A Chief Information Security Officer (CISO) of a major consulting firm has significantly increased the company's security posture; however, the company is still plagued by data breaches of misplaced assets. These data breaches as a result have led to the compromise of sensitive corporate and client data on at least 25 occasions. Each employee in the company is provided a laptop to perform company business.
Which of the following actions can the CISO take to mitigate the breaches?
A. Reload all user laptops with full disk encryption software immediately.A security officer is leading a lessons learned meeting.
Which of the following should be components of that meeting? (Select TWO).
A. Demonstration of IPS systemA system administrator needs to develop a policy for when an application server is no longer needed. Which of the following policies would need to be developed?
A. Backup policyWithin the company, there is executive management pressure to start advertising to a new target market. Due to the perceived schedule and budget inefficiencies of engaging a technology business unit to commission a new micro-site, the marketing department is engaging third parties to develop the site in order to meet time-to-market demands.
From a security perspective, which of the following options BEST balances the needs between marketing and risk management?
A. The third party should be contractually obliged to perform adequate security activities, and evidence of those activities should be confirmed by the company prior to launch.A small company's Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company's security posture with regard to targeted attacks. Which of the following should the CSO conduct FIRST?
A. Survey threat feeds from analysts inside the same industry.A company is developing a new web application for its Internet users and is following a secure coding methodology.
Which of the following methods would BEST assist the developers in determining if any unknown vulnerabilities are present?
A. Conduct web server load tests.At 10:35 a.m. a malicious user was able to obtain a valid authentication token which allowed read/write access to the backend database of a financial company.
At 10:45 a.m. the security administrator received multiple alerts from the company's statistical anomaly-based IDS about a company database administrator performing unusual transactions.
At 10:55 a.m. the security administrator resets the database administrator's password.
At 11:00 a.m. the security administrator is still receiving alerts from the IDS about unusual transactions from the same user.
Which of the following is MOST likely the cause of the alerts?
A. The IDS logs are compromised.Company XYZ provides hosting services for hundreds of companies across multiple industries including healthcare, education, and manufacturing. The security architect for company XYZ is reviewing a vendor proposal to reduce company XYZ's hardware costs by combining multiple physical hosts through the use of virtualization technologies. The security architect notes concerns about data separation, confidentiality, regulatory requirements concerning PII, and administrative complexity on the proposal.
Which of the following BEST describes the core concerns of the security architect?
A. Most of company XYZ's customers are willing to accept the risks of unauthorized disclosure and access to information by outside users.Which of the following attacks does Unicast Reverse Path Forwarding prevent?
A. Man in the MiddleA system administrator has a responsibility to maintain the security of the video teleconferencing system. During a self-audit of the video teleconferencing room, the administrator notices that speakers and microphones are hard-wired and wireless enabled.
Which of the following security concerns should the system administrator have about the existing technology in the room?
A. Wired transmissions could be intercepted by remote users.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.