how many questions of CAS-002 dumps?

Q10. An administrator wishes to replace a legacy clinical software product as it has become a security risk. The legacy product generates $10,000 in revenue a month. The new software product has an initial cost of $180,000 and a yearly maintenance of $2,000 after the first year. However, it will generate $15,000 in revenue per month and be more secure. How many years until there is a return on investment for this new package?

A. 1

B. 2

C. 3

D. 4

View Answer

Q11. The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the companyu2021s wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the exception form? (Select THREE).

A. Business or technical justification for not implementing the requirements.

B. Risks associated with the inability to implement the requirements.

C. Industry best practices with respect to the technical implementation of the current

A. controls.

D. All sections of the policy that may justify non-implementation of the requirements.

E. A revised DRP and COOP plan to the exception form.

F. Internal procedures that may justify a budget submission to implement the new requirement.

G. Current and planned controls to mitigate the risks.

View Answer

Q12. A security engineer is working on a large software development project. As part of the design of the project, various stakeholder requirements were gathered and decomposed to an implementable and testable level. Various security requirements were also documented. Organize the following security requirements into the correct hierarchy required for an SRTM.

Requirement 1: The system shall provide confidentiality for data in transit and data at rest. Requirement 2: The system shall use SSL, SSH, or SCP for all data transport. Requirement 3: The system shall implement a file-level encryption scheme.

Requirement 4: The system shall provide integrity for all data at rest. Requirement 5: The system shall perform CRC checks on all files.

A. Level 1: Requirements 1 and 4; Level 2: Requirements 2, 3, and 5

B. Level 1: Requirements 1 and 4; Level 2: Requirements 2 and 3 under 1, Requirement 5

under 4

C. Level 1: Requirements 1 and 4; Level 2: Requirement 2 under 1, Requirement 5 under

4; Level 3: Requirement 3 under 2

D. Level 1: Requirements 1, 2, and 3; Level 2: Requirements 4 and 5

View Answer

Q13. Which of the following describes a risk and mitigation associated with cloud data storage?

A. Risk: Shared hardware caused data leakageMitigation: Strong encryption at rest

B. Risk: Offsite replicationMitigation: Multi-site backups

C. Risk: Data loss from de-duplicationMitigation: Dynamic host bus addressing

D. Risk: Combined data archivingMitigation: Two-factor administrator authentication

View Answer

Q14. There have been some failures of the companyu2021s internal facing website. A security engineer has found the WAF to be the root cause of the failures. System logs show that the WAF has been unavailable for 14 hours over the past month, in four separate situations. One of these situations was a two hour scheduled maintenance time, aimed at improving the stability of the WAF. Using the MTTR based on the last monthu2021s performance figures, which of the following calculations is the percentage of uptime assuming there were 722 hours in the month?

A. 92.24 percent

B. 98.06 percent

C. 98.34 percent

D. 99.72 percent

View Answer

Q15. Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology.

Which of the following would be the advantage of conducting this kind of penetration test?

A. The risk of unplanned server outages is reduced.

B. Using documentation provided to them, the pen-test organization can quickly determine areas to focus on.

C. The results will show an in-depth view of the network and should help pin-point areas of internal weakness.

D. The results should reflect what attackers may be able to learn about the company.

View Answer

Q16. A company with 2000 workstations is considering purchasing a HIPS to minimize the impact of a system compromise from malware. Currently, the company projects a total cost of $50,000 for the next three years responding to and eradicating workstation malware. The Information Security Officer (ISO) has received three quotes from different companies that provide HIPS.

Which solution should the company select if the contract is only valid for three years?

A. First quote

B. Second quote

C. Third quote

D. Accept the risk

View Answer

Q17. Company A needs to export sensitive data from its financial system to company Bu2021s database, using company Bu2021s API in an automated manner. Company Au2021s policy prohibits the use of any intermediary external systems to transfer or store its sensitive data, therefore the transfer must occur directly between company Au2021s financial system and company Bu2021s destination server using the supplied API. Additionally, company Au2021s legacy financial software does not support encryption, while company Bu2021s API supports encryption. Which of the following will provide end-to-end encryption for the data transfer while adhering to these requirements?

A. Company A must install an SSL tunneling software on the financial system.

B. Company Au2021s security administrator should use an HTTPS capable browser to transfer the data.

C. Company A should use a dedicated MPLS circuit to transfer the sensitive data to company B.

D. Company A and B must create a site-to-site IPSec VPN on their respective firewalls.

View Answer

Q18. After the install process, a software application executed an online activation process. After a few months, the system experienced a hardware failure. A backup image of the system was restored on a newer revision of the same brand and model device. After the restore, the specialized application no longer works. Which of the following is the MOST likely cause of the problem?

A. The binary files used by the application have been modified by malware.

B. The application is unable to perform remote attestation due to blocked ports.

C. The restored image backup was encrypted with the wrong key.

D. The hash key summary of hardware and installed software no longer match.

View Answer

Q19. A security engineer is responsible for monitoring company applications for known vulnerabilities. Which of the following is a way to stay current on exploits and information security news?

A. Update company policies and procedures

B. Subscribe to security mailing lists

C. Implement security awareness training

A. D. Ensure that the organization vulnerability management plan is up-to-date

View Answer