CAS-003 Dumps

CAS-003 Real Exam Dumps Questions and answers 81-90

Get Full Version of the Exam

Question No.81

Two new technical SMB security settings have beenenforced and have also become policies that increase secure communications.

Network Client: Digitally sign communication Network Server: Digitally sign communication

A storage administrator in a remote location with a legacy storage array, which containstime- sensitive data, reports employees can no longer connect to their department shares. Which of the following mitigation strategies should an information security manager recommend to the data owner?

  1. Accept the risk, reverse the settings for the remote location, and have the remote location file a risk exception until the legacy storage device can be upgraded

  2. Accept the risk for the remote location, and reverse the settings indefinitely since the legacy storage device will not be upgraded

  3. Mitigate the risk for the remote location by suggesting a move to a cloud service provider. Have the remote location request an indefinite risk exception for the use of cloud storage

  4. Avoid the risk, leave the settings alone, and decommission the legacy storagedevice

Correct Answer: A

Question No.82

The security configuration management policy states that all patches must undergo testing procedures before being moved into production. The sec… analyst notices a single web application server has been downloading and applying patches during non-business hours without testing. There are no apparent adverse reaction, server functionality does not seem to be affected, and no malware was found after a scan. Which of the following action should the analyst take?

  1. Reschedule the automated patching to occur during business hours.

  2. Monitor the web application service for abnormal bandwidth consumption.

  3. Create an incident ticket for anomalous activity.

  4. Monitor the web application for service interruptions caused from the patching.

Correct Answer: C

Question No.83

An SQL database is no longer accessible online due to a recent security breach. An investigation reveals thatunauthorized access to the database was possible due to an SQL injection vulnerability. To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two.)

  1. Secure storage policies

  2. Browser security updates

  3. Input validation

  4. Web application firewall

  5. Secure coding standards

  6. Database activity monitoring

Correct Answer: CF

Question No.84

A penetration tester is conducting an assessment on and runs the following command from a coffee shop while connected to the public Internet:


Which of the following should the penetration tester conclude about the command output?

  1. The public/private views on the DNS servers are misconfigured

  2. is running an older mail server, which may be vulnerable to exploits

  3. The DNS SPF records have not been updated for

  4. is a backup mail server that may be more vulnerable to attack

Correct Answer: B

Question No.85

A penetration tester has been contracted to conduct a physical assessment of asite. Which of the following is the MOST plausible method of social engineering to be conducted during this engagement?

  1. Randomly calling customer employees and posing as a help desk technician requiring user password to resolve issues

  2. Posing as a copier service technician and indicating the equipment had quot;phoned homequot; to alert the technician for a service call

  3. Simulating an illness while at a client location for a sales call and then recovering once listening devices are installed

  4. Obtaining fake government credentials and impersonating law enforcement to gain access to a company facility

Correct Answer: A

Question No.86

An administrator wants to install a patch to an application.


Given the scenario, download, verify, and install the patch in the most secure manner. The last install that is completed will be the final submission.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.




Correct Answer: See the explanation below.


In this case the second link should be used (This may vary in actual exam). The first link showed the following error so it should not be used.


Also, Two of the link choices used HTTP and not HTTPS as shown when hovering over the links as shown:


Since we need to do this in the most secure manner possible, they should not be used.Finally, the second link was used and the MD5 utility of MD5sum should be used on the install.exe file as shown. Make sure that the hash matches.


Finally, type in install.exe to install it and make sure there are no signature verification errors.

Question No.87

During a security assessment, activities were divided into two phases; internal and external exploitation. The security assessment team set a hard time limit on external activities before moving to a compromised box within the enterprise perimeter. Which of the following methods is theassessment team most likely to employ NEXT?

  1. Pivoting from the compromised, moving laterally through the enterprise, and trying to exfiltrate data and compromise devices.

  2. Conducting a social engineering attack attempt with the goal of accessing the compromised box physically.

  3. Exfiltrating network scans from the compromised box as a precursor to social media reconnaissance

  4. Open-source intelligence gathering to identify the network perimeter and scope to enable further system compromises.

Correct Answer: A

Question No.88

During asecurity event investigation, a junior analyst fails to create an image of a server#39;s hard drive before removing the drive and sending it to the forensics analyst. Later, the evidence from the analysis is not usable in the prosecution of the attackers dueto the uncertainty of tampering. Which of the following should the junior analyst have followed?

  1. Continuity of operations

  2. Chain of custody

  3. Order of volatility

  4. Data recovery

Correct Answer: C

Question No.89

A recent CRM upgrade at a branch office was completed after the desired deadline. Several technical issues were found during the upgrade and need to be discussed in depth before the next branch office is upgraded. Which of the following shouldbe used to identify weak processes and other vulnerabilities?

  1. Gap analysis

  2. Benchmarks and baseline results

  3. Risk assessment

  4. Lessons learned report

Correct Answer: D

Question No.90

A security engineer is attempting to convey the importance of including job rotation in a company#39;s standard security policies. Which of the following would be the BEST justification?

  1. Making employees rotate through jobs ensures succession plans can be implemented and prevents single point of failure.

  2. Forcing different people to perform the same job minimizes the amount of time malicious actions go undetected by forcing malicious actors to attempt collusion between two or more people.

  3. Administrators and engineers who perform multiple job functions throughout the day benefit from being cross-trained in new job areas.

  4. It eliminates the need to share administrative account passwords because employees gain administrative rights as they rotate into a new job area.

Correct Answer: B

Get Full Version of CAS-003 Dumps

CAS-003 Dumps

CAS-003 Real Exam Dumps Questions and answers 91-100

Get Full Version of the Exam

Question No.91

After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees#39; devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees#39; devices into the network securely?

  1. Distribute a NAC client and use the client to push the company#39;s private key to all the new devices.

  2. Distribute the device connection policy and a unique public/private key pair to each new employee#39;s device.

  3. Install a self-signed SSL certificate on the company#39;s RADIUS server and distribute the certificate#39;s public key to all new client devices.

  4. Install an 802.1X supplicant on all new devices and let each device generate aself-signed certificate to use for network access.

Correct Answer: D

Question No.92

A financial consulting firm recently recovered from some damagingincidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence. The firm#39;s systems are running modern operating systems and feature UEFI and TPMs. Which of the following technical options would provide the MOST preventive value?

