Exam Logo

Comptia (CAS-003) Exam Questions And Answers page 17

A Chief Information Security Officer (CISO) has created a survey that will be distributed to managers of mission-critical functions across the organization. The survey requires the managers to determine how long their respective units can operate in the event of an extended IT outage before the organization suffers monetary losses from the outage. To which of the following is the survey question related? (Choose two.)
Risk Management Risk Management
A remote user reports the inability to authenticate to the VPN concentrator. During troubleshooting, a security administrator captures an attempted authentication and discovers the following being presented by the user s VPN client:


Which of the following BEST describes the reason the user is unable to connect to the VPN service?
Enterprise Security Operations Enterprise Security Operations
A development team releases updates to an application regularly. The application is compiled with several standard, open-source security products that require a minimum version for compatibility. During the security review portion of the development cycle, which of the following should be done to minimize possible application vulnerabilities?
Risk Management Enterprise Security Architecture
A new cluster of virtual servers has been set up in a lab environment and must be audited before being allowed on the production network. The security manager needs to ensure unnecessary services are disabled and all system accounts are using strong credentials.

Which of the following tools should be used? (Choose two.)
Enterprise Security Operations Enterprise Security Operations
Company.org has requested a black-box security assessment be performed on key cyber terrain. One area of concern is the company s SMTP services. The security assessor wants to run reconnaissance before taking any additional action and wishes to determine which SMTP server is Internet-facing.

Which of the following commands should the assessor use to determine this information?
Enterprise Security Operations Enterprise Security Operations
A company uses an application in its warehouse that works with several commercially available tablets and can only be accessed inside the warehouse. The support department would like the selection of tablets to be limited to three models to provide better support and ensure spares are on hand. Users often keep the tablets after they leave the department, as many of them store personal media items.

Which of the following should the security engineer recommend to meet these requirements?
Risk Management Enterprise Security Operations
A developer is concerned about input validation for a newly created shopping-cart application, which will be released soon on a popular website. Customers were previously able to manipulate the shopping cart so they could receive multiple items while only paying for one item. This resulted in large losses. Which of the following would be the MOST efficient way to test the shopping cart and address the developer s concerns?
Risk Management Enterprise Security Operations
A Chief Information Security Officer (CISO) is creating a security committee involving multiple business units of the corporation.

Which of the following is the BEST justification to ensure collaboration across business units?
Research, Development, and Collaboration Research, Development, and Collaboration
During a security assessment, activities were divided into two phases: internal and external exploitation. The security assessment team set a hard time limit on external activities before moving to a compromised box within the enterprise perimeter.

Which of the following methods is the assessment team most likely to employ NEXT?
Enterprise Security Operations Technical Integration of Enterprise Security
A penetration test is being scoped for a set of web services with API endpoints. The APIs will be hosted on existing web application servers. Some of the new APIs will be available to unauthenticated users, but some will only be available to authenticated users. Which of the following tools or activities would the penetration tester MOST likely use or do during the engagement? (Choose two.)
Risk Management Enterprise Security Operations