CAS-002 Practice Questions

A telecommunication company has recently upgraded their teleconference systems to multicast. Additionally, the security team has instituted a new policy which requires VPN to acces...

Which of the following can aid a buffer overflow attack to execute when used in the creation of applications?

Several critical servers are unresponsive after an update was installed. Other computers that have not yet received the same update are operational, but are vulnerable to certain b...

Which of the following is true about an unauthenticated SAMLv2 transaction?

The internal auditor at Company ABC has completed the annual audit of the company's financial system. The audit report indicates that the accounts receivable department has not fol...

A system designer needs to factor in CIA requirements for a new SAN. Which of the CIA requirements is BEST met by multipathing?

The Chief Information Officer (CIO) comes to the security manager and asks what can be done to reduce the potential of sensitive data being emailed out of the company. Which of the...

Which of the following BEST defines the term e-discovery?

A data breach occurred which impacted the HR and payroll system. It is believed that an attack from within the organization resulted in the data breach. Which of the following shou...

Employees have recently requested remote access to corporate email and shared drives. Remote access has never been offered; however, the need to improve productivity and rapidly re...

Driven mainly by cost, many companies outsource computing jobs which require a large amount of processor cycles over a short duration to cloud providers. This allows the company to...

A company contracts with a third party to develop a new web application to process credit cards. Which of the following assessments will give the company the GREATEST level of assu...

A security audit has uncovered that some of the encryption keys used to secure the company B2B financial transactions with its partners may be too weak. The security administrator...

Company Z is merging with Company A to expand its global presence and consumer base. This purchase includes several offices in different countries. To maintain strict internal secu...

A business is currently in the process of upgrading its network infrastructure to accommodate a personnel growth of over fifty percent within the next six months. All preliminary p...

Which of the following must be taken into consideration for e-discovery purposes when a legal case is first presented to a company?

Based on the results of a recent audit, a company rolled out a standard computer image in an effort to provide consistent security configurations across all computers. Which of the...

A new project initiative involves replacing a legacy core HR system, and is expected to touch many major operational systems in the company. A security administrator is engaged in...

A small company has a network with 37 workstations, 3 printers, a 48 port switch, an enterprise class router, and a firewall at the boundary to the ISP. The workstations have the l...

Which of the following authentication types is used primarily to authenticate users through the use of tickets?

A company is developing a new web application for its Internet users and is following a secure coding methodology. Which of the following methods would BEST assist the developers i...

A project has been established in a large bank to develop a new secure online banking platform. Half way through the development it was discovered that a key piece of software used...

The security administrator has been tasked with providing a solution that would not only eliminate the need for physical desktops, but would also centralize the location of all des...

A number of security incidents have been reported involving mobile web-based code developed by a consulting company. Performing a root cause analysis, the security administrator of...

A security architect is assigned to a major software development project. The software development team has a history of writing bug prone, inefficient code, with multiple security...

The sales division within a large organization purchased touch screen tablet computers for all 250 sales representatives in an effort to showcase the use of technology to its custo...

A security audit has uncovered a lack of security controls with respect to employees' network account management. Specifically, the audit reveals that employee's network accounts a...

The Chief Executive Officer (CEO) has decided to outsource systems which are not core business functions; however, a recent review by the risk officer has indicated that core busin...

A company has decided to relocate and the security manager has been tasked to perform a site survey of the new location to help in the design of the physical infrastructure. The cu...

The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and connected it to the internal network. The CEO proceeded to download sensitive financial do...

The Chief Executive Officer (CEO) of a corporation decided to move all email to a cloud computing environment. The Chief Information Security Officer (CISO) was told to research th...

Due to a new regulation, a company has to increase active monitoring of security-related events to 24 hours a day. The security staff only has three full time employees that work d...

A system administrator needs to develop a policy for when an application server is no longer needed. Which of the following policies would need to be developed?

After a security incident, an administrator revokes the SSL certificate for their web server Later, users begin to inform the help desk that a few other servers are generating cert...

A wholesaler has decided to increase revenue streams by selling direct to the public through an on-line system. Initially this will be run as a short term trial and if profitable,...

An administrator notices the following file in the Linux server's /tmp directory. -rwsr-xr-x. 4 root root 234223 Jun 6 22:52 bash* Which of the following should be done to prevent...

Company GHI consolidated their network distribution so twelve network VLANs would be available over dual fiber links to a modular L2 switch in each of the company's six IDFs. The I...

Within an organization, there is a known lack of governance for solution designs. As a result there are inconsistencies and varying levels of quality for the artifacts that are pro...

An administrator of a secure web server has several clients with top security clearance and prefers security over performance. By default, which of the following cipher suites woul...

Corporate policy states that the systems administrator should not be present during system audits. The security policy that states this is:

A user on a virtual machine downloads a large file using a popular peer-to-peer torrent program. The user is unable to execute the program on their VM. A security administrator sca...

The new security policy states that only authorized software will be allowed on the corporate network and all personally owned equipment needs to be configured by the IT security s...

The database team has suggested deploying a SOA based system across the enterprise. The Chief Information Officer (CIO) has decided to consult the security manager about the risk i...

A healthcare company recently purchased the building next door located on the same campus. The building previously did not have any IT infrastructure. The building manager has sele...

Which of the following implementations of a continuous monitoring risk mitigation strategy is correct?

A company recently experienced a malware outbreak. It was caused by a vendor using an approved non-company device on the company's corporate network that impacted manufacturing lin...

A company has a legacy virtual cluster which was added to the datacenter after a small company was acquired. All VMs on the cluster use the same virtual network interface to connec...

Capital Reconnaissance, LLC is building a brand new research and testing location, and the physical security manager wants to deploy IP-based access control and video surveillance....

The Chief Information Security Officer (CISO) is researching ways to reduce the risk associated with administrative access of six IT staff members while enforcing separation of dut...

As part of a new wireless implementation, the Chief Information Officer's (CIO's) main objective is to immediately deploy a system that supports the 802.11r standard, which will he...