CAS-003 exam

An organization has established the following controls matrix: The following control sets have been defined by the organization and are applied in aggregate fashion: ✑ Systems containing PII are protected with the minimum control set. ✑ Systems containing medical data are protected at the moderate level. ✑ Systems containing cardholder...

A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place, as well as allow for the upload of commands from a centralized command...

A company is deploying a DIP solution and scanning workstations and network drives for documents that contain potential Pll and payment card data. The results of the first scan are as follows: The security learn is unable to identify the data owners for the specific files in a timely manner...

The risk subcommittee of a corporate board typically maintains a master register of the most prominent risks to the company. A centralized holistic view of risk is particularly important to the corporate Chief Information Security Officer (CISO) because:A . IT systems are maintained in silos to minimize interconnected risks and...

A security manager needed to protect a high-security data center, so the manager installed a mantrap that can detect an employee’s heartbeat, weight, and badge. Which of the following did the security manager implement?A . A physical controlB . A corrective controlC . A compensating controlD . A managerial controlView...

A company’s user community is being adversely affected by various types of emails whose authenticity cannot be trusted. The Chief Information Security Officer (CISO) must address the problem. Which of the following solutions would BEST support trustworthy communication solutions?A . Enabling spam filtering and DMARC . Using MFA when logging...

A global company has decided to implement a cross-platform baseline of security settings for all company laptops. A security engineer is planning and executing the project. Which of the following should the security engineer recommend?A . Replace each laptop in the company's environment with a standardized laptop that is preconfigured...

A security administrator wants to implement two-factor authentication for network switches and routers. The solution should integrate with the company’s RADIUS server, which is used for authentication to the network infrastructure devices. The security administrator implements the following: ✑ An HOTP service is installed on the RADIUS server. ✑ The...

An insurance company has two million customers and is researching the top transactions on its customer portal. It identifies that the top transaction is currently password reset. Due to users not remembering their secret questions, a large number of calls are consequently routed to the contact center for manual password...

A development team releases updates to an application regularly. The application is compiled with several standard open-source security products that require a minimum version for compatibility. During the security review portion of the development cycle, which of the following should be done to minimize possible application vulnerabilities?A . The developers...