Drag and Drop the following information types on to the appropriate CIA category
Select and Place:

A security consultant is hired by a company to determine if an internally developed web application is vulnerable to attacks. The consultant spent two weeks testing the application, and determines that no vulnerabilities are present. Based on the results of the tools and tests available, which of the following statements BEST reflects the security status of the application?
A. The company's software lifecycle management improved the security of the application.Which of the following is a security advantage of single sign-on? (Select TWO).
A. Users only have to remember one password.Company XYZ is selling its manufacturing business consisting of one plant to a competitor, Company QRS. All of the people will become QRS employees, but will retain permissions to plant-specific information and resources for one month. To ease the transition, Company QRS also connected the plant and employees to the Company QRS network.
Which of the following threats is the HIGHEST risk to Company XYZ?
A. Malware originating from Company XYZ's networkAn organization is preparing to upgrade its firewall and NIPS infrastructure and has narrowed the vendor choices down to two platforms. The integrator chosen to assist the organization with the deployment has many clients running a mixture of the possible combinations of environments.
Which of the following is the MOST comprehensive method for evaluating the two platforms?
A. Benchmark each possible solution with the integrators existing client deployments.Within an organization, there is a known lack of governance for solution designs. As a result there are inconsistencies and varying levels of quality for the artifacts that are produced. Which of the following will help BEST improve this situation?
A. Ensure that those producing solution artifacts are reminded at the next team meeting that quality is important.A company has been purchased by another agency and the new security architect has identified new security goals for the organization. The current location has video surveillance throughout the building and entryways. The following requirements must be met:
1.
Ability to log entry of all employees in and out of specific areas
2.
Access control into and out of all sensitive areas
3.
Two-factor authentication
Which of the following would MOST likely be implemented to meet the above requirements and provide a secure solution? (Select TWO).
A. Proximity readersAn audit at a popular on-line shopping site reveals that a flaw in the website allows customers to purchase goods at a discounted rate. To improve security the Chief Information Security Officer (CISO) has requested that the web based shopping cart application undergo testing to validate user input in both free form text fields and drop down boxes.
Which of the following is the BEST combination of tools and / or methods to use?
A. Blackbox testing and fingerprintingA company data center provides Internet based access to email and web services. The firewall is separated into four zones:

RED ZONE is an Internet zone

ORANGE ZONE a Web DMZ

YELLOW ZONE an email DMZ

GREEN ZONE is a management interface
There are 15 email servers and 10 web servers. The data center administrator plugs a laptop into the management interface to make firewall changes. The administrator would like to secure this environment but has a limited budget.
Assuming each addition is an appliance, which of the following would provide the MOST appropriate placement of security solutions while minimizing the expenses?
A. RED ZONE: none ORANGE ZONE: WAF YELLOW ZONE: SPAM Filter GREEN ZONE: noneThe security administrator at a company has received a subpoena for the release of all the email received and sent by the company Chief Information Officer (CIO) for the past three years. The security administrator is only able to find one year's worth of email records on the server and is now concerned about the possible legal implications of not complying with the request.
Which of the following should the security administrator check BEFORE responding to the request?
A. The company data privacy policiesNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.