Comptia (CAS-003) Exam Questions And Answers page 4
A technician is validating compliance with organizational policies. The user and machine accounts in the AD are not set to expire, which is non-compliant. Which of the following network tools would provide this type of information?
IDS appliance
SCAP scanner
HTTP interceptor
Risk Management
Enterprise Security Operations
A security analyst works for a defense contractor that produces classified research on drones. The contractor faces nearly constant attacks from sophisticated nation-state actors and other APIs.
Which of the following would help protect the confidentiality of the research data?
Which of the following would help protect the confidentiality of the research data?
Use diverse components in layers throughout the architecture
Implement non-heterogeneous components at the network perimeter
Purge all data remnants from client devices' volatile memory at regularly scheduled intervals
Use only in-house developed applications that adhere to strict SDLC security requirements
Risk Management
Enterprise Security Architecture
A project manager is working with a software development group to collect and evaluate user scenarios related to the organization s internally designed data analytics tool. While reviewing stakeholder input, the project manager would like to formally document the needs of the various stakeholders and the associated organizational compliance objectives supported by the project.
Which of the following would be MOST appropriate to use?
Which of the following would be MOST appropriate to use?
Roles matrix
Peer review
BIA
SRTM
Risk Management
Enterprise Security Architecture
Security policies that are in place at an organization prohibit USB drives from being utilized across the entire enterprise, with adequate technical controls in place to block them. As a way to still be able to work from various locations on different computing resources, several sales staff members have signed up for a web-based storage solution without the consent of the IT department. However, the operations department is required to use the same service to transmit certain business partner documents.
Which of the following would BEST allow the IT department to monitor and control this behavior?
Which of the following would BEST allow the IT department to monitor and control this behavior?
Enabling AAA
Deploying a CASB
Configuring an NGFW
Installing a WAF
Utilizing a vTPM
Risk Management
Enterprise Security Operations
A security manager recently categorized an information system. During the categorization effort, the manager determined the loss of integrity of a specific information type would impact business significantly. Based on this, the security manager recommends the implementation of several solutions. Which of the following, when combined, would BEST mitigate this risk? (Choose two.)
Validation
Access control
Whitelisting
Signing
Boot attestation
Risk Management
Enterprise Security Architecture
Which of the following controls primarily detects abuse of privilege but does not prevent it?
Offboarding
Separation of duties
Least privilege
Job rotation
Risk Management
Enterprise Security Operations
An organization has recently deployed an EDR solution across its laptops, desktops, and server infrastructure. The organization s server infrastructure is deployed in an IaaS environment. A database within the non-production environment has been misconfigured with a routable IP and is communicating with a command and control server.
Which of the following procedures should the security responder apply to the situation? (Choose two.)
Which of the following procedures should the security responder apply to the situation? (Choose two.)
Initiate a legal hold.
Perform a risk assessment.
Contain the server.
Determine the data handling standard.
Disclose the breach to customers.
Perform an IOC sweep to determine the impact.
Risk Management
Enterprise Security Architecture
A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization s vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to the organization. The CISO determines systems administrators need to participate in industry security events. Which of the following is the CISO looking to improve?
Vendor diversification
System hardening standards
Bounty programs
Threat awareness
Vulnerability signatures
Risk Management
Enterprise Security Architecture
Staff members are reporting an unusual number of device thefts associated with time out of the office. Thefts increased soon after the company deployed a new social networking application. Which of the following should the Chief Information Security Officer (CISO) recommend implementing?
Automatic location check-ins
Geolocated presence privacy
Integrity controls
NAC checks to quarantine devices
Risk Management
Enterprise Security Architecture
An organization is considering the use of a thin client architecture as it moves to a cloud-hosted environment. A security analyst is asked to provide thoughts on the security advantages of using thin clients and virtual workstations.
Which of the following are security advantages of the use of this combination of thin clients and virtual workstations?
Which of the following are security advantages of the use of this combination of thin clients and virtual workstations?
Malicious insiders will not have the opportunity to tamper with data at rest and affect the integrity of the system.
Thin client workstations require much less security because they lack storage and peripherals that can be easily compromised, and the virtual workstations are protected in the cloud where security is outsourced.
All thin clients use TPM for core protection, and virtual workstations use vTPM for core protection with both equally ensuring a greater security advantage for a cloud-hosted environment.
Malicious users will have reduced opportunities for data extractions from their physical thin client workstations, this reducing the effectiveness of local attacks.
Enterprise Security Operations
Technical Integration of Enterprise Security
Comments