CAS-003 exam

A security analyst is reviewing the following company requirements prior to selecting the appropriate technical control configuration and parameter: RTO:2 days RPO:36 hours MTTR:24 hours MTBF:60 days Which of the following solutions will address the RPO requirements?A . Remote Syslog facility collecting real-time eventsB . Server farm behind a load...

A software development firm wants to validate the use of standard libraries as part of the software development process Each developer performs unit testing prior to committing changes to the code repository. Which of the following activities would be BEST to perform after a commit but before the creation of...

A vulnerability was recently announced that allows a malicious user to gain root privileges on other virtual machines running within the same hardware cluster. Customers of which of the following cloud-based solutions should be MOST concerned about this vulnerability?A . Single-tenant private cloudB . Multitenant SaaS cloudC . Single-tenant hybrid...

A security analyst is reviewing the corporate MDM settings and notices some disabled settings, which consequently permit users to download programs from untrusted developers and manually install them. After some conversations, it is confirmed that these settings were disabled to support the internal development of mobile applications. The security analyst...

A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production code on the project. Which of the following methods could be used in addition to an integrated development environment to reduce...

A project manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor’s cloud-based infrastructure. The organization will maintain responsibility for the software but will not manage the underlying server applications. Which of the following does the organization...

A network engineer is upgrading the network perimeter and installing a new firewall, IDS, and external edge router. The IDS is reporting elevated UDP traffic, and the internal routers are reporting high utilization. Which of the following is the BEST solution?A . Reconfigure the firewall to block external UDP traffic.B...

A security engineer is attempting to convey the importance of including job rotation in a company’s standard security policies. Which of the following would be the BEST justification?A . Making employees rotate through jobs ensures succession plans can be implemented and prevents single point of failure.B . Forcing different people...

An application has been through a peer review and regression testing and is prepared for release. A security engineer is asked to analyze an application binary to look for potential vulnerabilities prior to wide release. After thoroughly analyzing the application, the engineer informs the developer it should include additional input...

A company is implementing a new secure identity application, given the following requirements •. The cryptographic secrets used in the application must never be exposed to users or the OS •. The application must work on mobile devices. •. The application must work with the company's badge reader system Which...