An organization must comply with a new regulation that requires the organization to determine if an external attacker is able to gain access to its systems from outside the network. Which of the following should the company conduct to meet the regulation's criteria?
A. Conduct a compliance reviewCompany XYZ has invested an increasing amount in security due to the changing threat landscape. The company is going through a cost cutting exercise and the Chief Financial Officer (CFO) has queried the security budget allocated to the Chief Information Security Officer (CISO). At the same time, the CISO is actively promoting business cases for additional funding to support new initiatives. These initiatives will mitigate several security incidents that have occurred due to ineffective controls.
A security advisor is engaged to assess the current controls framework and to provide recommendations on whether preventative, detective, or corrective controls should be implemented. How should the security advisor respond when explaining which controls to implement?
A. Preventative controls are useful before an event occurs, detective controls are useful during an event, and corrective controls are useful after an event has occurred. A combination of controls can be used.When Company A and Company B merged, the network security administrator for Company A was tasked with joining the two networks. Which of the following should be done FIRST?
A. Implement a unified IPv6 addressing scheme on the entire network.A bank now has a major initiative to virtualize as many servers as possible, due to power and rack space capacity at both data centers. The bank has prioritized by virtualizing older servers first as the hardware is nearing end-of-life. The two initial migrations include:

Windows 2000 hosts: domain controllers and front-facing web servers

RHEL3 hosts: front-facing web servers
Which of the following should the security consultant recommend based on best practices?
A. One data center should host virtualized web servers and the second data center should host the virtualized domain controllers.A security engineer is a new member to a configuration board at the request of management. The company has two new major IT projects starting this year and wants to plan security into the application deployment. The board is primarily concerned with the applications' compliance with federal assessment and authorization standards. The security engineer asks for a timeline to determine when a security assessment of both applications should occur and does not attend subsequent configuration board meetings.
If the security engineer is only going to perform a security assessment, which of the following steps in system authorization has the security engineer omitted? (Select TWO).
A. Establish the security control baseline to be assessedAfter a recent outbreak of malware attacks, the Chief Information Officer (CIO) tasks the new security manager with determining how to keep these attacks from reoccurring. The company has a standard image for all laptops/workstations and uses a host-based firewall and anti-virus.
Which of the following should the security manager suggest to INCREASE each system's security level?
A. Upgrade all system's to use a HIPS and require daily anti-virus scans.An online banking application has had its source code updated and is soon to be re-launched. The underlying infrastructure has not been changed. In order to ensure that the application has an appropriate security posture, several security-related activities are required.
Which of the following security activities should be performed to provide an appropriate level of security testing coverage? (Select TWO).
A. Penetration test across the application with accounts of varying access levels (i.e. non- authenticated, authenticated, and administrative users).In a SPML exchange, which of the following BEST describes the three primary roles?
A. The Provisioning Service Target (PST) entity makes the provisioning request, the Provisioning Service Provider (PSP) responds to the PST requests, and the Provisioning Service Target (PST) performs the provisioning.A retail bank has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the bank's share price decreasing in value by 50% and regulatory intervention and monitoring. The new Chief Information Security Officer (CISO) as a result has initiated a program of work to solve the issues.
The business has specified that the solution needs to be enterprise grade and meet the following requirements:

Be across all major platforms, applications and infrastructure.

Be able to track user and administrator activity.

Does not significantly degrade the performance of production platforms, applications, and infrastructures.

Real time incident reporting.

Manageable and has meaningful information.

Business units are able to generate reports in a timely manner of the unit's system assets.
In order to solve this problem, which of the following security solutions will BEST meet the above requirements? (Select THREE).
A. Implement a security operations center to provide real time monitoring and incident response with self service reporting capability.Corporate policy states that the systems administrator should not be present during system audits. The security policy that states this is:
A. Separation of duties.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.