A breach at a government agency resulted in the public release of top secret information. The Chief Information Security Officer has tasked a group of security professionals to deploy a system which will protect against such breaches in the future.
Which of the following can the government agency deploy to meet future security needs?
A. A DAC which enforces no read-up, a DAC which enforces no write-down, and a MAC which uses an access matrix.A company has decided to move to an agile software development methodology. The company gives all of its developers security training. After a year of agile, a management review finds that the number of items on a vulnerability scan has actually increased since the methodology change.
Which of the following best practices has MOST likely been overlooked in the agile implementation?
A. Penetration tests should be performed after each sprint.Which of the following must be taken into consideration for e-discovery purposes when a legal case is first presented to a company?
A. Data ownership on all filesA developer is coding the crypto routine of an application that will be installed on a standard headless and diskless server connected to a NAS housed in the datacenter. The developer has written the following six lines of code to add entropy to the routine:
1 - If VIDEO input exists, use video data for entropy 2 - If AUDIO input exists, use audio data for entropy 3 - If MOUSE input exists, use mouse data for entropy 4 - IF KEYBOARD input exists, use keyboard data for entropy 5 - IF IDE input exists, use IDE data for entropy 6 - IF NETWORK input exists, use network data for entropy
Which of the following lines of code will result in the STRONGEST seed when combined?
A. 2 and 1Which of the following refers to programs running in an isolated space to run untested code and prevents the code from making permanent changes to the OS kernel and other data on the host machine?
A. Input ValidationCompany A has experienced external attacks on their network and wants to minimize the attacks from reoccurring. Modify the network diagram to prevent SQL injections. XSS attacks, smurf attacks, e-mail spam, downloaded malware. viruses and ping attacks. The company can spend a MAXIMUM of 550.000 USD. A cost list for each item is listed below
1. Anti-Virus Server- $10,000 2 Firewall-$15,000 3 Load Balanced Server - $10,000 4 NIDS/NIPS-$10,000
5. Packet Analyzer-55.000 6 Patch Server-$15,000 7 Proxy Server-$20,000 8. Router - S10.000 9 Spam Filter - S5 000 10 Traffic Shaper - $20,000
11. Web Application Firewall - $10,000
Instructions: Not all placeholders in the diagram need to be filled and items can only be used once.
Select and Place:

Company XYZ is in negotiations to acquire Company ABC for $1.2millon. Due diligence activities have uncovered systemic security issues in the flagship product of Company ABC. It has been established that a complete product rewrite would be needed with average estimates indicating a cost of $1.6millon.
Which of the following approaches should the risk manager of Company XYZ recommend?
A. Transfer the riskA large international business has completed the acquisition of a small business and it is now in the process of integrating the small business' IT department. Both parties have agreed that the large business will retain 95% of the smaller business' IT staff. Additionally, the larger business has a strong interest in specific processes that the smaller business has in place to handle its regional interests.
Which of the following IT security related objectives should the small business' IT staff consider reviewing during the integration process? (Select TWO).
A. How the large business operational procedures are implemented.The risk manager is reviewing a report which identifies a requirement to keep a business critical legacy system operational for the next two years. The legacy system is out of support because the vendor and security patches are no longer released. Additionally, this is a proprietary embedded system and little is documented and known about it.
Which of the following should the Information Technology department implement to reduce the security risk from a compromise of this system?
A. Virtualize the system and migrate it to a cloud provider.In order to reduce costs and improve employee satisfaction, a large corporation is creating a BYOD policy. It will allow access to email and remote connections to the corporate enterprise from personal devices; provided they are on an approved device list.
Which of the following security measures would be MOST effective in securing the enterprise under the new policy? (Select TWO).
A. Provide free email software for personal devices.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.