CAS-003 Practice Questions

A company is concerned about disgruntled employees transferring its intellectual property data through covert channels. Which of the following tools would allow employees to write...

A security engineer is making certain URLs from an internal application available on the Internet. The development team requires the following - The URLs are accessible only from i...

A company enlists a trusted agent to implement a way to authenticate email senders positively. Which of the following is the BEST method for the company to prove Vie authenticity o...

A company recently migrated to a SaaS-based email solution. The solution is configured as follows. - Passwords are synced to the cloud to allow for SSO - Cloud-based antivirus is e...

The Chief Information Security Officer (CISO) of a company that has highly sensitive corporate locations wants its security engineers to find a solution to growing concerns regardi...

After analyzing code, two developers al a company bring these samples to the security operations manager. Which of the following would BEST solve these coding problems?

A security administrator receives reports that several workstations are unable to access resources within one network segment. A packet capture shows the segment is flooded with IC...

Joe an application security engineer is performing an audit of an environmental control application. He has implemented a robust SDLC process and is reviewing API calls available t...

An organization implemented a secure boot on its most critical application servers which produce content and capability for other consuming servers A recent incident, however led t...

A company's Internet connection is commonly saturated during business hours, affecting Internet availability. The company requires all Internet traffic to be business related. Afte...

An attacker has been compromising banking institution targets across a regional area. The Chief Information Security Officer (CISO) at a local bank wants to detect and prevent an a...

Users have reported that an internally developed web application is acting erratically, and the response output is inconsistent. The issue began after a web application dependency...

A company makes consumer health devices and needs to maintain strict confidentiality of unreleased product designs. Recently unauthorized photos of products still in development ha...

A manufacturing company's security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently prop...

A new corporate policy requires that all employees have access to corporate resources on personal mobile devices. The information assurance manager is concerned about the potential...

A security consultant is conducting a penetration test against a customer enterprise local comprises local hosts and cloud-based servers. The hosting service employs a multitenancy...

A security administrator is concerned about employees connecting their personal devices to the company network. Doing so is against company policy. The network does not have a NAC...

An organization designs and develops safety-critical embedded firmware (inclusive of embedded OS and services) for the automotive industry. The organization has taken great care to...

A consultant is planning an assessment of a customer-developed system. The system consists of a custom-engineered board with modified open-source drivers and a one- off management...

An organization's mobile device inventory recently provided notification that a zero-day vulnerability was identified in the code used to control the baseband of the devices. The d...

Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue. The security team needs to find a technical control mechanism that will meet the fo...

A technician uses an old SSL server due to budget constraints and discovers performance degrades dramatically after enabling PFS. The technician cannot determine why performance de...

A company's human resources department recently had its own shadow IT department spin up ten VMs that host a mixture of differently labeled data types (confidential and restricted)...

An electric car company hires an IT consulting company to improve the cybersecurity of us vehicles. Which of the following should achieve the BEST long-term result for the company?

An enterprise is configuring an SSL client-based VPN for certificate authentication. The trusted root certificate from the CA is imported into the firewall, and the VPN configurati...

A software development firm wants to validate the use of standard libraries as part of the software development process. Each developer performs unit testing prior to committing ch...

A creative services firm has a limited security budget and staff. Due to its business model, the company sends and receives a high volume of files every day through the preferred m...

During an audit, it was determined from a sample that four out of 20 former employees were still accessing their email accounts. An information security analyst is reviewing the ac...

A healthcare company wants to increase the value of the data it collects on its patients by making the data available to third-party researchers for a fee. Which of the following B...

The Chief Executive Officer )CEO) of a small company decides to use cloud computing to host critical corporate data for protection from natural disasters. The recommended solution...

A development team releases updates to an application regularly. The application is compiled with several standard open-source security products that require a minimum version for...

A penetration tester is given an assignment lo gain physical access to a secure facility with perimeter cameras. The secure facility does not accept visitors and entry is available...

An attacker exploited an unpatched vulnerability in a web framework, and then used an application service account that had an insecure configuration to download a rootkit. The atta...

A video-game developer has received reports of players who are cheating. All game players each have five capabilities that are ranked on a scale of 1 to 10 points, with 10 total po...

The Chief Executive Officer (CEO) of a fast-growing company no longer knows all the employees and is concerned about the company's intellectual property being stolen by an employee...

Due to a recent breach, the Chief Executive Officer (CEO) has requested the following activities be conducted during incident response planning: - Involve business owners and stake...

Several days after deploying an MDM for smartphone control, an organization began noticing anomalous behavior across the enterprise Security analysts observed the following: - Unau...

A security administrator is opening connectivity on a firewall between Organization A and Organization B Organization B just acquired Organization A. Which of the following risk mi...

An organization is facing budget constraints The Chief Technology Officer (CTO) wants to add a new marketing platform but the organization does not have the resources to obtain sep...

A cloud architect needs to isolate the most sensitive portion of the network while maintaining hosting in a public cloud. Which of the following configurations can be employed to s...

A financial services company has proprietary trading algorithms, which were created and are maintained by a team of developers on their private source code repository. If the detai...

A security administrator is performing an audit of a local network used by company guests and executes a series of commands that generates the following output: Which of the follow...

An attacker wants to gain information about a company's database structure by probing the database listener. The attacker tries to manipulate the company's database to see if it ha...

An organization based in the United States is planning to expand its operations into the European market later in the year Legal counsel is exploring the additional requirements th...

A company is deploying a DIP solution and scanning workstations and network drives for documents that contain potential Pll and payment card data. The results of the first scan are...

A security engineer wants to introduce key stretching techniques to the account database to make password guessing attacks more difficult. Which of the following should be consider...

As part of an organization's ongoing vulnerability assessment program, the Chief Information Security Officer (CISO) wants to evaluate the organization's systems, personnel, and fa...

A security engineer discovers a PC may have been breached and accessed by an outside agent. The engineer wants to find out how this breach occurred before remediating the damage. W...

A hospital is using a functional magnetic resonance imaging (fMRI) scanner, which is controlled legacy desktop connected to the network. The manufacturer of the fMRI will not suppo...

A Chief Information Security Officer (CISO) has created a survey that will be distributed to managers of mission-critical functions across the organization. The survey requires the...