Exam Logo

Comptia (CAS-003) Exam Questions And Answers page 14

An electric car company hires an IT consulting company to improve the cybersecurity of its vehicles. Which of the following should achieve the BEST long-term result for the company?
Enterprise Security Operations Enterprise Security Operations
A laptop is recovered a few days after it was stolen.

Which of the following should be verified during incident response activities to determine the possible impact of the incident?
Risk Management Enterprise Security Operations
An SQL database is no longer accessible online due to a recent security breach. An investigation reveals that unauthorized access to the database was possible due to an SQL injection vulnerability. To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two.)
Risk Management Enterprise Security Architecture
An organization enables BYOD but wants to allow users to access the corporate email, calendar, and contacts from their devices. The data associated with the user s accounts is sensitive, and therefore, the organization wants to comply with the following requirements:

• Active full-device encryption
• Enabled remote-device wipe
• Blocking unsigned applications
• Containerization of email, calendar, and contacts

Which of the following technical controls would BEST protect the data from attack or loss and meet the above requirements?
Risk Management Enterprise Security Operations
Following a recent network intrusion, a company wants to determine the current security awareness of all of its employees. Which of the following is the BEST way to test awareness?
Risk Management Enterprise Security Operations
During the deployment of a new system, the implementation team determines that APIs used to integrate the new system with a legacy system are not functioning properly. Further investigation shows there is a misconfigured encryption algorithm used to secure data transfers between systems. Which of the following should the project manager use to determine the source of the defined algorithm in use?
Enterprise Security Operations Technical Integration of Enterprise Security
An internal penetration tester was assessing a recruiting page for potential issues before it was pushed to the production website. The penetration tester discovers an issue that must be corrected before the page goes live. The web host administrator collects the log files below and gives them to the development team so improvements can be made to the security design of the website.


Which of the following types of attack vectors did the penetration tester use?
Enterprise Security Operations Enterprise Security Operations
A regional transportation and logistics company recently hired its first Chief Information Security Officer (CISO). The CISO s first project after onboarding involved performing a vulnerability assessment against the company s public facing network. The completed scan found a legacy collaboration platform application with a critically rated vulnerability. While discussing this issue with the line of business, the CISO learns the vulnerable application cannot be updated without the company incurring significant losses due to downtime or new software purchases.

Which of the following BEST addresses these concerns?
Risk Management Enterprise Security Operations
A company wants to secure a newly developed application that is used to access sensitive information and data from corporate resources. The application was developed by a third-party organization, and it is now being used heavily, despite lacking the following controls:
• Certificate pinning
• Tokenization
• Biometric authentication

The company has already implemented the following controls:
• Full device encryption
• Screen lock
• Device password
• Remote wipe

The company wants to defend against interception of data attacks. Which of the following compensating controls should the company implement NEXT?
Risk Management Enterprise Security Operations
The Chief Information Officer (CISO) is concerned that certain systems administrators will privileged access may be reading other users emails. Review of a tool s output shows the administrators have used web mail to log into other users inboxes.

Which of the following tools would show this type of output?
Risk Management Enterprise Security Operations