CAS-003 Practice Questions

What will dictate the level of association between methods of access, elements, an organization of data elements and processing alternatives?

The methods of software development provide vendor and software developers guidelines for the creation of the program. Name the method (software development) that is usually implem...

Jim's company hires Chris's company in order to develop software. However, a 3rd party has a source code copy. What should be in place by Jim's company for protection?

hich of the term is used to describe software bots or robots collection which runs automatically and autonomously and can harm the computer?

What provides for higher performance and fault tolerance in case databases are clustered?

A penetration tester is on an active engagement and has access to a remote system. The penetration tester wants to bypass the DLP, which is blocking emails that are encrypted or co...

An organization that develops military technology is considering expansion into a foreign country. The organization's owners want to understand the risks associated with such an ex...

A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP. Block is an except of output fro...

A threat analyst notices the following URL while going through the HTTP logs. Which of the following attack types is the threat analyst seeing?

The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer da...

A human resources employee receives a call from an individual who is representing a background verification firm that is conducting a background check on a prospective candidate. T...

A company requires a task to be carried by more than one person concurrently. This is an example of:

A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and...

A company has decided to move an ERP application to a public cloud vendor. The company wants to replicate some of its global policies from on premises to cloud. The policies includ...

A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain ima...

A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief...

Which of the following BEST sets expectation between the security team and business units within an organization?

A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company's website and services. The Chief information Sec...

A security is assisting the marketing department with ensuring the security of the organization's social media platforms. The two main concerns are: The Chief marketing officer (CM...

A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the p...

The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements: * Transaction being requested by una...

A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will...

A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows...

A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system: Which of t...

Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network gener...

A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, an...

Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedu...

A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT...

A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administr...

A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged execut...

A financial institution has several that currently employ the following controls: * The severs follow a monthly patching cycle. * All changes must go through a change management pr...

An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report: - Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Pr...

The Chief information Officer (CIO) wants to establish a non-banding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers...

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the n...

Which of the following controls primarily detects abuse of privilege but does not prevent it?

A company provides guest WiFi access to the internet and physically separates the guest network from the company's internal WIFI. Due to a recent incident in which an attacker gain...

The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank's risk committee is to ensure:

A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret t...

A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts: Which of the following MOST ap...

The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conduc...

An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the ap...

A security analyst is validating the MAC policy on a set of Android devices. The policy was written to ensure non-critical applications are unable to access certain resources. When...

A cybersecurity analyst receives a ticket that indicates a potential incident is occurring. There has been a large in log files generated by a generated by a website containing a `...

The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified. Which of the foll...

A company is repeatedly being breached by hackers who valid credentials. The company's Chief information Security Officer (CISO) has installed multiple controls for authenticating...

A security auditor needs to review the manner in which an entertainment device operates. The auditor is analyzing the output of a port scanning tool to determine the next steps in...

An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should: - Be based on open-source...

A company's employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic locati...

A company's bandwidth has increased an average of 20% year over year, but the current firewall will not handle future bandwidth. At the current bandwidth of 1 Gbps, the firewall wi...

A company donates many of its laptops to a non-profit organization after completing a refresh cycle. The help desk currently backs up the user data and deletes the users' profiles...