  1. Update and deploy GPOs

  2. Configure and use measured boot

  3. Strengthen the password complexity requirements

  4. Update the antivirus software and definitions

Correct Answer: D

Question No.93

Legal authorities notify a company that its network has been compromised for the second time in two years. The investigation shows the attackers were able to use the same vulnerability on different systems inboth attacks. Which of the following would have allowed the security team to use historical information to protect against the second attack?

  1. Key risk indicators

  2. Lessons learned

  3. Recovery point objectives

  4. Tabletop exercise

Correct Answer: A

Question No.94

A cybersecurity analyst is conducting packet analysis on the following:


Which of the following is occurring in the given packet capture?

  1. ARP spoofing

  2. Broadcast storm

  3. Smurf attack

  4. Network enurneration

  5. Zero-day exploit

Correct Answer: A

Question No.95

A security engineer is embedded with a development team to ensure security is built into products beingdeveloped. The security engineer wants to ensure developers are not blocked by a large number of security requirements applied at specific schedule points. Which of the following solutions BEST meets the engineer#39;s goal?

  1. Schedule weekly reviews of al unit test results with the entire development team and follow up between meetings with surprise code inspections.

  2. Develop and implement a set of automated security tests to be installed on each development team leader#39;s workstation.

  3. Enforce code quality and reuse standards into the requirements definition phase of the waterfall development process.

  4. Deploy an integrated software tool that builds and tests each portion of code committed by developers and provides feedback.

Correct Answer: C

Question No.96

Given the following output from a security tool in Kali:


  1. Log reduction

  2. Network enumerator

  3. Fuzzer

  4. SCAP scanner

Correct Answer: D

Question No.97

A malware infection spread to numerous workstations within the marketing department. The workstations were quarantined and replaced with machines. Which of the following represents a FINAL step in the prediction ofthe malware?

  1. The workstations should be isolated from the network.

  2. The workstations should be donated for refuse.

  3. The workstations should be reimaged

  4. The workstations should be patched and scanned.

Correct Answer: C

Question No.98

An advanced threat emulation engineer is conducting testing against a client#39;s network. The engineer conducts the testing in as realistic a manner as possible. Consequently, the engineer has been gradually ramping up the volume of attacks over a long period of time. Which of the following combinations of techniques would the engineer MOST likely use in this testing? (Choose three.)

  1. Black box testing

  2. Gray box testing

  3. Code review

  4. Social engineering

  5. Vulnerability assessment

  6. Pivoting

  7. Self-assessment

  8. White teaming

  9. External auditing

Correct Answer: AEF

Question No.99

A user workstation was infected with a new malware variant as a result of a drive-by download. The security administrator reviews key controls on the infected workstation and discovers the following:


Whichof the following would BEST prevent the problem from reoccurring in the future? (Choose two.)

  1. Install HIPS

  2. Enable DLP

  3. Install EDR

  4. Install HIDS

  5. Enable application blacklisting

  6. Improve patch management processes

Correct Answer: BE

Question No.100

During the decommissioning phase of a hardware project, a security administrator is tasked with ensuring no sensitive data is released inadvertently. All paper records are scheduled to be shredded in a crosscut shredded, and the waste will be burned. The system drives and removable media have been removed prior to e-cycling the hardware. Which of the following would ensure no data is recovered from the system droves once they are disposed of?

  1. Overwriting all HDD blocks with analternating series of data.

  2. Physically disabling the HDDs by removing the dive head.

  3. Demagnetizing the hard drive using a degausser.

  4. Deleting the UEFI boot loaders from each HDD.

Correct Answer: C

Get Full Version of CAS-003 Dumps

CAS-003 Dumps

CAS-003 Real Exam Dumps Questions and answers 101-110

Get Full Version of the Exam

Question No.101

Which of the following is a feature of virtualization that can potentially create a single point of failure?

  1. Server consolidation

  2. Load balancing hypervisors

  3. Faster server provisioning

  4. Running multiple OS instances

Correct Answer: A

Question No.102

A medical facility wants to purchase mobile devices for doctors and nurses. To ensure accountability, each individual will be assigned a separate mobile device. Additionally, to protect patients#39; health information, management has identified the following requirements:


Data must be encrypted at rest



The device must be disabled if it leaves the facility The device must be disabled when tampered with

Which of the following technologies would BEST support these requirements? (Select two.)

  1. eFuse

  2. NFC

  3. GPS

  4. Biometric

  5. USB 4.1

  6. MicroSD

Correct Answer: CD

Question No.103

Asecurity administrator was informed that a server unexpectedly rebooted. The administrator received an export of syslog entries for analysis:


Which of the following does the log sample indicate? (Choose two.)

  1. A root user performed an injection attack via kernel module

  2. Encrypted payroll data was successfully decrypted by the attacker

  3. Jsmith successfully used a privilege escalation attack

  4. Payroll data was exfiltrated to an attacker-controlled host

  5. Buffer overflow in memory paging caused a kernel panic

  6. Syslog entries were lost due to the host being rebooted

Correct Answer: CE

Question No.104

A company hasdecided to lower costs by conducting an internal assessment on specific devices and various internal and external subnets. The assessment will be done during regular office hours, but it must not affect any production servers. Which of the following would MOST likely be used to complete the assessment? (Select two.)

  1. Agent-based vulnerability scan

  2. Black-box penetration testing

  3. Configuration review

  4. Social engineering

  5. Malware sandboxing

  6. Tabletop exercise

Correct Answer: AC

Question No.105

A technician receives the following security alert from the firewall#39;s automated system: Match_Time: 10/10/16 16:20:43

Serial: 002301028176


Scrusex: domain\samjones Scr:

Object_name: beacon detection Object_id: 6005

Category: compromised-host Severity: medium

Evidence: host repeatedly visited a dynamic DNS domain (17 time) After reviewing the alert, which of the following is the BEST analysis?

  1. the alert is a false positive because DNS is a normal network function.

  2. this alert indicates a user was attempting to bypass security measures usingdynamic DNS.

  3. this alert was generated by the SIEM because the user attempted too many invalid login attempts.

  4. this alert indicates an endpoint may be infected and is potentially contacting a suspect host.

Correct Answer: B

Question No.106

An organization has recently deployed an EDR solution across its laptops, desktops, and server infrastructure. The organization#39;s server infrastructure is deployed in an IaaS environment. A database within the non-production environment has been misconfigured with a routable IP and is communicating with a command and control server. Which of the following procedures should the security responder apply to the situation? (Choose two.)

