CAS-002 무료 덤프문제 온라인 액세스

Company ABC was formed by combining numerous companies which all had multiple databases, web portals, and cloud data sets. Each data store had a unique set of custom developed authentication mechanisms and schemas. Which of the following approaches to combining the disparate mechanisms has the LOWEST up front development costs?

• A.Attestation
• B.Biometrics
• C.Federated IDs
• D.PKI

A Security Administrator has some concerns about the confidentiality of data when using SOAP. Which of the following BEST describes the Security Administrator's concerns?

• A.The SOAP protocol can be easily tampered with, even though the header is encrypted.
• B.The SOAP header is not encrypted and allows intermediaries to view the header data.The body can be partially or completely encrypted.
• C.The SOAP protocol does not support body or header encryption which allows assertions to be viewed in clear text by intermediaries.
• D.The SOAP protocol supports weak hashing of header information. As a result the header and body can easily be deciphered by brute force tools.

Several business units have requested the ability to use collaborative web-based meeting places with third party vendors. Generally these require user registration, installation of client-based ActiveX or Java applets, and also the ability for the user to share their desktop in read-only or read-write mode. In order to ensure that information security is not compromised, which of the following controls is BEST suited to this situation?

• A.Evaluate several meeting providers. Ensure that client-side components do not introduce undue security risks. Ensure that the read-write desktop mode can either be prevented or strongly audited.
• B.Allow the use of web-based meetings, but put controls in place to ensure that the use of these meetings is logged and tracked.
• C.Hire an outside consultant firm to perform both a quantitative and a qualitative risk- based assessment. Based on the outcomes, if any risks are identified then do not allow web-based meetings. If no risks are identified then go forward and allow for these meetings to occur.
• D.Disallow the use of web-based meetings as this could lead to vulnerable client-side components being installed, or a malicious third party gaining read-write control over an internal workstation.

An administrator is reviewing logs and sees the following entry:
Message: Access denied with code 403 (phase 2). Pattern match
"\bunion\b.{1,100}?\bselect\b" at ARGS:$id. [data "union all select"] [severity "CRITICAL"]
[tag "WEB_ATTACK"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag
"OWASP_AppSensor/CIE1"]
Action: Intercepted (phase 2) Apache-Handler: php5-script
Which of the following attacks was being attempted?

• A.Cross-site script
• B.Session hijacking
• C.SQL injection
• D.Buffer overflow

A multi-national company has a highly mobile workforce and minimal IT infrastructure. The company utilizes a BYOD and social media policy to integrate presence technology into global collaboration tools by individuals and teams. As a result of the dispersed employees and frequent international travel, the company is concerned about the safety of employees and their families when moving in and out of certain countries. Which of the following could the company view as a downside of using presence technology?

• A.Physical security
• B.Network reconnaissance
• C.Insider threat
• D.Industrial espionage