Comptia (CAS-003) Exam Questions And Answers page 35
After multiple service interruptions caused by an older datacenter design, a company decided to migrate away from its datacenter. The company has successfully completed the migration of all datacenter servers and services to a cloud provider. The migration project includes the following phases:
• Selection of a cloud provider
• Architectural design
• Microservice segmentation
• Virtual private cloud
• Geographic service redundancy
• Service migration
The Chief Information Security Officer (CISO) is still concerned with the availability requirements of critical company applications. Which of the following should the company implement NEXT?
• Selection of a cloud provider
• Architectural design
• Microservice segmentation
• Virtual private cloud
• Geographic service redundancy
• Service migration
The Chief Information Security Officer (CISO) is still concerned with the availability requirements of critical company applications. Which of the following should the company implement NEXT?
Single-tenancy private cloud
Hybrid cloud solution
Cloud access security broker
Enterprise Security Operations
Technical Integration of Enterprise Security
A company uses an enterprise desktop imaging solution to manage deployment of its desktop computers. Desktop computer users are only permitted to use software that is part of the baseline image. Which of the following technical solutions was MOST likely deployed by the company to ensure only known-good software can be installed on corporate desktops?
Network access control
Configuration Manager
Application whitelisting
File integrity checks
Enterprise Security Operations
Technical Integration of Enterprise Security
A Chief Information Security Officer (CISO) is reviewing technical documentation from various regional offices and notices some key differences between these groups. The CISO has not discovered any governance documentation. The CISO creates the following chart to visualize the differences among the networking used:
Which of the following would be the CISO s MOST immediate concern?
Which of the following would be the CISO s MOST immediate concern?
There are open standards in use on the network.
Network engineers have ignored defacto standards.
Network engineers are not following SOPs.
The network has competing standards in use.
Enterprise Security Operations
Technical Integration of Enterprise Security
A developer needs to provide feedback on a peer s work during the SDLC. While reviewing the code changes, the developer discovers session ID tokens for a web application will be transmitted over an unsecure connection.
Which of the following code snippets should the developer recommend implementing to correct the vulnerability?
Which of the following code snippets should the developer recommend implementing to correct the vulnerability?
Risk Management
Enterprise Security Operations
An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes. The machine is running a very recent release of the Linux OS.
Which of the following technical approaches would be the MOST feasible way to accomplish this capture?
Which of the following technical approaches would be the MOST feasible way to accomplish this capture?
Run the memdump utility with the -k flag.
Use a loadable kernel module capture utility, such as LiME.
Run dd on/dev/mem.
Employ a stand-alone utility, such as FTK Imager.
Enterprise Security Operations
Enterprise Security Operations
SIMULATION
Technical Integration of Enterprise Security
Integration of Computing, Communications, and Business Disciplines
A systems security engineer is assisting an organization s market survey team in reviewing requirements for an upcoming acquisition of mobile devices. The engineer expresses concerns to the survey team about a particular class of devices that uses a separate SoC for baseband radio I/O. For which of the following reasons is the engineer concerned?
These devices can communicate over networks older than HSPA+ and LTE standards, exposing device communications to poor encryptions routines
The organization will be unable to restrict the use of NFC, electromagnetic induction, and Bluetooth technologies
The associated firmware is more likely to remain out of date and potentially vulnerable
The manufacturers of the baseband radios are unable to enforce mandatory access controls within their driver set
Enterprise Security Operations
Enterprise Security Operations
A company s existing forward proxies support software-based TLS decryption, but are currently at 60% load just dealing with AV scanning and content analysis for HTTP traffic. More than 70% outbound web traffic is currently encrypted. The switching and routing network infrastructure precludes adding capacity, preventing the installation of a dedicated TLS decryption system. The network firewall infrastructure is currently at 30% load and has software decryption modules that can be activated by purchasing additional license keys. An existing project is rolling out agent updates to end-user desktops as part of an endpoint security refresh.
Which of the following is the BEST way to address these issues and mitigate risks to the organization?
Which of the following is the BEST way to address these issues and mitigate risks to the organization?
Purchase the SSL, decryption license for the firewalls and route traffic back to the proxies for end-user categorization and malware analysis.
Roll out application whitelisting to end-user desktops and decommission the existing proxies, freeing up network ports.
Use an EDP solution to address the malware issue and accept the diminishing role of the proxy for URL categorization in the short team.
Accept the current risk and seek possible funding approval in the next budget cycle to replace the existing proxies with ones with more capacity.
Risk Management
Enterprise Security Operations
A company has adopted and established a continuous-monitoring capability, which has proven to be effective in vulnerability management, diagnostics, and mitigation. The company wants to increase the likelihood that it is able to discover and therefore respond to emerging threats earlier in the life cycle.
Which of the following methodologies would BEST help the company to meet this objective? (Choose two.)
Which of the following methodologies would BEST help the company to meet this objective? (Choose two.)
Install and configure an IPS.
Enforce routine GPO reviews.
Form and deploy a hunt team.
Institute heuristic anomaly detection.
Use a protocol analyzer with appropriate connectors.
Risk Management
Enterprise Security Operations
An organization s mobile device inventory recently provided notification that a zero-day vulnerability was identified in the code used to control the baseband of the devices. The device manufacturer is expediting a patch, but the rollout will take several months.
Additionally, several mobile users recently returned from an overseas trip and report their phones now contain unknown applications, slowing device performance. Users have been unable to uninstall these applications, which persist after wiping the devices. Which of the following MOST likely occurred and provides mitigation until the patches are released?
Additionally, several mobile users recently returned from an overseas trip and report their phones now contain unknown applications, slowing device performance. Users have been unable to uninstall these applications, which persist after wiping the devices. Which of the following MOST likely occurred and provides mitigation until the patches are released?
Unauthentic firmware was installed; disable OTA updates and carrier roaming via MDM
Users opened a spear-phishing email; disable third-party application stores and validate all signed code prior to execution
An attacker downloaded monitoring applications; perform a full factory reset of the affected devices
Users received an improperly encoded emergency broadcast message, leading to an integrity loss condition; disable emergency broadcast messages
Risk Management
Enterprise Security Operations
Comments