A security manager is developing new policies and procedures. Which of the following is a best practice in end user security?
A. Employee identity badges and physical access controls to ensure only staff are allowed onsite.A security administrator must implement a SCADA style network overlay to ensure secure remote management of all network management and infrastructure devices. Which of the following BEST describes the rationale behind this architecture?
A. A physically isolated network that allows for secure metric collection.A court order has ruled that your company must surrender all the email sent and received by a certain employee for the past five years. After reviewing the backup systems, the IT administrator concludes that email backups are not kept that long.
Which of the following policies MUST be reviewed to address future compliance?
A. Tape backup policiesAn administrator is reviewing a recent security audit and determines that two users in finance also have access to the human resource data. One of those users fills in for any HR employees on vacation, the other user only works in finance. Which of the following policies is being violated by the finance user according to the audit results?
A. Mandatory vacationThe threat abatement program manager tasked the software engineer with identifying the fastest implementation of a hash function to protect passwords with the least number of collisions. Which of the following should the software engineer implement to best meet the requirements?
A. hash = sha512(password + salt); for (k = 0; k < 4000; k++) { hash = sha512 (hash); }After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of the following would help meet these goals by having co-workers occasionally audit another worker's position?
A. Least privilegeThe Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality.
Which of the following equipment MUST be deployed to guard against unknown threats?
A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates.The sales division within a large organization purchased touch screen tablet computers for all 250 sales representatives in an effort to showcase the use of technology to its customers and increase productivity. This includes the development of a new product tracking application that works with the new platform. The security manager attempted to stop the deployment because the equipment and application are non-standard and unsupported within the organization. However, upper management decided to continue the deployment.
Which of the following provides the BEST method for evaluating the potential threats?
A. Conduct a vulnerability assessment to determine the security posture of the new devices and the application.A small company has a network with 37 workstations, 3 printers, a 48 port switch, an enterprise class router, and a firewall at the boundary to the ISP. The workstations have the latest patches and all have up-to-date anti-virus software. User authentication is a two-factor system with fingerprint scanners and passwords. Sensitive data on each workstation is encrypted. The network is configured to use IPv4 and is a standard Ethernet network. The network also has a captive portal based wireless hot-spot to accommodate visitors.
Which of the following is a problem with the security posture of this company?
A. No effective controls in placeA software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production.
Which of the following development methodologies is the team MOST likely using now?
A. AgileNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.