The IT manager is evaluating IPS products to determine which would be most effective at stopping network traffic that contains anomalous content on networks that carry very specific types of traffic. Based on the IT manager's requirements, which of the following types of IPS products would be BEST suited for use in this situation?
A. Signature-basedA security administrator at Company XYZ is trying to develop a body of knowledge to enable heuristic and behavior based security event monitoring of activities on a geographically distributed network. Instrumentation is chosen to allow for monitoring and measuring the network.
Which of the following is the BEST methodology to use in establishing this baseline?
A. Model the network in a series of VMs; instrument the systems to record comprehensive metrics; run a large volume of simulated data through the model; record and analyze results; document expected future behavior.The security manager of a company has hired an external consultant to conduct a security assessment of the company network. The contract stipulates that the consultant is not allowed to transmit any data on the company network while performing wired and wireless security assessments.
Which of the following technical means can the consultant use to determine the manufacturer and likely operating system of the company wireless and wired network devices, as well as the computers connected to the company network?
A. Social engineeringA user logs into domain A using a PKI certificate on a smartcard protected by an 8 digit PIN. The credential is cached by the authenticating server in domain A. Later, the user attempts to access a resource in domain B. This initiates a request to the original authenticating server to somehow attest to the resource server in the second domain that the user is in fact who they claim to be.
Which of the following is being described?
A. AuthenticationA new IDS device is generating a very large number of irrelevant events. Which of the following would BEST remedy this problem?
A. Change the IDS to use a heuristic anomaly filter.A security administrator notices a recent increase in workstations becoming compromised by malware. Often, the malware is delivered via drive-by downloads, from malware hosting websites, and is not being detected by the corporate antivirus.
Which of the following solutions would provide the BEST protection for the company?
A. Increase the frequency of antivirus downloads and install updates to all workstations.A vulnerability research team has detected a new variant of a stealth Trojan that disables itself when it detects that it is running on a virtualized environment. The team decides to use dedicated hardware and local network to identify the Trojan's behavior and the remote DNS and IP addresses it connects to.
Which of the following tools is BEST suited to identify the DNS and IP addresses the stealth Trojan communicates with after its payload is decrypted?
A. HIDSExecutive management is asking for a new manufacturing control and workflow automation solution. This application will facilitate management of proprietary information and closely guarded corporate trade secrets.
The information security team has been a part of the department meetings and come away with the following notes:
-Human resources would like complete access to employee data stored in the application. They would like automated data interchange with the employee management application, a cloud- based SaaS application.
-Sales is asking for easy order tracking to facilitate feedback to customers.
-Legal is asking for adequate safeguards to protect trade secrets. They are also concerned with data ownership questions and legal jurisdiction.
-Manufacturing is asking for ease of use. Employees working the assembly line cannot be bothered with additional steps or overhead. System interaction needs to be quick and easy.
-Quality assurance is concerned about managing the end product and tracking overall performance of the product being produced. They would like read-only access to the entire workflow process for monitoring and baselining.
The favored solution is a user friendly software application that would be hosted onsite. It has extensive ACL functionality, but also has readily available APIs for extensibility. It supports read-only access, kiosk automation, custom fields, and
data encryption.
Which of the following departments' request is in contrast to the favored solution?
A. ManufacturingSome mobile devices are jail-broken by connecting via USB cable and then exploiting software vulnerabilities to get kernel-level access.
Which of the following attack types represents this scenario? (Select TWO).
A. Session management attackA security consultant is investigating acts of corporate espionage within an organization. Each time the organization releases confidential information to high- ranking engineers, the information is soon leaked to competing companies. Which of the following techniques should the consultant use to discover the source of the information leaks?
A. Digital watermarkingNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.