A security manager has provided a Statement of Work (SOW) to an external penetration testing firm for a web application security test. The web application starts with a very simple HTML survey form with two components: a country selection dropdown list and a submit button. The penetration testers are required to provide their test cases for this survey form in advance. In order to adequately test the input validation of the survey form, which of the following tools would be the BEST tool for the technician to use?
A. HTTP interceptor
B. Vulnerability scanner
C. Port scanner
D. Fuzzer
An internal employee has sold a copy of the production customer database that was being used for upgrade testing to outside parties via HTTP file upload. The Chief Information Officer (CIO) has resigned and the Chief Executive Officer (CEO) has tasked the incoming CIO with putting effective controls in place to help prevent this from occurring again in the future. Which of the following controls is the MOST effective in preventing this threat from re-occurring?
A. Network-based intrusion prevention system
B. Data loss prevention
C. Host-based intrusion detection system
D. Web application firewall
A system designer needs to factor in CIA requirements for a new SAN. Which of the CIA requirements is BEST met by multipathing?
A. Confidentiality
B. Authentication
C. Integrity
D. Availability
A user reports that the workstation's mouse pointer is moving and files are opening automatically.
Which of the following should the user perform?
A. Unplug the network cable to avoid network activity.
B. Reboot the workstation to see if problem occurs again.
C. Turn off the computer to avoid any more issues.
D. Contact the incident response team for direction.
A web administrator develops a web form for users to respond to the company via a web page. Which of the following should be practiced to avoid a security risk?
A. SQL injection
B. XSS scripting
C. Click jacking
D. Input validation
A technician states that workstations that are on the network in location B are unable to validate certificates, while workstations that are on the main location A's network are having no issues. Which of the following methods allows a certificate to be validated by a single server that returns the validity of that certificate?
A. XACML
B. OCSP
C. ACL
D. CRL
A system administrator needs to develop a policy for when an application server is no longer needed. Which of the following policies would need to be developed?
A. Backup policy
B. De-provisioning policy
C. Data retention policy
D. Provisioning policy
An employee was terminated and promptly escorted to their exit interview, after which the employee left the building. It was later discovered that this employee had started a consulting business using screen shots of their work at the company which included live customer data. This information had been removed through the use of a USB device. After this incident, it was determined a process review must be conducted to ensure this issue does not recur. Which of the following business areas should primarily be involved in this discussion? (Select TWO).
A. Database Administrator
B. Human Resources
C. Finance
D. Network Administrator
E. IT Management
The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and connected it to the internal network. The CEO proceeded to download sensitive financial documents through their email. The device was then lost in transit to a conference. The CEO notified the company helpdesk about the lost device and another one was shipped out, after which the helpdesk ticket was closed stating the issue was resolved.
This data breach was not properly reported due to insufficient training surrounding which of the following processes?
A. E-Discovery
B. Data handling
C. Incident response
D. Data recovery and storage
A company is evaluating a new marketing strategy involving the use of social networking sites to reach its customers. The marketing director wants to be able to report important company news, product updates, and special promotions on the social websites.
After an initial and successful pilot period, other departments want to use the social websites to post their updates as well.
The Chief Information Officer (CIO) has asked the company security administrator to document three negative security impacts of allowing IT staff to post work related information on such websites.
Which of the following are the major risks the security administrator should report back to the CIO? (Select THREE).
A. Brute force attacks
B. Malware infection
C. DDOS attacks
D. Phishing attacks
E. SQL injection attacks
F. Social engineering attacks
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.