CAS-002 Exam Questions
884 real CAS-002 exam questions with expert-verified answers and explanations. Page 1 of 18.
- Question #1Technical Integration of Enterprise Components
A telecommunication company has recently upgraded their teleconference systems to multicast. Additionally, the security team has instituted a new policy which requires VPN to acces...
split tunnelingVPN concentratormulticastbandwidth utilization - Question #2Enterprise Security
Which of the following can aid a buffer overflow attack to execute when used in the creation of applications?
buffer overflowstandard librariessecure codingapplication security - Question #3Enterprise Security
Several critical servers are unresponsive after an update was installed. Other computers that have not yet received the same update are operational, but are vulnerable to certain b...
patch managementlab testingrisk mitigationsystem availability - Question #4Technical Integration of Enterprise Components
Which of the following is true about an unauthenticated SAMLv2 transaction?
SAMLv2federated identitySPIdP - Question #5Enterprise Security
The internal auditor at Company ABC has completed the annual audit of the company's financial system. The audit report indicates that the accounts receivable department has not fol...
COOP/BCPrecord disposalsecurity trainingaudit compliance - Question #6Technical Integration of Enterprise Components
A system designer needs to factor in CIA requirements for a new SAN. Which of the CIA requirements is BEST met by multipathing?
SANmultipathingavailabilityCIA triad - Question #7Enterprise Security
The Chief Information Officer (CIO) comes to the security manager and asks what can be done to reduce the potential of sensitive data being emailed out of the company. Which of the...
DLPemail securitydata exfiltrationcontent filtering - Question #8Integration of Computing, Communications and Business Disciplines
Which of the following BEST defines the term e-discovery?
e-discoveryelectronically stored informationlegal evidencecompliance - Question #9Enterprise Security
A data breach occurred which impacted the HR and payroll system. It is believed that an attack from within the organization resulted in the data breach. Which of the following shou...
incident responsedata breachsystem assessmentIR prioritization - Question #10Enterprise Security
Employees have recently requested remote access to corporate email and shared drives. Remote access has never been offered; however, the need to improve productivity and rapidly re...
remote accesszero trustsecurity policynetwork security - Question #11Technical Integration of Enterprise Components
Driven mainly by cost, many companies outsource computing jobs which require a large amount of processor cycles over a short duration to cloud providers. This allows the company to...
cloud securityVM data remnantson-demand provisioningdata remanence - Question #12Enterprise Security
A company contracts with a third party to develop a new web application to process credit cards. Which of the following assessments will give the company the GREATEST level of assu...
code reviewweb application securitythird-party assessmentPCI DSS - Question #13Enterprise Security
A security audit has uncovered that some of the encryption keys used to secure the company B2B financial transactions with its partners may be too weak. The security administrator...
Perfect Forward SecrecyVPN securityencryption key managementcryptography - Question #14Integration of Computing, Communications and Business Disciplines
Company Z is merging with Company A to expand its global presence and consumer base. This purchase includes several offices in different countries. To maintain strict internal secu...
international complianceregulatory requirementsmergeremployee monitoring - Question #15Integration of Computing, Communications and Business Disciplines
A business is currently in the process of upgrading its network infrastructure to accommodate a personnel growth of over fifty percent within the next six months. All preliminary p...
risk transferSLAthird-party riskrisk management - Question #16Integration of Computing, Communications and Business Disciplines
Which of the following must be taken into consideration for e-discovery purposes when a legal case is first presented to a company?
e-discoverydata recoverydata retentionlegal hold - Question #17Enterprise Security
Based on the results of a recent audit, a company rolled out a standard computer image in an effort to provide consistent security configurations across all computers. Which of the...
baseline scanningconfiguration managementchange controlsecurity monitoring - Question #18Integration of Computing, Communications and Business Disciplines
A new project initiative involves replacing a legacy core HR system, and is expected to touch many major operational systems in the company. A security administrator is engaged in...
security requirementsstakeholder communicationproject managementbuy-in - Question #19Technical Integration of Enterprise Components
A small company has a network with 37 workstations, 3 printers, a 48 port switch, an enterprise class router, and a firewall at the boundary to the ISP. The workstations have the l...
network security posturetransport securitycaptive portalsecurity gap analysis - Question #20Technical Integration of Enterprise Components
Which of the following authentication types is used primarily to authenticate users through the use of tickets?
Kerberosticket-based authenticationauthentication protocolsidentity management - Question #21Enterprise Security
A company is developing a new web application for its Internet users and is following a secure coding methodology. Which of the following methods would BEST assist the developers i...
fuzzingvulnerability assessmentsecure codingweb application testing - Question #22Integration of Computing, Communications and Business Disciplines
A project has been established in a large bank to develop a new secure online banking platform. Half way through the development it was discovered that a key piece of software used...
stakeholder managementproject managementvulnerability disclosurerisk communication - Question #23Technical Integration of Enterprise Components
The security administrator has been tasked with providing a solution that would not only eliminate the need for physical desktops, but would also centralize the location of all des...