  1. Contain the server.

  2. Initiate a legal hold.

  3. Perform a risk assessment.

  4. Determine the data handling standard.

  5. Disclose the breach to customers.

  6. Perform an IOC sweep to determine the impact.

Correct Answer: BF

Question No.107

As part of an organization#39;s compliance program, administrators must complete a hardening checklist and note any potential improvements. The process of noting improvements in the checklist is MOST likely driven by:

  1. the collection of data as part of the continuous monitoring program.

  2. adherence to policies associated with incident response.

  3. the organization#39;s software development life cycle.

  4. changes in operating systems or industry trends.

Correct Answer: A

Question No.108

A consulting firm was hired to conduct assessment for a company. During the first stage, a penetration tester used a tool that provided the following output:

TCP 80 open

TCP 443 open

TCP 1434 filtered

The penetration tester then used a different tool to make the following requests: GET / script/login.php?token=45$MHT000MND876

GET / script/login.php?token=@#984DCSPQ 1DF Which of the following tools did the penetration tester use?

  1. Protocol analyzer

  2. Port scanner

  3. Fuzzer

  4. Brute forcer

  5. Log analyzer

  6. HTTP interceptor

Correct Answer: C

Question No.109

A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities. The analyst inspects the following portions of different configuration files:

Configuration file 1: Operator ALL=/sbin/reboot Configuration file 2:

Command=quot;/sbin/shutdown nowquot;,no-x11-forwarding, no-pty, ssh-dss Configuration file 3:


Which of the following explains why an intended operator cannot perform the intended action?

  1. The sudoers file is locked down to an incorrect command

  2. SSH command shell restrictions are misconfigured

  3. The passwd file is misconfigured

  4. The SSH command is not allowing a pty session

Correct Answer: D

Question No.110

Given the following output from a local PC:


Which of the following ACLs on a stateful host-based firewall would allow the PC to serve an intranet website?

A. Allow -gt; ANY

B. Allow -gt; C. Allow -gt;

D. Allow -gt;

Correct Answer: B

Get Full Version of CAS-003 Dumps

CAS-003 Dumps

CAS-003 Real Exam Dumps Questions and answers 111-120

Get Full Version of the Exam

Question No.111

Given the following code snippet:


Of which of the following is this snippet an example?

  1. Data execution prevention

  2. Buffer overflow

  3. Failure to use standard libraries

  4. Improper filed usage

  5. Input validation

Correct Answer: D

Question No.112

A ChiefInformation Security Officer (CISO) is reviewing the results of a gap analysis with an outside cybersecurity consultant. The gap analysis reviewed all procedural and technical controls and found the following:




High-impact controls implemented: 6 out of 10 Medium-impact controls implemented: 409 out of 472 Low-impact controls implemented: 97 out of 1000

The report includes a cost-benefit analysis for each control gap. The analysis yielded the following information:


Average high-impact control implementation cost: $15,000; Probable ALE for each high-impact control gap: $95,000


Average medium-impact control implementation cost: $6,250; Probable ALE for each medium- impact control gap: $11,000

Due to the technical construction and configuration of the corporate enterprise, slightly more than 50% of the medium-impact controls will take two years to fully implement. Which of the following conclusions could the CISO draw from the analysis?

  1. Too much emphasis has been placed on eliminating low-risk vulnerabilities in the past

  2. The enterprise security team has focused exclusively on mitigating high-level risks

  3. Because of the significant ALE for each high-risk vulnerability, efforts should be focused on those controls

  4. The cybersecurity team hasbalanced residual risk for both high and medium controls

Correct Answer: C

Question No.113

An engineer is assisting with the design of a new virtualized environment that will house critical company services and reduce the datacenter#39;s physical footprint. The company has expressed concern about the integrity of operating systemsand wants to ensure a vulnerability exploited in one datacenter segment would not lead to the compromise of all others. Which of the following design objectives should the engineer complete to BEST mitigate the company#39;s concerns? (Choose two.)

  1. Deploy virtual desktop infrastructure with an OOB management network

  2. Employ the use of vTPM with boot attestation

  3. Leverage separate physical hardware for sensitive services and data

  4. Use a community CSP with independently managed security services

  5. Deploy to a private cloud with hosted hypervisors on each physical machine

Correct Answer: AC

Question No.114

An organization is currently working with aclient to migrate data between a legacy ERP system and a cloud-based ERP tool using a global PaaS provider. As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements. Which of the following is the MOST likely reason for the need to sanitize the client data?

  1. Data aggregation

  2. Data sovereignty

  3. Data isolation

  4. Data volume

  5. Data analytics

Correct Answer: A

Question No.115

A company monitors the performance of all web servers using WMI. A network administrator informs the security engineer that web servers hosting the company#39;s client-facing portal arerunning slowly today. After some investigation, the security engineer notices a large number of attempts at enumerating host information via SNMP from multiple IP addresses. Which of the following would be the BEST technique for the security engineer to employ in an attempt to prevent reconnaissance activity?

  1. Install a HIPS on the web servers

  2. Disable inbound traffic from offending sources

  3. Disable SNMP on the web servers

  4. Install anti-DDoS protection in the DMZ

Correct Answer: A

Question No.116

A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After invest the new vulnerability, it was determined that the web services providing are being impacted by this new threat. Which of the following data types a MOST likely at risk of exposure based on this new threat? (Select TWO)

  1. Cardholder data

  2. Intellectual property

  3. Personal health information

  4. Employee records

  5. Corporate financialdata

Correct Answer: AC

Question No.117

Click on the exhibit buttons to view the four messages.




A security architect isworking with a project team to deliver an important service that stores and processes customer banking details. The project, internally known as ProjectX, is due to launch its first set of features publicly within a week, but the team has not been able toimplement encryption-at-rest of the customer records. The security architect is drafting an escalation email to

senior leadership. Which of the following BEST conveys the business impact for senior leadership?

  1. Message 1

  2. Message 2

  3. Message 3

  4. Message 4

Correct Answer: D

Question No.118

The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation. The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board meeting. Which of the following would be the BEST methods to prepare this report? (Choose two.)

  1. Review the CVE database for critical exploits over the past year

  2. Use social media to contact industry analysts

  3. Use intelligence gathered from the Internet relay chat channels

  4. Request information from security vendors and government agencies

  5. Perform a penetration test of the competitor#39;s network and share the results with the board

Correct Answer: AD

Question No.119

An organization#39;s network engineering team recently deployed a new software encryption solution to ensure the confidentiality of data at rest, which was found to add 300ms of latency to data

read-write requests in storage, impacting business operations. Which of the following alternative approaches would BEST address performance requirements while meeting the intended security objective?

