CASP questions with correct answers

The Chief Information Security Office (CISO) informs the team that since the organization will sign a NDA with any potential suppliers, the most current industry evaluation should include details of tests performed by the supplier's auditors and the associated results. Based on the requirements provided by the CISO, which of the following reports should be requested in the RFP? - Answer SOC 2 - Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy - These reports are intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy. These reports are performed using the AICPA Guide: Reporting on Controls at a Service Organizations Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy and are intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organization that have a thorough understanding of the service organization and its internal controls. These reports can form an important part of stakeholders: ---Oversight of the organization ---Vendor management program ---Internal corporate governance and risk management processes ---Regulatory oversight An organization utilizes full packet capture on all network traffic in its environment. A security analyst is inspecting a packet capture of the traffic to a web server that occurred prior to the system becoming compromised. The analyst notices a string of 100 occurrences of 09. Which of the following attacks MOST likely occurred? - Answer Buffer overflow An IT manager has received the following email from the Chief Information Office (CIO): ***