Exam Logo

Comptia (CAS-003) Exam Questions And Answers page 22

A Chief Security Officer (CSO) is reviewing the organization s incident response report from a recent incident. The details of the event indicate:

• A user received a phishing email that appeared to be a report from the organization s CRM tool.
• The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool.
• The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials.
• Several weeks later, the user reported anomalous activity within the CRM tool.
• Following an investigation, it was determined the account was compromised and an attacker in another country has gained access to the CRM tool.
• Following identification of corrupted data and successful recovery from the incident, a lessons learned activity was to be led by the CSO.

Which of the following would MOST likely have allowed the user to more quickly identify the unauthorized use of credentials by the attacker?
Risk Management Enterprise Security Operations
Which of the following risks does expanding business into a foreign country carry?
Risk Management Integration of Computing, Communications, and Business Disciplines
A project manager is working with system owners to develop maintenance windows for system patching and upgrades in a cloud-based PaaS environment. Management has indicated one maintenance windows will be authorized per month, but clients have stated they require quarterly maintenance windows to meet their obligations. Which of the following documents should the project manager review?
Risk Management Enterprise Security Operations
Following a complete outage of the electronic medical record system for more than 18 hours, the hospital s Chief Executive Officer (CEO) has requested that the Chief Information Security Officer (CISO) perform an investigation into the possibility of a disgruntled employee causing the outage maliciously. To begin the investigation, the CISO pulls all event logs and device configurations from the time of the outage. The CISO immediately notices the configuration of a top-of-rack switch from one day prior to the outage does not match the configuration that was in place at the time of the outage. However, none of the event logs show who changed the switch configuration, and seven people have the ability to change it. Because of this, the investigation is inconclusive.

Which of the following processes should be implemented to ensure this information is available for future investigations?
Risk Management Enterprise Security Operations
Within change management, which of the following ensures functions are carried out by multiple employees?
Risk Management Enterprise Security Operations
A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior. The company must deploy a host solution to meet the following requirements:

• Detect administrative actions
• Block unwanted MD5 hashes
• Provide alerts
• Stop exfiltration of cardholder data

Which of the following solutions would BEST meet these requirements? (Choose two.)
Risk Management Enterprise Security Operations
A security engineer is attempting to convey the importance of including job rotation in a company s standard security policies. Which of the following would be the BEST justification?
Risk Management Risk Management
A product owner is reviewing the output of a web-application penetration test and has identified an application that is presenting sensitive information in cleartext on a page. Which of the following code snippets would be BEST to use to remediate the vulnerability?
Risk Management Enterprise Security Operations
A hospital s security team recently determined its network was breached and patient data was accessed by an external entity. The Chief Information Security Officer (CISO) of the hospital approaches the executive management team with this information, reports the vulnerability that led to the breach has already been remediated, and explains the team is continuing to follow the appropriate incident response plan. The executive team is concerned about the hospital s brand reputation and asks the CISO when the incident should be disclosed to the affected patients. Which of the following is the MOST appropriate response?
Risk Management Enterprise Security Operations
Which of the following is the GREATEST security concern with respect to BYOD?
Enterprise Security Operations Enterprise Security Operations