CAS-003 exam

The Chief Executive Officers (CEOs) from two different companies are discussing the highly sensitive prospect of merging their respective companies together. Both have invited their Chief Information Officers (CIOs) to discern how they can securely and digitally communicate, and the following criteria are collectively determined: ✑ Must be encrypted on...

A recent penetration test identified that a web server has a major vulnerability. The web server hosts a critical shipping application for the company and requires 99.99% availability. Attempts to fix the vulnerability would likely break the application. The shipping application is due to be replaced in the next three...

A Chief Information Security Officer (CISO) is running a test to evaluate the security of the corporate network and attached devices. Which of the following components should be executed by an outside vendor?A . Penetration testsB . Vulnerability assessmentC . Tabletop exercisesD . Blue-team operationsView AnswerAnswer: A

A Chief Information Securiy Officer (CISO) is reviewing technical documentation from various regional offices and notices some key differences between these groups. The CISO has not discovered any governance documentation. The CISO creates the following chart to visualize the differences among the networking used. Which of the following would be...

A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization’s vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to...

The Chief Information Security Officer (CISO) of an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local authorities, and when they arrive on-site, the authorities ask a security engineer to create a point-in-time copy of the running database in their...

Following a recent outage a systems administrator is conducting a study to determine a suitable bench stock of server hard drives. Which of the following metrics is MOST valuable to the administrator in determining how many hard drives to keep on hand?A . TTRB . ALEC . MTBFD . SLEE...

A security administrator is reviewing the following output from an offline password audit: Which of the following should the systems administrator implement to BEST address this audit finding? (Choose two.)A . CryptoprocessorB . BcryptC . SHA-256D . PBKDF2E . Message authenticationView AnswerAnswer: B,D

A technician receives the following security alert from the firewall’s automated system: After reviewing the alert, which of the following is the BEST analysis?A . This alert is false positive because DNS is a normal network function.B . This alert indicates a user was attempting to bypass security measures using...

After analyzing code, two developers al a company bring these samples to the security operations manager. Which of the following would BEST solve these coding problems?A . Use a privileged access management systemB . Prompt the administrator for the password .C . Use salted hashes with PBKDF2.D . Increase the...