CAS-002 | A Review Of Simulation CAS-002 vce

Question No: 9

During a software development project review, the cryptographic engineer advises the project manager that security can be greatly improved by significantly slowing down the runtime of a hashing algorithm and increasing the entropy by passing the input and salt back during each iteration. Which of the following BEST describes what the engineer is trying to achieve?

A. Monoalphabetic cipher

A. B. Confusion

C. Root of trust

D. Key stretching

E. Diffusion

Answer: D

Question No: 10

A company has been purchased by another agency and the new security architect has identified new security goals for the organization. The current location has video surveillance throughout the building and entryways. The following requirements must be met:

1. Ability to log entry of all employees in and out of specific areas

2. Access control into and out of all sensitive areas

3. Two-factor authentication

Which of the following would MOST likely be implemented to meet the above requirements and provide a secure solution? (Select TWO).

A. Proximity readers

B. Visitor logs

C. Biometric readers

D. Motion detection sensors

E. Mantrap

Answer: A,C

Question No: 11

A software development manager is taking over an existing software development project. The team currently suffers from poor communication, and this gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies involves daily stand-ups designed to improve communication?

A. Spiral

B. Agile

C. Waterfall

D. Rapid

Answer: B

Question No: 12

A court order has ruled that your company must surrender all the email sent and received by a certain employee for the past five years. After reviewing the backup systems, the IT administrator concludes that email backups are not kept that long. Which of the following policies MUST be reviewed to address future compliance?

A. Tape backup policies

B. Offsite backup policies

C. Data retention policies

D. Data loss prevention policies

Answer: C

Question No: 13

A system administrator has a responsibility to maintain the security of the video teleconferencing system. During a self-audit of the video teleconferencing room, the administrator notices that speakers and microphones are hard-wired and wireless enabled. Which of the following security concerns should the system administrator have about the existing technology in the room?

A. Wired transmissions could be intercepted by remote users.

B. Bluetooth speakers could cause RF emanation concerns.

C. Bluetooth is an unsecure communication channel.

D. Wireless transmission causes interference with the video signal.

Answer: C

Question No: 14

A security manager is collecting RFQ, RFP, and RFI publications to help identify the technology trends which a government will be moving towards in the future. This information is available to the public. By consolidating the information, the security manager will be able to combine several perspectives into a broader view of technology trends. This is an example of which of the following? (Select TWO).

A. Supervisory control and data acquisition

B. Espionage

C. Hacktivism

D. Data aggregation

E. Universal description discovery and integration

F. Open source intelligence gathering

Answer: D,F

Question No: 15

A network administrator with a companyu2021s NSP has received a CERT alert for targeted adversarial behavior at the company. In addition to the companyu2021s physical security, which of the following can the network administrator use to scan and detect the presence of a malicious actor physically accessing the companyu2021s network or information systems from within? (Select TWO).

A. RAS

B. Vulnerability scanner

C. HTTP intercept

D. HIDS

E. Port scanner

F. Protocol analyzer

Answer: D,E

Question No: 16

The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to the RFQ. Which of the following questions is the MOST important?

A. What are the protections against MITM?

B. What accountability is built into the remote support application?

C. What encryption standards are used in tracking database?

D. What snapshot or u201cundou201d features are present in the application?

E. What encryption standards are used in remote desktop and file transfer functionality?

Answer: B

Question No: 17

Noticing latency issues at its connection to the Internet, a company suspects that it is being targeted in a Distributed Denial of Service attack. A security analyst discovers numerous inbound monlist requests coming to the companyu2021s NTP servers. Which of the following mitigates this activity with the LEAST impact to existing operations?

A. Block in-bound connections to the companyu2021s NTP servers.

B. Block IPs making monlist requests.

C. Disable the companyu2021s NTP servers.

D. Disable monlist on the companyu2021s NTP servers.

Answer: D

Question No: 18

An asset manager is struggling with the best way to reduce the time required to perform asset location activities in a large warehouse. A project manager indicated that RFID might be a valid solution if the asset manageru2021s requirements were supported by current RFID capabilities. Which of the following requirements would be MOST difficult for the asset manager to implement?

A. The ability to encrypt RFID data in transmission

B. The ability to integrate environmental sensors into the RFID tag

C. The ability to track assets in real time as they move throughout the facility

D. The ability to assign RFID tags a unique identifier

Answer: A