CAS-003 Online Practice Questions and Answers

A human resources manager at a software development company has been tasked with recruiting personnel for a new cyber defense division in the company. This division will require personnel to have high technology skills and industry certifications. Which of the following is the BEST method for this manager to gain insight into this industry to execute the task?

A. Interview candidates, attend training, and hire a staffing company that specializes in technology jobs

B. Interview employees and managers to discover the industry hot topics and trends

C. Attend meetings with staff, internal training, and become certified in software management

D. Attend conferences, webinars, and training to remain current with the industry and job requirements

The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the company's wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the exception form? (Select THREE).

A. Business or technical justification for not implementing the requirements.

B. Risks associated with the inability to implement the requirements.

C. Industry best practices with respect to the technical implementation of the current controls.

D. All sections of the policy that may justify non-implementation of the requirements.

E. A revised DRP and COOP plan to the exception form.

F. Internal procedures that may justify a budget submission to implement the new requirement.

G. Current and planned controls to mitigate the risks.

A security administrator is hardening a TrustedSolaris server that processes sensitive data. The data owner has established the following security requirements:

The data is for internal consumption only and shall not be distributed to outside individuals The systems administrator should not have access to the data processed by the server The integrity of the kernel image is maintained

Which of the following host-based security controls BEST enforce the data owner's requirements? (Choose three.)

A. SELinux

B. DLP

C. HIDS

D. Host-based firewall

E. Measured boot

F. Data encryption

G. Watermarking

The security configuration management policy states that all patches must undergo testing procedures before being moved into production. The sec... analyst notices a single web application server has been downloading and applying patches during non-business hours without testing. There are no apparent adverse reaction, server functionality does not seem to be affected, and no malware was found after a scan. Which of the following action should the analyst take?

A. Reschedule the automated patching to occur during business hours.

B. Monitor the web application service for abnormal bandwidth consumption.

C. Create an incident ticket for anomalous activity.

D. Monitor the web application for service interruptions caused from the patching.

A company contracts a security engineer to perform a penetration test of its client-facing web portal. Which of the following activities would be MOST appropriate?

A. Use a protocol analyzer against the site to see if data input can be replayed from the browser

B. Scan the website through an interception proxy and identify areas for the code injection

C. Scan the site with a port scanner to identify vulnerable services running on the web server

D. Use network enumeration tools to identify if the server is running behind a load balancer

A company recently implemented a new cloud storage solution and installed the required synchronization client on all company devices. A few months later, a breach of sensitive data was discovered. Root cause analysis shows the data breach happened from a lost personal mobile device.

Which of the following controls can the organization implement to reduce the risk of similar breaches?

A. Biometric authentication

B. Cloud storage encryption

C. Application containerization

D. Hardware anti-tamper

A security administrator is investigating an incident involving suspicious word processing documents on an employee's computer, which was found powered off in the employee's office. Which of the following tools is BEST suited for extracting full or partial word processing documents from unallocated disk space?

A. memdump

B. forenoat

C. dd

D. nc

A threat analyst notices the following URL while going through the HTTP logs.

Which of the following attack types is the threat analyst seeing?

A. SQL injection

B. CSRF

C. Session hijacking

D. XSS

A security engineer is performing a routine audit of a company's decommissioned devices. The current process involves a third-party firm removing the hard drive from a company device, wiping it using a seven-pass software, placing it back

into the device, and tagging the device for reuse or disposal. The audit reveals sensitive information is present in the hard drive cluster tips.

Which of the following should the third-party firm implement NEXT to ensure all data is permanently removed?

A. Degauss the drives using a commercial tool.

B. Scramble the file allocation table

C. Wipe the drives using a 21-pass overwrite

D. Disable the logic board using high-voltage input

A network engineer is concerned about hosting web, SFTP. and email services in a single DMZ that is hosted in the same security zone This could potentially allow lateral movement within the environment. Which of the following should the engineer implement to mitigate the risk?

A. Put all the services on a single host to reduce the number of servers.

B. Create separate security zones for each service and use ACLs for segmentation.

C. Keep the web server in the DMZ and move the other server services to the internal network.

D. Deploy a switch and create VLANs for each service.