Exam Logo

Comptia (CAS-003) Exam Questions And Answers page 23

A company contracts a security consultant to perform a remote white-box penetration test. The company wants the consultant to focus on Internet-facing services without negatively impacting production services. Which of the following is the consultant MOST likely to use to identify the company s attack surface? (Choose two.)
Risk Management Enterprise Security Architecture
While an employee is on vacation, suspicion arises that the employee has been involved in malicious activity on the network. The security engineer is concerned the investigation may need to continue after the employee returns to work. Given this concern, which of the following should the security engineer recommend to maintain the integrity of the investigation?
Risk Management Enterprise Security Operations
An aircraft manufacturer is developing software that will perform automatic flight control (auto-pilot). Given the high safety criticality of the software, the developer can BEST prove software correctness to a requirement s specification by employing:
Risk Management Risk Management
After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees devices into the network securely?
Risk Management Enterprise Security Operations
A Chief Information Security Officer (CISO) of a large financial institution undergoing an IT transformation program wants to embed security across the business rapidly and across as many layers of the business as possible to achieve quick wins and reduce risk to the organization. Which of the following business areas should the CISO target FIRST to best meet the objective?
Risk Management Enterprise Security Operations
A Chief Information Security Officer (CISO) is running a test to evaluate the security of the corporate network and attached devices. Which of the following components should be executed by an outside vendor?
Enterprise Security Operations Enterprise Security Operations
An organization that develops military technology is considering expansion into a foreign country. The organization's owners want to understand the risks associated with such an expansion, and the organization does not want to fund an intensive assessment. Which of the following approaches should be taken?
Risk Management Risk Management
A forensic analyst must image the hard drive of a computer and store the image on a remote server. The analyst boots the computer with a live Linux distribution. Which of the following will allow the analyst to copy and transfer the file securely to the remote server?
Enterprise Security Architecture Enterprise Security Operations
A company recently implemented a variety of security services to detect various types of traffic that pose a threat to the company. The following services were enabled within the network:

" Scan of specific subsets for vulnerabilities
" Categorizing and logging of website traffic
" Enabling specific ACLs based on application traffic
" Sending suspicious files to a third-party site for validation

A report was sent to the security team that identified multiple incidents of users sharing large amounts of data from an on-premise server to a public site. A small percentage of that data also contained malware and spyware

Which of the following services MOST likely identified the behavior and sent the report?
Enterprise Security Operations Enterprise Security Operations
Users have reported that an internally developed web application is acting erratically, and the response output is inconsistent. The issue began after a web application dependency patch was applied to improve security. Which of the following would be the MOST appropriate tool to help identify the issue?
Enterprise Security Operations Technical Integration of Enterprise Security