The Most recent Guide To CAS-002 exam question

New Questions 12

Company XYZ has just purchased Company ABC through a new acquisition. A business decision has been made to integrate the two companyu2021s networks, application, and several basic services.

The initial integration of the two companies has specified the following requirements: Which of the following network security solutions will BEST meet the above requirements?

A. Place a Company ABC managed firewall in Company XYZu2021s hub site; then place Company ABCu2021s file, print, authentication, and secure FTP servers in a zone off the firewall. Ensure that Company ABCu2021s business partner firewalls are opened up for web intranet access and other required services.

B. Require Company XYZ to manage the router ACLs, controlling access to Company ABC resources, but with Company ABC approving the change control to the ACLs. Open up Company ABCu2021s business partner firewall to permit access to Company ABCu2021s file, print, secure FTP server, authentication servers and web intranet access.

C. Place no restrictions on internal network connectivity between Company XYZ and Company ABC. Open up Company ABCu2021s business partner firewall to permit access to Company ABCu2021s file, print, secure FTP server, authentication servers and web intranet access.

D. Place file, print, secure FTP server and authentication domain servers at Company XYZu2021s hub site. Open up Company ABCu2021s business partner firewall to permit access to ABCu2021s web intranet access and other required services.

View Answer

New Questions 13

A helpdesk manager at a financial company has received multiple reports from employees and customers that their phone calls sound metallic on the voice system. The helpdesk has been using VoIP lines encrypted from the handset to the PBX for several years. Which of the following should be done to address this issue for the future?

A. SIP session tagging and QoS

B. A dedicated VLAN

A. C. Lower encryption setting

D. Traffic shaping

View Answer

New Questions 14

A security consultant is hired by a company to determine if an internally developed web application is vulnerable to attacks. The consultant spent two weeks testing the application, and determines that no vulnerabilities are present. Based on the results of the tools and tests available, which of the following statements BEST reflects the security status of the application?

A. The companyu2021s software lifecycle management improved the security of the application.

B. There are no vulnerabilities in the application.

C. The company should deploy a web application firewall to ensure extra security.

D. There are no known vulnerabilities at this time.

View Answer

New Questions 15

A systems administrator establishes a CIFS share on a Unix device to share data to windows systems. The security authentication on the windows domain is set to the highest level. Windows users are stating that they cannot authenticate to the Unix share. Which of the following settings on the Unix server is the cause of this problem?

A. Refuse LM and only accept NTLMv2

B. Accept only LM

C. Refuse NTLMv2 and accept LM

D. Accept only NTLM

View Answer

New Questions 16

An IT auditor is reviewing the data classification for a sensitive system. The company has classified the data stored in the sensitive system according to the following matrix:

DATA TYPECONFIDENTIALITYINTEGRITYAVAILABILITY

----------------------------------------------------------------------------------------------------------------

FinancialHIGHHIGHLOW

Client nameMEDIUMMEDIUMHIGH Client addressLOWMEDIUMLOW

----------------------------------------------------------------------------------------------------------------- AGGREGATEMEDIUMMEDIUMMEDIUM

The auditor is advising the company to review the aggregate score and submit it to senior management. Which of the following should be the revised aggregate score?

A. HIGH, MEDIUM, LOW

B. MEDIUM, MEDIUM, LOW

C. HIGH, HIGH, HIGH

D. MEDIUM, MEDIUM, MEDIUM

View Answer

New Questions 17

Within the company, there is executive management pressure to start advertising to a new target market. Due to the perceived schedule and budget inefficiencies of engaging a technology business unit to commission a new micro-site, the marketing department is engaging third parties to develop the site in order to meet time-to-market demands. From a security perspective, which of the following options BEST balances the needs between marketing and risk management?

A. The third party should be contractually obliged to perform adequate security activities, and evidence of those activities should be confirmed by the company prior to launch.

B. Outsourcing is a valid option to increase time-to-market. If a security incident occurs, it is not of great concern as the reputational damage will be the third partyu2021s responsibility.

C. The company should never outsource any part of the business that could cause a security or privacy incident. It could lead to legal and compliance issues.

D. If the third party has an acceptable record to date on security compliance and is provably faster and cheaper, then it makes sense to outsource in this specific situation.

View Answer

New Questions 18

A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One system will be upgraded in six months, and two are not expected to be upgraded or removed from the network. Which of the following processes should be followed?

A. Establish a risk matrix

B. Inherit the risk for six months

C. Provide a business justification to avoid the risk

D. Provide a business justification for a risk exception

View Answer

New Questions 19

An organization did not know its internal customer and financial databases were compromised until the attacker published sensitive portions of the database on several popular attacker websites. The organization was unable to determine when, how, or who conducted the attacks but rebuilt, restored, and updated the compromised database server to continue operations.

Which of the following is MOST likely the cause for the organizationu2021s inability to determine what really occurred?

A. Too few layers of protection between the Internet and internal network

B. Lack of a defined security auditing methodology

C. Poor intrusion prevention system placement and maintenance

D. Insufficient logging and mechanisms for review

View Answer

New Questions 20

In a situation where data is to be recovered from an attackeru2021s location, which of the following are the FIRST things to capture? (Select TWO).

A. Removable media

B. Passwords written on scrap paper

C. Snapshots of data on the monitor

D. Documents on the printer

E. Volatile system memory

F. System hard drive

View Answer

New Questions 21

A large organization has gone through several mergers, acquisitions, and de-mergers over the past decade. As a result, the internal networks have been integrated but have complex dependencies and interactions between systems. Better integration is needed in order to simplify the underlying complexity. Which of the following is the MOST suitable integration platform to provide event-driven and standards-based secure software architecture?

A. Service oriented architecture (SOA)

B. Federated identities

C. Object request broker (ORB)

D. Enterprise service bus (ESB)

View Answer