  1. Employ hardware FDE or SED solutions.

  2. Utilize a more efficientcryptographic hash function.

  3. Replace HDDs with SSD arrays.

  4. Use a FIFO pipe a multithreaded software solution.

Correct Answer: A

Question No.120

A security administrator wants to implement two-factor authentication for network switches androuters. The solution should integrate with the company#39;s RADIUS server, which is used for authentication to the network infrastructure devices. The security administrator implements the following:


An HOTP service is installed on the RADIUS server.


The RADIUS server is configured to require the HOTP service for authentication.

The configuration is successfully tested using a software supplicant and enforced across all network devices. Network administrators report they are unable to log onto the networkdevices because they are not being prompted for the second factor. Which of the following should be implemented to BEST resolve the issue?

  1. Replace the password requirement with the second factor. Network administrators will enter their username and then enter the token in place of their password in the password field.

  2. Configure the RADIUS server to accept the second factor appended to the password. Network administrators will enter a password followed by their token in the password field.

  3. Reconfigure network devices to prompt for username, password, and a token. Network administrators will enter their username and password, and then they will enter the token.

  4. Install a TOTP service on the RADIUS server in addition to the HOTP service. Use the HOTP on older devices that do not support two-factor authentication. Network administrators will use a web portal to log onto these devices.

Correct Answer: B

Get Full Version of CAS-003 Dumps

CAS-003 Dumps

CAS-003 Real Exam Dumps Questions and answers 121-130

Get Full Version of the Exam

Question No.121

An investigation showed a worm was introduced from an engineer#39;s laptop. It was determined the company does not provide engineers with company-owned laptops, which would be subject to a company policy and technical controls. Which of the following would be the MOST secure control implement?

  1. Deploy HIDS on all engineer-provided laptops, and put a new router in the management network.

  2. Implement role-based group policies onthe management network for client access.

  3. Utilize a jump box that is only allowed to connect to client from the management network.

  4. Deploy a company-wide approved engineering workstation for management access.

Correct Answer: A

Question No.122

A security architect is determining thebest solution for a new project. The project is developing a new intranet with advanced authentication capabilities, SSO for users, and automated provisioning to streamline Day 1 access to systems. The security architect has identified the following requirements:

  1. Information should be sourced from the trusted master data source.

  2. There must be future requirements for identity proofing of devices and users.

  3. A generic identity connector that can be reused must be developed.

  4. The current project scope is for internally hosted applications only.

Which of the following solution building blocks should the security architect use to BEST meet the requirements?

  1. LDAP, multifactor authentication, oAuth, XACML

  2. AD, certificate-based authentication, Kerberos, SPML

  3. SAML, context-aware authentication, oAuth, WAYF

  4. NAC, radius, 802.1x, centralized active directory

Correct Answer: A

Question No.123

A network engineer is upgrading the network perimeter and installing a new firewall, IDS, and external edge router. The IDS is reporting elevated UDP traffic, and the internal routers are reporting high utilization. Which of the following is the BEST solution?

  1. Reconfigure the firewall to block external UDP traffic.

  2. Establish a security baseline on the IDS.

  3. Block echo reply traffic at the firewall.

  4. Modify the edge router to not forward broadcast traffic.

Correct Answer: B

Question No.124

A security researches is gathering information about a recent spoke in the number of targeted attacks against multinational banks. The spike is on top of already sustained attacks against the banks. Some of the previous attacks have resulted in the loss of sensitive data, but as of yet the attackers have not successfully stolen any funds. Based on the information available to the

researcher, which of the following is the MOST likely threat profile?

  1. Nation-state-sponsored attackers conducting espionage for strategic gain.

  2. Insiders seeking to gain access to funds for illicit purposes.

  3. Opportunists seeking notoriety and fame for personal gain.

  4. Hackvisits seeking tomake a political statement because of socio-economic factors.

Correct Answer: D

Question No.125

A security administrator wants to allow external organizations to cryptographically validate the company#39;s domain name in email messages sent by employees. Which of the following should the security administrator implement?

  1. SPF

  2. S/MIME

  3. TLS

  4. DKIM

Correct Answer: D

Question No.126



Correct Answer: Please see the explanation below


Step 1: Verify that the certificate is valid or not. In case of any warning message, cancel the download.

Step 2: If certificate issue is not there then, download the file in your system. Step 3: Calculate the hash value of the downloaded file.

Step 4: Match the hash value of the downloaded file with the one which you selected on the website.

Step 5: Install the file if the hash value matches.

Question No.127

An insurance company has two million customers and is researching the top transactions on its customer portal. Itidentifies that the top transaction is currently password reset. Due to users not remembering their secret questions, a large number of calls are consequently routed to the contact center for manual password resets. The business wants to develop a mobile application to improve customer engagement in the future, continue with a single factor of authentication, minimize management overhead of the solution, remove passwords, and eliminate to the contact center. Which of the following techniques would BEST meet the requirements? (Choose two.)

  1. Magic link sent to an email address

  2. Customer ID sent via push notification

  3. SMS with OTP sent to a mobile number

  4. Third-party social login

  5. Certificate sent to be installed on a device

  6. Hardware tokens sent to customers

Correct Answer: CE

Question No.128

The Chief Information Officer (CISO) isconcerned that certain systems administrators will privileged access may be reading other user#39;s emails. Review of a tool#39;s output shows the administrators have used web mail to log into other users#39; inboxes. Which of the following tools would show this type of output?

  1. Log analysis tool

  2. Password cracker

  3. Command-line tool

  4. File integrity monitoring tool

Correct Answer: A

Question No.129

A newly hired security analyst has joined anestablished SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concernedabout it. Which of the following is the MOST likely reason for the team lead#39;s position?

  1. The organization has accepted the risks associated with web-based threats.

  2. The attack type does not meet the organization#39;s threat model.

  3. Web-based applications are on isolated network segments.

  4. Corporate policy states that NIPS signatures must be updated every hour.

Correct Answer: A

Question No.130

To prepare foran upcoming audit, the Chief Information Security Officer (CISO) asks for all 1200 vulnerabilities on production servers to be remediated. The security engineer must determine which vulnerabilities represent real threats that can be exploited so resourcescan be prioritized to migrate the most dangerous risks. The CISO wants the security engineer to act in the same manner as would an external threat, while using vulnerability scan results to prioritize any actions. Which of the following approaches is described?

