Online Access Free CAS-001 Practice Test

An architect has been engaged to write the security viewpoint of a new initiative. Which of the following BEST describes a repeatable process that can be used for establishing the security architecture?

• A.Implement controls based on the system needs. Perform a risk analysis of the system. For any remaining risks, perform continuous monitoring.
• B.Inspect a previous architectural document. Based on the historical decisions made, consult the architectural control and pattern library within the organization and select the controls that appear to best fit this new architectural need.
• C.Classify information types used within the system into levels of confidentiality, integrity, and availability. Determine minimum required security controls. Conduct a risk analysis. Decide on which security controls to implement.
• D.Perform a risk analysis of the system. Avoid extreme risks. Mitigate high risks. Transfer medium risks and accept low risks. Perform continuous monitoring to ensure that the system remains at an adequate security posture.

The Chief Information Security Officer (CISO) at a software development company is concerned about the lack of introspection during a testing cycle of the company's flagship product. Testing was conducted by a small offshore consulting firm and the report by the consulting firm clearly indicates that limited test cases were used and many of the code paths remained untested.
The CISO raised concerns about the testing results at the monthly risk committee meeting, highlighting the need to get to the bottom of the product behaving unexpectedly in only some large enterprise deployments.
The Security Assurance and Development teams highlighted their availability to redo the testing if required.
Which of the following will provide the MOST thorough testing?

• A.Use the internal team to perform Black box testing.
• B.Use the internal teams to perform Grey box testing.
• C.Have the small consulting firm redo the Black box testing.
• D.Use the internal teams to perform White box testing.
• E.Use a larger consulting firm to perform Black box testing.

At 9:00 am each morning, all of the virtual desktops in a VDI implementation become extremely slow and/or unresponsive. The outage lasts for around 10 minutes, after which everything runs properly again. The administrator has traced the problem to a lab of thin clients that are all booted at 9:00 am each morning. Which of the following is the MOST likely cause of the problem and the BEST solution? (Select TWO).

• A.The lab desktops are saturating the network while booting.
• B.Install faster SSD drives in the storage system used in the infrastructure.
• C.Install 10-Gb uplinks between the hosts and the lab to increase network capacity.
• D.Install more memory in the thin clients to handle the increased load while booting.
• E.A backup is running on the thin clients at 9am every morning.
• F.Add guests with more memory to increase capacity of the infrastructure.
• G.The lab desktops are using more memory than is available to the host systems.
• H.Booting all the lab desktops at the same time is creating excessive I/O.

SDLC is being used for the commissioning of a new platform. To provide an appropriate level of assurance the security requirements that were specified at the project origin need to be carried through to implementation. Which of the following would BEST help to determine if this occurred?

• A.Secure code review and penetration test
• B.Security development lifecycle (SDL)
• C.Requirements workshop
• D.Security requirements traceability matrix (SRTM)

A UNIX administrator notifies the storage administrator that extra LUNs can be seen on a UNIX server. The LUNs appear to be NTFS file systems. Which of the following MOST likely happened?

• A.The iSCSI initiator was not restarted.
• B.The UNIX server is multipathed.
• C.The HBA allocation is wrong.
• D.The NTFS LUNs are snapshots.