how many questions of CAS-002 practice test?

New Questions 6

An organization is finalizing a contract with a managed security services provider (MSSP) that is responsible for primary support of all security technologies. Which of the following should the organization require as part of the contract to ensure the protection of the organizationu2021s technology?

A. An operational level agreement

B. An interconnection security agreement

C. A non-disclosure agreement

D. A service level agreement

View Answer

New Questions 7

A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The doctors and specialists access patient records over the hospitalu2021s guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records management system can be accessed from the guest network and requires two factor authentication. Using a remote desktop type interface, the doctors and specialists can interact with the hospitalu2021s system. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO).

A. Privacy could be compromised as patient records can be viewed in uncontrolled areas.

B. Device encryption has not been enabled and will result in a greater likelihood of data loss.

C. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data.

D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes.

E. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable.

View Answer

New Questions 8

Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser crashes the browser and then allows him to gain remote code execution in the context of the victimu2021s privilege level. The browser crashes due to an exception error when a heap memory that is unused is accessed. Which of the following BEST describes the application issue?

A. Integer overflow

B. Click-jacking

C. Race condition

D. SQL injection

E. Use after free

F. Input validation

View Answer

New Questions 9

A security architect is locked into a given cryptographic design based on the allowable software at the company. The key length for applications is already fixed as is the cipher and algorithm in use. The security architect advocates for the use of well-randomized keys as a mitigation to brute force and rainbow attacks. Which of the following is the security architect trying to increase in the design?

A. Key stretching

B. Availability

C. Entropy

D. Root of trust

E. Integrity

View Answer

New Questions 10

The IT manager is evaluating IPS products to determine which would be most effective at stopping network traffic that contains anomalous content on networks that carry very specific types of traffic. Based on the IT manageru2021s requirements, which of the following

types of IPS products would be BEST suited for use in this situation?

A. Signature-based

B. Rate-based

C. Anomaly-based

D. Host-based

View Answer

New Questions 11

The Chief Information Security Officer (CISO) at a company knows that many users store business documents on public cloud-based storage; and realizes this is a risk to the company. In response, the CISO implements a mandatory training course in which all employees are instructed on the proper use of cloud-based storage. Which of the following risk strategies did the CISO implement?

A. Avoid

B. Accept

C. Mitigate

D. Transfer

View Answer

New Questions 12

The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to the RFQ. Which of the following questions is the MOST important?

A. What are the protections against MITM?

B. What accountability is built into the remote support application?

C. What encryption standards are used in tracking database?

D. What snapshot or u201cundou201d features are present in the application?

E. What encryption standards are used in remote desktop and file transfer functionality?

View Answer

New Questions 13

Which of the following BEST explains SAML?

A. A security attestation model built on XML and SOAP-based services, which allows for the exchange of A&A data between systems and supports Federated Identity Management.

B. An XML and SOAP-based protocol, which enables the use of PKI for code signing and SSO by using SSL and SSH to establish a trust model.

C. A security model built on the transfer of assertions over XML and SOAP-based protocols, which allows for seamless SSO and the open exchange of data.

D. A security verification model built on SSO and SSL-based services, which allows for the exchange of PKI data between users and supports XACML.

View Answer

New Questions 14

A company has been purchased by another agency and the new security architect has identified new security goals for the organization. The current location has video surveillance throughout the building and entryways. The following requirements must be met:

1. Ability to log entry of all employees in and out of specific areas

2. Access control into and out of all sensitive areas

3. Two-factor authentication

Which of the following would MOST likely be implemented to meet the above requirements and provide a secure solution? (Select TWO).

A. Proximity readers

B. Visitor logs

C. Biometric readers

D. Motion detection sensors

E. Mantrap

View Answer

New Questions 15

A mature organization with legacy information systems has incorporated numerous new processes and dependencies to manage security as its networks and infrastructure are modernized. The Chief Information Office has become increasingly frustrated with frequent releases, stating that the organization needs everything to work completely, and the vendor should already have those desires built into the software product. The vendor has been in constant communication with personnel and groups within the organization to understand its business process and capture new software requirements from users. Which of the following methods of software development is this organizationu2021s configuration management process using?

A. Agile

B. SDL

C. Waterfall

D. Joint application development

View Answer