A new company requirement mandates the implementation of multi-factor authentication to access network resources. The security administrator was asked to research and implement the most cost-effective solution that would allow for the authentication of both hardware and users. The company wants to leverage the PKI infrastructure which is already well established. Which of the following solutions should the security administrator implement?
A. Issue individual private/public key pairs to each user, install the private key on the central authentication system, and protect the private key with the user's credentials. Require each user to install the public key on their computer.
B. Deploy USB fingerprint scanners on all desktops, and enable the fingerprint scanner on all laptops. Require all network users to register their fingerprint using the reader and store the information in the central authentication system.
C. Issue each user one hardware token. Configure the token serial number in the user properties of the central authentication system for each user and require token authentication with PIN for network logon.
D. Issue individual private/public key pairs to each user, install the public key on the central authentication system, and require each user to install the private key on their computer and protect it with a password.
A process allows a LUN to be available to some hosts and unavailable to others. Which of the following causes such a process to become vulnerable?
A. LUN masking
B. Data injection
C. Data fragmentation
D. Moving the HBA
Company ABC was formed by combining numerous companies which all had multiple databases, web portals, and cloud data sets. Each data store had a unique set of custom developed authentication mechanisms and schemas. Which of the following approaches to combining the disparate mechanisms has the LOWEST up front development costs?
A. Attestation
B. PKI
C. Biometrics
D. Federated IDs
Which of the following provides the HIGHEST level of security for an integrated network providing services to authenticated corporate users?
A. Point to point VPN tunnels for external users, three-factor authentication, a cold site, physical security guards, cloud based servers, and IPv6 networking.
B. IPv6 networking, port security, full disk encryption, three-factor authentication, cloud based servers, and a cold site.
C. Port security on switches, point to point VPN tunnels for user server connections, two- factor cryptographic authentication, physical locks, and a standby hot site.
D. Port security on all switches, point to point VPN tunnels for user connections to servers, two-factor authentication, a sign-in roster, and a warm site.
A security administrator wants to verify and improve the security of a business process which is tied to proven company workflow. The security administrator was able to improve security by applying controls that were defined by the newly released company security standard. Such controls included code improvement, transport encryption, and interface restrictions. Which of the following can the security administrator do to further increase security after having exhausted all the technical controls dictated by the company's security standard?
A. Modify the company standard to account for higher security and meet with upper management for approval to implement the new standard.
B. Conduct a gap analysis and recommend appropriate non-technical mitigating controls, and incorporate the new controls into the standard.
C. Conduct a risk analysis on all current controls, and recommend appropriate mechanisms to increase overall security.
D. Modify the company policy to account for higher security, adapt the standard accordingly, and implement new technical controls.
A corporation has Research and Development (RandD) and IT support teams, each requiring separate networks with independent control of their security boundaries to support department objectives. The corporation's Information Security Officer (ISO) is responsible for providing firewall services to both departments, but does not want to increase the hardware footprint within the datacenter. Which of the following should the ISO consider to provide the independent functionality required by each department's IT teams?
A. Put both departments behind the firewall and assign administrative control for each department to the corporate firewall.
B. Provide each department with a virtual firewall and assign administrative control to the physical firewall.
C. Put both departments behind the firewall and incorporate restrictive controls on each department's network.
D. Provide each department with a virtual firewall and assign appropriate levels of management for the virtual device.
A network administrator notices a security intrusion on the web server. Which of the following is noticed by http://test.com/modules.php?op=modloadandname=XForumandfile=[hostilejavascript]andfid=2 in the log file?
A. Buffer overflow
B. Click jacking
C. SQL injection
D. XSS attack
A health service provider is considering the impact of allowing doctors and nurses access to the internal email system from their personal smartphones. The Information Security Officer (ISO) has received a technical document from the security administrator explaining that the current email system is capable of enforcing security policies to personal smartphones, including screen lockout and mandatory PINs. Additionally, the system is able to remotely wipe a phone if reported lost or stolen. Which of the following should the Information Security Officer be MOST concerned with based on this scenario? (Select THREE).
A. The email system may become unavailable due to overload.
B. Compliance may not be supported by all smartphones.
C. Equipment loss, theft, and data leakage.
D. Smartphone radios can interfere with health equipment.
E. Data usage cost could significantly increase.
F. Not all smartphones natively support encryption.
G. Smartphones may be used as rogue access points.
An administrator at a small company replaces servers whenever budget money becomes available. Over the past several years the company has acquired and still uses 20 servers and 50 desktops from five different computer manufacturers. Which of the following are management challenges and risks associated with this style of technology lifecycle management?
A. Decreased security posture, decommission of outdated hardware, inability to centrally manage, and performance bottlenecks on old hardware.
B. Increased mean time to failure rate of legacy servers, OS variances, patch availability, and ability to restore to dissimilar hardware.
C. OS end-of-support issues, ability to backup data, hardware parts availability, and firmware update availability and management.
D. Inability to use virtualization, trusted OS complexities, and multiple patch versions based on OS dependency.
A company is preparing to upgrade its NIPS at five locations around the world. The three platforms the team plans to test, claims to have the most advanced features and lucrative pricing.
Assuming all platforms meet the functionality requirements, which of the following methods should be used to select the BEST platform?
A. Establish return on investment as the main criteria for selection.
B. Run a cost/benefit analysis based on the data received from the RFP.
C. Evaluate each platform based on the total cost of ownership.
D. Develop a service level agreement to ensure the selected NIPS meets all performance requirements.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.