Exam Logo

Comptia (CAS-003) Exam Questions And Answers page 8

A software development firm wants to validate the use of standard libraries as part of the software development process. Each developer performs unit testing prior to committing changes to the code repository. Which of the following activities would be BEST to perform after a commit but before the creation of a branch?
Risk Management Enterprise Security Operations
The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review.

Which of the following BEST meets the needs of the board?
Enterprise Security Operations Enterprise Security Operations
While conducting a BIA for a proposed acquisition, the IT integration team found that both companies outsource CRM services to competing and incompatible third-party cloud services. The decision has been made to bring the CRM service in-house, and the IT team has chosen a future solution. With which of the following should the Chief Information Security Officer (CISO) be MOST concerned? (Choose two.)
Risk Management Enterprise Security Operations
A Chief Information Security Officer (CISO) recently changed jobs into a new industry. The CISO s first task is to write a new, relevant risk assessment for the organization. Which of the following would BEST help the CISO find relevant risks to the organization? (Choose two.)
Risk Management Risk Management
An internal penetration tester finds a legacy application that takes measurement input made in a text box and outputs a specific string of text related to industry requirements. There is no documentation about how this application works, and the source code has been lost. Which of the following would BEST allow the penetration tester to determine the input and output relationship?
Enterprise Security Operations Enterprise Security Operations
While traveling to another state, the Chief Financial Officer (CFO) forgot to submit payroll for the company. The CFO quickly gained access to the corporate network through the high-speed wireless network provided by the hotel and completed the task. Upon returning from the business trip, the CFO was told no one received their weekly pay due to a malware attack on the system. Which of the following is the MOST likely cause of the security breach?
Enterprise Security Operations Enterprise Security Operations
An organization has established the following controls matrix:
The following control sets have been defined by the organization and are applied in aggregate fashion:

• Systems containing PII are protected with the minimum control set.
• Systems containing medical data are protected at the moderate level.
• Systems containing cardholder data are protected at the high level.

The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients. Based on the controls classification, which of the following controls would BEST meet these requirements?
Risk Management Enterprise Security Architecture
An organization is reviewing endpoint security solutions. In evaluating products, the organization has the following requirements:

• Support server, laptop, and desktop infrastructure
• Due to limited security resources, implement active protection capabilities
• Provide users with the ability to self-service classify information and apply policies
• Protect data-at-rest and data-in-use

Which of the following endpoint capabilities would BEST meet the above requirements? (Choose two.)
Risk Management Enterprise Security Operations
A company wants to perform analysis of a tool that is suspected to contain a malicious payload. A forensic analyst is given the following snippet:


Which of the following did the analyst use to determine the location of the malicious payload?
Enterprise Security Architecture Enterprise Security Operations
A company has experienced negative publicity associated with users giving out their credentials accidentally or sharing intellectual secrets were not properly defined. The company recently implemented some new policies and is now testing their effectiveness. Over the last three months, the number of phishing victims-dropped from 100 to only two in the last test. The DLP solution that was implemented catches potential material leaks, and the user responsible is retrained. Personal email accounts and USB drives are restricted from the corporate network. Given the improvements, which of the following would a security engineer identify as being needed in a gap analysis?
Risk Management Enterprise Security Operations