Exam Logo

Comptia (CAS-003) Exam Questions And Answers page 27

A security consultant is performing a penetration test on www.comptia.org and wants to discover the DNS administrator s email address to use in a later social engineering attack. The information listed with the DNS registrar is private. Which of the following commands will also disclose the email address?
Enterprise Security Architecture Enterprise Security Operations
A developer is reviewing the following transaction logs from a web application:

Username: John Doe
Street name: Main St.
Street number: <script></script>
Risk Management Enterprise Security Operations
A security analyst who is concerned about sensitive data exfiltration reviews the following:


Which of the following tools would allow the analyst to confirm if data exfiltration is occuring?
Enterprise Security Operations Technical Integration of Enterprise Security
A company has entered into a business agreement with a business partner for managed human resources services. The Chief Information Security Officer (CISO) has been asked to provide documentation that is required to set up a business-to-business VPN between the two organizations. Which of the following is required in this scenario?
Enterprise Security Operations Enterprise Security Operations
An organization is engaged in international business operations and is required to comply with various legal frameworks. In addition to changes in legal frameworks, which of the following is a primary purpose of a compliance management program?
Risk Management Enterprise Security Architecture
A server (10.0.0.2) on the corporate network is experiencing a DoS from a number of marketing desktops that have been compromised and are connected to a separate network segment. The security engineer implements the following configuration on the management router:


Which of the following is the engineer implementing?
Risk Management Enterprise Security Operations
The security administrator of a small firm wants to stay current on the latest security vulnerabilities and attack vectors being used by crime syndicates and nation-states. The information must be actionable and reliable. Which of the following would BEST meet the needs of the security administrator?
Enterprise Security Architecture Enterprise Security Architecture
An attacker has been compromising banking institution targets across a regional area. The Chief Information Security Officer (CISO) at a local bank wants to detect and prevent an attack before the bank becomes a victim. Which of the following actions should the CISO take?
Risk Management Enterprise Security Operations
A corporate forensic investigator has been asked to acquire five forensic images of an employee database application. There are three images to capture in the United States, one in the United Kingdom, and one in Germany. Upon completing the work, the forensics investigator saves the images to a local workstation. Which of the following types of concerns should the forensic investigator have about this work assignment?
Risk Management Enterprise Security Operations
Engineers at a company believe a certain type of data should be protected from competitors, but the data owner insists the information is not sensitive. An information security engineer is implementing controls to secure the corporate SAN. The controls require dividing data into four groups: non-sensitive, sensitive but accessible, sensitive but export-controlled, and extremely sensitive.

Which of the following actions should the engineer take regarding the data?
Risk Management Enterprise Security Operations