  1. Blue team

  2. Red team

  3. Black box

  4. White team

Correct Answer: C

Get Full Version of CAS-003 Dumps

CAS-003 Dumps

CAS-003 Real Exam Dumps Questions and answers 21-30

Get Full Version of the Exam

Question No.21

Legal counsel has notified the information security manager of a legal matter that will require the preservation of electronic records for 2000 sales force employees. Source records will be email, PC, network shares, and applications. After all restrictions have been lifted, which of the following should the information manager review?

  1. Data retention policy

  2. Legal hold

  3. Chain of custody

  4. Scope statement

Correct Answer: B

Question No.22

Which of the following system would be at the GREATEST risk of compromise if found to have an open vulnerability associated with perfect … secrecy?

  1. Endpoints

  2. VPN concentrators

  3. Virtual hosts

  4. SIEM

  5. Layer 2 switches

Correct Answer: B

Question No.23

Security policies that are in place at an organization prohibit USB drives from being utilized across the entire enterprise, with adequate technical controls in place to block them. As a way to still be able to work fromvarious locations on different computing resources, several sales staff members have signed up for a web-based storage solution without the consent of the IT department. However, the operations department is required to use the same service to transmit

certain business partner documents. Which of the following would BEST allow the IT department to monitor and control this behavior?

  1. Enabling AAA

  2. Deploying a CASB

  3. Configuring an NGFW

  4. Installing a WAF

  5. Utilizing a vTPM

Correct Answer: B

Question No.24

A project manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor#39;s cloud-based infrastructure. The organization will maintain responsibility for the software but will not manage the underlying server applications. Which of the following does the organization plan to leverage?

  1. SaaS

  2. PaaS

  3. IaaS

  4. Hybrid cloud

  5. Network virtualization

Correct Answer: B

Question No.25

There have beenseveral exploits to critical devices within the network. However, there is currently no process to perform vulnerability analysis. Which the following should the security analyst implement during production hours to identify critical threats and vulnerabilities?

  1. asset inventory of all critical devices

  2. Vulnerability scanning frequency that does not interrupt workflow

  3. Daily automated reports of exploited devices

  4. Scanning of all types of data regardless of sensitivity levels

Correct Answer: B

Question No.26

A breach was caused by an insider threat in whichcustomer PII was compromised. Following the breach, a lead security analyst is asked to determine which vulnerabilities the attacker used to access company resources. Which of the following should the analyst use to remediate the vulnerabilities?

  1. Protocol analyzer

  2. Root cause analyzer

  3. Behavioral analytics

  4. Data leak prevention

Correct Answer: D

Question No.27

A company is acquiring incident response and forensic assistance from amanaged security

service provider in the event of a data breach. The company has selected a partner and must now provide required documents to be reviewed and evaluated. Which of the following documents would BEST protect the company and ensure timely assistance? (Choose two.)

  1. RA

  2. BIA

  3. NDA

  4. RFI

  5. RFQ

  6. MSA

Correct Answer: CF

Question No.28

The government is concerned with remote military missions being negatively being impacted by the use of technology that may fail to protect operational security. To remediate this concern, a number of solutions have been implemented, including the following:


End-to-end encryption of all inbound and outbound communication, including personal email and chat sessions that allow soldiers to securely communicate with families.


Layer 7 inspection andTCP/UDP port restriction, including firewall rules to only allow TCP port 80 and 443 and approved applications


A host-based whitelist of approved websites and applications that only allow mission-related tools and sites


The use of satellite communicationto include multiple proxy servers to scramble the source IP address

Which of the following is of MOST concern in this scenario?

  1. Malicious actors intercepting inbound and outbound communication to determine the scope of the mission

  2. Family membersposting geotagged images on social media that were received via email from soldiers

  3. The effect of communication latency that may negatively impact real-time communication with mission control

  4. The use of centrally managed military network and computers by soldiers when communicating with external parties

Correct Answer: A

Question No.29

An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the final negotiations, there are a number of outstanding issues, including:

  1. Indemnity clauses have identified the maximum liability

  2. The data will be hostedand managed outside of the company#39;s geographical location

The number of users accessing the system will be small, and no sensitive data will be hosted in the solution. As the security consultant on the project, which of the following should the project#39;ssecurity consultant recommend as the NEXT step?

  1. Develop a security exemption, as it does not meet the security policies

  2. Mitigate the risk by asking the vendor to accept the in-country privacy principles

  3. Require the solution owner to accept the identified risks and consequences

  4. Review the entire procurement process to determine the lessons learned

Correct Answer: C

Question No.30

An organization is considering the use of a thin clientarchitecture as it moves to a cloud-hosted environment. A security analyst is asked to provide thoughts on the security advantages of using thin clients and virtual workstations. Which of the following are security advantages of the use of this combinationof thin clients and virtual workstations?

  1. Malicious insiders will not have the opportunity to tamper with data at rest and affect the integrity of the system.

  2. Thin client workstations require much less security because they lack storage and peripherals that can be easily compromised, and the virtual workstations are protected in the cloud where security is outsourced.

  3. All thin clients use TPM for core protection, and virtual workstations use vTPM for core protection with both equally ensuring a greater security advantage for a cloud-hosted environment.

  4. Malicious users will have reduced opportunities for data extractions from their physical thin client workstations, this reducing the effectiveness of local attacks.

Correct Answer: B

Get Full Version of CAS-003 Dumps

CAS-003 Dumps

CAS-003 Real Exam Dumps Questions and answers 31-40

Get Full Version of the Exam

Question No.31

An enterprise with global sites processes and exchanges highly sensitive information that is protected under several countries#39; arms trafficking laws. There is newinformation that malicious nation-state-sponsored activities are targeting the use of encryption between the geographically disparate sites. The organization currently employs ECDSA and ECDH with P-384, SHA-384, and AES-256-GCM on VPNs between sites. Whichof the following techniques would MOST likely improve the resilience of the enterprise to attack on cryptographic implementation?

  1. Add a second-layer VPN from a different vendor between sites.

  2. Upgrade the cipher suite to use an authenticated AES mode of operation.

  3. Use a stronger elliptic curve cryptography algorithm.

  4. Implement an IDS with sensors inside (clear-text) and outside (cipher-text) of each tunnel between sites.

  5. Ensure cryptography modules are kept up to date from vendor supplying them.

Correct Answer: C

Question No.32

A security analyst sees some suspicious entries in a log file from a web server website, which has a form that allows customers to leave feedback on the company#39;s products. The analyst believes a malicious actor is scanning the web form. To know which security controls to put in place, the analyst first needs to determine the type of activity occurring to design a control. Given the log below:


Which of the following is the MOST likely type of activity occurring?

