Comptia (CAS-003) Exam Questions And Answers page 22
A Chief Security Officer (CSO) is reviewing the organization s incident response report from a recent incident. The details of the event indicate:
• A user received a phishing email that appeared to be a report from the organization s CRM tool.
• The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool.
• The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials.
• Several weeks later, the user reported anomalous activity within the CRM tool.
• Following an investigation, it was determined the account was compromised and an attacker in another country has gained access to the CRM tool.
• Following identification of corrupted data and successful recovery from the incident, a lessons learned activity was to be led by the CSO.
Which of the following would MOST likely have allowed the user to more quickly identify the unauthorized use of credentials by the attacker?
• A user received a phishing email that appeared to be a report from the organization s CRM tool.
• The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool.
• The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials.
• Several weeks later, the user reported anomalous activity within the CRM tool.
• Following an investigation, it was determined the account was compromised and an attacker in another country has gained access to the CRM tool.
• Following identification of corrupted data and successful recovery from the incident, a lessons learned activity was to be led by the CSO.
Which of the following would MOST likely have allowed the user to more quickly identify the unauthorized use of credentials by the attacker?
Last login verification
Log correlation
Time-of-check controls
Time-of-use controls
WAYF-based authentication
Risk Management
Enterprise Security Operations
Which of the following risks does expanding business into a foreign country carry?
Data sovereignty laws could result in unexpected liability
Export controls might decrease software costs
Data ownership might revert to the regulatory entities in the new country
Some security tools might be monitored by legal authorities
Risk Management
Integration of Computing, Communications, and Business Disciplines
A project manager is working with system owners to develop maintenance windows for system patching and upgrades in a cloud-based PaaS environment. Management has indicated one maintenance windows will be authorized per month, but clients have stated they require quarterly maintenance windows to meet their obligations. Which of the following documents should the project manager review?
SRTM
SLA
MOU
SOW
Risk Management
Enterprise Security Operations
Following a complete outage of the electronic medical record system for more than 18 hours, the hospital s Chief Executive Officer (CEO) has requested that the Chief Information Security Officer (CISO) perform an investigation into the possibility of a disgruntled employee causing the outage maliciously. To begin the investigation, the CISO pulls all event logs and device configurations from the time of the outage. The CISO immediately notices the configuration of a top-of-rack switch from one day prior to the outage does not match the configuration that was in place at the time of the outage. However, none of the event logs show who changed the switch configuration, and seven people have the ability to change it. Because of this, the investigation is inconclusive.
Which of the following processes should be implemented to ensure this information is available for future investigations?
Which of the following processes should be implemented to ensure this information is available for future investigations?
Asset inventory management
Incident response plan
Test and evaluation
Configuration and change management
Risk Management
Enterprise Security Operations
Within change management, which of the following ensures functions are carried out by multiple employees?
Least privilege
Mandatory vacation
Separation of duties
Job rotation
Risk Management
Enterprise Security Operations
A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior. The company must deploy a host solution to meet the following requirements:
• Detect administrative actions
• Block unwanted MD5 hashes
• Provide alerts
• Stop exfiltration of cardholder data
Which of the following solutions would BEST meet these requirements? (Choose two.)
• Detect administrative actions
• Block unwanted MD5 hashes
• Provide alerts
• Stop exfiltration of cardholder data
Which of the following solutions would BEST meet these requirements? (Choose two.)
AV
EDR
HIDS
DLP
HIPS
EFS
Risk Management
Enterprise Security Operations
A security engineer is attempting to convey the importance of including job rotation in a company s standard security policies. Which of the following would be the BEST justification?
Making employees rotate through jobs ensures succession plans can be implemented and prevents single points of failure.
Forcing different people to perform the same job minimizes the amount of time malicious actions go undetected by forcing malicious actors to attempt collusion between two or more people.
Administrators and engineers who perform multiple job functions throughout the day benefit from being cross-trained in new job areas.
It eliminates the need to share administrative account passwords because employees gain administrative rights as they rotate into a new job area.
Risk Management
Risk Management
A product owner is reviewing the output of a web-application penetration test and has identified an application that is presenting sensitive information in cleartext on a page. Which of the following code snippets would be BEST to use to remediate the vulnerability?
Query hqlQuery = session.createQuery( select transaction from Accounts as orders where acct.id =? );
List results = hqlQuery.setString(0, 122-ACC-988-QTWYTFDL ).list();
List results = hqlQuery.setString(0, 122-ACC-988-QTWYTFDL ).list();
Risk Management
Enterprise Security Operations
A hospital s security team recently determined its network was breached and patient data was accessed by an external entity. The Chief Information Security Officer (CISO) of the hospital approaches the executive management team with this information, reports the vulnerability that led to the breach has already been remediated, and explains the team is continuing to follow the appropriate incident response plan. The executive team is concerned about the hospital s brand reputation and asks the CISO when the incident should be disclosed to the affected patients. Which of the following is the MOST appropriate response?
When it is mandated by their legal and regulatory requirements
As soon as possible in the interest of the patients
As soon as the public relations department is ready to be interviewed
When all steps related to the incident response plan are completed
Upon the approval of the Chief Executive Officer (CEO) to release information to the public
Risk Management
Enterprise Security Operations
What is the greatest security concern regarding BYOD?
Single Choice
Which of the following is the GREATEST security concern with respect to BYOD?
The filtering of sensitive data out of data flows at geographic boundaries.
Removing potential bottlenecks in data transmission paths.
The transfer of corporate data onto mobile corporate devices.
The migration of data into and out of the network in an uncontrolled manner.
Enterprise Security Operations
Enterprise Security Operations
Comments