Exam Logo

Comptia (CAS-003) Exam Questions And Answers page 19

Two new technical SMB security settings have been enforced and have also become policies that increase secure communications.
Network Client: Digitally sign communication
Network Server: Digitally sign communication

A storage administrator in a remote location with a legacy storage array, which contains time-sensitive data, reports employees can no longer connect to their department shares. Which of the following mitigation strategies should an information security manager recommend to the data owner?
Risk Management Enterprise Security Operations
A user workstation was infected with a new malware variant as a result of a drive-by download. The security administrator reviews key controls on the infected workstation and discovers the following:


Which of the following would BEST prevent the problem from reoccurring in the future? (Choose two.)
Risk Management Enterprise Security Operations
A software company is releasing a new mobile application to a broad set of external customers. Because the software company is rapidly releasing new features, it has built in an over-the-air software update process that can automatically update the application at launch time. Which of the following security controls should be recommended by the company s security architect to protect the integrity of the update process? (Choose two.)
Enterprise Security Operations Technical Integration of Enterprise Security
Which of the following BEST represents a risk associated with merging two enterprises during an acquisition?
Risk Management Enterprise Security Architecture
A Chief Information Security Officer (CISO) has launched an initiative to create a robust BCP/DR plan for the entire company. As part of the initiative, the security team must gather data supporting operational importance for the applications used by the business and determine the order in which the applications must be brought back online. Which of the following should be the FIRST step taken by the team?
Risk Management Risk Management
A request has been approved for a vendor to access a new internal server using only HTTPS and SSH to manage the back-end system for the portal. Internal users just need HTTP and HTTPS access to all internal web servers. All other external access to the new server and its subnet is not allowed. The security manager must ensure proper access is configured.


Below is a snippet from the firewall related to that server (access is provided in a top-down model):


Which of the following lines should be configured to allow the proper access? (Choose two.)
Risk Management Enterprise Security Operations
A security manager needed to protect a high-security data center, so the manager installed a mantrap that can detect an employee s heartbeat, weight, and badge. Which of the following did the security manager implement?
Risk Management Enterprise Security Architecture
A hospital uses a legacy electronic medical record system that requires multicast for traffic between the application servers and databases on virtual hosts that support segments of the application. Following a switch upgrade, the electronic medical record is unavailable despite physical connectivity between the hypervisor and the storage being in place. The network team must enable multicast traffic to restore access to the electronic medical record. The ISM states that the network team must reduce the footprint of multicast traffic on the network.


Using the above information, on which VLANs should multicast be enabled?
Risk Management Enterprise Security Operations
Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company s final software releases? (Choose two.)
Risk Management Risk Management
A secure facility has a server room that currently is controlled by a simple lock and key, and several administrators have copies of the key. To maintain regulatory compliance, a second lock, which is controlled by an application on the administrators smartphones, is purchased and installed. The application has various authentication methods that can be used. The criteria for choosing the most appropriate method are:
• It cannot be invasive to the end user.
• It must be utilized as a second factor.
• Information sharing must be avoided.
• It must have a low false acceptance rate.

Which of the following BEST meets the criteria?
Enterprise Security Architecture Enterprise Security Operations