A mature organization with legacy information systems has incorporated numerous new processes and dependencies to manage security as its networks and infrastructure are modernized. The Chief Information Office has become increasingly frustrated with frequent releases, stating that the organization needs everything to work completely, and the vendor should already have those desires built into the software product. The vendor has been in constant communication with personnel and groups within the organization to understand its business process and capture new software requirements from users.
Which of the following methods of software development is this organization's configuration management process using?
A. AgileA corporate executive lost their smartphone while on an overseas business trip. The phone was equipped with file encryption and secured with a strong passphrase. The phone contained over 60GB of proprietary data. Given this scenario, which of the following is the BEST course of action?
A. File an insurance claim and assure the executive the data is secure because it is encrypted.A replacement CRM has had its business case approved. In preparation for a requirements workshop, an architect is working with a business analyst to ensure that appropriate security requirements have been captured. Which of the following documents BEST captures the security requirements?
A. Business requirements documentThe Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the company's wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO).
Which of the following are MOST important to include when submitting the exception form? (Select THREE).
A. Business or technical justification for not implementing the requirements.Company A is purchasing Company B. Company A uses a change management system for all IT processes while Company B does not have one in place. Company B's IT staff needs to purchase a third party product to enhance production. Which of the following NEXT steps should be implemented to address the security impacts this product may cause?
A. Purchase the product and test it in a lab environment before installing it on any live system.A UNIX administrator notifies the storage administrator that extra LUNs can be seen on a UNIX server. The LUNs appear to be NTFS file systems. Which of the following MOST likely happened?
A. The iSCSI initiator was not restarted.An administrator is unable to connect to a server via VNC.
Upon investigating the host firewall configuration, the administrator sees the following lines:

A INPUT -m state --state NEW -m tcp -p tcp --dport 3389 -j DENY

A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j DENY

A INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT

A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j DENY

A INPUT -m state --state NEW -m tcp -p tcp --sport 3389 -j ACCEPT
Which of the following should occur to allow VNC access to the server?
A. DENY needs to be changed to ACCEPT on one line.The network administrator has been tracking the cause of network performance problems and decides to take a look at the internal and external router stats.

Which of the following should the network administrator do to resolve the performance issue after analyzing the above information?
A. The IP TOS field of business related network traffic should be modified accordingly.A small company hosting multiple virtualized client servers on a single host is considering adding a new host to create a cluster. The new host hardware and operating system will be different from the first host, but the underlying virtualization technology will be compatible. Both hosts will be connected to a shared iSCSI storage solution.
Which of the following is the hosting company MOST likely trying to achieve?
A. Increased customer data availabilityAn organization has had component integration related vulnerabilities exploited in consecutive releases of the software it hosts. The only reason the company was able to identify the compromises was because of a correlation of slow server performance and an attentive security analyst noticing unusual outbound network activity from the application servers. End-to-end management of the development process is the responsibility of the applications development manager and testing is done by various teams of programmers.
Which of the following will MOST likely reduce the likelihood of similar incidents?
A. Conduct monthly audits to verify that application modifications do not introduce new vulnerabilities.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.