CAS-003 Practice Questions

A major OS vendor implements an IDE-integrated tool that alerts developers on the use of insecure and deprecated С code functions. Using which of the following functions would yiel...

A company is planning to undergo a P2V project to improve resource utilization, redundancy, and failover across its two datacenters. A consultant has provided a private cloud desig...

A company is deploying laptops to replace all current desktop endpoints. This increases the risk of data loss. Which of the following is the BEST solution to address this risk?

An ICS security engineer is performing assessment at a bank in Chicago. The engineer reviews the following output: Which of the following tools is the engineer using to provide thi...

A company recently developed a new mobile application that will be used to access a sensitive system. The application and the system have the following requirements: The applicatio...

Following a major security incident that resulted in a significant loss of revenue and extended loss of server availability, a new Chief Information Security Officer (CISO) conduct...

A security program was allocated $2 million in funding for the year. The cybersecurity team identified the following potential projects to deliver: Which of the following solutions...

A software company tripled its workforce by hiring numerous early career developers out of college. The senior development team has a long-running history of secure coding, mostly...

A security engineer has just been embedded in an agile development team to ensure security practices are maintained during frequent release cycles. A new web application includes a...

The HVAC and fire suppression systems that were recently deployed at multiple locations are susceptible to a new vulnerability. A security engineer needs to ensure the vulnerabilit...

An aircraft manufacturer is developing software that will perform automatic flight control (auto- pilot). Given the high safety criticality of the software, the developer can BEST...

An application developer is including third-party backported security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the ap...

A forensic analyst must image the hard drive of a computer and store the image on a remote server. The analyst boots the computer with a live Linux distribution. Which of the follo...

A security engineer at a company is designing a system to mitigate recent setbacks caused by competitors that are beating the company to market with new products. Several of the pr...

Which of the following risks does expanding business into a foreign country carry?

An analyst is testing the security of a server and attempting to infiltrate the network. The analyst is able to obtain the following output after running some tools on the server:...

Following a recent disaster, a business activates its DRP. The business is operational again within 60 minutes. The business has multiple geographically dispersed locations that ha...

A corporation with a BYOD policy is very concerned about issues that may arise from data ownership. The corporation is investigating a new MDM solution and has gathered the followi...

A security engineer needs to implement controls that will prevent the theft of data by insiders who have valid credentials. Recent incidents were carried out with mobile and wearab...

During an audit, an information security analyst discovers accounts that are still assigned to employees who no longer work for the company and new accounts that need to be verifie...

A Chief Information Security Officer (CISO) wants to obtain data from other organizations in the same industry related to recent attacks against industry targets. A partner firm in...

An organization has been the target of four phishing attacks in the last year. Each incident has cost the organization an average of $2,000. A security director researches addition...

Several corporate users returned from an international trip with compromised operating systems on their cellular devices. Additionally, intelligence reports confirm some internatio...

A developer implements the following code snippet: Which of the following vulnerabilities does this code snippet resolve?

The Chief Information Security Officer (CISO) of a power generation facility is concerned about being able to detect missing security updates on the critical infrastructure in use...

Which of the following controls primarily detects abuse of privilege but does not prevent it?

A company has a DLP system with the following capabilities: Text examination Optical character recognition File type validation Multilingual translation of key words and phrases Bl...

A security analyst is responsible for the completion of a vulnerability assessment at a regional healthcare facility. The analyst reviews the following Nmap output: Which of the fo...

A developer is concerned about input validation for a newly created shopping-cart application, which will be released soon on a popular website. Customers were previously able to m...

A factory-floor system uses critical, legacy, and unsupported application software to enable factory operations. A latent vulnerability was recently exposed, which permitted attack...

While standing up a proof-of-concept solution with a vendor, the following direction was given for connections to the different environments: Which of the following is being used t...

A developer is writing a new mobile application that employees will use to connect to an Internet- facing sensitive system. The security team is concerned with MITM attacks against...

A company deploys a system to use device and user certificates for network authentication. Previously, the company only used separate certificates to send/receive encrypted email....

A security analyst is examining threats with the following code function: Which of the following threats should the security analyst report?

A security team wants to keep up with emerging threats more efficiently by automating NIDS signature development and deployment. Which of the following approaches would BEST suppor...

A cloud architect is moving a distributed system to an external cloud environment. The company must be able to: Administer the server software at OS and application levels. Show th...

After multiple availability issues, a systems administrator is reviewing the following metrics from the web server farm, which is configured to serve the company's e-commerce site:...

A company's human resources department recently had its own shadow IT department spin up multiple VM guests on one host, each hosting a mixture of differently labeled data types (c...

A legacy SCADA system is in place in a manufacturing facility to ensure proper facility operations. Recent industry reports made available to the security team state similar legacy...

A line-of-business manager has decided, in conjunction with the IT and legal departments, that outsourcing a specific function to a third-party vendor would be the best course of a...

An organization uses an internal, web-based chat service that is served by an Apache HTTP daemon. A vulnerability scanner has identified this service is susceptible to a POODLE att...

The latest security scan of a web application reported multiple high vulnerabilities in session management. Which of the following is the BEST way to mitigate the issue?

Which of the following is the primary cybersecurity-related difference between the goals of a risk assessment and a business impact analysis?

A security manager is creating an incident response plan for an organization. Executive management wants to designate a specific group of personnel to respond to incidents and an a...

A security analyst is testing a server and finds the following in the output of a vulnerability scan: Which of the following will the security analyst most likely use NEXT to explo...

A company's design team is increasingly concerned about intellectual property theft. Members of the team often travel to suppliers' offices where they collaborate and share access...

The Chief Information Security Officer (CISO) developed a robust plan to address both internal and external vulnerabilities due to an increase in ransomware attacks on the network....

While reviewing wire transfer procedures, the Chief Information Security Officer (CISO) of a bank discovers a flaw in the policy that can potentially allow for some wire transfers...

A security analyst is reviewing the security of a company's public-facing servers. After some research, the analyst discovers the following on a public pastebin website. Which of t...

A recent incident revealed a log entry was modified after its original creation. Which of the following technologies would BEST ensure end user systems are able to defend against f...