CAS-002 Exam Questions

When generating a new key pair, a security application asks the user to move the mouse and type random characters on the keyboard. Which of the following BEST describes why this is...

Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end user...

During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy. Six months later, the company is audited for compliance to regulations...

A large international business has completed the acquisition of a small business and it is now in the process of integrating the small business' IT department. Both parties have ag...

Company XYZ has just purchased Company ABC through a new acquisition. A business decision has been made to integrate the two company's networks, application, and several basic serv...

Company ABC's SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to buying a new SA...

A sensitive database needs its cryptographic integrity upheld. Which of the following controls meets this goal? (Select TWO).

The security administrator finds unauthorized tables and records, which were not present before, on a Linux database server. The database server communicates only with one web serv...

An administrator has four virtual guests on a host server. Two of the servers are corporate SQL servers, one is a corporate mail server, and one is a testing web server for a small...

Warehouse users are reporting performance issues at the end of each month when trying to access cloud applications to complete their end of the month financial reports. They have n...

Ann, a Physical Security Manager, is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. Ann has several security guard desks on diffe...

An organization has just released a new mobile application for its customers. The application has an inbuilt browser and native application to render content from existing websites...

An audit at a popular on-line shopping site reveals that a flaw in the website allows customers to purchase goods at a discounted rate. To improve security the Chief Information Se...

A security administrator at Company XYZ is trying to develop a body of knowledge to enable heuristic and behavior based security event monitoring of activities on a geographically...

A Security Manager is part of a team selecting web conferencing systems for internal use. The system will only be used for internal employee collaboration. Which of the following a...

A system administrator has installed a new Internet facing secure web application that consists of a Linux web server and Windows SQL server into a new corporate site. The administ...

Company XYZ plans to donate 1,000 used computers to a local school. The company has a large research and development section and some of the computers were previously used to store...

Which of the following is an example of single sign-on?

Which of the following BEST describes the implications of placing an IDS device inside or outside of the corporate firewall?

Company XYZ has employed a consultant to perform a controls assessment of the HR system, backend business operations, and the SCADA system used in the factory. Which of the followi...

The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation shows that a single 24 hours downtime in a critical business function wi...

Some mobile devices are jail-broken by connecting via USB cable and then exploiting software vulnerabilities to get kernel-level access. Which of the following attack types represe...

The Chief Information Security Officer (CISO) regularly receives reports of a single department repeatedly violating the corporate security policy. The head of the department in qu...

A university Chief Information Security Officer is analyzing various solutions for a new project involving the upgrade of the network infrastructure within the campus. The campus h...

In a SPML exchange, which of the following BEST describes the three primary roles?

The security administrator has just installed an active\passive cluster of two firewalls for enterprise perimeter defense of the corporate network. Stateful firewall inspection is...

Which of the following types of attacks is the user attempting? select id, firstname, lastname from authors User input= firstname= Hack;man lastname=Johnson

Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the inves...

A system administrator has a responsibility to maintain the security of the video teleconferencing system. During a self-audit of the video teleconferencing room, the administrator...

A large organization that builds and configures every data center against distinct requirements loses efficiency, which results in slow response time to resolve issues. However, to...

A security engineer at a software development company has identified several vulnerabilities in a product late in the development cycle. This causes a huge delay for the release of...

The manager of the firewall team is getting complaints from various IT teams that firewall changes are causing issues. Which of the following should the manager recommend to BEST a...

An asset manager is struggling with the best way to reduce the time required to perform asset location activities in a large warehouse. A project manager indicated that RFID might...

An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management (CRM) application. Which of the following ensures the organization mitigat...

The Chief Information Officer (CIO) is focused on improving IT governance within the organization to reduce system downtime. The CIO has mandated that the following improvements be...

A security architect is locked into a given cryptographic design based on the allowable software at the company. The key length for applications is already fixed as is the cipher a...

The Chief Risk Officer (CRO) has requested that the MTD, RTO and RPO for key business applications be identified and documented. Which of the following business documents would MOS...

A security administrator is investigating the compromise of a SCADA network that is not physically connected to any other network. Which of the following is the MOST likely cause o...

A company uses a custom Line of Business (LOB) application to facilitate all back-end manufacturing control. Upon investigation, it has been determined that the database used by th...

A security engineer has inherited an authentication project which integrates 1024-bit PKI certificates into the company infrastructure and now has a new requirement to integrate 20...

A security engineer wants to implement forward secrecy but still wants to ensure the number of requests handled by the web server is not drastically reduced due to the larger compu...

An organization is finalizing a contract with a managed security services provider (MSSP) that is responsible for primary support of all security technologies. Which of the followi...

For companies seeking to move to cloud services, variances in regulation between jurisdictions can be addressed in which of the following ways?

A software development manager is taking over an existing software development project. The team currently suffers from poor communication, and this gap is resulting in an above av...

A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO).

A security consultant is investigating acts of corporate espionage within an organization. Each time the organization releases confidential information to high-ranking engineers, t...

A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure. The administrator deploys DNSSEC extensions to the domain names and infrastr...

The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company's contribution to worldwide Distributed Denial of Service (DDoS) attacks. W...

A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements...

The threat abatement program manager tasked the software engineer with identifying the fastest implementation of a hash function to protect passwords with the least number of colli...