CAS-003 exam

Access to the corporate applications Which of the following solution components should be deployed to BEST meet the requirements? (Select three.)A . IPSec VPNB . HIDSC . Wireless controllerD . Rights managementE . SSL VPNF . NACG . WAFH . Load balancerView AnswerAnswer: D,E,F

At a meeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company’s web servers can be obtained publicly and is not proprietary in any way. The next day the company’s website is defaced as part of an...

An engineer is assisting with the design of a new virtualized environment that will house critical company services and reduce the datacenter’s physical footprint. The company has expressed concern about the integrity of operating systems and wants to ensure a vulnerability exploited in one datacenter segment would not lead to...

The risk subcommittee of a corporate board typically maintains a master register of the most prominent risks to the company. A centralized holistic view of risk is particularly important to the corporate Chief Information Security Officer (CISO) because:A . IT systems are maintained in silos to minimize interconnected risks and...

A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable....

An administrator has noticed mobile devices from an adjacent company on the corporate wireless network. Malicious activity is being reported from those devices. To add another layer of security in an enterprise environment, an administrator wants to add contextual authentication to allow users to access enterprise resources only while present...

An organization has established the following controls matrix: The following control sets have been defined by the organization and are applied in aggregate fashion: ✑ Systems containing PII are protected with the minimum control set. ✑ Systems containing medical data are protected at the moderate level. ✑ Systems containing cardholder...

An organization is currently performing a market scan for managed security services and EDR capability . Which of the following business documents should be released to the prospective vendors in the first step of the process? (Select TWO).A . MSAB . RFPC . NDAD . RFIE . MOUF . RFQView...

Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue. The security team needs to find a technical control mechanism that will meet the following requirements and aid in preventing these outbreaks: ✑ Stop malicious software that does not match a signature ✑ Report on...

A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The Chief Information Security Officer...