Exam Logo

Comptia (CAS-003) Exam Questions And Answers page 16

After an employee was terminated, the company discovered the employee still had access to emails and attached content that should have been destroyed during the off-boarding. The employee s laptop and cell phone were confiscated and accounts were disabled promptly. Forensic investigation suggests the company s DLP was effective, and the content in question was not sent outside of work or transferred to removable media. Personality owned devices are not permitted to access company systems or information.

Which of the following would be the MOST efficient control to prevent this from occurring in the future?
Risk Management Enterprise Security Operations
A company is transitioning to a new VDI environment, and a system engineer is responsible for developing a sustainable security strategy for the VDIs.

Which of the following is the MOST appropriate order of steps to be taken?
Enterprise Security Operations Technical Integration of Enterprise Security
A security administrator is reviewing the following output from an offline password audit:


Which of the following should the systems administrator implement to BEST address this audit finding? (Choose two.)
Risk Management Enterprise Security Operations
Designing a system in which only information that is essential for a particular job task is allowed to be viewed can be accomplished successfully by using:
Risk Management Enterprise Security Architecture
A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch?
Enterprise Security Operations Technical Integration of Enterprise Security
A technician is reviewing the following log:


Which of the following tools should the organization implement to reduce the highest risk identified in this log?
Risk Management Enterprise Security Operations
A Chief Information Security Officer (CISO) requests the following external hosted services be scanned for malware, unsecured PII, and healthcare data:

• Corporate intranet site
• Online storage application
• Email and collaboration suite

Security policy also is updated to allow the security team to scan and detect any bulk downloads of corporate data from the company s intranet and online storage site. Which of the following is needed to comply with the corporate security policy and the CISO s request?
Risk Management Enterprise Security Operations
A recent security assessment revealed a web application may be vulnerable to clickjacking. According to the application developers, a fix may be months away. Which of the following should a security engineer configure on the web server to help mitigate the issue?
Risk Management Enterprise Security Operations
An organization is improving its web services to enable better customer engagement and self-service. The organization has a native mobile application and a rewards portal provided by a third party. The business wants to provide customers with the ability to log in once and have SSO between each of the applications. The integrity of the identity is important so it can be propagated through to back-end systems to maintain a consistent audit trail. Which of the following authentication and authorization types BEST meet the requirements? (Choose two.)
Risk Management Enterprise Security Architecture
An organization is preparing to develop a business continuity plan. The organization is required to meet regulatory requirements relating to confidentiality and availability, which are well-defined. Management has expressed concern following initial meetings that the organization is not fully aware of the requirements associated with the regulations. Which of the following would be MOST appropriate for the project manager to solicit additional resources for during this phase of the project?
Risk Management Enterprise Security Architecture