CAS-003 exam

Given the code snippet below: Which of the following vulnerability types in the MOST concerning?A . Only short usernames are supported, which could result in brute forcing of credentials.B . Buffer overflow in the username parameter could lead to a memory corruption vulnerability.C . Hardcoded usernames with different code paths...

A security controls assessor intends to perform a holistic configuration compliance test of networked assets. The assessor has been handed a package of definitions provided in XML format, and many of the files have two common tags within them: “<object object_ref=… />”and “<state state_ref=… />”. Which of the following tools...

A Chief Information Security Officer (CISO) is reviewing the results of a gap analysis with an outside cybersecurity consultant. The gap analysis reviewed all procedural and technical controls and found the following: - High-impact controls implemented: 6 out of 10 - Medium-impact controls implemented: 409 out of 472 - Low-impact...

A security administrator is hardening a TrustedSolaris server that processes sensitive data. The data owner has established the following security requirements: - The data is for internal consumption only and shall not be distributed to outside individuals - The systems administrator should not have access to the data processed by...

A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares. Given this scenario, which of the following would MOST...

There is a lack of understanding of what is within the SCADA network. Which of the following capabilities would BEST improve the security position?A . VNC, router, and HIPSB . SIEM, VPN, and firewallC . Proxy, VPN, and WAFD . IDS, NAC, and log monitoringView AnswerAnswer: A

The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation. The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board...

An organization has established the following controls matrix: The following control sets have been defined by the organization and are applied in aggregate fashion: - Systems containing PII are protected with the minimum control set. - Systems containing medical data are protected at the moderate level. - Systems containing cardholder...

A recent assessment identified that several users’ mobile devices are running outdated versions of endpoint security software that do not meet the company’s security policy. Which of the following should be performed to ensure the users can access the network and meet the company’s security requirements?A . Vulnerability assessmentB ....

A security analyst has requested network engineers integrate sFlow into the SOC’s overall monitoring picture. For this to be a useful addition to the monitoring capabilities, which of the following must be considered by the engineering team?A . Effective deployment of network tapsB . Overall bandwidth available at Internet PoPC...