CAS-003 exam

A hospital’s security team recently determined its network was breached and patient data was accessed by an external entity. The Chief Information Security Officer (CISO) of the hospital approaches the executive management team with this information, reports the vulnerability that led to the breach has already been remediated, and explains...

Two competing companies experienced similar attacks on their networks from various threat actors. To improve response times, the companies wish to share some threat intelligence about the sources and methods of attack. Which of the following business documents would be BEST to document this engagement?A . Business partnership agreementB ....

In addition to a manual start, what two triggers can a DevOps Engineer define to start the CI/CD pipeline? (Choose two.)A . Scheduled startB . Offline startC . Offsite startD . On Git changesE . Data store changesView AnswerAnswer: AD Explanation: Reference: https://docs.adobe.com/content/help/en/experience-manager-cloud-manager/using/how-to­use/configuring-pipeline.html

The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation. The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board...

A web developer has implemented HTML5 optimizations into a legacy web application. One of the modifications the web developer made was the following client side optimization: localStorage.setItem(“session-cookie”, document.cookie); Which of the following should the security engineer recommend?A . SessionStorage should be used so authorized cookies expire after the session endsB...

A company’s existing forward proxies support software-based TLS decryption, but are currently at 60% load just dealing with AV scanning and content analysis for HTTP traffic. More than 70% outbound web traffic is currently encrypted. The switching and routing network infrastructure precludes adding capacity, preventing the installation of a dedicated...

Which of the following BEST represents a risk associated with merging two enterprises during an acquisition?A . The consolidation of two different IT enterprises increases the likelihood of the data loss because there are now two backup systemsB . Integrating two different IT systems might result in a successful data...

A systems administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?A . Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2B . Immediately encrypt all PHI...

The code snippet below controls all electronic door locks to a secure facility in which the doors should only fail open in an emergency. In the code, “criticalValue” indicates if an emergency is underway: Which of the following is the BEST course of action for a security analyst to recommend...

An organization is preparing to develop a business continuity plan. The organization is required to meet regulatory requirements relating to confidentiality and availability, which are well-defined. Management has expressed concern following initial meetings that the organization is not fully aware of the requirements associated with the regulations. Which of the...