A project has been established in a large bank to develop a new secure online banking platform. Half way through the development it was discovered that a key piece of software used as part of the base platform is now susceptible to recently published exploits. Who should be contacted FIRST by the project team to discuss potential changes to the platform requirements?
A. Engineers
B. Facilities Manager
C. Stakeholders
D. Human Resources
A data breach occurred which impacted the HR and payroll system. It is believed that an attack from within the organization resulted in the data breach. Which of the following should be performed FIRST after the data breach occurred?
A. Assess system status
B. Restore from backup tapes
C. Conduct a business impact analysis
D. Review NIDS logs
The Chief Executive Officer (CEO) has decided to outsource systems which are not core business functions; however, a recent review by the risk officer has indicated that core business functions are dependent on the outsourced systems. The risk officer has requested that the IT department calculates the priority of restoration for all systems and applications under the new business model. Which of the following is the BEST tool to achieve this?
A. Business impact analysis
B. Annualized loss expectancy analysis
C. TCO analysis
D. Residual risk and gap analysis
An IT administrator has installed new DNS name servers (Primary and Secondary), which are used to host the company MX records and resolve the web server's public address. In order to secure the zone transfer between the primary and secondary server, the administrator uses only server ACLs. Which of the following attacks could the secondary DNS server still be susceptible to?
A. Email spamming
B. IP spoofing
C. Clickjacking
D. DNS replication
SDLC is being used for the commissioning of a new platform. To provide an appropriate level of assurance the security requirements that were specified at the project origin need to be carried through to implementation. Which of the following would BEST help to determine if this occurred?
A. Requirements workshop
B. Security development lifecycle (SDL)
C. Security requirements traceability matrix (SRTM)
D. Secure code review and penetration test
A new project initiative involves replacing a legacy core HR system, and is expected to touch many major operational systems in the company. A security administrator is engaged in the project to provide security consulting advice. In addition, there are database, network, application, HR, and transformation management consultants engaged on the project as well. The administrator has established the security requirements. Which of the following is the NEXT logical step?
A. Document the security requirements in an email and move on to the next most urgent task.
B. Organize for a requirements workshop with the non-technical project members, being the HR and transformation management consultants.
C. Communicate the security requirements with all stakeholders for discussion and buy-in.
D. Organize for a requirements workshop with the technical project members, being the database, network, and application consultants.
Which of the following BEST defines the term e-discovery?
A. A product that provides IT-specific governance, risk management, and compliance.
B. A form of reconnaissance used by penetration testers to discover listening hosts.
C. A synonymous term for computer emergency response and incident handling.
D. A process of producing electronically stored information for use as evidence.
A replacement CRM has had its business case approved. In preparation for a requirements workshop, an architect is working with a business analyst to ensure that appropriate security requirements have been captured. Which of the following documents BEST captures the security requirements?
A. Business requirements document
B. Requirements traceability matrix document
C. Use case and viewpoints document
D. Solution overview document
Within a large organization, the corporate security policy states that personal electronic devices are not allowed to be placed on the company network. There is considerable pressure from the company board to allow smartphones to connect and synchronize email and calendar items of board members and company executives. Which of the following options BEST balances the security and usability requirements of the executive management team?
A. Allow only the executive management team the ability to use personal devices on the company network, as they have important responsibilities and need convenient access.
B. Review the security policy. Perform a risk evaluation of allowing devices that can be centrally managed, remotely disabled, and have device-level encryption of sensitive data.
C. Stand firm on disallowing non-company assets from connecting to the network as the assets may lead to undesirable security consequences, such as sensitive emails being leaked outside the company.
D. Allow only certain devices that are known to have the ability of being centrally managed. Do not allow any other smartphones until the device is proven to be centrally managed.
An online banking application has had its source code updated and is soon to be re-launched. The underlying infrastructure has not been changed. In order to ensure that the application has an appropriate security posture, several security-related activities are required.
Which of the following security activities should be performed to provide an appropriate level of security testing coverage? (Select TWO).
A. Penetration test across the application with accounts of varying access levels (i.e. non- authenticated, authenticated, and administrative users).
B. Code review across critical modules to ensure that security defects, Trojans, and backdoors are not present.
C. Vulnerability assessment across all of the online banking servers to ascertain host and container configuration lock-down and patch levels.
D. Fingerprinting across all of the online banking servers to ascertain open ports and services.
E. Black box code review across the entire code base to ensure that there are no security defects present.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.