A security manager is collecting RFQ, RFP, and RFI publications to help identify the technology trends which a government will be moving towards in the future. This information is available to the public. By consolidating the information, the security manager will be able to combine several perspectives into a broader view of technology trends.
This is an example of which of the following? (Select TWO).
A. Supervisory control and data acquisitionA bank provides single sign on services between its internally hosted applications and externally hosted CRM. The following sequence of events occurs:
1.
The banker accesses the CRM system, a redirect is performed back to the organization's internal systems.
2.
A lookup is performed of the identity and a token is generated, signed and encrypted.
3.
A redirect is performed back to the CRM system with the token.
4.
The CRM system validates the integrity of the payload, extracts the identity and performs a lookup.
5.
If the banker is not in the system and automated provisioning request occurs.
6.
The banker is authenticated and authorized and can access the system. This is an example of which of the following?
A. Service provider initiated SAML 2.0Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end users before being installed on mobile devices.
Which of the following should Ann implement to stop modified copies of her software form running on mobile devices?
A. Single sign-onA network administrator notices a security intrusion on the web server.
Which of the following is noticed by http://test.com/modules.php? op=modloadandname=XForumandfile=[hostilejavascript]andfid=2 in the log file?
A. Buffer overflowVirtual hosts with different security requirements should be:
A. encrypted with a one-time password.Ann, a Physical Security Manager, is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. Ann has several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level.
Which of the following should Ann suggest to BEST secure this environment?
A. Create an IP camera network and deploy NIPS to prevent unauthorized access.Driven mainly by cost, many companies outsource computing jobs which require a large amount of processor cycles over a short duration to cloud providers. This allows the company to avoid a large investment in computing resources which will only be used for a short time.
Assuming the provisioned resources are dedicated to a single company, which of the following is the MAIN vulnerability associated with on-demand provisioning?
A. Traces of proprietary data which can remain on the virtual machine and be exploitedA security architect is locked into a given cryptographic design based on the allowable software at the company. The key length for applications is already fixed as is the cipher and algorithm in use. The security architect advocates for the use of well-randomized keys as a mitigation to brute force and rainbow attacks.
Which of the following is the security architect trying to increase in the design?
A. Key stretchingAn Association is preparing to upgrade their firewalls at five locations around the United States. Each of the three vendor's RFP responses is in-line with the security and other requirements. Which of the following should the security administrator do to ensure the firewall platform is appropriate for the Association?
A. Correlate current industry research with the RFP responses to ensure validity.A company has decided to use the SDLC for the creation and production of a new information system. The security administrator is training all users on how to protect company information while using the new system, along with being able to recognize social engineering attacks. Senior Management must also formally approve of the system prior to it going live.
In which of the following phases would these security controls take place?
A. Operations and MaintenanceNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.