  1. SQLinjection

  2. XSS scanning

  3. Fuzzing

  4. Brute forcing

Correct Answer: A

Question No.33

Ann, a member of the finance department at a large corporation, has submitted a suspicious email she received to the information security team. The team was notexpecting an email from Ann, and it contains a PDF file inside a ZIP compressed archive. The information security learn is not sure which files were opened. A security team member uses an air-gapped PC to open the ZIP and PDF, and it appears to be a socialengineering attempt to deliver an exploit. Which of the

following would provide greater insight on the potential impact of this attempted attack?

  1. Run an antivirus scan on the finance PC.

  2. Use a protocol analyzer on the air-gapped PC.

  3. Perform reverse engineering on the document.

  4. Analyze network logs for unusual traffic.

  5. Run a baseline analyzer against the user#39;s computer.

Correct Answer: B

Question No.34

A recent penetration test identified that a web server has a major vulnerability. The web server hosts a critical shipping application for the company and requires 99.99% availability. Attempts to fix the vulnerability would likely break the application. The shipping application is due to be replacedin the next three months. Which of the following would BEST secure the web server until the replacement web server is ready?

  1. Patch management

  2. Antivirus

  3. Application firewall

  4. Spam filters

  5. HIDS

Correct Answer: E

Question No.35

A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline. Which of the following tools should be implemented to detect similar attacks?

  1. Vulnerability scanner

  2. TPM

  3. Host-based firewall

  4. File integrity monitor

  5. NIPS

Correct Answer: CD

Question No.36 has requested a black-box security assessment be performed on key cyber terrain. On area of concern is the company#39;s SMTP services. The security assessor wants to run reconnaissance before taking any additional action and wishes to determine which SMTP server is Internet-facing. Which of the following commands should the assessor use to determine this information?

  1. dnsrecon -d -t SOA

  2. dig mx

  3. nc -v

  4. whois

Correct Answer: A

Question No.37

A security engineer is designing a system in which offshore, outsourced staff can push code from

the development environment to the production environment securely. The security engineer is concerned with data loss,while the business does not want to slow down its development process. Which of the following solutions BEST balances security requirements with business need?

  1. Set up a VDI environment that prevents copying and pasting to the localworkstations of outsourced staff members

  2. Install a client-side VPN on the staff laptops and limit access to the development network

  3. Create an IPSec VPN tunnel from the development network to the office of the outsourced staff

  4. Use online collaboration tools to initiate workstation-sharing sessions with local staff who have access to the development network

Correct Answer: D

Question No.38

The code snippet below controls all electronic door locks to a secure facility in which the doors should only fail open in an emergency. In the code, quot;criticalValuequot; indicates if an emergency is underway:


Which of the following is the BEST course of action for a security analyst to recommend to the software developer?

  1. Rewrite the software to implement fine-grained, conditions-based testing

  2. Add additional exception handling logic to the main program to prevent doors from being opened

  3. Apply for alife-safety-based risk exception allowing secure doors to fail open

  4. Rewrite the software#39;s exception handling routine to fail in a secure state

Correct Answer: B

Question No.39

A company has gone through a round of phishing attacks. More than 200 users have had their workstation infected because they clicked on alink in an email. An incident analysis has determined an executable ran and compromised the administrator account on each workstation. Management is demanding the information security team prevent this from happening again.

Which of the following would BEST prevent this from happening again?

  1. Antivirus

  2. Patch management

  3. Log monitoring

  4. Application whitelisting

  5. Awareness training

Correct Answer: A

Question No.40

An administrator has noticed mobile devices from an adjacent company on the corporate wireless network. Malicious activity is being reported from those devices. To add another layer of security in an enterprise environment, an administrator wants to add contextual authentication to allow users to access enterprise resources only while present in corporate buildings. Which of the following technologies would accomplish this?

  1. Port security

  2. Rogue device detection

  3. Bluetooth

  4. GPS

Correct Answer: D

Get Full Version of CAS-003 Dumps

CAS-003 Dumps

CAS-003 Real Exam Dumps Questions and answers 41-50

Get Full Version of the Exam

Question No.41

A cybersecurity analyst has received an alert that well-known quot;call homequot; messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the massages. After determining the alert was a true positive, whichof the following represents OST likely cause?

  1. Attackers are running reconnaissance on company resources.

  2. An outside command and control system is attempting to reach an infected system.

  3. An insider trying to exfiltrate information to a remote network.

  4. Malware is running on a company system

Correct Answer: B

Question No.42

While attending a meeting with the human resources department, an organization#39;sinformation security officer sees an employee using a username and password written on a memo pad to log into a specific service. When the information security officer inquires further as to why passwords are being written down, the response is that thereare too many passwords to remember for all the different services the human resources department is required to use. Additionally, each password has specific complexity requirements and different expiration time frames. Which of the following would be the BEST solution for the information security officer to recommend?

  1. Utilizing MFA

  2. Implementing SSO

  3. Deploying 802.1X

  4. Pushing SAML adoption

  5. Implementing TACACS

Correct Answer: B

Question No.43

A security analyst is attempting to break into a client#39;s secure network. The analyst was not given prior information about the client, except for a block of public IP addresses that are currently in use. After network enumeration, the analyst#39;s NEXT step is to perform:

  1. a gray-box penetration test

  2. a risk analysis

  3. a vulnerability assessment

  4. an external security audit

  5. a red team exercise

Correct Answer: A

Question No.44

The Chief Information Security Officer (CISO) for an organization wants to develop custom IDS rulesets faster, prior to new rules being released by IDS vendors. Which of the following BEST meets this objective?

  1. Identify a third-party source for IDS rules and change the configuration on the applicable IDSs to pull in the new rulesets

  2. Encourage cybersecurity analysts to review open-source intelligence products and threat database to generate new IDS rules based on those sources

  3. Leverage the latest TCP- and UDP-related RFCs to arm sensors and IDSs with appropriate heuristics for anomaly detection

  4. Use annual hacking conventions to document the latest attacks and threats, and then develop IDS rules to counterthose threats

Correct Answer: B

Question No.45

During a security assessment, anorganization is advised of inadequate control over network segmentation. The assessor explains that the organization#39;s reliance on VLANs to segment traffic is insufficient to provide segmentation based on regulatory standards. Which of the following should the organization consider implementing along with VLANs to provide a greater level of segmentation?

