A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the following would MOST appropriately address Joe's concerns?
A. Ensure web services hosting the event use TCP cookies and deny_hosts.
B. Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions.
C. Contract and configure scrubbing services with third-party DDoS mitigation providers.
D. Purchase additional bandwidth from the company's Internet service provider.
Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology.
Which of the following would be the advantage of conducting this kind of penetration test?
A. The risk of unplanned server outages is reduced.
B. Using documentation provided to them, the pen-test organization can quickly determine areas to focus on.
C. The results will show an in-depth view of the network and should help pin-point areas of internal weakness.
D. The results should reflect what attackers may be able to learn about the company.
A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?
A. The malware file's modify, access, change time properties.
B. The timeline analysis of the file system.
C. The time stamp of the malware in the swap file.
D. The date/time stamp of the malware detection in the antivirus logs.
News outlets are beginning to report on a number of retail establishments that are experiencing payment card data breaches. The data exfiltration is enabled by malware on a compromised computer. After the initial exploit, network mapping and fingerprinting is conducted to prepare for further exploitation. Which of the following is the MOST effective solution to protect against unrecognized malware infections?
A. Remove local admin permissions from all users and change anti-virus to a cloud aware, push technology.
B. Implement an application whitelist at all levels of the organization.
C. Deploy a network based heuristic IDS, configure all layer 3 switches to feed data to the IDS for more effective monitoring.
D. Update router configuration to pass all network traffic through a new proxy server with advanced malware detection.
A security administrator is tasked with implementing two-factor authentication for the company VPN. The VPN is currently configured to authenticate VPN users against a backend RADIUS server. New company policies require a second factor of authentication, and the Information Security Officer has selected PKI as the second factor. Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and ensure that no error messages are displayed to the user during the VPN connection? (Select TWO).
A. The user's certificate private key must be installed on the VPN concentrator.
B. The CA's certificate private key must be installed on the VPN concentrator.
C. The user certificate private key must be signed by the CA.
D. The VPN concentrator's certificate private key must be signed by the CA and installed on the VPN concentrator.
E. The VPN concentrator's certificate private key must be installed on the VPN concentrator.
F. The CA's certificate public key must be installed on the VPN concentrator.
A company recently experienced a malware outbreak. It was caused by a vendor using an approved non- company device on the company's corporate network that impacted manufacturing lines, causing a week of downtime to recover from the attack.
Which of the following reduces this threat and minimizes potential impact on the manufacturing lines?
A. Disable remote access capabilities on manufacturing SCADA systems.
B. Require a NIPS for all communications to and from manufacturing SCADA systems.
C. Add anti-virus and client firewall capabilities to the manufacturing SCADA systems.
D. Deploy an ACL that restricts access from the corporate network to the manufacturing SCADA systems.
A company is planning to deploy an in-house Security Operations Center (SOC). One of the new requirements is to deploy a NIPS solution into the Internet facing environment.
The SOC highlighted the following requirements:
Perform fingerprinting on unfiltered inbound traffic to the company
Monitor all inbound and outbound traffic to the DMZ's
In which of the following places should the NIPS be placed in the network?
A. In front of the Internet firewall and in front of the DMZs
B. In front of the Internet firewall and in front of the internal firewall
C. In front of the Internet firewall and behind the internal firewall
D. Behind the Internet firewall and in front of the DMZs
The IT Manager has mandated that an extensible markup language be implemented which can be used to exchange provisioning requests and responses for account creation. Which of the following is BEST able to achieve this?
A. XACML
B. SAML
C. SOAP
D. SPML
Which of the following potential vulnerabilities exists in the following code snippet?
var myEmail = document.getElementById("formInputEmail").value; if (xmlhttp.readyState==4 andand xmlhttp.status==200) { Document.getElementById("profileBox").innerHTML = "Emails will be sent to " + myEmail + xmlhttp.responseText; }
A. Javascript buffer overflow
B. AJAX XHR weaknesses
C. DOM-based XSS
D. JSON weaknesses
The Chief Information Security Officer (CISO) has just returned from attending a security conference and now wants to implement a Security Operations Center (SOC) to improve and coordinate the detection of unauthorized access to the enterprise. The CISO's biggest concern is the increased number of attacks that the current infrastructure cannot detect. Which of the following is MOST likely to be used in a SOC to address the CISO's concerns?
A. DLP, Analytics, SIEM, Forensics, NIPS, HIPS, WIPS and eGRC
B. Forensics, White box testing, Log correlation, HIDS, and SSO
C. Vulnerability assessments, NIDP, HIDS, SCAP, Analytics and SIEM
D. eGRC, WIPS, Federated ID, Network enumerator, NIPS and Port Scanners
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.