Exam Logo

Comptia (CAS-003) Exam Questions And Answers page 25

To reduce costs, an organization, has decided it will no longer support corporate phones. All employees must use a BYOD device to access the company s collaboration services, which are cloud hosted. To simplify device management, the end user computing department does not want to deploy agents to the devices. The Chief Information Security Officer (CISO) has identified the following requirements to support access to the service:

• Only the current and N-1 operating systems are supported.
• The devices cannot be jail broken.
• Access is limited through the cloud forward proxy.
• No company unstructured data is downloaded to local storage.
• Strong authentication controls are implemented.
• Any cached organization data is protected.

Which of the following controls must be implemented to meet these requirements?
Risk Management Enterprise Security Architecture
During the migration of a company s human resources application to a PaaS provider, the Chief Privacy Officer (CPO) expresses concern the vendor s staff may be able to access data within the migrating application. The application stack includes a multitier architecture and uses commercially available, vendor-supported software packages. Which of the following BEST addresses the CPO s concerns?
Risk Management Enterprise Security Operations
An information security officer reviews a report and notices a steady increase in outbound network traffic over the past ten months. There is no clear explanation for the increase. The security officer interviews several business units and discovers an unsanctioned cloud storage provider was used to share marketing materials with potential customers. Which of the following services would be BEST for the security officer to recommend to the company?
Risk Management Enterprise Security Operations
Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in a secure environment?
Enterprise Security Operations Enterprise Security Operations
A managed service provider is designing a log aggregation service for customers who no longer want to manage an internal SIEM infrastructure. The provider expects that customers will send all types of logs to them, and that log files could contain very sensitive entries. Customers have indicated they want on-premises and cloud-based infrastructure logs to be stored in this new service. An engineer, who is designing the new service, is deciding how to segment customers.

Which of the following is the BEST statement for the engineer to take into consideration?
Risk Management Enterprise Security Operations
A security auditor needs to review the manner in which an entertainment streaming device operates. The auditor is analyzing the output of a port scanning tool to determine the next steps in the security review. Given the following log output:


The best option for the auditor to use NEXT is:
Risk Management Enterprise Security Operations
A newly hired Chief Information Security Officer (CISO) wants to understand how the organization s CIRT handles issues brought to their attention, but needs to be very cautious about impacting any systems. The MOST appropriate method to use would be:
Enterprise Security Operations Enterprise Security Operations
A manufacturing company s security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently proposed some techniques to reduce the attack surface of the ICS to the Chief Information Security Officer (CISO). Which of the following would BEST track the reductions to show the CISO the engineer s plan is successful during each phase?
Risk Management Enterprise Security Operations
An organization based in the United States is planning to expand its operations into the European market later in the year. Legal counsel is exploring the additional requirements that must be established as a result of the expansion. The BEST course of action would be to:
Risk Management Enterprise Security Architecture
A company is developing requirements for a customized OS build that will be used in an embedded environment. The company procured hardware that is capable of reducing the likelihood of successful buffer overruns while executables are processing. Which of the following capabilities must be included for the OS to take advantage of this critical hardware-based countermeasure?
Enterprise Security Operations Enterprise Security Operations