Comptia (CAS-003) Exam Questions And Answers page 5
A security engineer is embedded with a development team to ensure security is built into products being developed. The security engineer wants to ensure developers are not blocked by a large number of security requirements applied at specific schedule points.
Which of the following solutions BEST meets the engineer s goal?
Which of the following solutions BEST meets the engineer s goal?
Develop and implement a set of automated security tests to be installed on each development team leader s workstation.
Enforce code quality and reuse standards into the requirements definition phase of the waterfall development process.
Deploy an integrated software tool that builds and tests each portion of code committed by developers and provides feedback.
Enterprise Security Operations
Enterprise Security Operations
A large industrial system s smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company s security manager notices the generator s IP is sending packets to an internal file server s IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?
Segmentation
Firewall whitelisting
Containment
Isolation
Enterprise Security Operations
Enterprise Security Operations
A systems analyst is concerned that the current authentication system may not provide the appropriate level of security. The company has integrated WAYF within its federation system and implemented a mandatory two-step authentication system. Some accounts are still becoming compromised via phishing attacks that redirect users to a fake portal, which is automatically collecting and replaying the stolen credentials. Which of the following is a technical solution that would BEST reduce the risk of similar compromises?
Security awareness training
Push-based authentication
Software-based TOTP
OAuth tokens
Shibboleth
Enterprise Security Architecture
Enterprise Security Operations
To meet an SLA, which of the following document should be drafted, defining the company s internal interdependent unit responsibilities and delivery timelines.
BPA
OLA
MSA
MOU
Enterprise Security Operations
Enterprise Security Operations
A systems administrator has installed a disk wiping utility on all computers across the organization and configured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. The company has also instituted a policy that requires users to erase files containing sensitive information when they are no longer needed.
To ensure the process provides the intended results, an auditor reviews the following content from a randomly selected decommissioned hard disk:
Which of the following should be included in the auditor s report based on the above findings?
To ensure the process provides the intended results, an auditor reviews the following content from a randomly selected decommissioned hard disk:
Which of the following should be included in the auditor s report based on the above findings?
The hard disk contains bad sectors
The disk has been degaussed.
The data represents part of the disk BIOS.
Sensitive data might still be present on the hard drives.
Risk Management
Enterprise Security Operations
The code snippet below controls all electronic door locks to a secure facility in which the doors should only fail open in an emergency. In the code, criticalValue indicates if an emergency is underway:
Which of the following is the BEST course of action for a security analyst to recommend to the software developer?
Which of the following is the BEST course of action for a security analyst to recommend to the software developer?
Rewrite the software to implement fine-grained, conditions-based testing
Add additional exception handling logic to the main program to prevent doors from being opened
Apply for a life-safety-based risk exception allowing secure doors to fail open
Rewrite the software s exception handling routine to fail in a secure state
Risk Management
Enterprise Security Operations
An organization is evaluating options related to moving organizational assets to a cloud-based environment using an IaaS provider. One engineer has suggested connecting a second cloud environment within the organization s existing facilities to capitalize on available datacenter space and resources. Other project team members are concerned about such a commitment of organizational assets, and ask the Chief Security Officer (CSO) for input. The CSO explains that the project team should work with the engineer to evaluate the risks associated with using the datacenter to implement:
a hybrid cloud.
an on-premises private cloud.
a hosted hybrid cloud.
a private cloud.
Risk Management
Enterprise Security Operations
The Chief Information Security Officer (CISO) of an e-retailer, which has an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local authorities, and when they arrive on-site, the authorities ask a security engineer to create a point-in-time copy of the running database in their presence. This is an example of:
creating a forensic image
deploying fraud monitoring
following a chain of custody
analyzing the order of volatility
Risk Management
Enterprise Security Operations
The Chief Executive Officer (CEO) of a small company decides to use cloud computing to host critical corporate data for protection from natural disasters. The recommended solution is to adopt the public cloud for its cost savings. If the CEO insists on adopting the public cloud model, which of the following would be the BEST advice?
Ensure the cloud provider supports a secure virtual desktop infrastructure
Ensure the colocation facility implements a robust DRP to help with business continuity planning
Ensure the on-premises datacenter employs fault tolerance and load balancing capabilities
Ensure the ISP is using a standard help-desk ticketing system to respond to any system outages
Risk Management
Enterprise Security Operations
The information security manager of an e-commerce company receives an alert over the weekend that all the servers in a datacenter have gone offline. Upon discussing this situation with the facilities manager, the information security manager learns there was planned electrical maintenance. The information security manager is upset at not being part of the maintenance planning, as this could have resulted in a loss of:
data confidentiality
data security
PCI compliance
business availability
Risk Management
Enterprise Security Operations
Comments