CAS-003 exam

A development team is testing an in-house-developed application for bugs. During the test, the application crashes several times due to null pointer exceptions . Which of the following tools, if integrated into an IDE during coding, would identify these bugs routinely?A . Issue trackerB . Static code analyzerC . Source...

A penetration tester noticed special characters in a database table. The penetration tester configured the browser to use an HTTP interceptor to verify that the front-end user registration web form accepts invalid input in the user’s age field. The developer was notified and asked to fix the issue. Which of...

Two new technical SMB security settings have been enforced and have also become policies that increase secure communications. Network Client: Digitally sign communication Network Server: Digitally sign communication A storage administrator in a remote location with a legacy storage array, which contains time-sensitive data, reports employees can no longer connect...

A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production code on the project. Which of the following methods could be used in addition to an integrated development environment to reduce...

A systems administrator at a medical imaging company discovers protected health information (PHI) on a general purpose file server . Which of the following steps should the administrator take NEXT?A . Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2B . Immediately encrypt...

A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes . Which of the following controls...

Security policies that are in place at an organization prohibit USB drives from being utilized across the entire enterprise, with adequate technical controls in place to block them. As a way to still be able to work from various locations on different computing resources, several sales staff members have signed...

As part of the development process for a new system, the organization plans to perform requirements analysis and risk assessment. The new system will replace a legacy system, which the organization has used to perform data analytics . Which of the following is MOST likely to be part of the...

A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive analysis attacks. Which of the following is the BEST solution?A . Use an entropy-as-a-service vendor to leverage larger entropy pools.B...

An engineer needs to provide access to company resources for several offshore contractors. The contractors require: ✑ Access to a number of applications, including internal websites ✑ Access to database data and the ability to manipulate it ✑ The ability to log into Linux and Windows servers remotely Which of...