CAS-003 exam

SIMULATION As a security administrator, you are asked to harden a server running Red Hat Enterprise Server 5.5 64­bit. This server is being used as a DNS and time server. It is not used as a database, web server, or print server. There are no wireless connections to the server,...

A security analyst is reviewing the corporate MDM settings and notices some disabled settings, which consequently permit users to download programs from untrusted developers and manually install them. After some conversations, it is confirmed that these settings were disabled to support the internal development of mobile applications. The security analyst...

A security administrator wants to allow external organizations to cryptographically validate the company’s domain name in email messages sent by employees. Which of the following should the security administrator implement?A . SPFB . S/MIMEC . TLSD . DKIMView AnswerAnswer: D Explanation: Reference: https://en.wikipedia.org/wiki/DMARC

The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation. The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board...

The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation. The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board...

During a security event investigation, a junior analyst fails to create an image of a server’s hard drive before removing the drive and sending it to the forensics analyst. Later, the evidence from the analysis is not usable in the prosecution of the attackers due to the uncertainty of tampering....

An engineer is evaluating the control profile to assign to a system containing PII, financial, and proprietary data. Based on the data classification table above, which of the following BEST describes the overall classification?A . High confidentiality, high availabilityB . High confidentiality, medium availabilityC . Low availability, low confidentialityD ....

A recent CRM upgrade at a branch office was completed after the desired deadline. Several technical issues were found during the upgrade and need to be discussed in depth before the next branch office is upgraded. Which of the following should be used to identify weak processes and other vulnerabilities?A...

A company wants to extend its help desk availability beyond business hours. The Chief Information Officer (CIO) decides to augment the help desk with a third-party service that will answer calls and provide Tier 1 problem resolution, such as password resets and remote assistance. The security administrator implements the following...

One of the objectives of a bank is to instill a security awareness culture. Which of the following are techniques that could help to achieve this? (Choose two.)A . Blue teamingB . Phishing simulationsC . Lunch-and-learnD . Random auditsE . Continuous monitoringF . Separation of dutiesView AnswerAnswer: BE