A security administrator is redesigning, and implementing a service-oriented architecture to replace an old, in-house software processing system, tied to a corporate sales website. After performing the business process analysis, the administrator decides the services need to operate in a dynamic fashion. The company has also been the victim of data injection attacks in the past and needs to build in mitigation features.
Based on these requirements and past vulnerabilities, which of the following needs to be incorporated into the SOA?
A. Point to point VPNs for all corporate intranet users.An employee of a company files a complaint with a security administrator. While sniffing network traffic, the employee discovers that financially confidential emails were passing between two warehouse users. The two users deny sending confidential emails to each other.
Which of the following security practices would allow for non-repudiation and prevent network sniffers from reading the confidential mail? (Select TWO).
A. Transport encryptionThe company's marketing department needs to provide more real-time interaction with its partners and consumers and decides to move forward with a presence on multiple social networking sites for sharing information. Which of the following minimizes the potential exposure of proprietary information?
A. Require each person joining the company's social networking initiative to accept a non- disclosure agreement.A growing corporation is responding to the needs of its employees to access corporate email and other resources while traveling. The company is implementing remote access for company laptops.
Which of the following security systems should be implemented for remote access? (Select TWO).
A. Virtual Private NetworkA company is planning to deploy an in-house Security Operations Center (SOC). One of the new requirements is to deploy a NIPS solution into the Internet facing environment. The SOC highlighted the following requirements:

Perform fingerprinting on unfiltered inbound traffic to the company

Monitor all inbound and outbound traffic to the DMZ's
In which of the following places should the NIPS be placed in the network?
A. In front of the Internet firewall and in front of the DMZsThe Universal Research Association has just been acquired by the Association of Medical Business Researchers. The new conglomerate has funds to upgrade or replace hardware as part of the acquisition, but cannot fund labor for major software projects.
Which of the following will MOST likely result in some IT resources not being integrated?
A. One of the companies may use an outdated VDI.The Chief Information Security Officer (CISO) of a small bank wants to embed a monthly testing regiment into the security management plan specifically for the development area. The CISO's requirements are that testing must have a low risk of impacting system stability, can be scripted, and is very thorough. The development team claims that this will lead to a higher degree of test script maintenance and that it would be preferable if the testing was outsourced to a third party. The
CISO still maintains that third-party testing would not be as thorough as the third party lacks the introspection of the development team.
Which of the following will satisfy the CISO requirements?
A. Grey box testing performed by a major external consulting firm who have signed a NDA.Which of the following activities is commonly deemed "OUT OF SCOPE" when undertaking a penetration test?
A. Test password complexity of all login fields and input validation of form fieldsDuring a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy. Six months later, the company is audited for compliance to regulations. The audit discovers that 40% of the desktops do not meet requirements.
Which of the following is the cause of the noncompliance?
A. The devices are being modified and settings are being overridden in production.A newly-hired Chief Information Security Officer (CISO) is faced with improving security for a company with low morale and numerous disgruntled employees. After reviewing the situation for several weeks the CISO publishes a more comprehensive security policy with associated standards.
Which of the following issues could be addressed through the use of technical controls specified in the new security policy?
A. Employees publishing negative information and stories about company management on social network sites and blogs.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.