CAS-001 무료 덤프문제 온라인 액세스

A security engineer at a software development company has identified several vulnerabilities in a product late in the development cycle. This causes a huge delay for the release of the product. Which of the following should the administrator do to prevent these issues from occurring in the future?

• A.Recommend switching to a spiral software development model and perform security testing during the requirements gathering
• B.Recommend switching to an SDLC methodology and perform security testing during eachmaintenance iteration
• C.Recommend switching to an agile development methodology and perform security testing during iterations
• D.Recommend switching to a waterfall development methodology and perform security testing during the testing phase

A corporation has Research and Development (R&D) and IT support teams, each requiring separate networks with independent control of their security boundaries to support department objectives. The corporation's Information Security Officer (ISO) is responsible for providing firewall services to both departments, but does not want to increase the hardware footprint within the datacenter. Which of the following should the ISO consider to provide the independent functionality required by each department's IT teams?

• A.Put both departments behind the firewall and assign administrative control for each department to the corporate firewall.
• B.Put both departments behind the firewall and incorporate restrictive controls on each department's network.
• C.Provide each department with a virtual firewall and assign administrative control to the physical firewall.
• D.Provide each department with a virtual firewall and assign appropriate levels of management for the virtual device.

Corporate policy states that the systems administrator should not be present during system audits. The security policy that states this is:

• A.Least privilege.
• B.Non-disclosure agreement.
• C.Mandatory vacation.
• D.Separation of duties.

The audit department at a company requires proof of exploitation when conducting internal network penetration tests. Which of the following provides the MOST conclusive proof of compromise without further compromising the integrity of the system?

• A.Modify a file on the system and include the path in the test's report.
• B.Provide a list of grabbed service banners.
• C.Add a new test user account on the system.
• D.Take a packet capture of the test activity.

A large financial company has a team of security-focused architects and designers that contribute into broader IT architecture and design solutions. Concerns have been raised due to the security contributions having varying levels of quality and consistency. It has been agreed that a more formalized methodology is needed that can take business drivers, capabilities, baselines, and re-usable patterns into account. Which of the following would BEST help to achieve these objectives?

• A.Construct a library of re-usable security patterns
• B.Introduce an ESA framework
• C.Include SRTM in the SDLC
• D.Construct a security control library