CAS-003 Practice Questions

A company that must comply with regulations is searching for a laptop encryption product to use for its 40,000 end points. The product must meet regulations but also be flexible en...

A security analyst has been asked to develop a quantitative risk analysis and risk assessment for the company's online shopping application. Based on heuristic information from the...

At 9:00 am each morning, all of the virtual desktops in a VDI implementation become extremely slow and/or unresponsive. The outage lasts for around 10 minutes, after which everythi...

The administrator is troubleshooting availability issues on an FCoE-based storage array that uses deduplication. The single controller in the storage array has failed, so the admin...

select id, firstname, lastname from authors User input= firstname= Hack;man lastname=Johnson Which of the following types of attacks is the user attempting?

A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chi...

A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization's customer database. The database w...

An organization has implemented an Agile development process for front end web application development. A new security architect has just joined the company and wants to integrate...

An administrator has enabled salting for users' passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following files must the penetr...

Joe is a security architect who is tasked with choosing a new NIPS platform that has the ability to perform SSL inspection, analyze up to 10Gbps of traffic, can be centrally manage...

A company decides to purchase commercially available software packages. This can introduce new security risks to the network. Which of the following is the BEST description of why...

The IT Security Analyst for a small organization is working on a customer's system and identifies a possible intrusion in a database that contains PII. Since PII is involved, the a...

A security manager looked at various logs while investigating a recent security breach in the data center from an external source. Each log below was collected from various securit...

A member of the software development team has requested advice from the security team to implement a new secure lab for testing malware. Which of the following is the NEXT step tha...

A mature organization with legacy information systems has incorporated numerous new processes and dependencies to manage security as its networks and infrastructure are modernized....

A security administrator is shown the following log excerpt from a Unix system: 2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2 2...

A popular commercial virtualization platform allows for the creation of virtual hardware. To virtual machines, this virtual hardware is indistinguishable from real hardware. By imp...

There have been some failures of the company's internal facing website. A security engineer has found the WAF to be the root cause of the failures. System logs show that the WAF ha...

A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. Where would the consultant find this in...

A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented. The CISO wants to know upfront what the projected TCO would be before looking further...

A pentester must attempt to crack passwords on a windows domain that enforces strong complex passwords. Which of the following would crack the MOST passwords in the shortest time p...

A security engineer on a large enterprise network needs to schedule maintenance within a fixed window of time. A total outage period of four hours is permitted for servers. Worksta...

The source workstation image for new accounting PCs has begun blue-screening. A technician notices that the date/time stamp of the image source appears to have changed. The desktop...

Which of the following activities is commonly deemed "OUT OF SCOPE" when undertaking a penetration test?

The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirem...

A security administrator was doing a packet capture and noticed a system communicating with an unauthorized address within the 2001::/32 prefix. The network administrator confirms...

An organization uses IP address block 203.0.113.0/24 on its internal network. At the border router, the network administrator sets up rules to deny packets with a source address in...

The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available t...

A storage as a service company implements both encryption at rest as well as encryption in transit of customers' data. The security administrator is concerned with the overall secu...

A Chief Financial Officer (CFO) has raised concerns with the Chief Information Security Officer (CISO) because money has been spent on IT security infrastructure, but corporate ass...

A system worth $100,000 has an exposure factor of eight percent and an ARO of four. Which of the following figures is the system's SLE?

Company policy requires that all unsupported operating systems be removed from the network. The security administrator is using a combination of network based tools to identify suc...

A user is suspected of engaging in potentially illegal activities. Law enforcement has requested that the user continue to operate on the network as normal. However, they would lik...

A company is in the process of implementing a new front end user interface for its customers, the goal is to provide them with more self-service functionality. The application has...

A network engineer wants to deploy user-based authentication across the company's wired and wireless infrastructure at layer 2 of the OSI model. Company policies require that users...

A company is facing penalties for failing to effectively comply with e-discovery requests. Which of the following could reduce the overall risk to the company from this issue?

A network administrator with a company's NSP has received a CERT alert for targeted adversarial behavior at the company. In addition to the company's physical security, which of th...

An administrator attempts to install the package "named.9.3.6-12-x86_64.rpm" on a server. Even though the package was downloaded from the official repository, the server states the...

The Chief Information Security Officer (CISO) at a software development company is concerned about the lack of introspection during a testing cycle of the company's flagship produc...

A bank provides single sign on services between its internally hosted applications and externally hosted CRM. The following sequence of events occurs: 1. The banker accesses the CR...

A company has implemented data retention policies and storage quotas in response to their legal department's requests and the SAN administrator's recommendation. The retention poli...

The security administrator of a large enterprise is tasked with installing and configuring a solution that will allow the company to inspect HTTPS traffic for signs of hidden malwa...

Three companies want to allow their employees to seamlessly connect to each other's wireless corporate networks while keeping one consistent wireless client configuration. Each com...

Which of the following BEST explains SAML?

An Association is preparing to upgrade their firewalls at five locations around the United States. Each of the three vendor's RFP responses is in-line with the security and other r...

When generating a new key pair, a security application asks the user to move the mouse and type random characters on the keyboard. Which of the following BEST describes why this is...

Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end user...

A large bank deployed a DLP solution to detect and block customer and credit card data from leaving the organization via email. A disgruntled employee was able to successfully exfi...

A large international business has completed the acquisition of a small business and it is now in the process of integrating the small business' IT department. Both parties have ag...

Company XYZ has just purchased Company ABC through a new acquisition. A business decision has been made to integrate the two company's networks, application, and several basic serv...