A company uses a custom Line of Business (LOB) application to facilitate all back-end manufacturing control. Upon investigation, it has been determined that the database used by the LOB application uses a proprietary data format. The risk management group has flagged this as a potential weakness in the company's operational robustness.
Which of the following would be the GREATEST concern when analyzing the manufacturing control application?
A. Difficulty backing up the custom databaseThe Chief Information Security Officer (CISO) is researching ways to reduce the risk associated with administrative access of six IT staff members while enforcing separation of duties. In the case where an IT staff member is absent, each staff member should be able to perform all the necessary duties of their IT co-workers.
Which of the following policies should the CISO implement to reduce the risk?
A. Require the use of an unprivileged account, and a second shared account only for administrative purposes.News outlets are beginning to report on a number of retail establishments that are experiencing payment card data breaches. The data exfiltration is enabled by malware on a compromised computer. After the initial exploit network mapping and fingerprinting occurs in preparation for further exploitation.
Which of the following is the MOST effective solution to protect against unrecognized malware infections, reduce detection time, and minimize any damage that might be done?
A. Remove local admin permissions from all users and change anti-virus to a cloud aware, push technology.A legacy system is not scheduled to be decommissioned for two years and requires the use of the standard Telnet protocol. Which of the following should be used to mitigate the security risks of this system?
A. Migrate the system to IPv6.Which of the following BEST explains SAML?
A. A security attestation model built on XML and SOAP-based services, which allows for the exchange of AandA data between systems and supports Federated Identity Management.The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. The Chief Information Officer (CIO) wants to determine which additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable.
Which of the following BEST describes the scenario presented and the document the ISO is reviewing?
A. The ISO is evaluating the business implications of a recent telephone system failure within the BIA.Noticing latency issues at its connection to the Internet, a company suspects that it is being targeted in a Distributed Denial of Service attack. A security analyst discovers numerous inbound monlist requests coming to the company's NTP servers.
Which of the following mitigates this activity with the LEAST impact to existing operations?
A. Block in-bound connections to the company's NTP servers.An extensible commercial software system was upgraded to the next minor release version to patch a security vulnerability. After the upgrade, an unauthorized intrusion into the system was detected. The software vendor is called in to troubleshoot the issue and reports that all core components were updated properly.
Which of the following has been overlooked in securing the system? (Select TWO).
A. The company's IDS signatures were not updated.The security administrator has been tasked with providing a solution that would not only eliminate the need for physical desktops, but would also centralize the location of all desktop applications, without losing physical control of any network devices.
Which of the following would the security manager MOST likely implement?
A. VLANsThe security administrator reports that the physical security of the Ethernet network has been breached, but the fibre channel storage network was not breached. Why might this still concern the storage administrator? (Select TWO).
A. The storage network uses FCoE.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.