CAS-003 exam

During a criminal investigation, the prosecutor submitted the original hard drive from the suspect’s computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected . Which of the following practices should the prosecutor’s forensics team have used to ensure the suspect’s data would be admissible...

A medical facility wants to purchase mobile devices for doctors and nurses. To ensure accountability, each individual will be assigned a separate mobile device. Additionally, to protect patients’ health information, management has identified the following requirements: ✑ Data must be encrypted at rest. ✑ The device must be disabled if...

A company recently migrated to a SaaS-based email solution. The solution is configured as follows. • Passwords are synced to the cloud to allow for SSO • Cloud-based antivirus is enabled • Cloud-based anti-spam is enabled • Subscription-based blacklist is enabled Although the above controls are enabled, the company's security...

Developers are working on anew feature to add to a social media platform. Thew new feature involves users uploading pictures of what they are currently doing. The data privacy officer (DPO) is concerned about various types of abuse that might occur due to this new feature. The DPO state the...

When reviewing KRIs of the email security appliance with the Chief Information Security Officer (CISO) of an insurance company, the security engineer notices the following: Which of the following measures should the security engineer take to ensure PII is not intercepted in transit while also preventing interruption to business?A ....

A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable....

An organization is implementing a virtualized thin-client solution for normal user computing and access. During a review of the architecture, concerns were raised that an attacker could gain access to multiple user environments by simply gaining a foothold on a single one with malware . Which of the following reasons...

An organization is in the process of integrating its operational technology and information technology areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to...

A security engineer must establish a method to assess compliance with company security policies as they apply to the unique configuration of individual endpoints, as well as to the shared configuration policies of common devices. Which of the following tools is the security engineer using to produce the above output?A...

Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatment strategies. As part of the CISO’s evaluation, a judgment of potential impact based on the identified risk is performed. To prioritize response actions, the CISO uses past experience...