Company A is trying to implement controls to reduce costs and time spent on litigation.
To accomplish this, Company A has established several goals:

Prevent data breaches from lost/stolen assets

Reduce time to fulfill e-discovery requests

Prevent PII from leaving the network

Lessen the network perimeter attack surface

Reduce internal fraud
Which of the following solutions accomplishes the MOST of these goals?
A. Implement separation of duties; enable full encryption on USB devices and cell phones, allow cell phones to remotely connect to e-mail and network VPN, enforce a 90 day data retention policy.A web administrator develops a web form for users to respond to the company via a web page. Which of the following should be practiced to avoid a security risk?
A. SQL injectionThe security administrator is reviewing the business continuity plan which consists of virtual infrastructures at corporate headquarters and at the backup site. The administrator is concerned that the VLAN used to perform live migrations of virtual machines to the backup site is across the network provider's MPLS network.
This is a concern due to which of the following?
A. The hypervisor virtual switches only support Q-in-Q VLANS, not MPLS. This may cause live migrations to the backup site to fail.An external auditor has found that IT security policies in the organization are not maintained and in some cases are nonexistent. As a result of the audit findings, the CISO has been tasked with the objective of establishing a mechanism to manage the lifecycle of IT security policies.
Which of the following can be used to BEST achieve the CISO's objectives?
A. CoBITA system architect has the following constraints from the customer:

Confidentiality, Integrity, and Availability (CIA) are all of equal importance.

Average availability must be at least 6 nines (99.9999%).

All devices must support collaboration with every other user device.

All devices must be VoIP and teleconference ready.
Which of the following security controls is the BEST to apply to this architecture?
A. Deployment of multiple standard images based on individual hardware configurations, employee choice of hardware and software requirements, triple redundancy of all processing equipment.Company ABC has grown yearly through mergers and acquisitions. This has led to over 200 internal custom web applications having standalone identity stores. In order to reduce costs and improve operational efficiencies a project has been initiated to implement a centralized security infrastructure.
The requirements are as follows:

Reduce costs

Improve efficiencies and time to market

Manageable

Accurate identity information

Standardize on authentication and authorization

Ensure a reusable model with standard integration patterns
Which of the following security solution options will BEST meet the above requirements? (Select THREE).
A. Build an organization-wide fine grained access control model stored in a centralized policy data store.A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool?
A. The tool could show that input validation was only enabled on the client sideA security administrator wants to perform an audit of the company password file to ensure users are not using personal information such as addresses and birthdays as part of their password. The company employs 200,000 users, has virtualized environments with cluster and cloud-based computing resources, and enforces a minimum password length of 14 characters.
Which of the following options is BEST suited to run the password auditing software and produce a report in the SHORTEST amount of time?
A. The system administrator should take advantage of the company's cluster based computing resources, upload the password file to the cluster, and run the password cracker on that platform.A company has a single subnet in a small office. The administrator wants to limit non-web related traffic to the corporate intranet server as well as prevent abnormal HTTP requests and HTTP protocol anomalies from causing problems with the web server.
Which of the following is the MOST likely solution?
A. Application firewall and NIPSA project has been established in a large bank to develop a new secure online banking platform. Half way through the development it was discovered that a key piece of software used as part of the base platform is now susceptible to recently published exploits.
Who should be contacted FIRST by the project team to discuss potential changes to the platform requirements?
A. EngineersNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.