how many questions of CAS-002 exam question?

New Questions 7

If a technician must take an employeeu2021s workstation into custody in response to an investigation, which of the following can BEST reduce the likelihood of related legal issues?

A. A formal letter from the companyu2021s president approving the seizure of the workstation.

B. A formal training and awareness program on information security for all company

A. managers.

C. A screen displayed at log in that informs users of the employeru2021s rights to seize, search, and monitor company devices.

D. A printout of an activity log, showing that the employee has been spending substantial time on non-work related websites.

View Answer

New Questions 8

The Universal Research Association has just been acquired by the Association of Medical Business Researchers. The new conglomerate has funds to upgrade or replace hardware as part of the acquisition, but cannot fund labor for major software projects. Which of the following will MOST likely result in some IT resources not being integrated?

A. One of the companies may use an outdated VDI.

A. B. Corporate websites may be optimized for different web browsers.

C. Industry security standards and regulations may be in conflict.

D. Data loss prevention standards in one company may be less stringent.

View Answer

New Questions 9

Company XYZ provides cable television service to several regional areas. They are currently installing fiber-to-the-home in many areas with hopes of also providing telephone and Internet services. The telephone and Internet services portions of the company will each be separate subsidiaries of the parent company. The board of directors wishes to keep the subsidiaries separate from the parent company. However all three companies must share customer data for the purposes of accounting, billing, and customer authentication. The solution must use open standards, and be simple and seamless for customers, while only sharing minimal data between the companies. Which of the following solutions is BEST suited for this scenario?

A. The companies should federate, with the parent becoming the SP, and the subsidiaries becoming an IdP.

B. The companies should federate, with the parent becoming the IdP, and the subsidiaries becoming an SSP.

C. The companies should federate, with the parent becoming the IdP, and the subsidiaries becoming an SP.

D. The companies should federate, with the parent becoming the ASP, and the subsidiaries becoming an IdP.

View Answer

New Questions 10

A penetration tester is inspecting traffic on a new mobile banking application and sends the following web request:

POST http://www.example.com/resources/NewBankAccount HTTP/1.1 Content-type: application/json

{

u201caccountu201d: [

{ u201ccreditAccountu201d:u201dCredit Card Rewards accountu201d} { u201csalesLeadRefu201d:u201dwww.example.com/badcontent/exploitme.exeu201d}

],

u201ccustomeru201d: [

{ u201cnameu201d:u201dJoe Citizenu201d} { u201ccustRefu201d:u201d3153151u201d}

]

}

The banking website responds with: HTTP/1.1 200 OK

{

u201cnewAccountDetailsu201d: [

{ u201ccardNumberu201d:u201d1234123412341234u201d} { u201ccardExpiryu201d:u201d2021-12-31u201d}

{ u201ccardCVVu201d:u201d909u201d}

],

u201cmarketingCookieTrackeru201d:u201cJSESSIONID=000000001u201d u201creturnCodeu201d:u201cAccount added successfullyu201d

}

Which of the following are security weaknesses in this example? (Select TWO).

A. Missing input validation on some fields

B. Vulnerable to SQL injection

C. Sensitive details communicated in clear-text

D. Vulnerable to XSS

E. Vulnerable to malware file uploads

F. JSON/REST is not as secure as XML

View Answer

New Questions 11

A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three changes to deploy a new application onto the network before it is operational. Security now has a significant affect on overall availability. Which of the following would be the FIRST process to perform as a result of these findings?

A. Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Reuse the firewall infrastructure on other projects.

B. Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Decrease the current SLA expectations to match the new solution.

C. Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. As part of the review ask them to review the control effectiveness.

D. Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution.

View Answer

New Questions 12

An organization determined that each of its remote sales representatives must use a smartphone for email access.

The organization provides the same centrally manageable model to each person.

Which of the following mechanisms BEST protects the confidentiality of the resident data?

A. Require dual factor authentication when connecting to the organizationu2021s email server.

B. Require each sales representative to establish a PIN to access the smartphone and limit email storage to two weeks.

C. Require encrypted communications when connecting to the organizationu2021s email server.

D. Require a PIN and automatic wiping of the smartphone if someone enters a specific number of incorrect PINs.

View Answer

New Questions 13

A health service provider is considering the impact of allowing doctors and nurses access to the internal email system from their personal smartphones. The Information Security Officer (ISO) has received a technical document from the security administrator explaining that the current email system is capable of enforcing security policies to personal smartphones, including screen lockout and mandatory PINs. Additionally, the system is able to remotely wipe a phone if reported lost or stolen. Which of the following should the Information Security Officer be MOST concerned with based on this scenario? (Select THREE).

A. The email system may become unavailable due to overload.

B. Compliance may not be supported by all smartphones.

C. Equipment loss, theft, and data leakage.

D. Smartphone radios can interfere with health equipment.

E. Data usage cost could significantly increase.

F. Not all smartphones natively support encryption.

G. Smartphones may be used as rogue access points.

View Answer

New Questions 14

A trucking company delivers products all over the country. The executives at the company would like to have better insight into the location of their drivers to ensure the shipments are following secure routes. Which of the following would BEST help the executives meet this goal?

A. Install GSM tracking on each product for end-to-end delivery visibility.

B. Implement geo-fencing to track products.

C. Require drivers to geo-tag documentation at each delivery location.

D. Equip each truck with an RFID tag for location services.

View Answer

New Questions 15

The security administrator of a large enterprise is tasked with installing and configuring a solution that will allow the company to inspect HTTPS traffic for signs of hidden malware and to detect data exfiltration over encrypted channels. After installing a transparent proxy server, the administrator is ready to configure the HTTPS traffic inspection engine and related network equipment. Which of the following should the security administrator implement as part of the network and proxy design to ensure the browser will not display any certificate errors when browsing HTTPS sites? (Select THREE).

A. Install a self-signed Root CA certificate on the proxy server.

B. The proxy configuration of all usersu2021 browsers must point to the proxy IP.

A. C. TCP port 443 requests must be redirected to TCP port 80 on the web server.

D. All usersu2021 personal certificatesu2021 public key must be installed on the proxy.

E. Implement policy-based routing on a router between the hosts and the Internet.

F. The proxy certificate must be installed on all usersu2021 browsers.

View Answer

New Questions 16

An administrator is reviewing logs and sees the following entry:

Message: Access denied with code 403 (phase 2). Pattern match "bunionb.{1,100}?bselectb" at ARGS:$id. [data "union all select"] [severity "CRITICAL"] [tag "WEB_ATTACK"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag

"OWASP_AppSensor/CIE1"]

Action: Intercepted (phase 2) Apache-Handler: php5-script Which of the following attacks was being attempted?

A. Session hijacking

B. Cross-site script

C. SQL injection

D. Buffer overflow

View Answer