CAS-003 Practice Questions

An organization's email filter is an ineffective control, and as a result, employees have been constantly receiving phishing emails. As part of a security incident investigation, a...

To reduce costs, an organization, has decided it will no longer support corporate phones. All employees must use a BYOD device to access the company's collaboration services, which...

A security analyst is reviewing the following event: The packet appears to contain a malicious payload that is being delivered to the endpoint through the gateway firewall. Which o...

A Chief Information Security Officer (CISO) is developing corrective-action plans based on the following output from a vulnerability scan of internal hosts: Which of the following...

The Chief Information Security Officer (CISO) of a new company is looking for a comprehensive assessment of the company's application services. Which of the following would provide...

Privacy standards generally prohibit the public disclosure of:

Two major aircraft manufacturers are in the process of merging their assets and forming a single enterprise network. One of the manufacturers maintains its ICS systems on the same...

A group of security consultants is conducting an assessment of a customer's network across multiple physical locations. To save time, the customer has allowed the consultants to in...

A large organization suffers a data breach after one staff member inadvertently shares a document on a corporate-approved, file-sharing, cloud-collaboration service. The security a...

A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data suppo...

A company protects privileged accounts by using hardware keys as a second factor. A security engineer receives an error while attempting to authenticate with a hardware key for the...

The Chief Information Officer (CIO) asks the systems administrator to improve email security at the company based on the following requirements: 1. Do not use two-factor authentica...

A small company is implementing a new technology that promises greater performance but does not abide by accepted RFCs. Which of the following should the company do to ensure the r...

The president of an online retail company has decided the company needs to increase its market size by targeting more countries in order to increase sales. All customer data is cur...

A company hosts a web-based application that is accessed by customers worldwide. A code review has discovered known vulnerabilities in the company's server application, which is ma...

An organization recently experienced losses caused by users who installed applications from unauthorized sources on their smartphones. The organization wants to reduce the risk of...

An organization wishes to implement cloud computing, but it is not sure which service to choose. The organization wants to be able to share Tiles, collaborate, and use applications...

A system integrator wants to assess the security of the application binaries delivered by its subcontracted vendors. The vendors do not deliver source code as a part of their contr...

A legacy SCADA system is m place in a manufacturing facility to ensure proper facility operations. Recent industry reports made available to the security team state similar legacy...

While standing a proof-of-concept solution with a vendor, the following direction was given of connections to the default environments. Which of the following is using used to secu...

Employees who travel internationally have been issued corporate mobile devices. When traveling through border security employees report border police officers have asked them to po...

A security engineer is performing a routine audit of a company's decommissioned devices. The current process involves a third-party firm removing the hard drive from a company devi...

An organization recently suffered a high-impact loss due to a zero-day vulnerability exploited in a concentrator enabling iPSec VPN access for users. The attack included a pivot in...

A security analyst is reviewing the security of a company's public-facing servers. After some research the analyst discovers the following on a public pastebin website. Which of th...

A cloud architect is moving a distributed system to an external cloud environment. The company must be able to: - Administer the server software at OS and application levels - Show...

Following a major security modem that resulted in a significant loss of revenue and extended loss of server availability, a new Chief Information Security Officer (CISO) conducts a...

A security analyst is examining threats with the following code function: Which of the following threats should the security analyst report1?

The Chief Information Security Officer (CISO) developed a robust plan to address both internal and external vulnerabilities due to an increase in ransomware attacks on the networks...

A corporation with a BYOO policy is very concerned about issues that may arise from data ownership. The corporation is investigating a new MOM solution and has gathered the followi...

The HVAC and fire suppression systems that were recently deployed at multiple locations are susceptible to a new vulnerability. A security engineer needs to ensure the vulnerabilit...

The Chief Information Security Officer (CISO) of a power generation facility s concerned about being able to detect missing security updates on the critical infrastructure in use a...

Which of the following is the primary cybersecurity-related difference between the goals of a risk assessment and a business impact analysts?

An organization's email filler is an ineffective control and as a result employees have been constantly receiving phishing emails. As part of a security incident investigation a se...

After multiple availability issues a systems administrator is reviewing the following metrics from the web server farm, which is configured to serve the company's e-commerce site:...

A company recently developed a new mobile application that will be used to access a sensitive system. The application and the system have the following requirements: - The applicat...

Following a recent disaster a business activates its DRP. The business is operational again within 60 minutes. The business has multiple geographically dispersed locations that hav...

A network engineer recently configured a new wireless network that has issues with security stability and performance. After auditing the configurations the engineer discovers some...

A developer is writing a new mobile application that employees will use to connect to an Internet- facing sensitive system. The security team is concerned with MITM attacks against...

An analyst is testing the security of a server and attempting to infiltrate the network. The analyst is able to obtain the following output after running some tools on the server....

A network engineer is concerned about hosting web SFTP. and email services m a single DMZ that is hosted in the same security zone. This could potentially allow lateral movement wi...

A company has a DLP system with the following capabilities: - Text examination - Optical character recognition - File type validation - Multilingual translation of key words and ph...

A company's potential new vendors are asking for detailed network and traffic information so they can properly size a firewall. Which of the following would work BEST to protect th...

A company s design team is increasingly concerned about intellectual property theft Members of the team often travel to suppliers' offices where they collaborate and share access t...

A company deploys a system to use device and user certificates for network authentication. Previously, the company only used separate certificates to send receive encrypted email....

A developer implements the following code snippet: Which of the following vulnerabilities does this code snippet resolve?

A security program was allocated S2 million in funding far tie year. The cybersecurity team identified the following potential projects to deliver: Which of the following solutions...

A line-of-business manager has deeded in conjunction with the IT and legal departments, that outsourcing a specific function to a third-party vendor would be the best course of act...

A security analyst discovered the following request to a public-facing web server in a log: The security analyst recommended an extra protection, so the web application can resist...

A security officer is reviewing the following evidence associated with a recent penetration test: The lest results show this host is vulnerable. The security officer investigates f...

A company needs to deploy a home assistant that has the following requirement: 1. Revalidate identity when sensitive personal information is accessed and when there is a change m d...