CAS-003 Practice Questions

A manufacturing company employs SCADA systems to drive assembly lines across geographically dispersed sites. Therefore, the company must use the Internet to transport control messa...

The results of an external penetration test for a software development company show a small number of applications account for the largest number of findings. While analyzing the c...

The Chief Information Security Officer (CISO) is preparing a requirements matrix scorecard for a new security tool the company plans to purchase. Feedback from which of the followi...

While the code is still in the development environment, a security architect is testing the code stored in the code repository to ensure the top ten OWASP secure coding practices a...

An information security officer reviews a report and notices a steady increase in outbound network traffic over the past ten months. There is no clear explanation for the increase....

An application has been through a peer review and regression testing and is prepared for release. A security engineer is asked to analyze an application binary to look for potentia...

A researcher is working to identify what appears to be a new variant of an existing piece of malware commonly used in ransomware attacks. While it is not identical to the malware p...

After the departure of a developer under unpleasant circumstances, the company is concerned about the security of the software to which the developer has access. Which of the follo...

A security engineer reviews the table below: The engineer realizes there is an active attack occurring on the network. Which of the following would BEST reduce the risk of this att...

A legal services company wants to ensure emails to clients maintain integrity in transit. Which of the following would BEST meet this requirement? (Select TWO)

The Chief Information Security Officer (CISO) of a new company is looking for a comprehensive assessment of the company's application services. Which of the following would provide...

An organization is creating requirements for new laptops that will be issued to staff One of the company's key security objectives is to ensure the laptops nave hardware-enforced d...

Within change management, which of the following ensures functions are earned out by multiple employees?

An administrator wants to ensure hard drives cannot be removed from hosts and men installed into and read by unauthorized hosts. Which of the following techniques would BEST suppor...

A security administrator is confirming specific ports and IP addresses that are monitored by the IPS- IDS system as well as the firewall placement on the perimeter network between...

A security analyst is comparing two virtual servers that were bum from the same image and patched at the same regular intervals. Server A is used to host a public-facing website, a...

A system administrator recently conducted a vulnerability scan of the internet. Subsequently, the organization was successfully attacked by an adversary. Which of the following in...

A company recently deployed an agent-based DLP solution to all laptop in the environment. The DLP solution is configured to restrict the following: - USB ports - FTP connections -...

A security is testing a server finds the following in the output of a vulnerability scan: PORT STATE SERVICE 139/top open netbios-ssn Host script results: I samba-vuln-cve-2018-126...

Which of the following is the MOST likely reason an organization would decide to use a BYOD policy?

A network service on a production system keeps crashing at random times. The systems administrator suspects a bug in the listener is causing the service to crash, resuming in the a...

A company runs a well -attended, on-premises fitness club for its employees, about 200 of them each day. Employees want to sync center's login and attendance program with their sma...

Which of the following is MOST likely to be included in a security services SLA with a third-party vendor?

While traveling to another state, the Chief Financial (CFO) forgot to submit payroll for the company. The CFO quickly gained to the corporate through the high-speed wireless networ...

A security manager wants to implement a policy that will management with the ability to monitor employees' activities with minimum impact to productivity. Which of the following po...

A company has made it a spending priority to implement security architectures that will be resilient during an attack. Recent incidents have involved attackers leveraging latent vu...

Users of a newly deployed VoIP solution report multiple instances of dropped or garbled calls. Thirty users connect to the primary site via a site-to-site VPN, and the primary site...

A developer has executed code for a website that allows users to search for employees' phone numbers by last name. The query string sent by the browser is as follows: The developer...

A security analyst receives an email from a peer that includes a sample of code from a piece of malware found in an application running in the organization's staging environment. D...

The Chief Executive Officer (CEO) of a company has considered implementing a cost-saving measure that might result in new risk to the company. When deciding whether to implement th...

While an employee is on vacation, suspicion arises that the employee has been involved in malicious activity on the network. The security engineer is concerned the investigation ma...

A product owner is reviewing the output of a web-application penetration test and has identified an application that is presenting sensitive information in cleartext on a page. Whi...

When of the following is the BEST reason to implement a separation of duties policy?

Ann, a user' brings her laptop to an analyst after noticing it has been operating very slowly. The security analyst examines the laptop and obtains the following output. Which of t...

A hospital is deploying new imaging softwares that requires a web server for access to image for both local and remote users. The web server allows user authentication via secure L...

The government is concerned with remote military missions being negatively impacted by the use of technology that may fail to protect operational security. To remediate this concer...

A company's Chief Information Security Officer (CISO) is working with the product owners to perform a business impact assessment. The product owners provide feedback related to the...

A security administrator wants to implement an MDM solution to secure access to company email and files in a BYOD environment. The solution must support the following requirements:...

A company's IT department currently performs traditional patching, and the servers have a significant longevity that may span over five years. A security architect is moving the co...

A security analyst is reviewing an endpoint that was found to have a rookit installed. The rootkit survived multiple attempts to clean the endpoints, as well as an attempt to reins...

A corporation with a BYOD policy is very concerned about issues that may arise from data ownership. The corporation is investigating a new MDM solution and has gathered the followi...

During the migration of a company's human resources application to a PaaS provider, the Chief Privacy Officer (CPO) expresses concern the vendor's staff may be able to access data...

A company's claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an em...

A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following: The security engineer l...

A penetration tester is trying to gain access to a building after hours as part of a physical assessment of an office complex. The tester notes that each employee touches a badge n...

A server was compromised recently, and two unauthorized daemons were set up to listen for incoming connections. In addition, CPU cycles were being used by an additional unauthorize...

A security researcher at an organization is reviewing potential threats to the VoIP phone system infrastructure, which uses a gigabit Internet connection. The researcher finds a vu...

A pharmaceutical company is considering moving its technology operations from on-premises to externally-hosted to reduce costs while improving security and resiliency. These operat...

A security engineer is managing operational, excess, and available equipment for a customer. Three pieces of expensive leased equipment, which are supporting a highly confidential...

A power outage is caused by a severe thunderstorm and a facility is on generator power. The CISO decides to activate a plan and shut down non-critical systems to reduce power consu...