Comptia (CAS-003) Exam Questions And Answers page 7
A line-of-business manager has decided, in conjunction with the IT and legal departments, that outsourcing a specific function to a third-party vendor would be the best course of action for the business to increase efficiency and profit. Which of the following should the Chief Security Officer (CSO) perform before signing off on the third-party vendor?
Vulnerability assessment
Penetration test
Application code review
Risk assessment
Enterprise Security Architecture
Enterprise Security Operations
After analyzing code, two developers at a company bring these samples to the security operations manager:
Which of the following would BEST solve these coding problems?
Which of the following would BEST solve these coding problems?
Use a privileged access management system
Prompt the administrator for the password
Use salted hashes with PBKDF2
Increase the complexity and length of the password
Risk Management
Enterprise Security Operations
An internal application has been developed to increase the efficiency of an operational process of a global manufacturer. New code was implemented to fix a security bug, but it has caused operations to halt. The executive team has decided fixing the security bug is less important than continuing operations.
Which of the following would BEST support immediate rollback of the failed fix? (Choose two.)
Which of the following would BEST support immediate rollback of the failed fix? (Choose two.)
Version control
Agile development
Waterfall development
Change management
Continuous integration
Enterprise Security Operations
Enterprise Security Operations
A network engineer is concerned about hosting web, SFTP, and email services in a single DMZ that is hosted in the same security zone. This could potentially allow lateral movement within the environment. Which of the following should the engineer implement to mitigate the risk?
Put all the services on a single host to reduce the number of servers.
Create separate security zones for each service and use ACLs for segmentation.
Keep the web server in the DMZ and move the other server services to the internal network.
Deploy a switch and create VLANs for each service.
Risk Management
Enterprise Security Operations
A penetration tester has been contracted to conduct a physical assessment of a site. Which of the following is the MOST plausible method of social engineering to be conducted during this engagement?
Randomly calling customer employees and posing as a help desk technician requiring user password to resolve issues
Posing as a copier service technician and indicating the equipment had phoned home to alert the technician for a service call
Simulating an illness while at a client location for a sales call and then recovering once listening devices are installed
Obtaining fake government credentials and impersonating law enforcement to gain access to a company facility
Risk Management
Enterprise Security Operations
A network printer needs Internet access to function. Corporate policy states all devices allowed on the network must be authenticated. Which of the following is the MOST secure method to allow the printer on the network without violating policy?
Request an exception to the corporate policy from the risk management committee
Require anyone trying to use the printer to enter their username and password
Have a help desk employee sign in to the printer every morning
Issue a certificate to the printer and use certificate-based authentication
Risk Management
Enterprise Security Operations
After investigating virus outbreaks that have cost the company $1000 per incident, the company s Chief Information Security Officer (CISO) has been researching new antivirus software solutions to use and be fully supported for the next two years. The CISO has narrowed down the potential solutions to four candidates that meet all the company s performance and capability requirements:
Using the table above, which of the following would be the BEST business-driven choice among the five possible solutions?
Using the table above, which of the following would be the BEST business-driven choice among the five possible solutions?
Product A
Product B
Product C
Product D
Product E
Risk Management
Enterprise Security Architecture
Following a recent outage, a systems administrator is conducting a study to determine a suitable bench stock on server hard drives.
Which of the following metrics is MOST valuable to the administrator in determining how many hard drives to keep-on hand?
Which of the following metrics is MOST valuable to the administrator in determining how many hard drives to keep-on hand?
MTBF
TTR
ALE
SLE
RPO
Risk Management
Enterprise Security Operations
An information security manager conducted a gap analysis, which revealed a 75% implementation of security controls for high-risk vulnerabilities, 90% for medium vulnerabilities, and 10% for low-risk vulnerabilities. To create a road map to close the identified gaps, the assurance team reviewed the likelihood of exploitation of each vulnerability and the business impact of each associated control. To determine which controls to implement, which of the following is the MOST important to consider?
KRI
GRC
BIA
KPI
Risk Management
Enterprise Security Operations
A product manager is concerned about the unintentional sharing of the company s intellectual property through employees use of social media. Which of the following would BEST mitigate this risk?
Virtual desktop environment
Network segmentation
Web application firewall
Web content filter
Risk Management
Enterprise Security Architecture
Comments