A trust relationship has been established between two organizations with web based services.
One organization is acting as the Requesting Authority (RA) and the other acts as the Provisioning
Service Provider (PSP). Which of the following is correct about the trust relationship?Options are :
Company XYZ plans to donate 1,000 used computers to a local school. The company has a large
research and development section and some of the computers were previously used to store
The security administrator is concerned about data remnants on the donated machines, but the
company does not have a device sanitization section in the data handling policy.
Which of the following is the BEST course of action for the security administrator to take?Options are :
select id, firstname, lastname from authors
User input= firstname= Hack;man
Which of the following types of attacks is the user attempting?Options are :
A retail bank has had a number of issues in regards to the integrity of sensitive information across
all of its customer databases. This has resulted in the bankís share price decreasing in value by
50% and regulatory intervention and monitoring.
The new Chief Information Security Officer (CISO) as a result has initiated a program of work to
solve the issues.
The business has specified that the solution needs to be enterprise grade and meet the following
Be across all major platforms, applications and infrastructure.
Be able to track user and administrator activity.
Does not significantly degrade the performance of production platforms, applications, and
Real time incident reporting.
Manageable and has meaningful information.
Business units are able to generate reports in a timely manner of the unitís system assets.
In order to solve this problem, which of the following security solutions will BEST meet the above
requirements? (Select THREE).
CompTIA CAS-001 Exam
"Pass Any Exam. Any Time." - www.actualtests.com 155
A. Implement a security operations center to provide real time monitoring and incident response
with self service reporting capability.
B. Implement an aggregation based SIEM solution to be deployed on the log servers of the major
platforms, applications, and infrastructure.
C. Implement a security operations center to provide real time monitoring and incident response
and an event correlation dashboard with self service reporting capability.
D. Ensure that the network operations center has the tools to provide real time monitoring and
incident response and an event correlation dashboard with self service reporting capabilities.
E. Implement an agent only based SIEM solution to be deployed on all major platforms,
applications, and infrastructures.
F. Ensure appropriate auditing is enabled to capture the required information.
G. Manually pull the logs from the major platforms, applications, and infrastructures to a central
secure server.Options are :
general insurance company wants to set up a new online business. The requirements are that
the solution needs to be:
Extendable for new products to be developed and added
Externally facing for customers and business partners to login
Usable and manageable
Be able to integrate seamlessly with third parties for non core functions such as document
Secure to protect customerís personal information and credit card information during transport
and at rest
The conceptual solution architecture has specified that the application will consist of a traditional
three tiered architecture for the front end components, an ESB to provide services, data
transformation capability and legacy system integration and a web services gateway.
Which of the following security components will BEST meet the above requirements and fit into the
solution architecture? (Select TWO).
A. Implement WS-Security for services authentication and XACML for service authorization.
B. Use end-to-end application level encryption to encrypt all fields and store them encrypted in the
C. Implement a certificate based solution on a smart card in combination with a PIN to provide
authentication and authorization of users.
D. Implement WS-Security as a federated single sign-on solution for authentication authorization
E. Implement SSL encryption for all sensitive data flows and encryption of passwords of the data
F. Use application level encryption to encrypt sensitive fields, SSL encryption on sensitive flows,
and database encryption for sensitive data storage.Options are :
An external auditor has found that IT security policies in the organization are not maintained and in
some cases are nonexistent. As a result of the audit findings, the CISO has been tasked with the
objective of establishing a mechanism to manage the lifecycle of IT security policies. Which of the
following can be used to BEST achieve the CISOís objectives?Options are :
After being informed that the company DNS is unresponsive, the system administrator issues the
following command from a Linux workstation:
SSH Ėp 2020 -l user dnsserver.company.com
Once at the command prompt, the administrator issues the below commanD.
