Exam Logo

Comptia (CAS-003) Exam Questions And Answers page 5

A security engineer is embedded with a development team to ensure security is built into products being developed. The security engineer wants to ensure developers are not blocked by a large number of security requirements applied at specific schedule points.

Which of the following solutions BEST meets the engineer s goal?
Enterprise Security Operations Enterprise Security Operations
A large industrial system s smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company s security manager notices the generator s IP is sending packets to an internal file server s IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?
Enterprise Security Operations Enterprise Security Operations
A systems analyst is concerned that the current authentication system may not provide the appropriate level of security. The company has integrated WAYF within its federation system and implemented a mandatory two-step authentication system. Some accounts are still becoming compromised via phishing attacks that redirect users to a fake portal, which is automatically collecting and replaying the stolen credentials. Which of the following is a technical solution that would BEST reduce the risk of similar compromises?
Enterprise Security Architecture Enterprise Security Operations
To meet an SLA, which of the following document should be drafted, defining the company s internal interdependent unit responsibilities and delivery timelines.
Enterprise Security Operations Enterprise Security Operations
A systems administrator has installed a disk wiping utility on all computers across the organization and configured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. The company has also instituted a policy that requires users to erase files containing sensitive information when they are no longer needed.

To ensure the process provides the intended results, an auditor reviews the following content from a randomly selected decommissioned hard disk:


Which of the following should be included in the auditor s report based on the above findings?
Risk Management Enterprise Security Operations
The code snippet below controls all electronic door locks to a secure facility in which the doors should only fail open in an emergency. In the code, criticalValue indicates if an emergency is underway:

Which of the following is the BEST course of action for a security analyst to recommend to the software developer?
Risk Management Enterprise Security Operations
An organization is evaluating options related to moving organizational assets to a cloud-based environment using an IaaS provider. One engineer has suggested connecting a second cloud environment within the organization s existing facilities to capitalize on available datacenter space and resources. Other project team members are concerned about such a commitment of organizational assets, and ask the Chief Security Officer (CSO) for input. The CSO explains that the project team should work with the engineer to evaluate the risks associated with using the datacenter to implement:
Risk Management Enterprise Security Operations
The Chief Information Security Officer (CISO) of an e-retailer, which has an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local authorities, and when they arrive on-site, the authorities ask a security engineer to create a point-in-time copy of the running database in their presence. This is an example of:
Risk Management Enterprise Security Operations
The Chief Executive Officer (CEO) of a small company decides to use cloud computing to host critical corporate data for protection from natural disasters. The recommended solution is to adopt the public cloud for its cost savings. If the CEO insists on adopting the public cloud model, which of the following would be the BEST advice?
Risk Management Enterprise Security Operations
The information security manager of an e-commerce company receives an alert over the weekend that all the servers in a datacenter have gone offline. Upon discussing this situation with the facilities manager, the information security manager learns there was planned electrical maintenance. The information security manager is upset at not being part of the maintenance planning, as this could have resulted in a loss of:
Risk Management Enterprise Security Operations