Comptia (CAS-003) Exam Questions And Answers page 40
A systems administrator receives an advisory email that a recently discovered exploit is being used in another country and the financial institutions have ceased operations while they find a way to respond to the attack. Which of the following BEST describes where the administrator should look to find information on the attack to determine if a response must be prepared for the systems? (Choose two.)
Hacker forums
Antivirus vendor websites
Trade industry association websites
CVE database
Company s legal department
Risk Management
Enterprise Security Operations
A security analyst has requested network engineers integrate sFlow into the SOC s overall monitoring picture. For this to be a useful addition to the monitoring capabilities, which of the following must be considered by the engineering team?
Effective deployment of network taps
Overall bandwidth available at Internet PoP
Optimal placement of log aggregators
Availability of application layer visualizers
Enterprise Security Operations
Technical Integration of Enterprise Security
A systems administrator has deployed the latest patches for Windows-based machines. However, the users on the network are experiencing exploits from various threat actors, which the patches should have corrected. Which of the following is the MOST likely scenario?
The machines were infected with malware.
The users did not reboot the computer after the patches were deployed.
The systems administrator used invalid credentials to deploy the patches.
The patches were deployed on non-Windows-based machines.
Risk Management
Enterprise Security Operations
A company has gone through a round of phishing attacks. More than 200 users have had their workstation infected because they clicked on a link in an email. An incident analysis has determined an executable ran and compromised the administrator account on each workstation. Management is demanding the information security team prevent this from happening again.
Which of the following would BEST prevent this from happening again?
Which of the following would BEST prevent this from happening again?
Antivirus
Patch management
Log monitoring
Application whitelisting
Awareness training
Risk Management
Enterprise Security Operations
A security engineer at a company is designing a system to mitigate recent setbacks caused by competitors that are beating the company to market with new products. Several of the products incorporate proprietary enhancements developed by the engineer s company. The network already includes a SIEM and a NIPS and requires 2FA for all user access. Which of the following systems should the engineer consider NEXT to mitigate the associated risks?
DLP
Mail gateway
Data flow enforcement
UTM
Risk Management
Enterprise Security Operations
Following a merger, the number of remote sites for a company has doubled to 52. The company has decided to secure each remote site with an NGFW to provide web filtering, NIDS/NIPS, and network antivirus. The Chief Information Officer (CIO) has requested that the security engineer provide recommendations on sizing for the firewall with the requirements that it be easy to manage and provide capacity for growth.
The tables below provide information on a subset of remote sites and the firewall options:
Which of the following would be the BEST option to recommend to the CIO?
The tables below provide information on a subset of remote sites and the firewall options:
Which of the following would be the BEST option to recommend to the CIO?
Vendor C for all remote sites
Vendor A for all remote sites
Vendor D for all remote sites
Vendor C for small remote sites, and Vendor B for large sites.
Vendor B for all remote sites
Risk Management
Enterprise Security Operations
A company provides guest WiFi access to the Internet and physically separates the guest network from the company s internal WiFi. Due to a recent incident in which an attacker gained access to the company s internal WiFi, the company plans to configure WPA2 Enterprise in an EAP-TLS configuration. Which of the following must be installed on authorized hosts for this new configuration to work properly?
Active Directory GPOs
PKI certificates
Host-based firewall
NAC persistent agent
Risk Management
Enterprise Security Operations
A security engineer is assessing a new IoT product. The product interfaces with the ODBII port of a vehicle and uses a Bluetooth connection to relay data to an onboard data logger located in the vehicle. The data logger can only transfer data over a custom USB cable. The engineer suspects a replay attack is possible against the cryptographic implementation used to secure messages between segments of the system. Which of the following tools should the engineer use to confirm the analysis?
Vulnerability scanner
Wireless protocol analyzer
Log analysis and reduction tools
Network-based fuzzer
Enterprise Security Architecture
Enterprise Security Operations
A company is migrating systems from an on-premises facility to a third-party managed datacenter. For continuity of operations and business agility, remote access to all hardware platforms must be available at all times. Access controls need to be very robust and provide an audit trail. Which of the following security controls will meet the company s objectives? (Choose two.)
Integrated platform management interfaces are configured to allow access only via SSH
Access to hardware platforms is restricted to the systems administrator s IP address
Access is captured in event logs that include source address, time stamp, and outcome
The IP addresses of server management interfaces are located within the company s extranet
Access is limited to interactive logins on the VDi
Application logs are hashed cryptographically and sent to the SIEM
Risk Management
Enterprise Security Operations
A security administrator wants to stand up a NIPS that is multilayered and can incorporate many security technologies into a single platform. The product should have diverse capabilities, such as antivirus, VPN, and firewall services, and be able to be updated in a timely manner to meet evolving threats. Which of the following network prevention system types can be used to satisfy the requirements?
Application firewall
Unified threat management
Enterprise firewall
Content-based
Enterprise Security Architecture
Enterprise Security Operations
Comments