate, and the medium through which that communication may occur?

Which technology can be used to help ensure the efficient transport of VoIP traffic?

In which of the following attacks does an attacker intercept call-signaling SIP message traffic and masquerade as the calling party to the called party and vice-versa?

Which of the following protocols is used extensively in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications a...

Collaboration platform offers a set of software components and services that enable users to communicate, share information, and work together for achieving common business goals....

Which of the following stages are involved in the successful implementation of a collaboration platform? Each correct answer represents a part of the solution. Choose two.

You want the clients and servers in your organization to be able to communicate in a way that prevents eavesdropping and tampering of data on the Internet. Which of the following w...

Which of the following are the functions of a network security administrator? Each correct answer represents a complete solution. Choose three.

Which of the following is frequently used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the view to c...

You need to conduct network reconnaissance, which is carried out by a remote attacker attempting to gain information or access to a network on which it is not authorized/allowed. W...

Which of the following arise every time an application takes a user-supplied data and sends it to a Web browser without first confirming or encoding the content?

How many levels of threats are faced by the SAN?

Which of the following components are contained in Xsan? Each correct answer represents a complete solution. Choose all that apply.

Which of the following statements are true about network-attached storage (NAS)? Each correct answer represents a complete solution. Choose all that apply.

Which of the following is an automated software testing technique that involves providing invalid, unexpected, or random data to the inputs of a computer program?

Which of the following statements are true about OCSP and CRL? Each correct answer represents a complete solution. Choose all that apply.

Which of the following is SAN management software and is designed for cross-platform workgroup collaboration?

End point security is an information security concept that assumes that each device (end point) is responsible for its own security. Which of the following tools are examples of en...

Information security continuous monitoring is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk manageme...

Which of the following statements are true about Continuous Monitoring? Each correct answer represents a complete solution. Choose all that apply.

A security engineer is troubleshooting a possible virus infection, which may have spread to multiple desktop computers within the organization. The company implements enterprise an...

The security administrator finds unauthorized tables and records, which were not present before, on a Linux database server. The database server communicates only with one web serv...

A large international business has completed the acquisition of a small business and it is now in the process of integrating the small business' IT department. Both parties have ag...

The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirem...

The senior security administrator wants to redesign the company DMZ to minimize the risks associated with both external and internal threats. The DMZ design must support security i...

Company A needs to export sensitive data from its financial system to company B's database, using company B's API in an automated manner. Company A's policy prohibits the use of an...

Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end user...

A vulnerability research team has detected a new variant of a stealth Trojan that disables itself when it detects that it is running on a virtualized environment. The team decides...

A system administrator is troubleshooting a possible denial of service on a sensitive system. The system seems to run properly for a few hours after it is restarted, but then it su...

The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation shows that a single 24 hours downtime in a critical business function wi...

Which of the following activities is commonly deemed "OUT OF SCOPE" when undertaking a penetration test?

A sensitive database needs its cryptographic integrity upheld. Which of the following controls meets this goal? (Select TWO).

Some mobile devices are jail-broken by connecting via USB cable and then exploiting software vulnerabilities to get kernel-level access. Which of the following attack types represe...

A security company is developing a new cloud-based log analytics platform. Its purpose is to allow: - Customers to upload their log files to the "big data" platform - Customers to...

A penetration tester is assessing a mobile banking application. Man-in-the-middle attempts via a HTTP intercepting proxy are failing with SSL errors. Which of the following control...

During a software development project review, the cryptographic engineer advises the project manager that security can be greatly improved by significantly slowing down the runtime...

The threat abatement program manager tasked the software engineer with identifying the fastest implementation of a hash function to protect passwords with the least number of colli...

A security engineer at a bank has detected a Zeus variant, which relies on covert communication channels to receive new instructions and updates from the malware developers. As a r...