Exam Logo

Comptia (CAS-003) Exam Questions And Answers page 34

The Chief Information Security Officer (CISO) of a small, local bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually. Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?
Risk Management Enterprise Security Operations
After significant vulnerabilities and misconfigurations were found in numerous production web applications, a security manager identified the need to implement better development controls.
Which of the following controls should be verified? (Choose two.)
Enterprise Security Operations Enterprise Security Operations
An information security manager is concerned that connectivity used to configure and troubleshoot critical network devices could be attacked. The manager has tasked a network security engineer with meeting the following requirements:

• Encrypt all traffic between the network engineer and critical devices.
• Segregate the different networking planes as much as possible.
• Do not let access ports impact configuration tasks.

Which of the following would be the BEST recommendation for the network security engineer to present?
Risk Management Enterprise Security Operations
A security engineer is employed by a hospital that was recently purchased by a corporation. Throughout the acquisition process, all data on the virtualized file servers must be shared by departments within both organizations. The security engineer considers data ownership to determine:
Risk Management Enterprise Security Operations
To prepare for an upcoming audit, the Chief Information Security Officer (CISO) asks for all 1200 vulnerabilities on production servers to be remediated. The security engineer must determine which vulnerabilities represent real threats that can be exploited so resources can be prioritized to migrate the most dangerous risks. The CISO wants the security engineer to act in the same manner as would an external threat, while using vulnerability scan results to prioritize any actions. Which of the following approaches is described?
Risk Management Enterprise Security Operations
A project manager is working with a software development group to collect and evaluate user stories related to the organization s internally designed CRM tool. After defining requirements, the project manager would like to validate the developer s interpretation and understanding of the user s request. Which of the following would BEST support this objective?
Risk Management Enterprise Security Operations
A company has decided to replace all the T-1 uplinks at each regional office and move away from using the existing MPLS network. All regional sites will use high-speed connections and VPNs to connect back to the main campus. Which of the following devices would MOST likely be added at each location?
Enterprise Security Operations Enterprise Security Operations
The audit team was only provided the physical and logical addresses of the network without any type of access credentials.

Which of the following methods should the audit team use to gain initial access during the security assessment? (Choose two.)
Enterprise Security Operations Technical Integration of Enterprise Security
Given the following code snippet:


Of which of the following is this snippet an example?
Risk Management Enterprise Security Operations
A Chief Information Security Officer (CISO) is working with a consultant to perform a gap assessment prior to an upcoming audit. It is determined during the assessment that the organization lacks controls to effectively assess regulatory compliance by third-party service providers. Which of the following should be revised to address this gap?
Risk Management Enterprise Security Operations