A corporate executive lost their smartphone while on an overseas business trip. The phone was equipped with file encryption and secured with a strong passphrase. The phone contained over 60GB of proprietary data. Given this scenario, which of the following is the BEST course of action?
A. File an insurance claim and assure the executive the data is secure because it is encrypted.
B. Immediately implement a plan to remotely wipe all data from the device.
C. Have the executive change all passwords and issue the executive a new phone.
D. Execute a plan to remotely disable the device and report the loss to the police.
Statement: "The system shall implement measures to notify system administrators prior to a security incident occurring."
Which of the following BEST restates the above statement to allow it to be implemented by a team of software developers?
A. The system shall cease processing data when certain configurable events occur.
B. The system shall continue processing in the event of an error and email the security administrator the error logs.
C. The system shall halt on error.
D. The system shall throw an error when specified incidents pass a configurable threshold.
Which of the following is the MOST appropriate control measure for lost mobile devices?
A. Disable unnecessary wireless interfaces such as Bluetooth.
B. Reduce the amount of sensitive data stored on the device.
C. Require authentication before access is given to the device.
D. Require that the compromised devices be remotely wiped.
As part of the testing phase in the SDLC, a software developer wants to verify that an application is properly handling user error exceptions. Which of the following is the BEST tool or process for the developer use?
A. SRTM review
B. Fuzzer
C. Vulnerability assessment
D. HTTP interceptor
A company contracts with a third party to develop a new web application to process credit cards. Which of the following assessments will give the company the GREATEST level of assurance for the web application?
A. Social Engineering
B. Penetration Test
C. Vulnerability Assessment
D. Code Review
A company which manufactures ASICs for use in an IDS wants to ensure that the ASICs' code is not prone to buffer and integer overflows. The ASIC technology is copyrighted and the confidentiality of the ASIC code design is exceptionally important. The company is required to conduct internal vulnerability testing as well as testing by a third party.
Which of the following should be implemented in the SDLC to achieve these requirements?
A. Regression testing by the manufacturer and integration testing by the third party
B. User acceptance testing by the manufacturer and black box testing by the third party
C. Defect testing by the manufacturer and user acceptance testing by the third party
D. White box unit testing by the manufacturer and black box testing by the third party
Which of the following is true about an unauthenticated SAMLv2 transaction?
A. The browser asks the SP for a resource. The SP provides the browser with an XHTML format. The browser asks the IdP to validate the user, and then provides the XHTML back to the SP for access.
B. The browser asks the IdP for a resource. The IdP provides the browser with an XHTML format. The browser asks the SP to validate the user, and then provides the XHTML to the IdP for access.
C. The browser asks the IdP to validate the user. The IdP sends an XHTML form to the SP and a cookie to the browser. The browser asks for a resource to the SP, which verifies the cookie and XHTML format for access.
D. The browser asks the SP to validate the user. The SP sends an XHTML form to the IdP. The IdP provides the XHTML form back to the SP, and then the browser asks the SP for a resource.
A security audit has uncovered a lack of security controls with respect to employees' network account management. Specifically, the audit reveals that employee's network accounts are not disabled in a timely manner once an employee departs the organization. The company policy states that the network account of an employee should be disabled within eight hours of termination. However, the audit shows that 5% of the accounts were not terminated until three days after a dismissed employee departs. Furthermore, 2% of the accounts are still active. Which of the following is the BEST course of action that the security officer can take to avoid repeat audit findings?
A. Review the HR termination process and ask the software developers to review the identity management code.
B. Enforce the company policy by conducting monthly account reviews of inactive accounts.
C. Review the termination policy with the company managers to ensure prompt reporting of employee terminations.
D. Update the company policy to account for delays and unforeseen situations in account deactivation.
The IT department of a pharmaceutical research company is considering whether the company should allow or block access to social media websites during lunch time. The company is considering the possibility of allowing access only through the company's guest wireless network, which is logically separated from the internal research network. The company prohibits the use of personal devices; therefore, such access will take place from company owned laptops.
Which of the following is the HIGHEST risk to the organization?
A. Employee's professional reputation
B. Intellectual property confidentiality loss
C. Downloaded viruses on the company laptops
D. Workstation compromise affecting availability
A security analyst at Company A has been trying to convince the Information Security Officer (ISO) to allocate budget towards the purchase of a new intrusion prevention system (IPS) capable of analyzing encrypted web transactions.
Which of the following should the analyst provide to the ISO to support the request? (Select TWO).
A. Emerging threat reports
B. Company attack tends
C. Request for Quote (RFQ)
D. Best practices
E. New technologies report
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.