Exam Logo

Comptia (CAS-003) Exam Questions And Answers page 30

A company is the victim of a phishing and spear-phishing campaign. Users are clicking on website links that look like common bank sites and entering their credentials accidentally. A security engineer decides to use a layered defense to prevent the phishing or lessen its impact. Which of the following should the security engineer implement? (Choose two.)
Enterprise Security Operations Enterprise Security Operations
Company A is establishing a contractual relationship with Company B. The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights. Which of the following documents will MOST likely contain these elements?
Risk Management Research, Development, and Collaboration
A cybersecurity consulting company supports a diverse customer base. Which of the following types of constraints is MOST important for the consultancy to consider when advising a regional healthcare provider versus a global conglomerate?
Risk Management Enterprise Security Operations
Legal authorities notify a company that its network has been compromised for the second time in two years. The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks. Which of the following would have allowed the security team to use historical information to protect against the second attack?
Risk Management Enterprise Security Operations
A security engineer is assisting a developer with input validation, and they are studying the following code block:


The security engineer wants to ensure strong input validation is in place for customer-provided account identifiers. These identifiers are ten-digit numbers. The developer wants to ensure input validation is fast because a large number of people use the system.

Which of the following would be the BEST advice for the security engineer to give to the developer?
Risk Management Enterprise Security Operations
A system owner has requested support from data owners to evaluate options for the disposal of equipment containing sensitive data. Regulatory requirements state the data must be rendered unrecoverable via logical means or physically destroyed.

Which of the following factors is the regulation intended to address?
Risk Management Enterprise Security Operations
A SaaS-based email service provider often receives reports from legitimate customers that their IP netblocks are on blacklists and they cannot send email. The SaaS has confirmed that affected customers typically have IP addresses within broader network ranges and some abusive customers within the same IP ranges may have performed spam campaigns. Which of the following actions should the SaaS provider perform to minimize legitimate customer impact?
Risk Management Enterprise Security Operations
When implementing a penetration testing program, the Chief Information Security Officer (CISO) designates different organizational groups within the organization as having different responsibilities, attack vectors, and rules of engagement. First, the CISO designates a team to operate from within the corporate environment. This team is commonly referred to as:
Enterprise Security Operations Enterprise Security Operations
An enterprise with global sites processes and exchanges highly sensitive information that is protected under several countries arms trafficking laws. There is new information that malicious nation-state-sponsored activities are targeting the use of encryption between the geographically disparate sites. The organization currently employs ECDSA and ECDH with P-384, SHA-384, and AES-256-GCM on VPNs between sites.

Which of the following techniques would MOST likely improve the resilience of the enterprise to attack on cryptographic implementation?
Enterprise Security Architecture Enterprise Security Architecture
A software company tripled its workforce by hiring numerous early career developers out of college. The senior development team has a long-running history of secure coding, mostly through experience and extensive peer review, and recognizes it would be infeasible to train the new staff without halting development operations. Therefore, the company needs a strategy that will integrate training on secure code writing while reducing the impact to operations. Which of the following will BEST achieve this goal?
Risk Management Enterprise Security Operations