CAS-003 Practice Questions

Following a recent security incident on a web server the security analyst takes HTTP traffic captures for further investigation. The analyst suspects certain jpg files have importa...

A company has completed the implementation of technical and management controls as required by its adopted security, ponies and standards. The implementation took two years and con...

An e-commerce company that provides payment gateways is concerned about the growing expense and time associated with PCI audits of its payment gateways and external audits by custo...

An employee decides to log into an authorized system. The system does not prompt the employee for authentication prior to granting access to the console, and it cannot authenticate...

An engineer wants to assess the OS security configurations on a company's servers. The engineer has downloaded some files to orchestrate configuration checks. When the engineer ope...

A company is implementing a new secure identity application, given the following requirements - The cryptographic secrets used in the application must never be exposed to users or...

A small firm's newly created website has several design flaws. The developer created the website to be fully compatible with ActiveX scripts in order to use various digital certifi...

An organization is integrating an ICS and wants to ensure the system is cyber resilient. Unfortunately, many of the specialized components are legacy systems that cannot be patched...

A company wants to implement a cloud-based security solution that will sinkhole malicious DNS requests. The security administrator has implemented technical controls to direct DNS...

The Chief Information Security Officer (CISO) of an organization is concerned with the transmission of cleartext authentication information across the enterprise. A security assess...

Which of the following risks does expanding business into a foreign country carry?

A large, multinational company currently has two separate databases. One is used for ERP while the second is used for CRM To consolidate services and infrastructure, it is proposed...

A company uses AD and RADIUS to authenticate VPN and WiFi connections. The Chief Information Security Officer (CISO) initiates a project to extend a third-party MFA solution to VPN...

A PaaS provider deployed a new product using a DevOps methodology. Because DevOps is used to support both development and production assets inherent separation of duties is limited...

A red team is able to connect a laptop with penetration testing tools directly into an open network port. The team then is able to take advantage of a vulnerability on the domain c...

Confidential information related to ApplicationA. Application B and Project X appears to have been leaked to a competitor. After consulting with the legal team, the IR team is advi...

A secure facility has a server room that currently is controlled by a simple lock and key. and several administrators have copies of the key. To maintain regulatory compliance, a s...

A security engineer is helping the web developers assess a new corporate web application The application will be Internet facing so the engineer makes the following recommendation:...

A company is the victim of a phishing and spear-phishing campaign. Users are Clicking on website links that look like common bank sites and entering their credentials accidentally....

A company is purchasing an application that will be used to manage all IT assets as well as provide an incident and problem management solution for IT activity. The company narrows...

An internal penetration tester finds a legacy application that takes measurement input made in a text box and outputs a specific string of text related to industry requirements. Th...

A security analyst is reviewing weekly email reports and finds an average of 1.000 emails received daily from the internal security alert email address. Which of the following shou...

An engineer needs to provide access to company resources for several offshore contractors. The contractors require: - Access to a number of applications, including internal website...

An application development company implements object reuse to reduce life-cycle costs for the company and its clients. Despite the overall cost savings, which of the following BEST...

A company recently experienced a period of rapid growth, and it now needs to move to a more scalable cloud-based solution. Historically, salespeople have maintained separate system...

A company is in the process of re-architecting its sensitive system infrastructure to take advantage of on-demand computing through a public cloud provider. The system to be migrat...

An enterprise solution requires a central monitoring platform to address the growing networks of various departments and agencies that connect to the network. The current vendor pr...

The SOC has noticed an unusual volume of traffic coming from an open WiFi guest network that appears correlated with a broader network slowdown. The network team is unavailable to...

Following the merger of two large companies the newly combined security team is overwhelmed by the volume of logs flowing from the IT systems. The company's data retention schedule...

As part of a systems modernization program, the use of a weak encryption algorithm is identified m a wet se-vices API. The client using the API is unable to upgrade the system on i...

A new employee is plugged into the network on a BYOD machine but cannot access the network. Which of the following must be configured so the employee can connect to the network?

A company has deployed MFA Some employees, however, report they ate not gelling a notification on their mobile device. Other employees report they downloaded a common authenticates...

A company wants to secure a newly developed application that is used to access sensitive information and data from corporate resources. The application was developed by a third- pa...

A security engineer is looking at a DNS server following a known incident. The engineer sees the following command as the most recent entry in the server's shell history: id ^f=iev...

The security configuration management policy states that all patches must undergo testing procedures before being moved into production. The sec... analyst notices a single web app...

The Chief Financial Officer (CFO) of a major hospital system has received a ransom letter that demands a large sum of cryptocurrency be transferred to an anonymous account. If the...

A hospital's security team recently determined its network was breached and patient data was accessed by an external entity. The Chief Information Security Officer (CISO) of the ho...

A security analyst has received the following requirements for the implementation of enterprise credential management software. - The software must have traceability back to an ind...

To meet a SLA, which of the following documents should be drafted, defining the company's internal interdependent unit responsibilities and delivery timelines.

The security administrator of a small firm wants to stay current on the latest security vulnerabilities and attack vectors being used by crime syndicates and nation-states. The inf...

An organization is moving internal core data-processing functions related to customer data to a global public cloud provider that uses aggregated services from other partner organi...

A global company has decided to implement a cross-platform baseline of security settings for all company laptops. A security engineer is planning and executing the project. Which o...

A security administrator is investigating an incident involving suspicious word processing documents on an employee's computer, which was found powered off in the employee's office...

The email administrator must reduce the number of phishing emails by utilizing more appropriate security controls. The following configurations already are in place - Keyword Mocki...

Within the past six months, a company has experienced a series of attacks directed at various collaboration tools. Additionally, sensitive information was compromised during a rece...

A government entity is developing requirements for an RFP to acquire a biometric authentication system. When developing these requirements, which of the following considerations is...

A SaaS provider decides to offer data storage as a service. For simplicity, the company wants to make the service available over industry standard APIs, routable over the public In...

A security administrator wants to stand up a NIPS that is multilayered and can incorporate many security technologies into a single platform. The product should have diverse capabi...

The Chief Financial Officer (CFO) of an organization wants the IT department to add the CFO's account to the domain administrator group. The IT department thinks this is nsky and w...

A company is trying to resolve the following issues related to its web servers and Internet presence: - The company's security rating declined on multiple occasions when it failed...