VDIvirtualizationdesktop centralizationinfrastructure design - Question #24Enterprise Security
A number of security incidents have been reported involving mobile web-based code developed by a consulting company. Performing a root cause analysis, the security administrator of...
buffer overflowmemory managementsecure coding standardsmobile web security - Question #25Enterprise Security
A security architect is assigned to a major software development project. The software development team has a history of writing bug prone, inefficient code, with multiple security...
secure coding standardsinput validationerror handlingrace conditions - Question #26Research and Analysis
The sales division within a large organization purchased touch screen tablet computers for all 250 sales representatives in an effort to showcase the use of technology to its custo...
risk lifecycle managementmobile device securityBYODrisk classification - Question #27Integration of Computing, Communications and Business Disciplines
A security audit has uncovered a lack of security controls with respect to employees' network account management. Specifically, the audit reveals that employee's network accounts a...
identity managementaccount lifecycleHR termination processaccess control - Question #28Research and Analysis
The Chief Executive Officer (CEO) has decided to outsource systems which are not core business functions; however, a recent review by the risk officer has indicated that core busin...
business impact analysisdisaster recoverysystem prioritizationbusiness continuity - Question #29Enterprise Security
A company has decided to relocate and the security manager has been tasked to perform a site survey of the new location to help in the design of the physical infrastructure. The cu...
physical securityman trapproximity readerstailgating prevention - Question #30Enterprise Security
The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and connected it to the internal network. The CEO proceeded to download sensitive financial do...
incident responsedata breachmobile devicedata handling - Question #31Integration of Computing, Communications and Business Disciplines
The Chief Executive Officer (CEO) of a corporation decided to move all email to a cloud computing environment. The Chief Information Security Officer (CISO) was told to research th...
cloud securitySLANDAencrypted communications - Question #32Integration of Computing, Communications and Business Disciplines
Due to a new regulation, a company has to increase active monitoring of security-related events to 24 hours a day. The security staff only has three full time employees that work d...
managed security servicesSLAsecurity monitoringoutsourcing - Question #33Enterprise Security
A system administrator needs to develop a policy for when an application server is no longer needed. Which of the following policies would need to be developed?
data retentionde-provisioningserver lifecyclepolicy development - Question #34Technical Integration of Enterprise Components
After a security incident, an administrator revokes the SSL certificate for their web server Later, users begin to inform the help desk that a few other servers are generating cert...
wildcard certificateSSL/TLSPKIcertificate revocation - Question #35Integration of Computing, Communications and Business Disciplines
A wholesaler has decided to increase revenue streams by selling direct to the public through an on-line system. Initially this will be run as a short term trial and if profitable,...
risk transferPCI compliancethird-party outsourcingpayment processing - Question #36Technical Integration of Enterprise Components
An administrator notices the following file in the Linux server's /tmp directory. -rwsr-xr-x. 4 root root 234223 Jun 6 22:52 bash* Which of the following should be done to prevent...
Linux filesystemSUID bitprivilege escalationmount options - Question #37Technical Integration of Enterprise Components
Company GHI consolidated their network distribution so twelve network VLANs would be available over dual fiber links to a modular L2 switch in each of the company's six IDFs. The I...
spanning tree protocolbridge loopVLANL2 switching redundancy - Question #38Integration of Computing, Communications and Business Disciplines
Within an organization, there is a known lack of governance for solution designs. As a result there are inconsistencies and varying levels of quality for the artifacts that are pro...
IT governancepeer reviewsolution designquality assurance - Question #39Enterprise Security
An administrator of a secure web server has several clients with top security clearance and prefers security over performance. By default, which of the following cipher suites woul...
3DEScipher suitesencryption performanceTLS - Question #40Enterprise Security
Corporate policy states that the systems administrator should not be present during system audits. The security policy that states this is:
separation of dutiessecurity policyauditingaccess control - Question #41Technical Integration of Enterprise Components
A user on a virtual machine downloads a large file using a popular peer-to-peer torrent program. The user is unable to execute the program on their VM. A security administrator sca...
hypervisor securityVM isolationmalware analysisvirtualization - Question #42Enterprise Security
The new security policy states that only authorized software will be allowed on the corporate network and all personally owned equipment needs to be configured by the IT security s...
BYODdata exfiltrationsecurity policyDLP - Question #43Technical Integration of Enterprise Components
The database team has suggested deploying a SOA based system across the enterprise. The Chief Information Officer (CIO) has decided to consult the security manager about the risk i...
SOAweb serviceslegacy systemsdistributed architecture - Question #44Enterprise Security
A healthcare company recently purchased the building next door located on the same campus. The building previously did not have any IT infrastructure. The building manager has sele...
physical securityserver room placementenvironmental controlsdata center - Question #45Enterprise Security
Which of the following implementations of a continuous monitoring risk mitigation strategy is correct?
continuous monitoringlog managementsecurity auditingrisk mitigation - Question #46Technical Integration of Enterprise Components
A company recently experienced a malware outbreak. It was caused by a vendor using an approved non-company device on the company's corporate network that impacted manufacturing lin...
SCADAnetwork segmentationACLICS security - Question #47Technical Integration of Enterprise Components
A company has a legacy virtual cluster which was added to the datacenter after a small company was acquired. All VMs on the cluster use the same virtual network interface to connec...
virtualizationvirtual networkingtraffic confidentialityVM security - Question #48Enterprise Security
Capital Reconnaissance, LLC is building a brand new research and testing location, and the physical security manager wants to deploy IP-based access control and video surveillance....
IP-based access controlnetwork baselinephysical security systemsthreat detection - Question #49Enterprise Security
The Chief Information Security Officer (CISO) is researching ways to reduce the risk associated with administrative access of six IT staff members while enforcing separation of dut...
separation of dutiesrole-based accessprivileged accessadministrative controls - Question #50Technical Integration of Enterprise Components
As part of a new wireless implementation, the Chief Information Officer's (CIO's) main objective is to immediately deploy a system that supports the 802.11r standard, which will he...
802.11rwireless standardsvendor managementpre-ratification risk