CAS-003 Practice Questions

A system owner has requested support from data owners to evaluate options for the disposal of equipment containing sensitive data. Regulatory requirements state the data must be re...

During a criminal investigation, the prosecutor submitted the original hard drive from the suspect's computer as evidence. The defense objected during the trial proceedings, and th...

An organization just merged with an organization in another legal jurisdiction and must improve its network security posture in ways that do not require additional resources to imp...

After several industry comnpetitors suffered data loss as a result of cyebrattacks, the Chief Operating Officer (COO) of a company reached out to the information security manager t...

An organization is in the process of evaluating service providers for an upcoming migration to cloud-based services for the organization's ERP system. As part of the requirements d...

A company is not familiar with the risks associated with IPv6. The systems administrator wants to isolate IPv4 from IPv6 traffic between two different network segments. Which of th...

With which of the following departments should an engineer for a consulting firm coordinate when determining the control and reporting requirements for storage of sensitive, propri...

The Chief Executive Officers (CEOs) from two different companies are discussing the highly sensitive prospect of merging their respective companies together. Both have invited thei...

A bank is initiating the process of acquiring another smaller bank. Before negotiations happen between the organizations, which of the follwing business documents would be used as...

A company wants to confirm sufficient executable space protection is in place for scenarios in which malware may be attempting buffer overflow attacks. Which of the following shoul...

Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in secure environment?

Developers are working on anew feature to add to a social media platform. Thew new feature involves users uploading pictures of what they are currently doing. The data privacy offi...

A security technician receives a copy of a report that was originally sent to the board of directors by the Chief Information Security Officer (CISO). The report outlines the follo...

A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization's vulnerability management program. The CISO finds patching and vulnerabi...

Within the past six months, a company has experienced a series of attacks directed at various collaboration tools. Additionally, sensitive information was compromised during a rece...

Following a recent data breach, a company has hired a new Chief Information Security Officer (CISO). The CISO is very concerned about the response time to the previous breach and w...

A technician is validating compliance with organizational policies. The user and machine accounts in the AD are not set to expire, which is non-compliant. Which of the following ne...

A Chief Security Officer (CSO) is reviewing the organization's incident response report from a recent incident. The details of the event indicate: 1. A user received a phishing ema...

An organization's Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the Chief Info...

A Chief Information Securiy Officer (CISO) is reviewing technical documentation from various regional offices and notices some key differences between these groups. The CISO has no...

A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs. The program has hig...

Given the following: Which of the following vulnerabilities is present in the above code snippet?

An organization is currently performing a market scan for managed security services and EDR capability. Which of the following business documents should be released to the prospect...

When reviewing KRIs of the email security appliance with the Chief Information Security Officer (CISO) of an insurance company, the security engineer notices the following: Which o...

An organization is improving its web services to enable better customer engagement and self- service. The organization has a native mobile application and a rewards portal provided...

After the departure of a developer under unpleasant circumstances, the company is concerned about the security of the software to which the developer has access. Which of the follo...

A software company is releasing a new mobile application to a broad set of external customers. Because the software company is rapidly releasing new features, it has built in an ov...

A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate RTO and RPO for the org...

A Chief Information Security Officer (CISO) requests the following external hosted services be scanned for malware, unsecured PII, and healthcare data: - Corporate intranet site -...

Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue. The security team needs to find a technical control mechanism that will meet the fo...

A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior. The company...

A security engineer is employed by a hospital that was recently purchased by a corporation. Throughout the acquisition process, all data on the virtualized file servers must be sha...

A security analyst is reviewing the following packet capture of communication between a host and a company's router: Which of the following actions should the security analyst take...

An information security manager conducted a gap analysis, which revealed a 75% implementation of security controls for high-risk vulnerabilities, 90% for medium vulnerabilities, an...

A development team is testing an in-house-developed application for bugs. During the test, the application crashes several times due to null pointer exceptions. Which of the follow...

A legacy web application, which is being used by a hospital, cannot be upgraded for 12 months. A new vulnerability is found in the legacy application, and the networking team is ta...

A security engineer is assisting a developer with input validation, and they are studying the following code block: The security engineer wants to ensure strong input validation is...

A project manager is working with a software development group to collect and evaluate user stories related to the organization's internally designed CRM tool. After defining requi...

A network printer needs Internet access to function. Corporate policy states all devices allowed on the network must be authenticated. Which of the following is the MOST secure met...

The Chief Information Security Officer (CISO) of an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local aut...

A technician is configuring security options on the mobile device manager for users who often utilize public Internet connections while travelling. After ensuring that full disk en...

A systems administrator receives an advisory email that a recently discovered exploit is being used in another country and the financial institutions have ceased operations while t...

A security assessor is working with an organization to review the policies and procedures associated with managing the organization's virtual infrastructure. During a review of the...

While conducting a BIA for a proposed acquisition, the IT integration team found that both companies outsource CRM services to competing and incompatible third-party cloud services...

A newly hired Chief Information Security Officer (CISO) is reviewing the organization's security budget from the previous year. The CISO notices $100,000 worth of fines were paid f...

The Chief Information Security Officer (CISO) suspects that a database administrator has been tampering with financial data to the administrator's advantage. Which of the following...

While investigating suspicious activity on a server, a security administrator runs the following report: In addition, the administrator notices changes to the /etc/shadow file that...

Following the successful response to a data-leakage incident, the incident team lead facilitates an exercise that focuses on continuous improvement of the organization's incident r...

A cybersecurity consulting company supports a diverse customer base. Which of the following types of constraints is MOST important for the consultancy to consider when advising a r...

A company's security policy states any remote connections must be validated using two forms of network- based authentication. It also states local administrative accounts should no...