CAS-002 Exam Questions

An administrator is unable to connect to a server via VNC. Upon investigating the host firewall configuration, the administrator sees the following lines: - A INPUT -m state --stat...

The Chief Executive Officer (CEO) has asked a security project manager to provide recommendations on the breakout of tasks for the development of a new product. The CEO thinks that...

Company ABC has a 100Mbps fiber connection from headquarters to a remote office 200km (123 miles) away. This connection is provided by the local cable television company. ABC would...

A mid-level company is rewriting its security policies and has halted the rewriting progress because the company's executives believe that its major vendors, who have cultivated a...

The Chief Information Security Officer (CISO) has just returned from attending a security conference and now wants to implement a Security Operations Center (SOC) to improve and co...

The security manager is in the process of writing a business case to replace a legacy secure web gateway so as to meet an availability requirement of 99.9% service availability. Ac...

The security administrator has noticed a range of network problems affecting the proxy server. Based on reviewing the logs, the administrator notices that the firewall is being tar...

Company ABC has entered into a marketing agreement with Company XYZ, whereby ABC will share some of its customer information with XYZ. However, XYZ can only contact ABC customers w...

What of the following vulnerabilities is present in the below source code file named `AuthenticatedArea.php'? <html><head><title>AuthenticatedArea</title></head> <? include ("/inc/...

An ISP is peering with a new provider and wishes to disclose which autonomous system numbers should be allowed through BGP for network transport. Which of the following should cont...

Company ABC has grown yearly through mergers and acquisitions. This has led to over 200 internal custom web applications having standalone identity stores. In order to reduce costs...

Company XYZ has invested an increasing amount in security due to the changing threat landscape. The company is going through a cost cutting exercise and the Chief Financial Officer...

Which of the following is a security concern with deploying COTS products within the network?

A company has a primary DNS server at address 192.168.10.53 and a secondary server at 192.168.20.53. An administrator wants to secure a company by only allowing secure zone transfe...

A system architect has the following constraints from the customer: - Confidentiality, Integrity, and Availability (CIA) are all of equal importance. - Average availability must be...

The company's marketing department needs to provide more real-time interaction with its partners and consumers and decides to move forward with a presence on multiple social networ...

A security manager at Company ABC, needs to perform a risk assessment of a new mobile device which the Chief Information Officer (CIO) wants to immediately deploy to all employees...

A security administrator has finished building a Linux server which will host multiple virtual machines through hypervisor technology. Management of the Linux server, including mon...

A web administrator develops a web form for users to respond to the company via a web page. Which of the following should be practiced to avoid a security risk?

A manufacturing company is having issues with unauthorized access and modification of the controls operating the production equipment. A communication requirement is to allow the f...

A security analyst at Company A has been trying to convince the Information Security Officer (ISO) to allocate budget towards the purchase of a new intrusion prevention system (IPS...

Which of the following is the MOST cost-effective solution for sanitizing a DVD with sensitive information on it?

An organization must comply with a new regulation that requires the organization to determine if an external attacker is able to gain access to its systems from outside the network...

The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and wants to connect it to the company's internal network. The Chief Information Security Offi...

An Information Security Officer (ISO) has asked a security team to randomly retrieve discarded computers from the warehouse dumpster. The security team was able to retrieve two old...

A company has asked their network engineer to list the major advantages for implementing a virtual environment in regards to cost. Which of the following would MOST likely be selec...

Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client and server components...

A company has been purchased by another agency and the new security architect has identified new security goals for the organization. The current location has video surveillance th...

Continuous monitoring is a popular risk reduction technique in many large organizations with formal certification processes for IT projects. In order to implement continuous monito...

A systems administrator establishes a CIFS share on a Unix device to share data to windows systems. The security authentication on the windows domain is set to the highest level. W...

A business owner has raised concerns with the Chief Information Security Officer (CISO) because money has been spent on IT security infrastructure, but corporate assets are still f...

A company's security policy states that its own internally developed proprietary Internet facing software must be resistant to web application attacks. Which of the following metho...

A medium-sized company has recently launched an online product catalog. It has decided to keep the credit card purchasing in-house as a secondary potential income stream has been i...

Company XYZ is in negotiations to acquire Company ABC for $1.2millon. Due diligence activities have uncovered systemic security issues in the flagship product of Company ABC. It ha...

A UNIX administrator notifies the storage administrator that extra LUNs can be seen on a UNIX server. The LUNs appear to be NTFS file systems. Which of the following MOST likely ha...

The internal audit department is investigating a possible breach of security. One of the auditors is sent to interview the following employees: Employee A. Works in the accounts re...

A new IDS device is generating a very large number of irrelevant events. Which of the following would BEST remedy this problem?

An organization is preparing to upgrade its firewall and NIPS infrastructure and has narrowed the vendor choices down to two platforms. The integrator chosen to assist the organiza...

Company XYZ has had repeated vulnerability exploits of a critical nature released to the company's flagship product. The product is used by a number of large customers. At the Chie...

SDLC is being used for the commissioning of a new platform. To provide an appropriate level of assurance the security requirements that were specified at the project origin need to...

The security administrator is receiving numerous alerts from the internal IDS of a possible Conficker infection spreading through the network via the Windows file sharing services....

An internal employee has sold a copy of the production customer database that was being used for upgrade testing to outside parties via HTTP file upload. The Chief Information Offi...

The security administrator is worried about possible SPIT attacks against the VoIP system. Which of the following security controls would MOST likely need to be implemented to dete...

A security administrator has been conducting a security assessment of Company XYZ for the past two weeks. All of the penetration tests and other assessments have revealed zero flaw...

A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which...

A user reports that the workstation's mouse pointer is moving and files are opening automatically. Which of the following should the user perform?

Company A is purchasing Company B, and will import all of Company B's users into its authentication system. Company A uses 802.1x with a RADIUS server, while Company B uses a capti...

A bank has just outsourced the security department to a consulting firm, but retained the security architecture group. A few months into the contract the bank discovers that the co...

A database is hosting information assets with a computed CIA aggregate value of high. The database is located within a secured network zone where there is flow control between the...

Which of the following activities could reduce the security benefits of mandatory vacations?