CAS-002 | how many questions of CAS-002 pdf?

Question No: 6

A retail bank has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the banku2021s share price decreasing in value by 50% and regulatory intervention and monitoring.

The new Chief Information Security Officer (CISO) as a result has initiated a program of work to solve the issues.

The business has specified that the solution needs to be enterprise grade and meet the following requirements:

In order to solve this problem, which of the following security solutions will BEST meet the above requirements? (Select THREE).

A. Implement a security operations center to provide real time monitoring and incident response with self service reporting capability.

B. Implement an aggregation based SIEM solution to be deployed on the log servers of the major platforms, applications, and infrastructure.

C. Implement a security operations center to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capability.

D. Ensure that the network operations center has the tools to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capabilities.

E. Implement an agent only based SIEM solution to be deployed on all major platforms, applications, and infrastructures.

F. Ensure appropriate auditing is enabled to capture the required information.

G. Manually pull the logs from the major platforms, applications, and infrastructures to a central secure server.

Answer: B,C,F

Question No: 7

Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the investigation process?

A. Collection, Identification, Preservation, Examination, Analysis, Presentation.

B. Identification, Preservation, Collection, Examination, Analysis, Presentation.

C. Collection, Preservation, Examination, Identification, Analysis, Presentation.

A. D. Identification, Examination, Preservation, Collection, Analysis, Presentation.

Answer: B

Question No: 8

A security administrator must implement a SCADA style network overlay to ensure secure remote management of all network management and infrastructure devices. Which of the following BEST describes the rationale behind this architecture?

A. A physically isolated network that allows for secure metric collection.

A. B. A physically isolated network with inband management that uses two factor authentication.

C. A logically isolated network with inband management that uses secure two factor authentication.

D. An isolated network that provides secure out-of-band remote management.

Answer: D

Question No: 9

A new IDS device is generating a very large number of irrelevant events. Which of the following would BEST remedy this problem?

A. Change the IDS to use a heuristic anomaly filter.

B. Adjust IDS filters to decrease the number of false positives.

C. Change the IDS filter to data mine the false positives for statistical trending data.

D. Adjust IDS filters to increase the number of false negatives.

Answer: B

Question No: 10

CORRECT TEXT

Answer: 192.18.1.0/24 any 192.168.20.0/24 3389 any

Question No: 11

The internal audit department is investigating a possible breach of security. One of the auditors is sent to interview the following employees:

Employee A. Works in the accounts receivable office and is in charge of entering data into the finance system.

Employee B. Works in the accounts payable office and is in charge of approving purchase orders.

Employee C. Is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Employee A and Employee B.

Which of the following should the auditor suggest be done to avoid future security breaches?

A. All employees should have the same access level to be able to check on each others.

B. The manager should only be able to review the data and approve purchase orders.

C. Employee A and Employee B should rotate jobs at a set interval and cross-train.

D. The manager should be able to both enter and approve information.

Answer: B

Question No: 12

Company XYZ has employed a consultant to perform a controls assessment of the HR system, backend business operations, and the SCADA system used in the factory. Which of the following correctly states the risk management options that the consultant should use during the assessment?

A. Risk reduction, risk sharing, risk retention, and risk acceptance.

B. Avoid, transfer, mitigate, and accept.

C. Risk likelihood, asset value, and threat level.

D. Calculate risk by determining technical likelihood and potential business impact.

Answer: B

Question No: 13

A finance manager says that the company needs to ensure that the new system can u201creplayu201d data, up to the minute, for every exchange being tracked by the investment departments. The finance manager also states that the companyu2021s transactions need to be tracked against this data for a period of five years for compliance. How would a security engineer BEST interpret the finance manageru2021s needs?

A. Compliance standards

B. User requirements

C. Data elements

D. Data storage

E. Acceptance testing

F. Information digest

G. System requirements

Answer: B

Question No: 14

A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One system will be upgraded in six months, and two are not expected to be upgraded or removed from the network. Which of the following processes should be followed?

A. Establish a risk matrix

B. Inherit the risk for six months

C. Provide a business justification to avoid the risk

D. Provide a business justification for a risk exception

Answer: D

Question No: 15

A manager who was attending an all-day training session was overdue entering bonus and payroll information for subordinates. The manager felt the best way to get the changes entered while in training was to log into the payroll system, and then activate desktop sharing with a trusted subordinate. The manager granted the subordinate control of the desktop thereby giving the subordinate full access to the payroll system. The subordinate did not have authorization to be in the payroll system. Another employee reported the incident to the security team. Which of the following would be the MOST appropriate method for dealing with this issue going forward?

A. Provide targeted security awareness training and impose termination for repeat violators.

B. Block desktop sharing and web conferencing applications and enable use only with approval.

C. Actively monitor the data traffic for each employee using desktop sharing or web conferencing applications.

D. Permanently block desktop sharing and web conferencing applications and do not allow its use at the company.

Answer: A