CAS-003 Exam Questions
947 real CAS-003 exam questions with expert-verified answers and explanations. Page 10 of 19.
- Question #463Technical Integration of Enterprise Security
A security administrator is updating a company's SCADA authentication system with a new application. To ensure interoperability between the legacy system and the new application, w...
SCADA securityICS authenticationstakeholder managementlegacy systems - Question #464Risk Management
A security analyst is classifying data based on input from data owners and other stakeholders. The analyst has identified three data types: 1. Financially sensitive data 2. Project...
data classificationdata comminglingaccess controlsquantitative risk assessment - Question #465Enterprise Security Operations
A government contractor was the victim of a malicious attack that resulted in the theft of sensitive information. An analyst's subsequent investigation of sensitive systems led to...
watering hole attackthreat analysisincident investigationadvanced persistent threat - Question #466Research, Development and Collaboration
A networking administrator was recently promoted to security administrator in an organization that handles highly sensitive data. The Chief Information Security Officer (CISO) has...
zero-day vulnerabilitiesthreat intelligenceCVE databasesecurity research sources - Question #467Technical Integration of Enterprise Security
A company has decided to replace all the T-1 uplinks at each regional office and move away from using the existing MPLS network. All regional sites will use high-speed connections...
VPNfirewallMPLS migrationnetwork architecture - Question #468Enterprise Security Operations
An external red team is brought into an organization to perform a penetration test of a new network-based application. The organization deploying the network application wants the...
black-box penetration testingred teamvulnerability scanningexternal assessment - Question #469Enterprise Security Operations
First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss in a rush to isolate the three ho...
incident responsevolatile data collectionransomware forensicsdigital forensics - Question #470Enterprise Security Operations
A regional business is expecting a severe winter storm next week. The IT staff has been reviewing corporate policies on how to handle various situations and found some are missing...
disaster recoverybusiness continuitypersonnel continuityDR planning - Question #471Enterprise Security Operations
A security engineer successfully exploits an application during a penetration test. As proof of the exploit, the security engineer takes screenshots of how data was compromised in...
HTTP proxy interceptorweb application exploitationpenetration testingdata manipulation - Question #472Enterprise Security Operations
A security engineer is analyzing an application during a security assessment to ensure it is configured to protect against common threats. Given the output below: Which of the foll...
HTTP interceptorsecurity assessment toolsapplication securitytool identification - Question #473Enterprise Security Operations
The Chief Financial Officer (CFO) of a major hospital system has received a ransom letter that demands a large sum of cryptocurrency be transferred to an anonymous account. If the...
ransomwarebreach notificationincident responselegal counsel - Question #474Risk Management
A project manager is working with system owners to develop maintenance windows for system pathing and upgrades in a cloud-based PaaS environment. Management has indicated one maint...
SLAmaintenance windowscloud PaaScontract management - Question #475Risk Management
A Chief Information Security Officer (CISO) is working with a consultant to perform a gap assessment prior to an upcoming audit. It is determined during the assessment that the org...
vendor managementthird-party riskcompliance assessmentgap analysis - Question #476Enterprise Security Operations
Joe, a penetration tester, is assessing the security of an application binary provided to him by his client. Which of the following methods would be the MOST effective in reaching...
fuzzingbinary analysisapplication security testingpenetration testing - Question #477Enterprise Security Operations
A security administrator is advocating for enforcement of a new policy that would require employers with privileged access accounts to undergo periodic inspections and review of ce...
privileged access managementleast privilegeaccount reviewsecurity policy - Question #478Enterprise Security Architecture
An organization is reviewing endpoint security solutions. In evaluating products, the organization has the following requirements: 1. Support server, laptop, and desktop infrastruc...
endpoint securityDLPEDRrights management - Question #479Enterprise Security Architecture
A company is migrating systems from an on-premises facility to a third-party managed datacenter. For continuity of operations and business agility, remote access to all hardware pl...
remote access managementSSHaudit loggingIPMI - Question #480Enterprise Security Architecture
A Chief Information Security Officer (CISO) implemented MFA for all accounts in parallel with the BYOD policy. After the implementation, employees report the increased authenticati...
MFASSOBYODauthentication friction - Question #481Risk Management
A Chief Information Security Officer (CISO) of a large financial institution undergoing an IT transformation program wants to embed security across the business rapidly and across...
security governancerisk program strategyorganizational securityquick wins - Question #482Enterprise Security Operations
A security administrator is concerned about the increasing number of users who click on malicious links contained within phishing emails. Although the company has implemented a pro...
phishingsecurity awareness traininguser behavioremail security - Question #483Enterprise Security Operations
A university's help desk is receiving reports that Internet access on campus is not functioning. The network administrator looks at the management tools and sees the 1Gbps Internet...
DDoS mitigationISP coordinationnetwork traffic saturationnull routing - Question #484Risk Management
A Chief Information Security Officer (CISO) recently changed jobs into a new industry. The CISO's first task is to write a new, relevant risk assessment for the organization. Which...
risk assessmentthreat modelingBIAthird-party consultant - Question #485Enterprise Security Operations
A security engineer is investigating a compromise that occurred between two internal computers. The engineer has determined during the investigation that one computer infected anot...
IDS visibilityHIDSlateral movement detectionnetwork monitoring - Question #486Enterprise Security Operations
As part of incident response, a technician is taking an image of a compromised system and copying the image to a remote image server (192.168.45.82). The system drive is very large...
forensic imagingincident responsedd commandnetcat transfer - Question #487Enterprise Security Operations
A network administrator is concerned about a particular server that is attacked occasionally from hosts on the Internet. The server is not critical; however, the attacks impact the...
