CAS-003 Online Practice Questions and Answers

A human resources manager at a software development company has been tasked with recruiting personnel for a new cyber defense division in the company. This division will require personnel to have high technology skills and industry certifications. Which of the following is the BEST method for this manager to gain insight into this industry to execute the task?

A. Interview candidates, attend training, and hire a staffing company that specializes in technology jobs

B. Interview employees and managers to discover the industry hot topics and trends

C. Attend meetings with staff, internal training, and become certified in software management

D. Attend conferences, webinars, and training to remain current with the industry and job requirements

An accountant at a small business is trying to understand the value of a server to determine if the business can afford to buy another server for DR. The risk manager only provided the accountant with the SLE of $24,000, ARO of 20% and the exposure factor of 25%. Which of the following is the correct asset value calculated by the accountant?

A. $4,800

B. $24,000

C. $96,000

D. $120,000

Ann, a corporate executive, has been the recent target of increasing attempts to obtain corporate secrets by competitors through advanced, well-funded means. Ann frequently leaves her laptop unattended and physically unsecure in hotel rooms during travel. A security engineer must find a practical solution for Ann that minimizes the need for user training. Which of the following is the BEST solution in this scenario?

A. Full disk encryption

B. Biometric authentication

C. An eFuse-based solution

D. Two-factor authentication

A critical system audit shows that the payroll system is not meeting security policy due to missing OS security patches. Upon further review, it appears that the system is not being patched at all. The vendor states that the system is only supported on the current OS patch level. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system?

A. Isolate the system on a secure network to limit its contact with other systems

B. Implement an application layer firewall to protect the payroll system interface

C. Monitor the system's security log for unauthorized access to the payroll application

D. Perform reconciliation of all payroll transactions on a daily basis

Which of the following is an external pressure that causes companies to hire security assessors and penetration testers?

A. Lack of adequate in-house testing skills.

B. Requirements for geographically based assessments

C. Cost reduction measures

D. Regulatory insistence on independent reviews.

Given the following information about a company's internal network:

User IP space: 192.168.1.0/24

Server IP space: 192.168.192.0/25

A security engineer has been told that there are rogue websites hosted outside of the proper server space, and those websites need to be identified. Which of the following should the engineer do?

A. Use a protocol analyzer on 192.168.1.0/24

B. Use a port scanner on 192.168.1.0/24

C. Use an HTTP interceptor on 192.168.1.0/24

D. Use a port scanner on 192.168.192.0/25

E. Use a protocol analyzer on 192.168.192.0/25

F. Use an HTTP interceptor on 192.168.192.0/25

A security assessor is working with an organization to review the policies and procedures associated with managing the organization's virtual infrastructure. During a review of the virtual environment, the assessor determines the organization is using servers to provide more than one primary function, which violates a regulatory requirement. The assessor reviews hardening guides and determines policy allows for this configuration. It would be MOST appropriate for the assessor to advise the organization to:

A. segment dual-purpose systems on a hardened network segment with no external access

B. assess the risks associated with accepting non-compliance with regulatory requirements

C. update system implementation procedures to comply with regulations

D. review regulatory requirements and implement new policies on any newly provisioned servers

A recent assessment identified that several users' mobile devices are running outdated versions of endpoint security software that do not meet the company's security policy. Which of the following should be performed to ensure the users can access the network and meet the company's security requirements?

A. Vulnerability assessment

B. Risk assessment

C. Patch management

D. Device quarantine

E. Incident management

A vulnerability was recently announced that allows a malicious user to gain root privileges on other virtual machines running within the same hardware cluster. Customers of which of the following cloud-based solutions should be MOST concerned about this vulnerability?

A. Single-tenant private cloud

B. Multitenant SaaS cloud

C. Single-tenant hybrid cloud

D. Multitenant IaaS cloud

E. Multitenant PaaS cloud

F. Single-tenant public cloud

An infrastructure team within an energy organization is at the end of a procurement process and has selected a vendor's SaaS platform to deliver services. As part of the legal negotiation, there are a number of outstanding risks, including:

1.

There are clauses that confirm a data retention period in line with what is in the energy organization's security policy.

2.

The data will be hosted and managed outside of the energy organization's geographical location.

The number of users accessing the system will be small, and no sensitive data will be hosted in the SaaS platform. Which of the following should the project's security consultant recommend as the NEXT step?

A. Develop a security exemption, as the solution does not meet the security policies of the energy organization.

B. Require a solution owner within the energy organization to accept the identified risks and consequences.

C. Mititgate the risks by asking the vendor to accept the in-country privacy principles and modify the retention period.

D. Review the procurement process to determine the lessons learned in relation to discovering risks toward the end of the process.

A company uses an application in its warehouse that works with several commercially available tablets and can only be accessed inside the warehouse. The support department would like the selection of tablets to be limited to three models to provide better support and ensure spares are on hand. Users often keep the tablets after they leave the department, as many of them store personal media items.

Which of the following should the security engineer recommend to meet these requirements?

A. COPE with geofencing

B. BYOD with containerization

C. MDM with remote wipe

D. CYOD with VPN

A security architect has designated that a server segment of an enterprise network will require each server to have secure and measured boot capabilities. The architect now wishes to ensure service consumers and peers can verify the integrity of hosted services. Which of the following capabilities must the architect consider for enabling the verification?

A. Centralized attestation server

B. Enterprise HSM

C. vTPM

D. SIEM

A legal services company wants to ensure emails to clients maintain integrity in transit Which of the following would BEST meet this requirement? (Select TWO)

A. Signing emails to clients with the organization's public key

B. Using the organization's private key to encrypt all communication

C. Implementing a public key infrastructure

D. Signing emails to clients with the organization's private key

E. Using shared secret keys

F. Hashing all outgoing emails

A healthcare company wants to increase the value of the data it collects on its patients by making the data available to third-party researchers for a fee Which of the following BEST mitigates the risk to the company?

A. Log all access to the data and correlate with the researcher

B. Anonymize identifiable information using keyed strings

C. Ensure all data is encrypted in transit to the researcher

D. Ensure all researchers sign and abide by non-disclosure agreements

E. Sanitize date and time stamp information in the records.

A security tester is performing a black-box assessment of an RFID access control system. The tester has a handful of RFID tags and is able to access the reader. However the tester cannot disassemble the reader because it is in use by the

company.

Which of the following shows the steps the tester should take to assess the RFID access control system in the correct order?

A. 1 Attempt to eavesdrop and replay RFID communications.

2.

Determine the protocols being used between the tag and the reader.

3.

Retrieve the RFID tag identifier and manufacturer details.

4.

Take apart an RFID tag and analyze the chip.

B. 1. Determine the protocols being used between the tag and the reader.

2.

Take apart an RFID tag and analyze the chip.

3.

Retrieve the RFID tag identifier and manufacturer details.

4.

Attempt to eavesdrop and replay RFID communications.

C. 1. Retrieve the RFID tag identifier and manufacturer details.

2. Determine the protocols is being used between the tag and the reader.

3 Attempt to eavesdrop and replay RFID communications.

4. Take apart an RFID tag and analyze the chip.

D. 1 Take apart an RFID tag and analyze the chip.

2.

Retrieve the RFID tag identifier and manufacturer details.

3.

Determine the protocols being used between the tag and the reader.

4.

Attempt to eavesdrop and replay RFID communications.