  1. Air gaps

  2. Access control lists

  3. Spanning tree protocol

  4. Network virtualization

  5. Elastic load balancing

Correct Answer: D

Question No.46

A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a specific platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After the new vulnerability, it was determined that web services provided are being impacted by this new

threat. Which of the following data types MOST likely at risk of exposure based on this new threat? (Select Two)

  1. Cardholder data

  2. Intellectual property

  3. Personal health information

  4. Employee records

  5. Corporate financial data

Correct Answer: AC

Question No.47

Ann, a terminated employee, left personal photos on acompany-issued laptop and no longer has access to them. Ann emails her previous manager and asks to get her personal photos back.

Which of the following BEST describes how the manager should respond?

  1. Determine if the data still exists by inspecting toascertain if the laptop has already been wiped and if the storage team has recent backups.

  2. Inform Ann that the laptop was for company data only and she should not have stored personal photos on a company asset.

  3. Report the email because it may have been a spoofed request coming from an attacker who is trying to exfiltrate data from the company laptop.

  4. Consult with the legal and/or human resources department and check company policies around employment and termination procedures.

Correct Answer: D

Question No.48

A consultant ishired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessment will be considered successful if the consultant can discover the name of one of the IT administrators. Which of the following is MOST likely to produce the needed information?

  1. Whois

  2. DNS enumeration

  3. Vulnerability scanner

  4. Fingerprinting

Correct Answer: A

Question No.49

The Chief Executive Officer (CEO) instructed the new Chief Information Security Officer (CISO) to provide a list of enhancements to the company#39;s cybersecurity operation. As a result, the CISO has identified the need to align security operations with industry best practices. Which of the following industry references is appropriate to accomplish this?

  1. OSSM

  2. NIST

  3. PCI

  4. OWASP

Correct Answer: B

Question No.50

A team is at the beginning stages of designing a new enterprise-wide application. The new application will have a large database and require a capital investment in hardware. The Chief Information Officer (IO) has directed the team to save money and reduce the reliance on the datacenter, and the vendor must specialize in hosting large databases in the cloud. Which of the following cloud-hosting options would BEST meet these needs?

  1. Multi-tenancy SaaS

  2. Hybrid IaaS

  3. Single-tenancy PaaS

  4. Community IaaS

Correct Answer: C

Get Full Version of CAS-003 Dumps

CAS-003 Dumps

CAS-003 Real Exam Dumps Questions and answers 51-60

Get Full Version of the Exam

Question No.51

A company#39;s existing forward proxies supportsoftware-based TLS decryption, but are currently at 60% load just dealing with AV scanning and content analysis for HTTP traffic. More than 70% outbound web traffic is currently encrypted. The switching and routing network infrastructure precludes adding capacity, preventing the installation of a dedicated TLS decryption system. The network firewall infrastructure is currently at 30% load and has software decryption modules that can be activated by purchasing additional license keys. An existing project isrolling out agent updates to end-user desktops as part of an endpoint security refresh. Which of the following is the BEST way to address these issues and mitigate risks to the organization?

  1. Purchase the SSL, decryption license for the firewalls and route traffic back to the proxies for end- user categorization and malware analysis.

  2. Roll out application whitelisting to end-user desktops and decommission the existing proxies, freeing up network ports.

  3. Use an EDP solution to address the malware issueand accept the diminishing role of the proxy for URL categorization in the short team.

  4. Accept the current risk and seek possible funding approval in the next budget cycle to replace the existing proxies with ones with more capacity.

Correct Answer: B

Question No.52

An internal staff member logs into an ERP platform and clicks on arecord. The browser URL changes to:



Which of the following is the MOST likely vulnerability in this ERP platform?

  1. Brute forcing of account credentials

  2. Plan-text credentials transmitted over theInternet

  3. Insecure direct object reference

  4. SQL injection of ERP back end

Correct Answer: C

Question No.53

A company is developing requirements for a customized OS build that will be used in an embedded environment. The company procured hardware that is capable of reducing the likelihood of successful buffer overruns while executables are processing. Which of the following capabilities must be included for the OS to take advantage of this critical hardware-based countermeasure?

  1. Application whitelisting

  2. NX/XN bit

  3. ASLR

  4. TrustZone

  5. SCP

Correct Answer: B

Question No.54

Aninternal penetration tester was assessing a recruiting page for potential issues before it was pushed to the production website. The penetration tester discovers an issue that must be corrected before the page goes live. The web host administrator collectsthe log files below and gives them to the development team so improvements can be made to the security design of the website.


Which of the following types of attack vector did the penetration tester use?

  1. SQLi

  2. CSRF

  3. Brute force

  4. XSS

  5. TOC/TOU

Correct Answer: B

Question No.55


A security consultant isconsidering authentication options for a financial institution. The following authentication options are available security mechanism to the appropriate use case. Options may be used once.


Correct Answer:


Question No.56

A managed service provider is designing a log aggregation service for customers who no longer want tomanage an internal SIEM infrastructure. The provider expects that customers will send all types of logs to them, and that log files could contain very sensitive entries. Customers have indicated they want on-premises and cloud-based infrastructure logs tobe stored in this new service. An engineer, who is designing the new service, is deciding how to segment customers. Which of the following is the BEST statement for the engineer to take into consideration?

  1. Single-tenancy is often more expensive and has less efficient resource utilization. Multi-tenancy may increase the risk of cross-customer exposure in the event of service vulnerabilities.

  2. The managed service provider should outsource security of the platform to an existing cloud company. This willallow the new log service to be launched faster and with well-tested security controls.

  3. Due to the likelihood of large log volumes, the service provider should use a multi-tenancy model for the data storage tier, enable data deduplication for storage cost efficiencies, and encrypt data at rest.

  4. The most secure design approach would be to give customers on-premises appliances, install agents on endpoints, and then remotely manage the service via a VPN.

Correct Answer: A

Question No.57

A web developer has implemented HTML5 optimizations into a legacy web application. One of the modifications the web developer made was the following client side optimization:

localStorage.setItem(quot;session-cookiequot;, document.cookie); Which of thefollowing should the security engineer recommend?

  1. SessionStorage should be used so authorized cookies expire after the session ends

  2. Cookies should be marked as quot;securequot; and quot;HttpOnlyquot;

  3. Cookies should be scoped to a relevant domain/path

  4. Client-side cookies should be replaced by server-side mechanisms

Correct Answer: C

Question No.58

A security engineer has implemented an internal user access review tool so service teams can baseline user accounts and group memberships. The tool is functional and popular among its initial set of onboarded teams. However, the tool has not been built to cater to a broader set of internal teams yet. The engineer has sought feedback from internal stakeholders, and a list of summarized requirements is as follows:


The tool needs to be responsive so service teamscan query it, and then perform an automated response action.


