Comptia (CAS-003) Exam Questions And Answers page 8
A software development firm wants to validate the use of standard libraries as part of the software development process. Each developer performs unit testing prior to committing changes to the code repository. Which of the following activities would be BEST to perform after a commit but before the creation of a branch?
Heuristic analysis
Dynamic analysis
Web application vulnerability scanning
Penetration testing
Risk Management
Enterprise Security Operations
The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review.
Which of the following BEST meets the needs of the board?
Which of the following BEST meets the needs of the board?
KRI:
- Compliance with regulations
- Backlog of unresolved security investigations
- Severity of threats and vulnerabilities reported by sensors
- Time to patch critical issues on a monthly basis
KPI:
- Time to resolve open security items
- % of suppliers with approved security control frameworks
- EDR coverage across the fleet
- Threat landscape rating
- Compliance with regulations
- Backlog of unresolved security investigations
- Severity of threats and vulnerabilities reported by sensors
- Time to patch critical issues on a monthly basis
KPI:
- Time to resolve open security items
- % of suppliers with approved security control frameworks
- EDR coverage across the fleet
- Threat landscape rating
KRI:
- EDR coverage across the fleet
- Backlog of unresolved security investigations
- Time to patch critical issues on a monthly basis
- Threat landscape rating
KPI:
- Time to resolve open security items
- Compliance with regulations
- % of suppliers with approved security control frameworks
- Severity of threats and vulnerabilities reported by sensors
- EDR coverage across the fleet
- Backlog of unresolved security investigations
- Time to patch critical issues on a monthly basis
- Threat landscape rating
KPI:
- Time to resolve open security items
- Compliance with regulations
- % of suppliers with approved security control frameworks
- Severity of threats and vulnerabilities reported by sensors
KRI:
- EDR coverage across the fleet
- % of suppliers with approved security control framework
- Backlog of unresolved security investigations
- Threat landscape rating
KPI:
- Time to resolve open security items
- Compliance with regulations
- Time to patch critical issues on a monthly basis
- Severity of threats and vulnerabilities reported by sensors
- EDR coverage across the fleet
- % of suppliers with approved security control framework
- Backlog of unresolved security investigations
- Threat landscape rating
KPI:
- Time to resolve open security items
- Compliance with regulations
- Time to patch critical issues on a monthly basis
- Severity of threats and vulnerabilities reported by sensors
KPI:
- Compliance with regulations
- % of suppliers with approved security control frameworks
- Severity of threats and vulnerabilities reported by sensors
- Threat landscape rating
KRI:
- Time to resolve open security items
- Backlog of unresolved security investigations
- EDR coverage across the fleet
- Time to patch critical issues on a monthly basis
- Compliance with regulations
- % of suppliers with approved security control frameworks
- Severity of threats and vulnerabilities reported by sensors
- Threat landscape rating
KRI:
- Time to resolve open security items
- Backlog of unresolved security investigations
- EDR coverage across the fleet
- Time to patch critical issues on a monthly basis
Enterprise Security Operations
Enterprise Security Operations
While conducting a BIA for a proposed acquisition, the IT integration team found that both companies outsource CRM services to competing and incompatible third-party cloud services. The decision has been made to bring the CRM service in-house, and the IT team has chosen a future solution. With which of the following should the Chief Information Security Officer (CISO) be MOST concerned? (Choose two.)
Sovereignty
Compatible services
Data remnants
Storage encryption
Data migration
Chain of custody
Risk Management
Enterprise Security Operations
A Chief Information Security Officer (CISO) recently changed jobs into a new industry. The CISO s first task is to write a new, relevant risk assessment for the organization. Which of the following would BEST help the CISO find relevant risks to the organization? (Choose two.)
Perform a penetration test.
Conduct a regulatory audit.
Hire a third-party consultant.
Define the threat model.
Review the existing BIA.
Perform an attack path analysis.
Risk Management
Risk Management
An internal penetration tester finds a legacy application that takes measurement input made in a text box and outputs a specific string of text related to industry requirements. There is no documentation about how this application works, and the source code has been lost. Which of the following would BEST allow the penetration tester to determine the input and output relationship?
