Start your CAS-003 Exam Questions Preparation with Updated 683 Questions [Q284-Q302]

NEW QUESTION 284
A Chief Security Officer (CSO) is reviewing the organization’s incident response report from a recent incident. The details of the event indicate:
* A user received a phishing email that appeared to be a report from the organization’s CRM tool.
* The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool.
* The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials.
* Several weeks later, the user reported anomalous activity within the CRM tool.
* Following an investigation, it was determined the account was compromised and an attacker in another country has gained access to the CRM tool.
* Following identification of corrupted data and successful recovery from the incident, a lessons learned activity was to be led by the CSO.
Which of the following would MOST likely have allowed the user to more quickly identify the unauthorized use of credentials by the attacker?

Security awareness training

Last login verification

Log correlation

Time-of-check controls

Time-of-use controls

WAYF-based authentication

NEW QUESTION 285
A managed service provider is designing a log aggregation service for customers who no longer want tomanage an internal SIEM infrastructure. The provider expects that customers will send all types of logs to them, and that log files could contain very sensitive entries. Customers have indicated they want on-premises and cloud-based infrastructure logs tobe stored in this new service. An engineer, who is designing the new service, is deciding how to segment customers. Which of the following is the BEST statement for the engineer to take into consideration?

Single-tenancy is often more expensive and has less efficient resource utilization. Multi-tenancy may increase the risk of cross-customer exposure in the event of service vulnerabilities.

The managed service provider should outsource security of the platform to an existing cloud company.
This willallow the new log service to be launched faster and with well-tested security controls.

Due to the likelihood of large log volumes, the service provider should use a multi-tenancy model for the data storage tier, enable data deduplication for storage cost efficiencies, and encrypt data at rest.

The most secure design approach would be to give customers on-premises appliances, install agents on endpoints, and then remotely manage the service via a VPN.

NEW QUESTION 286
A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three changes to deploy a new application onto the network before it is operational. Security now has a significant effect on overall availability. Which of the following would be the FIRST process to perform as a result of these findings?

Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Reuse the firewall infrastructure on other projects.

Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Decrease the current SLA expectations to match the new solution.

Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. As part of the review ask them to review the control effectiveness.

Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution.

NEW QUESTION 287
A security administrator wants to implement controls to harden company-owned mobile devices. Company policy specifies the following requirements:
* Mandatory access control must be enforced by the OS.
* Devices must only use the mobile carrier data transport.
Which of the following controls should the security administrator implement? (Select three).

Enable DLP

Enable SEAndroid

Enable EDR

Enable secure boot

Enable remote wipe

Disable Bluetooth

Disable 802.11

Disable geotagging

NEW QUESTION 288
A network engineer recently configured a new wireless network that has issues with security stability and performance After auditing the configurations the engineer discovers some of them do not follow best practices Given the network information below SSID = CompTIA Channel = 6 WPA-PSK Which of the following would be the BEST approach to mitigate the issues?

Avoid using 2 4GHz and prefer 5GHz to minimize interference Use WPA2-Enterpnse with EAPOL

Do a site survey to determine the best channel to configure the wireless network Use WPA2-Enterprise with EAPOL.

Hide the SSID Use WPA3 instead of WPA2.

Change the radio channel to 11, as it has less interference Use CAPWAP to introduce a captive portal to force users to tog in to the wireless

NEW QUESTION 289
A university’s help desk is receiving reports that Internet access on campus is not functioning. The network administrator looks at the management tools and sees the 1Gbps Internet is completely saturated with ingress traffic. The administrator sees the following output on the Internet router:

The administrator calls the university’s ISP for assistance, but it takes more than four hours to speak to a network engineer who can resolve the problem. Based on the information above, which of the following should the ISP engineer do to resolve the issue?

The ISP engineer should null route traffic to the web server immediately to restore Internet connectivity.
The university should implement a remotely triggered black hole with the ISP to resolve this more quickly in the future.

A university web server is under increased load during enrollment. The ISP engineer should immediately increase bandwidth to 2Gbps to restore Internet connectivity. In the future, the university should pay for more bandwidth to handle spikes in web server traffic.

The ISP engineer should immediately begin blocking IP addresses that are attacking the web server to restore Internet connectivity. In the future, the university should install a WAF to prevent this attack from happening again.

The ISP engineer should begin refusing network connections to the web server immediately to restore Internet connectivity on campus. The university should purchase an IPS device to stop DDoS attacks in the future.

NEW QUESTION 290
After multiple service interruptions caused by an older datacenter design, a company decided to migrate away from its datacenter. The company has successfully completed the migration of all datacenter servers and services to a cloud provider. The migration project includes the following phases:
* Selection of a cloud provider
* Architectural design
* Microservice segmentation
* Virtual private cloud
* Geographic service redundancy
* Service migration
The Chief Information Security Officer (CISO) is still concerned with the availability requirements of critical company applications. Which of the following should the company implement NEXT?

