CAS-003 exam

Management is reviewing the results of a recent risk assessment of the organization’s policies and procedures. During the risk assessment it is determined that procedures associated with background checks have not been effectively implemented. In response to this risk, the organization elects to revise policies and procedures related to background...

DRAG DROP A security administrator must configure the database server shown below the comply with the four requirements listed. Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement. Answer options may be used once or not at all. View AnswerAnswer:

A company has entered into a business agreement with a business partner for managed human resources services. The Chief Information Security Officer (CISO) has been asked to provide documentation that is required to set up a business-to-business VPN between the two organizations. Which of the following is required in this...

Given the following output from a local PC: Which of the following ACLs on a stateful host-based firewall would allow the PC to serve an intranet website?A . Allow 172.30.0.28:80 -> ANYB . Allow 172.30.0.28:80 -> 172.30.0.0/16C . Allow 172.30.0.28:80 -> 172.30.0.28:443D . Allow 172.30.0.28:80 -> 172.30.0.28:53View AnswerAnswer: B

To prepare for an upcoming audit, the Chief Information Security Officer (CISO) asks for all 1200 vulnerabilities on production servers to be remediated. The security engineer must determine which vulnerabilities represent real threats that can be exploited so resources can be prioritized to migrate the most dangerous risks. The CISO...

A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet: Which of the following should the penetration tester conclude about the command output?A . The public/private views on the Comptia.org DNS servers are misconfiguredB . Comptia.org...

A company wants to perform analysis of a tool that is suspected to contain a malicious payload. A forensic analyst is given the following snippet: ^32^[34fda19(fd^43gfd/home/user/lib/module.so.343jk^rfw(342fds43g Which of the following did the analyst use to determine the location of the malicious payload?A . Code deduplicatorsB . Binary reverse-engineeringC . Fuzz...

The data will be hosted and managed outside of the company’s geographical location The number of users accessing the system will be small, and no sensitive data will be hosted in the solution. As the security consultant on the project, which of the following should the project’s security consultant recommend...

A hospital uses a legacy electronic medical record system that requires multicast for traffic between the application servers and databases on virtual hosts that support segments of the application. Following a switch upgrade, the electronic medical record is unavailable despite physical connectivity between the hypervisor and the storage being in...

A security controls assessor intends to perform a holistic configuration compliance test of networked assets. The assessor has been handed a package of definitions provided in XML format, and many of the files have two common tags within them: “<object object_ref=… />” and “<state state_ref=… />”. Which of the following...