Service bind restart
The system returns the below response:
Unable to restart BIND
Which of the following is true about the above situation?Options are :
A security architect is designing a new infrastructure using both type 1 and type 2 virtual
machines. In addition to the normal complement of security controls (e.g. antivirus, host
hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store
cryptographic keys used to sign code and code modules on the VMs. Which of the following will
meet this goal without requiring any hardware pass-through implementations?Options are :
Continuous monitoring is a popular risk reduction technique in many large organizations with
formal certification processes for IT projects. In order to implement continuous monitoring in an
effective manner which of the following is correct?Options are :
A new IDS device is generating a very large number of irrelevant events. Which of the following
would BEST remedy this problem?Options are :
An audit at a popular on-line shopping site reveals that a flaw in the website allows customers to
purchase goods at a discounted rate. To improve security the Chief Information Security Officer
(CISO) has requested that the web based shopping cart application undergo testing to validate
user input in both free form text fields and drop down boxes.
Which of the following is the BEST combination of tools and / or methods to use?Options are :
A bank provides single sign on services between its internally hosted applications and externally
hosted CRM. The following sequence of events occurs:
1. The banker accesses the CRM system, a redirect is performed back to the organizationís
2. A lookup is performed of the identity and a token is generated, signed and encrypted.
3. A redirect is performed back to the CRM system with the token.
4. The CRM system validates the integrity of the payload, extracts the identity and performs a
5. If the banker is not in the system and automated provisioning request occurs.
6. The banker is authenticated and authorized and can access the system.
This is an example of which of the following?Options are :
A company has implemented data retention policies and storage quotas in response to their legal
department's requests and the SAN administrator's recommendation. The retention policy states
all email data older than 90 days should be eliminated. As there are no technical controls in place,
users have been instructed to stick to a storage quota of 500Mb of network storage and 200Mb of
email storage. After being presented with an e-discovery request from an opposing legal council,
the security administrator discovers that the user in the suit has 1Tb of files and 300Mb of email
spanning over two years. Which of the following should the security administrator provide to
opposing council?Options are :
The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce
business costs by outsourcing to a third party company in another country. Functions to be
outsourced include: business analysts, testing, software development and back office functions
that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about
the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls
are not implemented?Options are :
An Association is preparing to upgrade their firewalls at five locations around the United States.
Each of the three vendorís RFP responses is in-line with the security and other requirements.
Which of the following should the security administrator do to ensure the firewall platform is
appropriate for the Association?Options are :
When generating a new key pair, a security application asks the user to move the mouse and type
random characters on the keyboard. Which of the following BEST describes why this is
necessary?Options are :
Which of the following BEST describes the implications of placing an IDS device inside or outside
of the corporate firewall?Options are :
The Chief Information Security Officer (CISO) regularly receives reports of a single department
repeatedly violating the corporate security policy. The head of the department in question informs
the CISO that the offending behaviors are a result of necessary business activities. The CISO
assigns a junior security administrator to solve the issue. Which of the following is the BEST
course of action for the junior security administrator to take?Options are :
A security administrator is shown the following log excerpt from a Unix system:
2013 Oct 10 07:14:57 web14 sshd: Failed password for root from 198.51.100.23 port 37914
2013 Oct 10 07:14:57 web14 sshd: Failed password for root from 198.51.100.23 port 37915
2013 Oct 10 07:14:58 web14 sshd: Failed password for root from 198.51.100.23 port 37916
2013 Oct 10 07:15:59 web14 sshd: Failed password for root from 198.51.100.23 port 37918
2013 Oct 10 07:16:00 web14 sshd: Failed password for root from 198.51.100.23 port 37920
2013 Oct 10 07:16:00 web14 sshd: Successful login for root from 198.51.100.23 port 37924
Which of the following is the MOST likely explanation of what is occurring and the BEST
immediate response? (Select TWO).
