Comptia (CAS-003) Exam Questions And Answers page 28
A security analyst is reviewing the following packet capture of communication between a host and a company s router:
Which of the following actions should the security analyst take to remove this vulnerability?
Which of the following actions should the security analyst take to remove this vulnerability?
Implement a router ACL
Disconnect the host from the network
Install the latest antivirus definitions
Deploy a network-based IPS
Risk Management
Enterprise Security Operations
The Chief Information Officer (CIO) wants to increase security and accessibility among the organization s cloud SaaS applications. The applications are configured to use passwords, and two-factor authentication is not provided natively.
Which of the following would BEST address the CIO s concerns?
Which of the following would BEST address the CIO s concerns?
Procure a password manager for the employees to use with the cloud applications.
Create a VPN tunnel between the on-premises environment and the cloud providers.
Deploy applications internally and migrate away from SaaS applications.
Implement an IdP that supports SAML and time-based, one-time passwords.
Enterprise Security Operations
Enterprise Security Operations
An employee decides to log into an authorized system. The system does not prompt the employee for authentication prior to granting access to the console, and it cannot authenticate the network resources. Which of the following attack types can this lead to if it is not mitigated?
Memory leak
Race condition
Smurf
Deadlock
Risk Management
Enterprise Security Operations
A company s user community is being adversely affected by various types of emails whose authenticity cannot be trusted. The Chief Information Security Officer (CISO) must address the problem.
Which of the following solutions would BEST support trustworthy communication solutions?
Which of the following solutions would BEST support trustworthy communication solutions?
Enabling spam filtering and DMARC.
Using MFA when logging into email clients and the domain.
Enforcing HTTPS everywhere so web traffic, including email, is secure.
Enabling SPF and DKIM on company servers.
Enforcing data classification labels before an email is sent to an outside party.
Risk Management
Enterprise Security Architecture
A researcher is working to identify what appears to be a new variant of an existing piece of malware commonly used in ransomware attacks. While it is not identical to the malware previously evaluated, it has a number of similarities including language, payload, and algorithms. Which of the following would help the researcher safely compare the code base of the two variants?
Virtualized sandbox
Vulnerability scanner
Software-defined network
HTTP interceptor
Enterprise Security Operations
Enterprise Security Operations
An organization is in the process of evaluating service providers for an upcoming migration to cloud-based services for the organization s ERP system. As part of the requirements defined by the project team, regulatory requirements specify segmentation and isolation of the organization s data. Which of the following should the vendor management team identify as a requirement during the procurement process?
Public cloud services with single-tenancy IaaS architectures
Private cloud services with single-tenancy PaaS services
Private cloud services with multitenancy in place for private SaaS environments
Public cloud services with private SaaS environments supported by private IaaS backbones
Risk Management
Enterprise Security Operations
While attending a meeting with the human resources department, an organization s information security officer sees an employee using a username and password written on a memo pad to log into a specific service. When the information security officer inquires further as to why passwords are being written down, the response is that there are too many passwords to remember for all the different services the human resources department is required to use.
Additionally, each password has specific complexity requirements and different expiration time frames.
Which of the following would be the BEST solution for the information security officer to recommend?
Additionally, each password has specific complexity requirements and different expiration time frames.
Which of the following would be the BEST solution for the information security officer to recommend?
Utilizing MFA
Implementing SSO
Deploying 802.1X
Pushing SAML adoption
Implementing TACACS
Risk Management
Enterprise Security Operations
Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue. The security team needs to find a technical control mechanism that will meet the following requirements and aid in preventing these outbreaks:
• Stop malicious software that does not match a signature
• Report on instances of suspicious behavior
• Protect from previously unknown threats
• Augment existing security capabilities
Which of the following tools would BEST meet these requirements?
• Stop malicious software that does not match a signature
• Report on instances of suspicious behavior
• Protect from previously unknown threats
• Augment existing security capabilities
Which of the following tools would BEST meet these requirements?
Host-based firewall
EDR
HIPS
Patch management
Enterprise Security Operations
Technical Integration of Enterprise Security
A security analyst receives an email from a peer that includes a sample of code from a piece of malware found in an application running in the organization s staging environment. During the incident response process, it is determined the code was introduced into the environment as a result of a compromised laptop being used to harvest credentials and access the organization s code repository. While the laptop itself was not used to access the code repository, an attacker was able to leverage the harvested credentials from another system in the development environment to bypass the ACLs limiting access to the repositories. Which of the following controls MOST likely would have interrupted the kill chain in this attack?
IP whitelisting on the perimeter firewall
MFA for developer access
Dynamic analysis scans in the production environment
Blue team engagement in peer-review activities
Time-based restrictions on developer access to code repositories
Risk Management
Enterprise Security Operations
A newly hired Chief Information Security Officer (CISO) is reviewing the organization s security budget from the previous year. The CISO notices $100,000 worth of fines were paid for not properly encrypting outbound email messages. The CISO expects next year s costs associated with fines to double and the volume of messages to increase by 100%. The organization sent out approximately 25,000 messages per year over the last three years. Given the table below:
Which of the following would be BEST for the CISO to include in this year s budget?
Which of the following would be BEST for the CISO to include in this year s budget?
A budget line for DLP Vendor A
A budget line for DLP Vendor B
A budget line for DLP Vendor C
A budget line for DLP Vendor D
A budget line for paying future fines
Risk Management
Enterprise Security Operations
Comments