Multicloud solution

Single-tenancy private cloud

Hybrid cloud solution

Cloud access security broker

NEW QUESTION 291
A forensic analyst suspects that a buffer overflow exists in a kernel module. The analyst executes the following command:
dd if=/dev/ram of=/tmp/mem/dmp
The analyst then reviews the associated output:
^34^#AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/bin/bash^21^03#45
However, the analyst is unable to find any evidence of the running shell.
Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell?

The NX bit is enabled

The system uses ASLR

The shell is obfuscated

The code uses dynamic libraries

NEW QUESTION 292
A security engineer is analyzing an application during a security assessment to ensure it is configured to protect against common threats. Given the output below:

Which of the following tools did the security engineer MOST likely use to generate this output?

Application fingerprinter

Fuzzer

HTTP interceptor

Vulnerability scanner

NEW QUESTION 293
A firm’s Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the product’s reliability, stability, and performance. Which of the following would provide the MOST thorough testing and satisfy the CEO’s requirements?

Sign a MOU with a marketing firm to preserve the company reputation and use in-house resources for random testing.

Sign a BPA with a small software consulting firm and use the firm to perform Black box testing and address all findings.

Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.

Use the most qualified and senior developers on the project to perform a variety of White box testing and code reviews.

NEW QUESTION 294
A security engineer is designing a system in which offshore, outsourced staff can push code from the development environment to the production environment securely. The security engineer is concerned with data loss, while the business does not want to slow down its development process. Which of the following solutions BEST balances security requirements with business need?

Set up a VDI environment that prevents copying and pasting to the local workstations of outsourced staff members

Install a client-side VPN on the staff laptops and limit access to the development network

Create an IPSec VPN tunnel from the development network to the office of the outsourced staff

Use online collaboration tools to initiate workstation-sharing sessions with local staff who have access to the development network

NEW QUESTION 295
A security technician is incorporating the following requirements in an RFP for a new SIEM:
* New security notifications must be dynamically implemented by the SIEM engine
* The SIEM must be able to identify traffic baseline anomalies
* Anonymous attack data from all customers must augment attack detection and risk scoring Based on the above requirements, which of the following should the SIEM support?
(Choose two.)

Autoscaling search capability

Machine learning

Multisensor deployment

Big Data analytics

Cloud-based management

Centralized log aggregation

NEW QUESTION 296
A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form? (Select TWO.)

Text editor

OOXML editor

Event Viewer

XML style sheet

SCAP tool

Debugging utility

NEW QUESTION 297
A breach was caused by an insider threat in which customer PII was compromised.
Following the breach, a lead security analyst is asked to determine which vulnerabilities the attacker used to access company resources. Which of the following should the analyst use to remediate the vulnerabilities?

Protocol analyzer

Root cause analyzer

Behavioral analytics

Data leak prevention

NEW QUESTION 298
Which of the following represents important technical controls for securing a SAN storage infrastructure?
(Select TWO).

Synchronous copy of data

RAID configuration

Data de-duplication

Storage pool space allocation

Port scanning

LUN masking/mapping

Port mapping

NEW QUESTION 299
A security engineer is working on a large software development project. As part of the design of the project, various stakeholder requirements were gathered and decomposed to an implementable and testable level. Various security requirements were also documented.
Organize the following security requirements into the correct hierarchy required for an SRTM.
Requirement 1: The system shall provide confidentiality for data in
transit and data at rest.
Requirement 2: The system shall use SSL, SSH, or SCP for all data
transport.
Requirement 3: The system shall implement a file-level encryption
scheme.
Requirement 4: The system shall provide integrity for all data at rest.
Requirement 5: The system shall perform CRC checks on all files.

Level 1: Requirements 1 and 4; Level 2: Requirements 2, 3, and 5

Level 1: Requirements 1 and 4; Level 2: Requirements 2 and 3 under 1, Requirement 5 under 4

Level 1: Requirements 1 and 4; Level 2: Requirement 2 under 1, Requirement 5 under 4; Level 3:
Requirement 3 under 2

Level 1: Requirements 1, 2, and 3; Level 2: Requirements 4 and 5

NEW QUESTION 300
A security engineer discovers a PC may have been breached and accessed by an outside agent. The engineer wants to find out how this breach occurred before remediating the damage. Which of the following should the security engineer do FIRST to begin this investigation?

Create an image of the hard drive

Capture the incoming and outgoing network traffic

Dump the contents of the RAM

Parse the PC logs for information on the attacker.

NEW QUESTION 301
A security analyst is reviewing an endpoint that was found to have a rookit installed. The rootkit survived multiple attempts to clean the endpoints, as well as an attempt to reinstall the QS. The security analyst needs to implement a method to prevent other endpoint from having similar issues. Which of the following would BEST accomplish this objective?

Utilize measured boot attestation.

Enforce the secure boot process.

Reset the motherboard’s TPM chip.

Reinstall the OS with known-good media.

Configure custom anti-malware rules.

NEW QUESTION 302
Given the following code snippet:

Which of the following failure modes would the code exhibit?