The sales division within a large organization purchased touch screen tablet computers for all 250 sales representatives in an effort to showcase the use of technology to its customers and increase productivity. This includes the development of a new product tracking application that works with the new platform. The security manager attempted to stop the deployment because the equipment and application are non- standard and unsupported within the organization. However, upper management decided to continue the deployment. Which of the following provides the BEST method for evaluating the potential threats?
A. Conduct a vulnerability assessment to determine the security posture of the new devices and the application.
B. Benchmark other organization's that already encountered this type of situation and apply all relevant learning's and industry best practices.
C. Work with the business to understand and classify the risk associated with the full lifecycle of the hardware and software deployment.
D. Develop a standard image for the new devices and migrate to a web application to eliminate locally resident data.
The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and wants to connect it to the internal network. The Chief Information Security Officer (CISO) was told to research and recommend how to secure this device.
Which of the following should be implemented, keeping in mind that the CEO has stated that this access is required?
A. Mitigate and Transfer
B. Accept and Transfer
C. Transfer and Avoid
D. Avoid and Mitigate
The Chief Executive Officer (CEO) of a corporation decided to move all email to a cloud computing environment. The Chief Information Security Officer (CISO) was told to research the risk involved in this environment.
Which of the following measures should be implemented to minimize the risk of hosting email in the cloud?
A. Remind users that all emails with sensitive information need be encrypted and physically inspect the cloud computing.
B. Ensure logins are over an encrypted channel and obtain an NDA and an SLA from the cloud provider.
C. Ensure logins are over an encrypted channel and remind users to encrypt all emails that contain sensitive information.
D. Obtain an NDA from the cloud provider and remind users that all emails with sensitive information need be encrypted.
Which of the following can aid a buffer overflow attack to execute when used in the creation of applications?
A. Secure cookie storage
B. Standard libraries
C. State management
D. Input validation
The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and wants to connect it to the company's internal network. The Chief Information Security Officer (CISO) was told to research and recommend how to secure this device.
Which of the following recommendations should be implemented to keep the device from posing a security risk to the company?
A. A corporate policy to prevent sensitive information from residing on a mobile device and anti- virus software.
B. Encryption of the non-volatile memory and a corporate policy to prevent sensitive information from residing on a mobile device.
C. Encryption of the non-volatile memory and a password or PIN to access the device.
D. A password or PIN to access the device and a corporate policy to prevent sensitive information from residing on a mobile device.
Which of the following should be used with caution because of its ability to provide access to block level data instead of file level data?
A. CIFS
B. NFS
C. iSCSI
D. NAS
Which of the following precautions should be taken to harden network devices in case of VMEscape?
A. Database servers should be on the same virtual server as web servers in the DMZ network segment.
B. Web servers should be on the same physical server as database servers in the network segment.
C. Virtual servers should only be on the same physical server as others in their network segment.
D. Physical servers should only be on the same WAN as other physical servers in their network.
An Information Security Officer (ISO) has asked a security team to randomly retrieve discarded computers from the warehouse dumpster. The security team was able to retrieve two older computers and a broken MFD network printer. The security team was able to connect the hard drives from the two computers and the network printer to a computer equipped with forensic tools. The security team was able to retrieve PDF files from the network printer hard drive but the data on the two older hard drives was inaccessible.
Which of the following should the Warehouse Manager do to remediate the security issue?
A. Revise the hardware and software maintenance contract.
B. Degauss the printer hard drive to delete data.
C. Implement a new change control process.
D. Update the hardware decommissioning procedures.
A security tester is testing a website and performs the following manual query:
https://www.comptia.com/cookies.jsp?products=5%20and%201=1
The following response is received in the payload:
"ORA-000001: SQL command not properly ended"
Which of the following is the response an example of?
A. Fingerprinting
B. Cross-site scripting
C. SQL injection
D. Privilege escalation
A telecommunication company has recently upgraded their teleconference systems to multicast. Additionally, the security team has instituted a new policy which requires VPN to access the company's video conference. All parties must be issued a VPN account and must connect to the company's VPN concentrator to participate in the remote meetings.
Which of the following settings will increase bandwidth utilization on the VPN concentrator during the remote meetings?
A. IPSec transport mode is enabled
B. ICMP is disabled
C. Split tunneling is disabled
D. NAT-traversal is enabled
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.