CAS-003 Practice Questions

A Chief Information Security Officer (CISO) wants to set up a SOC to respond to security threats and events more quickly. The SOC must have the following capacities: - Real-time re...

A recent incident revealed a log entry was modified alter its original creation. Which of the following technologies would BEST ensure end user systems are able to defend against f...

A security engineer has just been embedded in an agile development team to ensure security practices are maintained during frequent release cycles. A new web application includes a...

A security analyst must carry out the incident response plan for a specific targeted attack that was detected by the security operations center. The director of network security wa...

A company decides to procure only laptops that use permanent, solid-stale storage. Which of the following risk mitigation strategies BEST meets the company's requirement to ensure...

An organization is a subsidiary of a larger firm that provides managed IT and human resources controls to the subsidiary. The subsidiary determines the contract in place between th...

An ICS security engineer is performing a security assessment at a bank in Chicago. The engineer reviews the following output: Which of the following tools is the engineer using the...

An attacker has discovered an organization's web server is vulnerability to Shellshock. The attack runs the following command on a Linux box against the server: Which of the follow...

Historical information shows that a small aerospace R&D company has a lack of user security awareness and is susceptible to nation-state social-engineering attacks and zero-day exp...

A security technician wants to learn about the latest zero-day threats and newly discovered vulnerabilities but does not have the budget to purchase a commercial threat intelligenc...

A company is implementing a new MFA initiative. The requirements for the second factor are as following: - It cannot be phished - It must work as a second factor for laptop logins...

A security needs to deploy a file named boardconfig.mk to some company devices. the file contains the following information: Much of the following represents the goal of this file?

An incident response analyst is investigating a compromise on a application server within an organization. The analyst identifies an anomalous process that is executing and maintai...

A company is concerned about insider threats and wants to perform a security assessment. The lead security engineer has identified business-critical applications about half of whic...

A company has experienced negative publicity associated with users giving out their credentials accidentally or sharing intellectual secrets that were not property defined. The com...

An analyst needs to obtain information about an organization as part of the initial phase of a black-box penetration test. Which of the following can the analyst use to gain intell...

A consulting firm is performing RD on a machine teaming system to characterize a network environment for new clients rapidly. The goal is to be able to label service/consumer behav...

An administrative control that is put in place to ensure one person cannot carry out a critical task independently is:

An online shopping site restricts the quantity of an item each customer can order. The site generates the following code when the customer clicks the submit button. However, custom...

An extensive third-party audit reveals a number of weaknesses m a company's endpoint security posture. The most significant issues are as follows: Which of the following endpoint s...

An analyst discovers the following while reviewing some recent activity logs: Which of the following tools would MOST likely identify a future incident in a timely manner?

Company policy dictates that events from at least the past three months must be stored centrally for review. When a security incident occurs the security analyst investigates the u...

A security engineer has received feedback from other security professionals about the effectiveness of hiding a wireless SSID as a security measure. Opinions vary as to whether thi...

Company policy mandates the secure disposal of sensitive data at the end of the useful lifespan of IT equipment. The IT department donates old devices to charity and recycles truly...

As a result of a recent breach a systems administrator is asked to review the security controls in place for an organization's cloud-based environment. The organization runs numero...

A company is planning to undergo a P2V project to improve resource utilisation redundancy, and failover across its two datacenters. A consultant has provided a private cloud design...

A software development company recently implemented a new policy and control ruleset. The control ruleset defines the following: - Account naming standards - Password complexity st...

A software company tripled its workforce by hiring numerous early career developers out of college. The senior development team has a long-running history of secure coring mostly t...

Which of the following would MOST likely cause an organization to review and potentially rebaseline its current risk assessment?

A new identity management program was recently initialed to reduce risk and improve the employee experience. The environment is complex it does not support rest APIs but has multip...

A company's Chief Information Security Officer (CISO) is reviewing KPls from me security operations team. These KPls indicate the following trends: - The mean time to close securit...

A security analyst discovers what is believed to be evidence of a compromise due to a watering- note attack. After an initial review of the incident the analyst notes there is ongo...

Which of the following is the BEST way for a company to begin understanding product-based solutions to mitigate a known risk?

A security engineer is attempting to inventory all network devices Most unknown devices are not responsive to SNMP queries. Which of the following would be the MOST secure configur...

A security analyst is reviewing the logs from a NIDS. the analyst notices the following in quick succession between a client and a web server. Which of the following describes what...

A major OS vendor implements an IDE-integrated tool that alerts developers on the use of insecure and deprecated C code functions. Using which of the following functions would yiel...

A manufacturing firm has multiple security appliances m production that were configured to log events but have not been maintained or tuned. A security engineer discovers multiple...

Which of the following vulnerabilities did the analyst uncover?

The credentials of a hospital's HVAC vendor were obtained using credential-harvesting malware through a phishing email. The HVAC vendor has administrative privileges m the SCADA ne...

An organization has hardened its end points m the following ways: - USB ports are disabled except for approved input device IDs (e.g, mouse, keyboard) - A desktop firewall is Mocki...

A penetration tester is trying to 9am access to a bulking after hours as part of a physical assessment of an office complex. The tester notes that each employee touches a badge nea...

A security architect is called into a roadmap planning meeting for the next year of IT protects. One of the protects involves migrating from the current mobile, laptop, and tablet...

A company has launched a phishing awareness campaign that includes serving customized phishing email to employees. Employees are encouraged to report all phishing attempts and/or d...

Which of the following is a major goal of stakeholder engagement?

A company is updating its acceptable use and security policies to allow personal devices to be connected to the network as king as certain security parameters can be enforced. Whic...

A company wants to analyze internal network traffic for IOCs. The security solution consists of a network collector appliance and a separate server which security analysts access v...

A facilities manager requests approval to deploy a new key management system that integrates with logical network access controls to provide conditional access. The security analys...

A security tester is performing a Mack-box assessment of an RFID access control system. The tester has a handful of RFID tags and is able to access the reader. However, the tester...

Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance....