A security manager has started a new job and has identified that a key application for a new client does not have an accreditation status and is currently not meeting the compliance requirement for the contract's SOW. The security manager has competing priorities and wants to resolve this issue quickly with a system determination and risk assessment.
Which of the following approaches presents the MOST risk to the security assessment?
A. The security manager reviews the system description for the previous accreditation, but does not review application change records.A new company requirement mandates the implementation of multi-factor authentication to access network resources. The security administrator was asked to research and implement the most cost-effective solution that would allow for the authentication of both hardware and users. The company wants to leverage the PKI infrastructure which is already well established.
Which of the following solutions should the security administrator implement?
A. Issue individual private/public key pairs to each user, install the private key on the central authentication system, and protect the private key with the user's credentials. Require each user to install the public key on their computer.A security company is developing a new cloud-based log analytics platform. Its purpose is to allow:
Customers to upload their log files to the "big data" platform Customers to perform remote log search Customers to integrate into the platform using an API so that third party business intelligence tools can be used for the purpose of trending,
insights, and/or discovery
Which of the following are the BEST security considerations to protect data from one customer being disclosed to other customers? (Select THREE).
A. Secure storage and transmission of API keysThe IT department of a pharmaceutical research company is considering whether the company should allow or block access to social media websites during lunch time. The company is considering the possibility of allowing access only through the company's guest wireless network, which is logically separated from the internal research network. The company prohibits the use of personal devices; therefore, such access will take place from company owned laptops.
Which of the following is the HIGHEST risk to the organization?
A. Employee's professional reputationA University uses a card transaction system that allows students to purchase goods using their student ID. Students can put money on their ID at terminals throughout the campus. The security administrator was notified that computer science students have been using the network to illegally put money on their cards. The administrator would like to attempt to reproduce what the students are doing.
Which of the following is the BEST course of action?
A. Notify the transaction system vendor of the security vulnerability that was discovered.A data breach has occurred at Company A and as a result, the Chief Information Officer (CIO) has resigned. The CIO's laptop, cell phone and PC were all wiped of data per company policy. A month later, prosecutors in litigation with Company A suspect the CIO knew about the data breach long before it was discovered and have issued a subpoena requesting all the CIO's email from the last 12 months. The corporate retention policy recommends keeping data for no longer than 90 days.
Which of the following should occur?
A. Restore the CIO's email from an email server backup and provide the last 90 days from the date of the subpoena request.The security administrator of a small private firm is researching and putting together a proposal to purchase an IPS to replace an existing IDS. A specific brand and model has been selected, but the security administrator needs to gather various cost information for that product.
Which of the following documents would perform a cost analysis report and include information such as payment terms?
A. RFIWhich of the following provides the HIGHEST level of security for an integrated network providing services to authenticated corporate users?
A. Point to point VPN tunnels for external users, three-factor authentication, a cold site, physical security guards, cloud based servers, and IPv6 networking.An IT administrator has been tasked by the Chief Executive Officer with implementing security using a single device based on the following requirements:
1.
Selective sandboxing of suspicious code to determine malicious intent.
2.
VoIP handling for SIP and H.323 connections.
3.
Block potentially unwanted applications.
Which of the following devices would BEST meet all of these requirements?
A. UTMA security administrator is conducting network forensic analysis of a recent defacement of the company's secure web payment server (HTTPS). The server was compromised around the New Year's holiday when all the company employees were off. The company's network diagram is summarized below:

Internet

Gateway Firewall

IDS

Web SSL Accelerator

Web Server Farm

Internal Firewall

Company Internal Network
The security administrator discovers that all the local web server logs have been deleted. Additionally, the Internal Firewall logs are intact but show no activity from the internal network to the web server farm during the holiday.
Which of the following is true?
A. The security administrator should review the IDS logs to determine the source of the attack and the attack vector used to compromise the web server.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.