Exam Logo

Comptia (CAS-003) Exam Questions And Answers page 29

Given the following:

Which of the following vulnerabilities is present in the above code snippet?
Risk Management Enterprise Security Operations
At a meeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company s web servers can be obtained publicly and is not proprietary in any way. The next day the company s website is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website.

Which of the following is the FIRST action the company should take?
Risk Management Enterprise Security Operations
An organization s network engineering team recently deployed a new software encryption solution to ensure the confidentiality of data at rest, which was found to add 300ms of latency to data read-write requests in storage, impacting business operations.

Which of the following alternative approaches would BEST address performance requirements while meeting the intended security objective?
Risk Management Enterprise Security Operations
As part of the development process for a new system, the organization plans to perform requirements analysis and risk assessment. The new system will replace a legacy system, which the organization has used to perform data analytics.

Which of the following is MOST likely to be part of the activities conducted by management during this phase of the project?
Risk Management Risk Management
A security administrator wants to allow external organizations to cryptographically validate the company s domain name in email messages sent by employees. Which of the following should the security administrator implement?
Risk Management Enterprise Security Architecture
As part of an organization s compliance program, administrators must complete a hardening checklist and note any potential improvements. The process of noting improvements in the checklist is MOST likely driven by:
Risk Management Enterprise Security Operations
A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable.

Which of the following solutions BEST meets all of the architect s objectives?
Enterprise Security Architecture Enterprise Security Operations
A systems administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?
Risk Management Enterprise Security Operations
Ann, a security manager, is reviewing a threat feed that provides information about attacks that allow a malicious user to gain access to private contact lists. Ann receives a notification that the vulnerability can be exploited within her environment. Given this information, Ann can anticipate an increase in:
Risk Management Enterprise Security Operations
The HVAC and fire suppression systems that were recently deployed at multiple locations are susceptible to a new vulnerability. A security engineer needs to ensure the vulnerability is not exploited. The devices are directly managed by a smart controller and do not need access to other parts of the network. Signatures are available to detect this vulnerability. Which of the following should be the FIRST step in completing the request?
Enterprise Security Operations Enterprise Security Operations