Running an automated fuzzer
Constructing a known cipher text attack
Attempting SQL injection commands
Performing a full packet capture
Using the application in a malware sandbox
Enterprise Security Operations
Enterprise Security Operations
While traveling to another state, the Chief Financial Officer (CFO) forgot to submit payroll for the company. The CFO quickly gained access to the corporate network through the high-speed wireless network provided by the hotel and completed the task. Upon returning from the business trip, the CFO was told no one received their weekly pay due to a malware attack on the system. Which of the following is the MOST likely cause of the security breach?
The security manager did not enforce automatic VPN connection.
The company s server did not have endpoint security enabled.
The hotel did not require a wireless password to authenticate.
The laptop did not have the host-based firewall properly configured.
Enterprise Security Operations
Enterprise Security Operations
An organization has established the following controls matrix:
The following control sets have been defined by the organization and are applied in aggregate fashion:
• Systems containing PII are protected with the minimum control set.
• Systems containing medical data are protected at the moderate level.
• Systems containing cardholder data are protected at the high level.
The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients. Based on the controls classification, which of the following controls would BEST meet these requirements?
The following control sets have been defined by the organization and are applied in aggregate fashion:
• Systems containing PII are protected with the minimum control set.
• Systems containing medical data are protected at the moderate level.
• Systems containing cardholder data are protected at the high level.
The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients. Based on the controls classification, which of the following controls would BEST meet these requirements?
Proximity card access to the server room, context-based authentication, UPS, and full-disk encryption for the database server.
Cipher lock on the server room door, FDE, surge protector, and static analysis of all application code.
Peer review of all application changes, static analysis of application code, UPS, and penetration testing of the complete system.
Intrusion detection capabilities, network-based IPS, generator, and context-based authentication.
Risk Management
Enterprise Security Architecture
An organization is reviewing endpoint security solutions. In evaluating products, the organization has the following requirements:
• Support server, laptop, and desktop infrastructure
• Due to limited security resources, implement active protection capabilities
• Provide users with the ability to self-service classify information and apply policies
• Protect data-at-rest and data-in-use
Which of the following endpoint capabilities would BEST meet the above requirements? (Choose two.)
• Support server, laptop, and desktop infrastructure
• Due to limited security resources, implement active protection capabilities
• Provide users with the ability to self-service classify information and apply policies
• Protect data-at-rest and data-in-use
Which of the following endpoint capabilities would BEST meet the above requirements? (Choose two.)
Data loss prevention
Application whitelisting
Endpoint detect and respond
Rights management
Log monitoring
Antivirus
Risk Management
Enterprise Security Operations
A company wants to perform analysis of a tool that is suspected to contain a malicious payload. A forensic analyst is given the following snippet:
^32^[34fda19(fd^43gfd/home/user/lib/module.so.343jk^rfw(342fds43g
Which of the following did the analyst use to determine the location of the malicious payload?
^32^[34fda19(fd^43gfd/home/user/lib/module.so.343jk^rfw(342fds43g
Which of the following did the analyst use to determine the location of the malicious payload?
Code deduplicators
Binary reverse-engineering
Fuzz testing
Security containers
Enterprise Security Architecture
Enterprise Security Operations
A company has experienced negative publicity associated with users giving out their credentials accidentally or sharing intellectual secrets were not properly defined. The company recently implemented some new policies and is now testing their effectiveness. Over the last three months, the number of phishing victims-dropped from 100 to only two in the last test. The DLP solution that was implemented catches potential material leaks, and the user responsible is retrained. Personal email accounts and USB drives are restricted from the corporate network. Given the improvements, which of the following would a security engineer identify as being needed in a gap analysis?
Additional corporate-wide training on phishing
A policy outlining what is and is not acceptable on social media
Notifications when a user falls victim to a phishing attack
Positive DLP preventions with stronger enforcement
Risk Management
Enterprise Security Operations
Comments