CAS-003 exam

A legacy web application, which is being used by a hospital, cannot be upgraded for 12 months. A new vulnerability is found in the legacy application, and the networking team is tasked with mitigation. Middleware for mitigation will cost $100,000 per year . Which of the following must be calculated...

Which of the following is the GREATEST security concern with respect to BYOD?A . The filtering of sensitive data out of data flows at geographic boundaries.B . Removing potential bottlenecks in data transmission paths.C . The transfer of corporate data onto mobile corporate devices.D . The migration of data into...

A new database application was added to a company’s hosted VM environment. Firewall ACLs were modified to allow database users to access the server remotely. The company’s cloud security broker then identified abnormal from a database user on-site. Upon further investigation, the security team noticed the user ran code on...

A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing . Which of the following should the CISO read and understand before writing the policies?A . PCI DSSB . GDPRC . NISTD . ISO 31000View AnswerAnswer: B

A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable....

A Chief Information Security Officer (CISO) has created a survey that will be distributed to managers of mission-critical functions across the organization. The survey requires the managers to determine how long their respective units can operate in the event of an extended IT outage before the organization suffers monetary losses...

The email administrator must reduce the number of phishing emails by utilizing more appropriate security controls. The following configurations already are in place • Keyword Mocking based on word lists • URL rewriting and protection • Stopping executable files from messages Which of the following is the BEST configuration change...

During a security event investigation, a junior analyst fails to create an image of a server’s hard drive before removing the drive and sending it to the forensics analyst. Later, the evidence from the analysis is not usable in the prosecution of the attackers due to the uncertainty of tampering...

An organization is in the process of integrating its operational technology and information technology areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to...

CORRECT TEXT Compliance with company policy requires a quarterly review of firewall rules. You are asked to conduct a review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more secure. Given the following information perform the tasks listed below: Untrusted...