Exam Logo

Comptia (CAS-003) Exam Questions And Answers page 24

The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would BEST to improve the incident response process?
Enterprise Security Operations Enterprise Security Operations
A network administrator is concerned about a particular server that is attacked occasionally from hosts on the Internet. The server is not critical; however, the attacks impact the rest of the network.

While the company s current ISP is cost effective, the ISP is slow to respond to reported issues. The administrator needs to be able to mitigate the effects of an attack immediately without opening a trouble ticket with the ISP. The ISP is willing to accept a very small network route advertised with a particular BGP community string. Which of the following is the BEST way for the administrator to mitigate the effects of these attacks?
Risk Management Enterprise Security Operations
A Chief Information Officer (CIO) publicly announces the implementation of a new financial system. As part of a security assessment that includes a social engineering task, which of the following tasks should be conducted to demonstrate the BEST means to gain information to use for a report on social vulnerability details about the financial system?
Enterprise Security Architecture Enterprise Security Operations
Users have been reporting unusual automated phone calls, including names and phone numbers, that appear to come from devices internal to the company. Which of the following should the systems administrator do to BEST address this problem?
Enterprise Security Architecture Enterprise Security Operations
A university s help desk is receiving reports that Internet access on campus is not functioning. The network administrator looks at the management tools and sees the 1Gbps Internet is completely saturated with ingress traffic. The administrator sees the following output on the Internet router:


The administrator calls the university s ISP for assistance, but it takes more than four hours to speak to a network engineer who can resolve the problem. Based on the information above, which of the following should the ISP engineer do to resolve the issue?
Risk Management Enterprise Security Operations
A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities. The analyst inspects the following portions of different configuration files:

Configuration file 1:
Operator ALL=/sbin/reboot
Configuration file 2:
Command= /sbin/shutdown now , no-x11-forwarding, no-pty, ssh-dss
Configuration file 3:
Operator:x:1000:1000::/home/operator:/bin/bash

Which of the following explains why an intended operator cannot perform the intended action?
Risk Management Enterprise Security Operations
Within the past six months, a company has experienced a series of attacks directed at various collaboration tools. Additionally, sensitive information was compromised during a recent security breach of a remote access session from an unsecure site. As a result, the company is requiring all collaboration tools to comply with the following:

• Secure messaging between internal users using digital signatures
• Secure sites for video-conferencing sessions
• Presence information for all office employees
• Restriction of certain types of messages to be allowed into the network.

Which of the following applications must be configured to meet the new requirements? (Choose two.)
Risk Management Enterprise Security Architecture
Several days after deploying an MDM for smartphone control, an organization began noticing anomalous behavior across the enterprise. Security analysts observed the following:
• Unauthorized certificate issuance
• Access to mutually authenticated resources utilizing valid but unauthorized certificates
• Granted access to internal resources via the SSL VPN

To address the immediate problem, security analysts revoked the erroneous certificates. Which of the following describes the MOST likely root cause of the problem and offers a solution?
Risk Management Enterprise Security Architecture
A database administrator is required to adhere to and implement privacy principles when executing daily tasks. A manager directs the administrator to reduce the number of unique instances of PII stored within an organization s systems to the greatest extent possible.

Which of the following principles is being demonstrated?
Risk Management Enterprise Security Architecture
First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss. In a rush to isolate the three hosts that were calling out to the NAS to encrypt whole directories, the hosts were shut down immediately without investigation and then isolated. Which of the following were missed? (Choose two.)
Enterprise Security Operations Enterprise Security Operations