CAS-002 Exam Questions

You work as a Security Administrator for uCertify Inc. The company has a TCP/IP based network and uses the WS-Security service to enable message-level security for Web services. Wh...

Which of the following is a key agreement protocol that allows two users to exchange a secret key over an insecure medium without any prior secrets?

Which of the following is a group of people who prepare for and respond to any emergency incident, such as a natural disaster or an interruption of business operations?

What is this formula for SC information system = [(confidentiality, impact), (integrity, impact), (availability, impact)}?

Mark works as a Network Security Administrator for uCertify Inc. Mark has been assigned to a task to test the network security of the company. He created a webpage to discuss the p...

__________ is the concept that disclosure of the long-term secret keying material that is used to derive an agreed key does not compromise the secrecy of agreed keys that had previ...

What of the following statements is true about voice VLAN?

Which of the following is a version of netcat with integrated transport encryption capabilities?

PFS depends on which type of following encryption?

The help desk is flooded with calls from users who receive an e-mail warning about a new virus. The e-mail instructs them to search and delete a number of files from their systems....

Which of the following contains the complete terms and conditions which both the partners agree to be bound by as a participant in the partner program?

Denish works as a Security Administrator for a United States defense contractor. He wants to ensure that all systems have appropriate security precautions, based on their total sco...

Which of the following department in an organization is responsible for documenting and the controlling the incoming and outgoing cash flows as well as the actual handling of the c...

Which of the following is a legal contract between at least two parties that outlines confidential materials or knowledge the parties wish to share with one another for certain pur...

Each organization has a documented SDLC policy and guideline that supports its business needs and complements its unique culture. Which of the following should be documented in the...

Which of the following statements are true about Security Requirements Traceability Matrix (SRTM)? Each correct answer represents a complete solution. Choose two.

Cloud computing is best described as which of the following?

John is hosting several Web sites on a single server. One is an e-commerce site that handles credit card transactions, while the other sites do not handle credit card data. Does th...

Which of the following is a meeting of minds between two or more legally competent parties, about their relative duties and rights regarding current or future performance?

Which of the following is a method of providing an acknowledgement to the sender of the data and an assurance of the senders identity to the receiver, so that neither sender nor th...

You are working in an organization, which has a TCP/IP based network. Each employee reports you whenever he finds a problem in the network and asks you to debug the problem, what i...

Which of the following statements best describe the responsibilities of a facility manager in an organization? Each correct answer represents a complete solution. Choose three.

Juan is responsible for IT security at an insurance firm. He has several severs that are going to be retired. Which of the following is NOT one of the steps in decommissioning equi...

Mark works as a Network Security Administrator for a public school. He has decided that a hot site is appropriate for the schools grade servers, so they can have 1005= uptime, even...

In which of the following can a user access resources according to his role in the organization?

Which of the following phases of the System Development Life Cycle (SDLC) describes that the system should be modified on a regular basis through the addition of hardware and softw...

Which of the following protocols encrypt the segments of network connections at the Transport Layer end-to-end? Each correct answer represents a complete solution. Choose two.

What routine security measure is most effective in protecting against emerging threats?

Which of the following governing factors should be considered to derive an overall likelihood rating that is used to specify the probability that a potential vulnerability may be e...

Minimum security controls can only be determined after___________.

John is establishing CIA levels required for a high schools grade server. This server only has grades. It does not have student or faculty private information (such as social secur...

_________ consists of very large-scale virtualized, distributed computing systems. They cover multiple administrative domains and enable virtual organizations.

Security Information and Event Management (SIEM) solution provides real-time analysis of security alerts generated by network hardware and applications, which of the following capa...

Which of the following Web sites provides a virtual community where people with a shared interest can communicate and also can post their thoughts, ideas, and anything else and sha...

Todd is a security administrator, who is responsible for responding to incidents. There has been a virus outbreak. Which of the following is the final step Todd should take?

In which of the following phases of the system development life cycle (SDLC) is the primary implementation of the configuration management process performed?

Which of the following statements are true about mergers? Each correct answer represents a complete solution. Choose all that apply.

Which of the following refers to programs running in an isolated space to run untested code and prevents the code from making permanent changes to the OS kernel and other data on t...

The IT department of a large telecommunications company has developed and finalized a set of security solutions and policies which have been approved by upper management for deploy...

Which of the following is the MOST appropriate control measure for lost mobile devices?

A replacement CRM has had its business case approved. In preparation for a requirements workshop, an architect is working with a business analyst to ensure that appropriate securit...

Which of the following should be used with caution because of its ability to provide access to block level data instead of file level data?

A security consultant is evaluating forms which will be used on a company website. Which of the following techniques or terms is MOST effective at preventing malicious individuals...

After implementing port security, restricting all network traffic into and out of a network, migrating to IPv6, installing NIDS, firewalls, spam and application filters, a security...

The security administrator of a small private firm is researching and putting together a proposal to purchase an IPS to replace an existing IDS. A specific brand and model has been...

Wireless users are reporting issues with the company's video conferencing and VoIP systems. The security administrator notices DOS attacks on the network that are affecting the com...

Company XYZ provides residential television cable service across a large region. The company's board of directors is in the process of approving a deal with the following three com...

An administrator wants to virtualize the company's web servers, application servers, and database servers. Which of the following should be done to secure the virtual host machines...

A company is evaluating a new marketing strategy involving the use of social networking sites to reach its customers. The marketing director wants to be able to report important co...

A company provides on-demand virtual computing for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two-factor authenticat...