Everything You Need to Pass: comptia CAS_002

There have been some failures of the companys internal facing website. A security engineer has found the WAF to be the root cause of the failures. System logs show that the WAF has been unavailable for 14 hours over the past month, in four separate situations. One of these situations was a two hour scheduled maintenance time, aimed at improving the stability of the WAF. Using the MTTR based on the last months performance figures, which of the following calculations is the percentage of uptime assuming there were 722 hours in the month?

A company with 2000 workstations is considering purchasing a HIPS to minimize the impact of a system compromise from malware. Currently, the company projects a total cost of $50,000 for the next three years responding to and eradicating workstation malware. The Information Security Officer (ISO) has received three quotes from different companies that provide HIPS.✑ The first quote requires a $10,000 one-time fee, annual cost of $6 per workstation, and a 10% annual support fee based on the number of workstations.✑ The second quote requires a $15,000 one-time fee, an annual cost of $5 per workstation, and a 12% annual fee based on the number of workstations.✑ The third quote has no one-time fee, an annual cost of $8 per workstation, and a 15% annual fee based on the number of workstations.Which solution should the company select if the contract is only valid for three years?

A security engineer is working on a large software development project. As part of the design of the project, various stakeholder requirements were gathered and decomposed to an implementable and testable level. Various security requirements were also documented. Organize the following security requirements into the correct hierarchy required for an SRTM.Requirement 1: The system shall provide confidentiality for data in transit and data at rest.Requirement 2: The system shall use SSL, SSH, or SCP for all data transport.Requirement 3: The system shall implement a file-level encryption scheme.Requirement 4: The system shall provide integrity for all data at rest.Requirement 5: The system shall perform CRC checks on all files.

An insurance company is looking to purchase a smaller company in another country. Which of the following tasks would the security administrator perform as part of the security due diligence?

Three companies want to allow their employees to seamlessly connect to each others wireless corporate networks while keeping one consistent wireless client configuration. Each company wants to maintain its own authentication infrastructure and wants to ensure that an employee who is visiting the other two companies is authenticated by the home office when connecting to the other companies wireless network. All three companies have agreed to standardize on 802.1x EAP-PEAP-MSCHAPv2 for client configuration. Which of the following should the three companies implement?

An administrator wants to enable policy based flexible mandatory access controls on an open source OS to prevent abnormal application modifications or executions. Which of the following would BEST accomplish this?