CAS-001 試験問題を無料オンラインアクセス

Based on the results of a recent audit, a company rolled out a standard computer image in an effort to provide consistent security configurations across all computers. Which of the following controls provides the GREATEST level of certainty that unauthorized changes are not occurring?

• A.Schedule weekly vulnerability assessments
• B.Scan computers weekly against the baseline
• C.Require monthly reports showing compliance with configuration and updates
• D.Implement continuous log monitoring

Virtual hosts with different security requirements should be:

• A.moved to the cloud.
• B.encrypted with a one-time password.
• C.scanned for vulnerabilities regularly.
• D.stored on separate physical hosts.

An organization did not know its internal customer and financial databases were compromised until the attacker published sensitive portions of the database on several popular attacker websites. The organization was unable to determine when, how, or who conducted the attacks but rebuilt, restored, and updated the compromised database server to continue operations.
Which of the following is MOST likely the cause for the organization's inability to determine what really occurred?

• A.Lack of a defined security auditing methodology
• B.Too few layers of protection between the Internet and internal network
• C.Poor intrusion prevention system placement and maintenance
• D.Insufficient logging and mechanisms for review

As part of the testing phase in the SDLC, a software developer wants to verify that an application is properly handling user error exceptions. Which of the following is the BEST tool or process for the developer use?

• A.SRTM review
• B.HTTP interceptor
• C.Vulnerability assessment
• D.Fuzzer

An administrator is trying to categorize the security impact of a database server in the case of a security event. There are three databases on the server.
Current Financial Data = High level of damage if data is disclosed. Moderate damage if the system goes offline
Archived Financial Data = No need for the database to be online. Low damage for integrity loss
Public Website Data = Low damage if the site goes down. Moderate damage if the data is corrupted
Given these security categorizations of each database, which of the following is the aggregate security categorization of the database server?

• A.Database server = {(Confidentiality HIGH),(Integrity Moderate),(Availability Moderate)}
• B.Database server = {(Confidentiality HIGH),(Integrity Moderate),(Availability Low)}
• C.Database server = {(Confidentiality Moderate),(Integrity Moderate),(Availability Moderate)}
• D.Database server = {(Confidentiality HIGH),(Integrity High),(Availability High)}