The tool needs to be resilient to outages so service teams can perform the user access review at any point in time and meet their own SLAs.


The tool will become the system-of-record for approval,reapproval, and removal life cycles of group memberships and must allow for data retrieval after failure.

Which of the following need specific attention to meet the requirements listed above? (Choose three.)

  1. Scalability

  2. Latency

  3. Availability

  4. Usability

  5. Recoverability

  6. Maintainability

Correct Answer: BCE

Question No.59

A forensic analyst suspects that a buffer overflow exists in a kernel module. The analyst executes the following command:

dd if=/dev/ram of=/tmp/mem/dmp

The analyst then reviews the associated output:


However, the analyst is unable to find any evidence of the running shell. Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell?

  1. The NX bit is enabled

  2. The system uses ASLR

  3. The shell is obfuscated

  4. The code uses dynamic libraries

Correct Answer: B

Question No.60

Which of the following is an external pressure that causes companies to hire security assessors and penetration testers?

  1. Lack of adequate in-house testing skills.

  2. Requirements for geographically based assessments

  3. Cost reduction measures

  4. Regulatory insistence on independent reviews.

Correct Answer: D

Get Full Version of CAS-003 Dumps

CAS-003 Dumps

CAS-003 Real Exam Dumps Questions and answers 61-70

Get Full Version of the Exam

Question No.61

A security analyst has requested network engineers integrate sFlow into the SOC#39;s overall monitoring picture. For this to be a useful addition to the monitoring capabilities, which of the following must be considered by the engineering team?

  1. Effective deployment of network taps

  2. Overall bandwidth available at Internet PoP

  3. Optimal placement of log aggregators

  4. Availability of application layer visualizers

Correct Answer: D

Question No.62

An administrator is working with management to develop policies related to the use of the cloud-

based resources that contain corporate data. Management plans to require some control over organizational data stored on personal devices, such as tablets. Which of the following controls would BEST support management#39;s policy?

  1. MDM

  2. Sandboxing

  3. Mobile tokenization

  4. FDE

  5. MFA

Correct Answer: A

Question No.63

A software development team is conducting functional and user acceptance testing of internally developed web applications using a COTS solution. For automated testing, the solution uses valid user credentials from the enterprise directory to authenticate to each application. The solution stores the username in plain text and the corresponding password as an encoded string in a script within a file, located on a globally accessible network share. The account credentials used belong to the development team lead. To reduce the risks associated with this scenario

while minimizing disruption to ongoing testing, which of the following are the BEST actions to take? (Choose two.)

  1. Restrict access to the network share by adding a group only for developers to the share#39;s ACL

  2. Implement a new COTS solution that does not use hard-coded credentials and integrates with directory services

  3. Obfuscate the username within the script file with encoding to prevent easy identification and the account used

  4. Provision a new user account within the enterprise directory and enable its use for authentication to the target applications. Share the username and password with all developers for use in their individual scripts

  5. Redesign the web applications to accept single-use, local account credentials for authentication

Correct Answer: AB

Question No.64

Two competing companies experienced similar attacks on their networks from various threat actors. To improve response times, the companieswish to share some threat intelligence about the sources and methods of attack. Which of the following business documents would be BEST to document this engagement?

  1. Business partnership agreement

  2. Memorandum of understanding

  3. Service-level agreement

  4. Interconnection security agreement

Correct Answer: D

Question No.65

A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production code on the project. Which of the following methods could be used in addition to an integrated development environment to reduce the severity of the issue?

  1. Conduct a penetration test on each function as it is developed

  2. Develop a set of basic checks for common coding errors

  3. Adopt a waterfall method of software development

  4. Implement unit tests that incorporate static code analyzers

Correct Answer: D

Question No.66

Following a merger, the number of remote sites for a company hasdoubled to 52. The company has decided to secure each remote site with an NGFW to provide web filtering, NIDS/NIPS, and network antivirus. The Chief Information Officer (CIO) has requested that the security engineer provide recommendations on sizing for the firewall with the requirements that it be easy to manage and provide capacity for growth.

The tables below provide information on a subset of remote sites and the firewall options:


Which of the following would be the BEST option to recommend to theCIO?

  1. Vendor C for small remote sites, and Vendor B for large sites.

  2. Vendor B for all remote sites

  3. Vendor C for all remote sites

  4. Vendor A for all remote sites

  5. Vendor D for all remote sites

Correct Answer: D

Question No.67

A threat advisory alert was just emailed to the ITsecurity staff. The alert references specific types of host operating systems that can allow an unauthorized person to access files on a system remotely. A fix was recently published, but it requires a recent endpoint protection engine to be installed prior to running the fix. Which of the following MOST likely need to be configured to ensure the system are mitigated accordingly? (Select two.)

  1. Antivirus

  2. HIPS

  3. Application whitelisting

  4. Patch management

  5. Group policy implementation

  6. Firmware updates

Correct Answer: DF

Question No.68

To meet a SLA, which of the following document should be drafted, defining the company#39;s internalinterdependent unit responsibilities and delivery timelines.

  1. BPA

  2. OLA

  3. MSA

  4. MOU

Correct Answer: B


OLA is an agreement between the internal support groups of an institution that supports SLA. According to the Operational Level Agreement, eachinternal support group has certain responsibilities to the other group. The OLA clearly depicts the performance and relationship of the internal service groups. The main objective of OLA is to ensure that all the support groups provide the intended ServiceLevelAgreement.

Question No.69

In the past, the risk committee at Company A has shown an aversion to even minimal amounts of risk acceptance. A security engineer is preparing recommendations regarding the risk of a proposed introducing legacy ICS equipment. The project will introduce a minor vulnerability into the enterprise. This vulnerability does not significantly expose the enterprise to risk and would be expensive against. Which of the following strategies should the engineer recommended be approved FIRST?

  1. Avoid

  2. Mitigate

  3. Transfer

  4. Accept

Correct Answer: B

Question No.70

A new cluster of virtual servers has been set up in a lab environment and must be audited before being allowed on the production network. The security manager needs to ensure unnecessary services are disabled and all system accounts are using strong credentials. Which of the following tools should be used? (Choose two.)

  1. Fuzzer

  2. SCAP scanner

  3. Packet analyzer

  4. Password cracker

  5. Network enumerator

  6. SIEM

Correct Answer: BF

Get Full Version of CAS-003 Dumps