Category «CAS-002»

Which of the following are security weaknesses in this example?

A penetration tester is inspecting traffic on a new mobile banking application and sends the following webrequest:POST http://www.example.com/resources/NewBankAccount HTTP/1.1 Content-type: application/json{“account”:[{ “creditAccount”:”Credit Card Rewards account”}{ “salesLeadRef”:”www.example.com/badcontent/exploitme.exe”} ],“customer”:[{ “name”:”Joe Citizen”} { “custRef”:”3153151″}]}The banking website responds with:HTTP/1.1 200 OK{“newAccountDetails”:[{ “cardNumber”:”1234123412341234″} { “cardExpiry”:”2020-12-31″} { “cardCVV”:”909″}],“marketingCookieTracker”:”JSESSIONID=000000001″“returnCode”:”Account added successfully”}Which of the following are security weaknesses in this example? (Select TWO). …

Which of the following should the security administrator

A security administrator is performing VDI traffic data collection on a virtual server which migrates from onehost to another. While reviewing the data collected by the protocol analyzer, the security administrator noticesthat sensitive data is present in the packet capture. Which of the following should the security administratorrecommend to ensure the confidentiality of sensitive information …

which of the following options is MOST accurate?

A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented. The CISOwants to know upfront what the projected TCO would be before looking further into this concern. Two vendorproposals have been received:Vendor A: product-based solution which can be purchased by the pharmaceutical company.Capital expenses to cover central log collectors, correlators, storage …

Which of the following software development methods is

A company has received the contract to begin developing a new suite of software tools to replace an agingcollaboration solution. The original collaboration solution has been in place for nine years, contains over amillion lines of code, and took over two years to develop originally. The SDLC has been broken up into eightprimary stages, with …

which of the followingtools should the helpdesk manager use to make the staff more effective at troubleshooting while at the same

The helpdesk manager wants to find a solution that will enable the helpdesk staff to better serve companyemployees who call with computer-related problems. The helpdesk staff is currently unable to perform effectivetroubleshooting and relies on callers to describe their technology problems. Given that the helpdesk staff islocated within the company headquarters and 90% of the …

Which of the following denotes the BEST way to mitigate

A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The core of thePOS is an extranet site, accessible only from retail stores and the corporate office over a split-tunnel VPN. Anadditional split-tunnel VPN provides bi-directional connectivity back to the main office, which provides voiceconnectivity for store VoIP …

Which of the following security concerns does the analy

An analyst connects to a company web conference hosted on www.webconference.com/meetingID#01234 andobserves that numerous guests have been allowed to join, without providing identifying information. The topicscovered during the web conference are considered proprietary to the company. Which of the following securityconcerns does the analyst present to management? A. Guest users could present a risk to …

which of the following steps in system authorizationhas the security engineer omitted?

A security engineer is a new member to a configuration board at the request of management. The companyhas two new major IT projects starting this year and wants to plan security into the application deployment. Theboard is primarily concerned with the applications’ compliance with federal assessment and authorizationstandards. The security engineer asks for a timeline …

which of the following operating systems is MOST likely running on the unknown

Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin herinvestigative work, she runs the following nmap command string:user@hostname:~$ sudo nmap O 192.168.1.54Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open onthe device:TCP/22TCP/111TCP/512-514TCP/2049TCP/32778Based on this information, …