Comptia (CAS-003) Exam Questions And Answers page 41
Two competing companies experienced similar attacks on their networks from various threat actors. To improve response times, the companies wish to share some threat intelligence about the sources and methods of attack. Which of the following business documents would be BEST to document this engagement?
Memorandum of understanding
Service-level agreement
Interconnection security agreement
Enterprise Security Architecture
Enterprise Security Operations
Ann, a member of the finance department at a large corporation, has submitted a suspicious email she received to the information security team. The team was not expecting an email from Ann, and it contains a PDF file inside a ZIP compressed archive. The information security team is not sure which files were opened. A security team member uses an air-gapped PC to open the ZIP and PDF, and it appears to be a social engineering attempt to deliver an exploit.
Which of the following would provide greater insight on the potential impact of this attempted attack?
Which of the following would provide greater insight on the potential impact of this attempted attack?
Run an antivirus scan on the finance PC.
Use a protocol analyzer on the air-gapped PC.
Perform reverse engineering on the document.
Analyze network logs for unusual traffic.
Run a baseline analyzer against the user s computer.
Risk Management
Enterprise Security Architecture
A company contracts a security engineer to perform a penetration test of its client-facing web portal. Which of the following activities would be MOST appropriate?
Use a protocol analyzer against the site to see if data input can be replayed from the browser
Scan the website through an interception proxy and identify areas for the code injection
Scan the site with a port scanner to identify vulnerable services running on the web server
Use network enumeration tools to identify if the server is running behind a load balancer
Risk Management
Enterprise Security Architecture
A cloud architect is moving a distributed system to an external cloud environment. The company must be able to:
• Administer the server software at OS and application levels.
• Show the data being stored is physically separated from other tenants.
• Provide remote connectivity for MSSPs.
Which of the following configurations and architectures would BEST support these requirements?
• Administer the server software at OS and application levels.
• Show the data being stored is physically separated from other tenants.
• Provide remote connectivity for MSSPs.
Which of the following configurations and architectures would BEST support these requirements?
Private PaaS
Single-tenancy IaaS
Hybrid SaaS
Multitenancy DBaaS
Risk Management
Enterprise Security Operations
Which of the following attacks can be mitigated by proper data retention policies?
Dumpster diving
Man-in-the browser
Spear phishing
Watering hole
Risk Management
Risk Management
An organization is struggling to differentiate threats from normal traffic and access to systems. A security engineer has been asked to recommend a system that will aggregate data and provide metrics that will assist in identifying malicious actors or other anomalous activity throughout the environment. Which of the following solutions should the engineer recommend?
Web application firewall
SIEM
IPS
UTM
File integrity monitor
Enterprise Security Operations
Enterprise Security Operations
A company has completed the implementation of technical and management controls as required by its adopted security policies and standards. The implementation took two years and consumed all the budget approved to security projects. The board has denied any further requests for additional budget. Which of the following should the company do to address the residual risk?
Transfer the risk
Baseline the risk
Accept the risk
Remove the risk
Risk Management
Risk Management
A cybersecurity engineer analyzed a system for vulnerabilities. The tool created an OVAL Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form? (Choose two.)
Text editor
OOXML editor
Event Viewer
XML style sheet
SCAP tool
Debugging utility
Enterprise Security Architecture
Enterprise Security Operations
An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions. Which of the following types of information could be drawn from such participation?
Threat modeling
Risk assessment
Vulnerability data
Threat intelligence
Risk metrics
Exploit frameworks
Risk Management
Research, Development, and Collaboration
During the decommissioning phase of a hardware project, a security administrator is tasked with ensuring no sensitive data is released inadvertently. All paper records are scheduled to be shredded in a crosscut shredder, and the waste will be burned. The system drives and removable media have been removed prior to e-cycling the hardware.
Which of the following would ensure no data is recovered from the system drives once they are disposed of?
Which of the following would ensure no data is recovered from the system drives once they are disposed of?
Overwriting all HDD blocks with an alternating series of data.
Physically disabling the HDDs by removing the drive head.
Demagnetizing the hard drive using a degausser.
Deleting the UEFI boot loaders from each HDD.
Risk Management
Enterprise Security Operations
Comments