BGP black hole routingDDoS mitigationremotely triggered blackholeISP coordination - Question #488Risk Management
A Chief Information Security Officer (CISO) needs to establish a KRI for a particular system. The system holds archives of contracts that are no longer in use. The contracts contai...
KRIrisk indicatorsdata classificationaccess monitoring - Question #489Enterprise Security Architecture
Staff members are reporting an unusual number of device thefts associated with time out of the office. Thefts increased soon after the company deployed a new social networking app....
social media privacygeolocation exposuremobile securityBYOD - Question #490Research, Development and Collaboration
A security engineer is assessing a new IoT product. The product interfaces with the ODBII port of a vehicle and uses a Bluetooth connection to relay data to an onboard data logger...
IoT securityrelay attackBluetooth protocol analysiscryptographic assessment - Question #491Technical Integration of Enterprise Security
A recent security assessment revealed a web application may be vulnerable to clickjacking. According to the application developers, a fix may be months away. Which of the following...
clickjackingX-Frame-OptionsHTTP security headersweb application security - Question #492Technical Integration of Enterprise Security
A developer is reviewing the following transaction logs from a web application: Username: John Doe Street name: Main St. Street number: <script>alert(`test')</alert> Which of the f...
XSS preventioninput sanitizationsecure codingPHP security - Question #493Technical Integration of Enterprise Security
A manufacturing company recently recovered from an attack on its ICS devices. It has since reduced the attack surface by isolating the affected components. The company now wants to...
ICS securitymachine learning IDSanomaly detectionbehavior baseline - Question #494Enterprise Security Operations
An engineer is reviewing the security architecture for an enterprise network. During the review, the engineer notices an undocumented node on the network. Which of the following ap...
network discoverytraffic log analysispenetration testingunknown node - Question #495Enterprise Security Architecture
A security administrator is reviewing the following output from an offline password audit: Which of the following should the systems administrator implement to BEST address this au...
password hashingbcryptPBKDF2key stretching - Question #496Risk Management
A corporate forensic investigator has been asked to acquire five forensic images of an employee database application. There are three images to capture in the United States, one in...
forensic investigationcross-border data privacyGDPRlegal compliance - Question #497Enterprise Security Operations
the DNS administrator's email address to use in a later social engineering attack. The information listed with the DNS registrar is private. Which of the following commands will al...
DNS reconnaissanceSOA recordsOSINTsocial engineering prep - Question #498Enterprise Security Architecture
Ann, a corporate executive, has been the recent target of increasing attempts to obtain corporate secrets by competitors through advanced, well-funded means. Ann frequently leaves...
full disk encryptionphysical securitydata protectionendpoint security - Question #499Enterprise Security Operations
An internal application has been developed to increase the efficiency of an operational process of a global manufacturer. New code was implemented to fix a security bug, but it has...
change managementversion controlrollback proceduresapplication security - Question #500Enterprise Security Operations
An analyst is investigating behavior on a corporate-owned, corporate-managed mobile device with application whitelisting enabled, based on a name string. The employee to whom the d...
reverse engineeringmobile securitymalware analysisapplication whitelisting - Question #501Enterprise Security Architecture
A security appliance vendor is reviewing an RFP that is requesting solutions for the defense of a set of web-based applications. This RFP is from a financial institution with very...
KPPRFP evaluationvendor qualificationsperformance requirements - Question #502Enterprise Security Architecture
A vulnerability was recently announced that allows a malicious user to gain root privileges on other virtual machines running within the same hardware cluster. Customers of which o...
cloud securityVM escapemulti-tenancyIaaS - Question #503Risk Management
Company leadership believes employees are experiencing an increased number of cyber attacks; however, the metrics do not show this. Currently, the company uses "Number of successfu...
KRIphishing metricssecurity reportingrisk indicators - Question #504Enterprise Security Operations
An organization's network security administrator has been using an SSH connection to manage switches and routers for several years. After attempting to connect to a router, an aler...
SSH key managementMITM attackAPTkey rotation - Question #505Risk Management
Following a recent outage, a systems administrator is conducting a study to determine a suitable bench stock on server hard drives. Which of the following metrics is MOST valuable...
MTBFhardware availabilityspare parts managementreliability metrics - Question #506Technical Integration of Enterprise Security
A school contracts with a vendor to devise a solution that will enable the school library to lend out tablet computers to students while on site. The tablets must adhere to string...
mobile securitygeofencingFDEMDM - Question #507Risk Management
A project manager is working with a software development group to collect and evaluate user scenarios related to the organization's internally designed data analytics tool. While r...
SRTMrequirements traceabilitycompliance documentationstakeholder management - Question #508Enterprise Security Operations
A laptop is recovered a few days after it was stolen. Which of the following should be verified during incident response activities to determine the possible impact of the incident...
FDEincident responsedata breach assessmentlaptop theft - Question #509Enterprise Security Operations
Ann, a security administrator, is conducting an assessment on a new firewall, which was placed at the perimeter of a network containing PII. Ann runs the following commands on a se...
firewall analysisiptablespacket capturetraffic filtering - Question #510Enterprise Security Architecture
A new database application was added to a company's hosted VM environment. Firewall ACLs were modified to allow database users to access the server remotely. The company's cloud se...
VM isolationhypervisor securityVM escapepatch management - Question #511Enterprise Security Operations
A penetration testing manager is contributing to an RFP for the purchase of a new platform. The manager has provided the following requirements: - Must be able to MITM web-based pr...
penetration testing toolsHTTP intercepting proxyvulnerability scannerMITM attacks - Question #512Enterprise Security Operations
An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes. The machine is running a very recent release of the Linux OS. W...
volatile memory forensicsLiME kernel moduleLinux forensicsmemory acquisition