Free CompTIA CAS-001 Exam Dumps Questions & Answers

A security engineer is implementing a new solution designed to process e-business transactions and record them in a corporate audit database. The project has multiple technical stakeholders. The database team controls the physical database resources, the internal audit division controls the audit records in the database, the web hosting team is responsible for implementing the website front end and shopping cart application, and the accounting department is responsible for processing the transaction and interfacing with the payment processor. As the solution owner, the security engineer is responsible for ensuring which of the following?

• A.Web transactions are conducted in a secure network channel.
• B.Security solutions result in zero additional processing latency.
• C.Ensure the process of storing audit records is in compliance with applicable laws.
• D.Ensure the process functions in a secure manner from customer input to audit review.

An administrator would like to connect a server to a SAN. Which of the following processes would BEST allow for availability and access control?

• A.Install a dual port HBA on the SAN, create a LUN on the server, and enable deduplication and data snapshots.
• B.Install a dual port HBA in the server; create a LUN on the SAN, and enable LUN masking and multipath.
• C.Install a multipath LUN on the server with deduplication, and enable LUN masking on the SAN.
• D.Install 2 LUNs on the server, cluster HBAs on the SAN, and enable multipath and data deduplication.

A security engineer has inherited an authentication project which integrates 1024-bit PKI certificates into the company infrastructure and now has a new requirement to integrate 2048-bit PKI certificates so that the entire company will be interoperable with its vendors when the project is completed. The project is now 25% complete, with 15% of the company staff being issued 1024-bit certificates. The provisioning of network based accounts has not occurred yet due to other project delays. The project is now expected to be over budget and behind its original schedule. Termination of the existing project and beginning a new project is a consideration because of the change in scope. Which of the following is the security engineer's MOST serious concern with implementing this solution?

• A.Succession planning
• B.Availability
• C.Maintainability
• D.Performance

A penetration tester is assessing a mobile banking application. Man-in-the-middle attempts via a HTTP intercepting proxy are failing with SSL errors. Which of the following controls has likely been implemented by the developers?

• A.Mobile device root-kit detection
• B.Extended Validation certificates
• C.SSL certificate revocation
• D.SSL certificate pinning

An Association is preparing to upgrade their firewalls at five locations around the United States. Each of the three vendor's RFP responses is in-line with the security and other requirements. Which of the following should the security administrator do to ensure the firewall platform is appropriate for the Association?

• A.Benchmark each firewall platform's capabilities and experiences with similar sized companies.
• B.Develop criteria and rate each firewall platform based on information in the RFP responses.
• C.Correlate current industry research with the RFP responses to ensure validity.
• D.Create a lab environment to evaluate each of the three firewall platforms.