At one time, security architecture best practices led to networks with a limited number (1-3) of network access points. This restriction allowed for the concentration of security resources and resulted in a well defined attack surface. The introduction of wireless networks, highly portable network devices, and cloud service providers has rendered the network boundary and attack surface increasingly porous. This evolution of the security architecture has led to which of the following?
A. Increased security capabilities, the same amount of security risks and a higher TCO but a smaller corporate datacenter on average.
B. Increased business capabilities and increased security risks with a lower TCO and smaller physical footprint on the corporate network.
C. Increased business capabilities and increased security risks with a higher TCO and a larger physical footprint.
D. Decreased business capabilities and increased security risks with a lower TCO and increased logical footprint due to virtualization.
An existing enterprise architecture included an enclave where sensitive research and development work was conducted. This network enclave also served as a storage location for proprietary corporate data and records. The initial security architect chose to protect the enclave by restricting access to a single physical port on a firewall. All downstream network devices were isolated from the rest of the network and communicated solely through the single 100mbps firewall port. Over time, researchers connected devices on the protected enclave directly to external resources and corporate data stores. Mobile and wireless devices were also added to the enclave to support high speed data research. Which of the following BEST describes the process which weakened the security posture of the enclave?
A. Emerging business requirements led to the de-perimiterization of the network.
B. Emerging security threats rendered the existing architecture obsolete.
C. The single firewall port was oversaturated with network packets.
D. The shrinking of an overall attack surface due to the additional access.
The root cause analysis of a recent security incident reveals that an attacker accessed a printer from the Internet. The attacker then accessed the print server, using the printer as a launch pad for a shell exploit. The print server logs show that the attacker was able to exploit multiple accounts, ultimately launching a successful DoS attack on the domain controller.
Defending against which of the following attacks should form the basis of the incident mitigation plan?
A. DDoS
B. SYN flood
C. Buffer overflow
D. Privilege escalation
A security architect is seeking to outsource company server resources to a commercial cloud service provider. The provider under consideration has a reputation for poorly controlling physical access to datacenters and has been the victim of multiple social engineering attacks. The service provider regularly assigns VMs from multiple clients to the same physical resources. When conducting the final risk assessment which of the following should the security architect take into consideration?
A. The ability to implement user training programs for the purpose of educating internal staff about the dangers of social engineering.
B. The cost of resources required to relocate services in the event of resource exhaustion on a particular VM.
C. The likelihood a malicious user will obtain proprietary information by gaining local access to the hypervisor platform.
D. Annual loss expectancy resulting from social engineering attacks against the cloud service provider affecting corporate network infrastructure.
Company A is trying to implement controls to reduce costs and time spent on litigation.
To accomplish this, Company A has established several goals: Prevent data breaches from lost/stolen assets
Reduce time to fulfill e-discovery requests
Prevent PII from leaving the network
Lessen the network perimeter attack surface
Reduce internal fraud
Which of the following solutions accomplishes the MOST of these goals?
A. Implement separation of duties; enable full encryption on USB devices and cell phones, allow cell phones to remotely connect to e-mail and network VPN, enforce a 90 day data retention policy.
B. Eliminate VPN access from remote devices. Restrict junior administrators to read-only shell access on network devices. Install virus scanning and SPAM filtering. Harden all servers with trusted OS extensions.
C. Create a change control process with stakeholder review board, implement separation of duties and mandatory vacation, create regular SAN snapshots, enable GPS tracking on all cell phones and laptops, and fully encrypt all email in transport.
D. Implement outgoing mail sanitation and incoming SPAM filtering. Allow VPN for mobile devices; cross train managers in multiple disciplines, ensure all corporate USB drives are provided by Company A and de-duplicate all server storage.
An administrator is unable to connect to a server via VNC.
Upon investigating the host firewall configuration, the administrator sees the following lines: A INPUT -m state --state NEW -m tcp -p tcp --dport 3389 -j DENY
A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j DENY
A INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT
A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j DENY
A INPUT -m state --state NEW -m tcp -p tcp --sport 3389 -j ACCEPT
Which of the following should occur to allow VNC access to the server?
A. DENY needs to be changed to ACCEPT on one line.
B. A line needs to be added.
C. A line needs to be removed.
D. Fix the typo in one line.
A network security engineer would like to allow authorized groups to access network devices with a shell restricted to only show information while still authenticating the administrator's group to an unrestricted shell. Which of the following can be configured to authenticate and enforce these shell restrictions? (Select TWO).
A. Single Sign On
B. Active Directory
C. Kerberos
D. NIS+
E. RADIUS
F. TACACS+
The firm's CISO has been working with the Chief Procurement Officer (CPO) and the Senior Project Manager (SPM) on soliciting bids for a series of HIPS and NIPS products for a major installation in the firm's new Hong Kong office. After reviewing RFQs received from three vendors, the CPO and the SPM have not gained any real data regarding the specifications about any of the solutions and want that data before the procurement continues. Which of the following will the CPO and SPM have the CISO do at this point to get back on track in this procurement process?
A. Ask the three submitting vendors for a full blown RFP so that the CPO and SPM can move to the next step.
B. Contact the three submitting vendor firms and have them submit supporting RFIs to provide more detailed information about their product solutions.
C. Provide the CPO and the SPM a personalized summary from what the CISO knows about these three submitting vendors.
D. Inform the three submitting vendors that there quotes are null and void at this time and that they are disqualified based upon their RFQs.
There has been a recent security breach which has led to the release of sensitive customer information. As part of improving security and reducing the disclosure of customer data, a training company has been employed to educate staff. Which of the following should be the primary focus of the privacy compliance training program?
A. Explain how customer data is gathered, used, disclosed, and managed.
B. Remind staff of the company's data handling policy and have staff sign an NDA.
C. Focus on explaining the "how" and "why" customer data is being collected.
D. Republish the data classification and the confidentiality policy.
Company XYZ has invested an increasing amount in security due to the changing threat landscape. The company is going through a cost cutting exercise and the Chief Financial Officer (CFO) has queried the security budget allocated to the Chief Information Security Officer (CISO). At the same time, the CISO is actively promoting business cases for additional funding to support new initiatives. These initiatives will mitigate several security incidents that have occurred due to ineffective controls.
A security advisor is engaged to assess the current controls framework and to provide recommendations on whether preventative, detective, or corrective controls should be implemented. How should the security advisor respond when explaining which controls to implement?
A. Preventative controls are useful before an event occurs, detective controls are useful during an event, and corrective controls are useful after an event has occurred. A combination of controls can be used.
B. Corrective controls are more costly to implement, but are only needed for real attacks or high value assets; therefore, controls should only be put in place after a real attack has occurred.
C. Detective controls are less costly to implement than preventative controls; therefore, they should be encouraged wherever possible. Corrective controls are used during an event or security incident. Preventative controls are hard to achieve in practice due to current market offerings.
D. Always advise the use of preventative controls as this will prevent security incidents from occurring in the first place. Detective and corrective controls are redundant compensating controls and are not required if preventative controls are implemented.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.