A. An authorized administrator has logged into the root account remotely.
B. The administrator should disable remote root logins.
C. Isolate the system immediately and begin forensic analysis on the host.
D. A remote attacker has compromised the root account using a buffer overflow in sshd.
E. A remote attacker has guessed the root password using a dictionary attack.
F. Use iptables to immediately DROP connections from the IP 198.51.100.23.
G. A remote attacker has compromised the private key of the root account.
H. Change the root password immediately to a password not found in a dictionary.
Options are :
At 9:00 am each morning, all of the virtual desktops in a VDI implementation become extremely
slow and/or unresponsive. The outage lasts for around 10 minutes, after which everything runs
properly again. The administrator has traced the problem to a lab of thin clients that are all booted
at 9:00 am each morning. Which of the following is the MOST likely cause of the problem and the
BEST solution? (Select TWO).
A. Add guests with more memory to increase capacity of the infrastructure.
B. A backup is running on the thin clients at 9am every morning.
C. Install more memory in the thin clients to handle the increased load while booting.
D. Booting all the lab desktops at the same time is creating excessive I/O.
E. Install 10-Gb uplinks between the hosts and the lab to increase network capacity.
F. Install faster SSD drives in the storage system used in the infrastructure.
G. The lab desktops are saturating the network while booting.
H. The lab desktops are using more memory than is available to the host systems.Options are :
A medium-sized company has recently launched an online product catalog. It has decided to keep
the credit card purchasing in-house as a secondary potential income stream has been identified in
relation to sales leads. The company has decided to undertake a PCI assessment in order to
determine the amount of effort required to meet the business objectives. Which compliance
category would this task be part of?Options are :
Company XYZ has employed a consultant to perform a controls assessment of the HR system,
backend business operations, and the SCADA system used in the factory. Which of the following
correctly states the risk management options that the consultant should use during the
assessment?Options are :
Which of the following is an example of single sign-on?Options are :
A security auditor is conducting an audit of a corporation where 95% of the users travel or work
from non-corporate locations a majority of the time. While the employees are away from the
corporate offices, they retain full access to the corporate network and use of corporate laptops.
The auditor knows that the corporation processes PII and other sensitive data with applications
requiring local caches of any data being manipulated. Which of the following security controls
should the auditor check for and recommend to be implemented if missing from the laptops?Options are :
Company XYZ recently acquired a manufacturing plant from Company ABC which uses a different
manufacturing ICS platform. Company XYZ has strict ICS security regulations while Company
ABC does not. Which of the following approaches would the network security administrator for
Company XYZ MOST likely proceed with to integrate the new manufacturing plant?Options are :
A Security Administrator has some concerns about the confidentiality of data when using SOAP.
Which of the following BEST describes the Security Administratorís concerns?Options are :
A systems administrator establishes a CIFS share on a Unix device to share data to windows
systems. The security authentication on the windows domain is set to the highest level. Windows
users are stating that they cannot authenticate to the Unix share. Which of the following settings
on the Unix server is the cause of this problem?Options are :
Company XYZ provides hosting services for hundreds of companies across multiple industries
including healthcare, education, and manufacturing. The security architect for company XYZ is
reviewing a vendor proposal to reduce company XYZís hardware costs by combining multiple
physical hosts through the use of virtualization technologies. The security architect notes concerns
about data separation, confidentiality, regulatory requirements concerning PII, and administrative
complexity on the proposal. Which of the following BEST describes the core concerns of the
security architect?Options are :
The Chief Information Security Officer (CISO) at a software development company is concerned
about the lack of introspection during a testing cycle of the companyís flagship product. Testing
was conducted by a small offshore consulting firm and the report by the consulting firm clearly
indicates that limited test cases were used and many of the code paths remained untested.
The CISO raised concerns about the testing results at the monthly risk committee meeting,
highlighting the need to get to the bottom of the product behaving unexpectedly in only some large
The Security Assurance and Development teams highlighted their availability to redo the testing if
Which of the following will provide the MOST thorough testing?Options are :
A large enterprise introduced a next generation firewall appliance into the Internet facing DMZ. All
Internet traffic passes through this appliance. Four hours after implementation the network
engineering team discovered that traffic through the DMZ now has un-acceptable latency, and is
recommending that the new firewall be taken offline. At what point in the implementation process
should this problem have been discovered?Options are :