An organization is evaluating options related to moving organizational assets to a cloud-based environment using an IaaS provider. One engineer has suggested connecting a second cloud environment within the organization's existing facilities to capitalize on available datacenter space and resources. Other project team members are concerned about such a commitment of organizational assets, and ask the Chief Security Officer (CSO) for input. The CSO explains that the project team should work with the engineer to evaluate the risks associated with using the datacenter to implement:
A. a hybrid cloud.
B. an on-premises private cloud.
C. a hosted hybrid cloud.
D. a private cloud.
A product manager is concerned about the unintentional sharing of the company's intellectual property through employees' use of social media. Which of the following would BEST mitigate this risk?
A. Virtual desktop environment
B. Network segmentation
C. Web application firewall
D. Web content filter
The audit team was only provided the physical and logical addresses of the network without any type of access credentials.
Which of the following methods should the audit team use to gain initial access during the security assessment? (Choose two.)
A. Tabletop exercise
B. Social engineering
C. Runtime debugging
D. Reconnaissance
E. Code review
F. Remote access tool
A company's user community is being adversely affected by various types of emails whose authenticity cannot be trusted. The Chief Information Security Officer (CISO) must address the problem.
Which of the following solutions would BEST support trustworthy communication solutions?
A. Enabling spam filtering and DMARC.
B. Using MFA when logging into email clients and the domain.
C. Enforcing HTTPS everywhere so web traffic, including email, is secure.
D. Enabling SPF and DKIM on company servers.
E. Enforcing data classification labels before an email is sent to an outside party.
Following a complete outage of the electronic medical record system for more than 18 hours, the hospital's Chief Executive Officer (CEO) has requested that the Chief Information Security Officer (CISO) perform an investigation into the possibility of a disgruntled employee causing the outage maliciously. To begin the investigation, the CISO pulls all event logs and device configurations from the time of the outage. The CISO immediately notices the configuration of a top-ofrack switch from one day prior to the outage does not match the configuration that was in place at the time of the outage. However, none of the event logs show who changed the switch configuration, and seven people have the ability to change it. Because of this, the investigation is inconclusive.
Which of the following processes should be implemented to ensure this information is available for future investigations?
A. Asset inventory management
B. Incident response plan
C. Test and evaluation
D. Configuration and change management
As part of the asset management life cycle, a company engages a certified equipment disposal vendor to appropriately recycle and destroy company assets that are no longer in use. As part of the company's vendor due diligence, which of the following would be MOST important to obtain from the vendor?
A. A copy of the vendor's information security policies.
B. A copy of the current audit reports and certifications held by the vendor.
C. A signed NDA that covers all the data contained on the corporate systems.
D. A copy of the procedures used to demonstrate compliance with certification requirements.
A security consultant was hired to audit a company's password are account policy. The company implements the following controls:
1.
Minimum password length: 16
2.
Maximum password age: 0
3.
Minimum password age: 0
4.
Password complexity: disabled
5.
Store passwords in plain text: disabled
6.
Failed attempts lockout: 3
7.
Lockout timeout: 1 hour
The password database uses salted hashes and PBKDF2. Which of the following is MOST likely to yield the greatest number of plain text passwords in the shortest amount of time?
A. Offline hybrid dictionary attack
B. Offline brute-force attack
C. Online hybrid dictionary password spraying attack
D. Rainbow table attack
E. Online brute-force attack
F. Pass-the-hash attack
A new security policy states all wireless and wired authentication must include the use of certificates when connecting to internal resources within the enterprise LAN by all employees.
Which of the following should be configured to comply with the new security policy? (Choose two.)
A. SSO
B. New pre-shared key
C. 802.1X
D. OAuth
E. Push-based authentication
F. PKI
Due to a recent acquisition, the security team must find a way to secure several legacy applications. During a review of the applications, the following issues are documented:
1.
The applications are considered mission-critical.
2.
The applications are written in code languages not currently supported by the development staff.
3.
Security updates and patches will not be made available for the applications.
4.
Username and passwords do not meet corporate standards.
5.
The data contained within the applications includes both PII and PHI.
6.
The applications communicate using TLS 1.0.
7.
Only internal users access the applications.
Which of the following should be utilized to reduce the risk associated with these applications and their current architecture?
A. Update the company policies to reflect the current state of the applications so they are not out of compliance.
B. Create a group policy to enforce password complexity and username requirements.
C. Use network segmentation to isolate the applications and control access.
D. Move the applications to virtual servers that meet the password and account standards.
A Chief Information Security Officer (CISO) is creating a security committee involving multiple business units of the corporation. Which of the following is the BEST justification to ensure collaboration across business units?
A. A risk to one business unit is a risk avoided by all business units, and liberal BYOD policies create new and unexpected avenues for attackers to exploit enterprises.
B. A single point of coordination is required to ensure cybersecurity issues are addressed in protected, compartmentalized groups.
C. Without business unit collaboration, risks introduced by one unit that affect another unit may go without compensating controls.
D. The CISO is uniquely positioned to control the flow of vulnerability information between business units.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.