A company decides to purchase COTS software. This can introduce new security risks to the network. Which of the following is the BEST description of why this is true?
A. COTS software is typically well known and widely available. Information concerning vulnerabilities and viable attack patterns are never revealed by the developer to avoid a lawsuit.Which of the following should be used to identify overflow vulnerabilities?
A. FuzzingA company currently does not use any type of authentication or authorization service for remote access. The new security policy states that all remote access must be locked down to only authorized personnel. The policy also dictates that only authorized external networks will be allowed to access certain internal resources.
Which of the following would MOST likely need to be implemented and configured on the company's perimeter network to comply with the new security policy? (Select TWO).
A. VPN concentratorA developer is determining the best way to improve security within the code being developed. The developer is focusing on input fields where customers enter their credit card details. Which of the following techniques, if implemented in the code, would be the MOST effective in protecting the fields from malformed input?
A. Client side input validationCompany ABC has a 100Mbps fiber connection from headquarters to a remote office 200km (123 miles) away. This connection is provided by the local cable television company. ABC would like to extend a secure VLAN to the remote office, but the cable company says this is impossible since they already use VLANs on their internal network.
Which of the following protocols should the cable company be using to allow their customers to establish VLANs to other sites?
A. IS-ISA new web application system was purchased from a vendor and configured by the internal development team. Before the web application system was moved into production, a vulnerability assessment was conducted. A review of the vulnerability assessment report indicated that the testing team discovered a minor security issue with the configuration of the web application.
The security issue should be reported to:
A. CISO immediately in an exception report.The marketing department at Company A regularly sends out emails signed by the company's Chief Executive Officer (CEO) with announcements about the company. The CEO sends company and personal emails from a different email account. During legal proceedings against the company, the Chief Information Officer (CIO) must prove which emails came from the CEO and which came from the marketing department. The email server allows emails to be digitally signed and the corporate PKI provisioning allows for one certificate per user. The CEO did not share their password with anyone.
Which of the following will allow the CIO to state which emails the CEO sent and which the marketing department sent?
A. Identity proofingSeveral critical servers are unresponsive after an update was installed. Other computers that have not yet received the same update are operational, but are vulnerable to certain buffer overflow attacks. The security administrator is required to ensure all systems have the latest updates while minimizing any downtime.
Which of the following is the BEST risk mitigation strategy to use to ensure a system is properly updated and operational?
A. Distributed patch management system where all systems in production are patched as updates are released.Which of the following is a security concern with deploying COTS products within the network?
A. It is difficult to verify the security of COTS code because the source is available to the customer and it takes significant man hours to sort through it.A system administrator is troubleshooting a possible denial of service on a sensitive system. The system seems to run properly for a few hours after it is restarted, but then it suddenly stops processing transactions. The system administrator suspects an internal DoS caused by a disgruntled developer who is currently seeking a new job while still working for the company. After looking into various system logs, the system administrator looks at the following output from the main system service responsible for processing incoming transactions.
DATE/TIME PID COMMAND %CPU MEM 03102014103000 2055 com.proc 10.2 920K 03102014110000 2055 com.proc 12.3 5.2M 03102014123000 2055 com.proc 22.0 22M 03102014130000 2055 com.proc 33.0 1.6G 03102014133000 2055 com.proc 30.2 8.0G
Which of the following is the MOST likely cause for the DoS?
A. The system does not implement proper garbage collection.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.