Virtual hosts with different security requirements should be:
A. encrypted with a one-time password.
B. stored on separate physical hosts.
C. moved to the cloud.
D. scanned for vulnerabilities regularly.
An administrator is reviewing a recent security audit and determines that two users in finance also have access to the human resource data. One of those users fills in for any HR employees on vacation, the other user only works in finance. Which of the following policies is being violated by the finance user according to the audit results?
A. Mandatory vacation
B. Non-disclosure
C. Job rotation
D. Least privilege
After a security incident, an administrator revokes the SSL certificate for their web server www.company.com. Later, users begin to inform the help desk that a few other servers are generating certificate errors: ftp.company.com, mail.company.com, and partners.company.com. Which of the following is MOST likely the reason for this?
A. Each of the servers used the same EV certificate.
B. The servers used a wildcard certificate.
C. The web server was the CA for the domain.
D. Revoking a certificate can only be done at the domain level.
An administrator is assessing the potential risk impact on an accounting system and categorizes it as follows:
Administrative Files = {(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Low)} Vendor Information = {(Confidentiality, Moderate), (Integrity, Low), (Availability, Low)} Payroll Data = {(Confidentiality, High), (Integrity, Moderate),
(Availability, Low)} Which of the following is the aggregate risk impact on the accounting system?
A. {(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Moderate)}
B. {(Confidentiality, High), (Integrity, Low), (Availability, Low)}
C. {(Confidentiality, High), (Integrity, Moderate), (Availability, Low)}
D. {(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Low)}
A security incident happens three times a year on a company's web server costing the company $1,500 in downtime, per occurrence. The web server is only for archival access and is scheduled to be decommissioned in five years. The cost of implementing software to prevent this incident would be $15,000 initially, plus $1,000 a year for maintenance. Which of the following is the MOST cost-effective manner to deal with this risk?
A. Avoid the risk
B. Transfer the risk
C. Accept the risk
D. Mitigate the risk
An administrator wants to virtualize the company's web servers, application servers, and database servers. Which of the following should be done to secure the virtual host machines? (Select TWO).
A. Establish VLANs for each virtual guest's NIC on the virtual switch.
B. Enable virtual switch layer 2 security precautions.
C. Only access hosts through a secure management interface.
D. Distribute guests to hosts by application role or trust zone.
E. Restrict physical and network access to the host console.
Company Z is merging with Company A to expand its global presence and consumer base. This purchase includes several offices in different countries. To maintain strict internal security and compliance requirements, all employee activity may be monitored and reviewed. Which of the following would be the MOST likely cause for a change in this practice?
A. The excessive time it will take to merge the company's information systems.
B. Countries may have different legal or regulatory requirements.
C. Company A might not have adequate staffing to conduct these reviews.
D. The companies must consolidate security policies during the merger.
The company's marketing department needs to provide more real-time interaction with its partners and consumers and decides to move forward with a presence on multiple social networking sites for sharing information. Which of the following minimizes the potential exposure of proprietary information?
A. Require each person joining the company's social networking initiative to accept a non- disclosure agreement.
B. Establish a specific set of trained people that can release information on the organization's behalf.
C. Require a confidential statement be attached to all information released to the social networking sites.
D. Establish a social media usage policy and provide training to all marketing employees.
Due to a new regulation, a company has to increase active monitoring of security-related events to 24 hours a day. The security staff only has three full time employees that work during normal business hours. Instead of hiring new security analysts to cover the remaining shifts necessary to meet the monitoring requirement, the Chief Information Officer (CIO) has hired a Managed Security Service (MSS) to monitor events. Which of the following should the company do to ensure that the chosen MSS meets expectations?
A. Develop a memorandum of understanding on what the MSS is responsible to provide.
B. Create internal metrics to track MSS performance.
C. Establish a mutually agreed upon service level agreement.
D. Issue a RFP to ensure the MSS follows guidelines.
Based on the results of a recent audit, a company rolled out a standard computer image in an effort to provide consistent security configurations across all computers. Which of the following controls provides the GREATEST level of certainty that unauthorized changes are not occurring?
A. Schedule weekly vulnerability assessments
B. Implement continuous log monitoring
C. Scan computers weekly against the baseline
D. Require monthly reports showing compliance with configuration and updates
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.