Exam Logo

Comptia (CAS-003) Exam Questions And Answers page 38

A security administrator was informed that a server unexpectedly rebooted. The administrator received an export of syslog entries for analysis:

Which of the following does the log sample indicate? (Choose two.)
Risk Management Enterprise Security Operations
A financial institution s information security officer is working with the risk management officer to determine what to do with the institution s residual risk after all security controls have been implemented. Considering the institution s very low risk tolerance, which of the following strategies would be BEST?
Risk Management Risk Management
A Chief Information Security Officer (CISO is reviewing and revising system configuration and hardening guides that were developed internally and have been used several years to secure the organization s systems. The CISO knows improvements can be made to the guides.

Which of the following would be the BEST source of reference during the revision process?
Risk Management Enterprise Security Operations
A new security policy states all wireless and wired authentication must include the use of certificates when connecting to internal resources within the enterprise LAN by all employees.

Which of the following should be configured to comply with the new security policy? (Choose two.)
Risk Management Enterprise Security Operations
A security consultant is conducting a penetration test against a customer enterprise that comprises local hosts and cloud-based servers. The hosting service employs a multitenancy model with elastic provisioning to meet customer demand. The customer runs multiple virtualized servers on each provisioned cloud host. The security consultant is able to obtain multiple sets of administrator credentials without penetrating the customer network. Which of the following is the MOST likely risk the tester exploited?
Enterprise Security Architecture Enterprise Security Operations
An organization has been notified of a breach related to its sensitive data. The point of compromise is the use of weak encryption algorithms on a web server that provides access to a legacy API. The organization had previously decided to accept the risk of using weak algorithms due to the cost to continually develop the legacy platform. Other system owners need to be aware of the increased likelihood of this threat. Which of the following should be reviewed by the CERT and presented to system owners to ensure a proper risk analysis is performed?
Risk Management Enterprise Security Operations
A recent penetration test identified that a web server has a major vulnerability. The web server hosts a critical shipping application for the company and requires 99.99% availability. Attempts to fix the vulnerability would likely break the application. The shipping application is due to be replaced in the next three months. Which of the following would BEST secure the web server until the replacement web server is ready?
Risk Management Enterprise Security Operations
A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?
Risk Management Enterprise Security Architecture
An external red team is brought into an organization to perform a penetration test of a new network-based application. The organization deploying the network application wants the red team to act like remote, external attackers, and instructs the team to use a black-box approach. Which of the following is the BEST methodology for the red team to follow?
Risk Management Enterprise Security Operations
A security analyst sees some suspicious entries in a log file from a web server website, which has a form that allows customers to leave feedback on the company s products. The analyst believes a malicious actor is scanning the web form. To know which security controls to put in place, the analyst first needs to determine the type of activity occurring to design a control. Given the log below:


Which of the following is the MOST likely type of activity occurring?
Risk Management Enterprise Security Architecture