CAS-003 Practice Questions

An enterprise with global sites processes and exchanges highly sensitive information that is protected under several countries' arms trafficking laws. There is new information that...

The government is concerned with remote military missions being negatively being impacted by the use of technology that may fail to protect operational security. To remediate this...

Given the following code snippet: Of which of the following is this snippet an example?

A company has created a policy to allow employees to use their personally owned devices. The Chief Information Officer (CISO) is getting reports of company data appearing on unappr...

After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees' devices...

A forensic analyst suspects that a buffer overflow exists in a kernel module. The analyst executes the following command: dd if=/dev/ram of=/tmp/mem/dmp The analyst then reviews th...

Ann, a terminated employee, left personal photos on a company-issued laptop and no longer has access to them. Ann emails her previous manager and asks to get her personal photos ba...

During the decommissioning phase of a hardware project, a security administrator is tasked with ensuring no sensitive data is released inadvertently. All paper records are schedule...

A company has decided to lower costs by conducting an internal assessment on specific devices and various internal and external subnets. The assessment will be done during regular...

A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive anal...

A security engineer is attempting to convey the importance of including job rotation in a company's standard security policies. Which of the following would be the BEST justificati...

A company is transitioning to a new VDI environment, and a system engineer is responsible for developing a sustainable security strategy for the VDIs. Which of the following is the...

The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the...

The Chief Executive Officer (CEO) of a small startup company has an urgent need for a security policy and assessment to address governance, risk management, and compliance. The com...

Following a recent and very large corporate merger, the number of log files an SOC needs to review has approximately tripled, The Chief Information Security Officer (CISO) has not...

A company's chief cybersecurity architect wants to configure mutual authentication to access an internal payroll website. The architect has asked the administration team to determi...

A security administrator is troubleshooting RADIUS authentication issues from a newly implemented controller-based wireless deployment. The RADIUS server contains the following inf...

Following a recent network intrusion, a company wants to determine the current security awareness of all of its employees. Which of the following is the BEST way to test awareness?

A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external...

A security architect has assigned an engineer to implement a system to maintain visibility, corporate IT devices as they transfer from department to department. The engineer must e...

An administrator is working with management to develop policies related to the use of cloud- based resources that contain corporate data Management plans to require some control of...

Users have been reporting unusual automated phone calls, including names and phone numbers, that appear to come from devices internal to the company. \Which of the following should...

A network engineer is upgrading the network perimeter and installing a new firewall, IDS. and external edge router. The IDS es reporting elevated UDP traffic and the Internal route...

An engineer needs to provide access to company resources for several offshore contractors. The contractors require. - Access to a number of applications, including internal website...

An administrator has noticed mobile devices from an adjacent company on the corporate wireless network Malicious activity is being reported from those devices. To add another layer...

A security consultant is improving the physical security of a sensitive site and takes pictures of the unbranded building to include m the report Two weeks later, the security cons...

Users have been reporting unusual automated phone calls, including names and phone numbers, that appear to come from devices internal to the company. Which of the following should...

During the deployment of a new system, the implementation team determines that APIs used to integrate the new system with a legacy system are not functioning properly Further inves...

As part of an organization's compliance program. administrators must complete a hardening checklist and note any potential improvements. The process of noting potential improvement...

A protect manager Ts working with a team that is tasked to develop software applications in a structured environment and host them in a vendor's cloud-based Infrastructure. The org...

A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test. The device...

A systems administrator has deployed the latest patches for Windows-based machines. However, the users on the network are experiencing exploits from various threat actors, which th...

An international e-commerce company has identified attack traffic originating from a whitelisted third party's IP address used to mask the third party's internal network. The secur...

A security administrator at a hospital has implemented a VDI infrastructure to improve the security of patient records The VDI solution is cloud based, while PHI is maintained on a...

A scrum master is working with a development team to develop new functionality of a mobile communication platform. As part of the SDLC. changes must be peer reviewed prior to inclu...

A Chief Information Officer (CIO) has mandated that all web-based applications the company uses are required to be hosted on the newest stable operating systems and application sta...

A consulting firm was hired to conduct assessment for a company. During the first stage, a penetration tester used a tool that provided the following output: TCP 80 open TCP 443 op...

A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external...

In the past, the risk committee at Company A has shown an aversion to even minimal amounts of risk acceptance. A security engineer is preparing recommendations regarding the risk o...

A company has adopted and established a continuous-monitoring capability, which has proven to be effective in vulnerability management, diagnostics, and mitigation. The company wan...

An organization has recently deployed an EDR solution across its laptops, desktops, and server infrastructure. The organization's server infrastructure is deployed in an IaaS envir...

An organization, which handles large volumes of PII, allows mobile devices that can process, store, and transmit PII and other sensitive data to be issued to employees. Security as...

A large company with a very complex IT environment is considering a move from an on-premises, internally managed proxy to a cloud-based proxy solution managed by an external vendor...

A security engineer is deploying an IdP to broker authentication between applications. These applications all utilize SAML 2.0 for authentication. Users log into the IdP with their...

A security manager recently categorized an information system. During the categorization effort, the manager determined the loss of integrity of a specific information type would i...

A security analyst is reviewing the following company requirements prior to selecting the appropriate technical control configuration and parameter: RTO: 2 days RPO: 36 hours MTTR:...

A penetration test is being scoped for a set of web services with API endpoints. The APIs will be hosted on existing web application servers. Some of the new APIs will be available...

A recent overview of the network's security and storage applications reveals a large amount of data that needs to be isolated for security reasons. Below are the critical applicati...

A security analyst who is concerned about sensitive data exfiltration reviews the following: Which of the following tools would allow the analyst to confirm if data exfiltration is...

As part of the development process for a new system, the organization plans to perform requirements analysis and risk assessment. The new system will replace a legacy system, which...