Comptia (CAS-003) Exam Questions And Answers page 9
A company is acquiring incident response and forensic assistance from a managed security service provider in the event of a data breach. The company has selected a partner and must now provide required documents to be reviewed and evaluated. Which of the following documents would BEST protect the company and ensure timely assistance? (Choose two.)
BIA
NDA
RFI
RFQ
MSA
Enterprise Security Operations
Enterprise Security Operations
A security administrator is updating corporate policies to respond to an incident involving collusion between two systems administrators that went undetected for more than six months.
Which of the following policies would have MOST likely uncovered the collusion sooner? (Choose two.)
Which of the following policies would have MOST likely uncovered the collusion sooner? (Choose two.)
Mandatory vacation
Separation of duties
Continuous monitoring
Incident response
Time-of-day restrictions
Job rotation
Risk Management
Enterprise Security Operations
An enterprise is trying to secure a specific web-based application by forcing the use of multifactor authentication. Currently, the enterprise cannot change the application s sign-in page to include an extra field. However, the web-based application supports SAML. Which of the following would BEST secure the application?
Using an SSO application that supports mutlifactor authentication
Enabling the web application to support LDAP integration
Forcing higher-complexity passwords and frequent changes
Deploying Shibboleth to all web-based applications in the enterprise
Enterprise Security Architecture
Enterprise Security Operations
An administrator is working with management to develop policies related to the use of the cloud-based resources that contain corporate data. Management plans to require some control over organizational data stored on personal devices, such as tablets. Which of the following controls would BEST support management s policy?
MDM
Sandboxing
Mobile tokenization
FDE
MFA
Risk Management
Enterprise Security Operations
A company has decided to move an ERP application to a public cloud vendor. The company wants to replicate some of its global policies from on premises to cloud. The policies include data encryption, token management, and limited user access to the ERP application. The Chief Information Officer (CIO) is mainly concerned about privileged accounts that might be compromised and used to alter data in the ERP application. Which of the following is the BEST option to meet the requirements?
Sandboxing
CASB
MFA
Security as a service
Risk Management
Enterprise Security Operations
A company wants to configure its wireless network to require username and password authentication. Which of the following should the system administrator implement?
WPS
PEAP
TKIP
PKI
Enterprise Security Operations
Enterprise Security Operations
A security engineer is deploying an IdP to broker authentication between applications. These applications all utilize SAML 2.0 for authentication. Users log into the IdP with their credentials and are given a list of applications they may access. One of the application s authentications is not functional when a user initiates an authentication attempt from the IdP. The engineer modifies the configuration so users browse to the application first, which corrects the issue. Which of the following BEST describes the root cause?
The application only supports SP-initiated authentication.
The IdP only supports SAML 1.0
There is an SSL certificate mismatch between the IdP and the SaaS application.
The user is not provisioned correctly on the IdP.
Risk Management
Enterprise Security Architecture
An internal staff member logs into an ERP platform and clicks on a record. The browser URL changes to:
URL: http://192.168.0.100/ERP/accountId=5&action=SELECT
Which of the following is the MOST likely vulnerability in this ERP platform?
URL: http://192.168.0.100/ERP/accountId=5&action=SELECT
Which of the following is the MOST likely vulnerability in this ERP platform?
Brute forcing of account credentials
Plain-text credentials transmitted over the Internet
Insecure direct object reference
SQL injection of ERP back end
Enterprise Security Operations
Technical Integration of Enterprise Security
A company deploys a system to use device and user certificates for network authentication. Previously, the company only used separate certificates to send/receive encrypted email. Users have begun notifying the help desk because they cannot read encrypted email. Which of the following is the MOST likely cause of the issues?
The attestation service is not configured to accept the new certificates.
The device certificates have the S/MIME attribute selected.
The sending mail client is selecting the wrong public key to encrypt messages.
Multiple device certificates are associated with the same network port.
Risk Management
Enterprise Security Architecture
A security analyst is validating the MAC policy on a set of Android devices. The policy was written to ensure non-critical applications are unable to access certain resources. When reviewing dmesg, the analyst notes many entries, such as:
Despite the deny message, this action was still permitted. Which of the following is the MOST likely fix for this issue?
Despite the deny message, this action was still permitted. Which of the following is the MOST likely fix for this issue?
Add the objects of concern to the default context.
Set the devices to enforcing mode.
Create separate domain and context files for irc.
Rebuild the sepolicy, reinstall, and test.
Enterprise Security Operations
Enterprise Security Operations
Comments