CompTIA CompTIA Certifications CAS-003 Questions & Answers

• Question 51:

  A company's Chief Information Security Officer (CISO) is working with the product owners to perform a business impact assessment. The product owners provide feedback related to the critically of various business processes, personal, and technologies. Transitioning into risk assessment activities, which of the following types of information should the CISO require to determine the proper risk ranking? (Select TWO).

  A. Trend analysis

  B. Likelihood

  C. TCO

  D. Compensating controls

  E. Magnitude

  F. ROI

  Correct Answer: AC

• Question 52:

  A security analyst is reviewing the following pseudo-output snippet after running the command less /tmp/file,tmp.

  

  The information above was obtained from a public-facing website and used to identify military assets. Which of the following should be implemented to reduce the risk of a similar compromise?

  A. Deploy a solution to sanitize geotagging information

  B. Install software to wipe data remnants on servers

  C. Enforce proper input validation on mission-critical software

  D. Implement a digital watermarking solution

  Correct Answer: B

• Question 53:

  Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.

  Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?

  A. Compile a list of firewall requests and compare than against interesting cloud services.

  B. Implement a CASB solution and track cloud service use cases for greater visibility.

  C. Implement a user-behavior system to associate user events and cloud service creation events.

  D. Capture all log and feed then to a SIEM and then for cloud service events

  Correct Answer: C

• Question 54:

  A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:

  

  Which of the following meets the budget needs of the business?

  A. Filter ABC

  B. Filter XYZ

  C. Filter GHI

  D. Filter TUV

  Correct Answer: C

• Question 55:

  A security is assisting the marketing department with ensuring the security of the organization's social media platforms. The two main concerns are:

  1.

  The Chief marketing officer (CMO) email is being used department wide as the username

  2.

  The password has been shared within the department

  Which of the following controls would be BEST for the analyst to recommend?

  A. Configure MFA for all users to decrease their reliance on other authentication.

  B. Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.

  C. Create multiple social media accounts for all marketing user to separate their actions.

  D. Ensue the password being shared is sufficiently and not written down anywhere.

  Correct Answer: A

• Question 56:

  Which of the following BEST sets expectation between the security team and business units within an organization?

  A. Risk assessment

  B. Memorandum of understanding

  C. Business impact analysis

  D. Business partnership agreement

  E. Services level agreement

  Correct Answer: C

• Question 57:

  A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?

  A. Hybrid IaaS solution in a single-tenancy cloud

  B. Pass solution in a multinency cloud

  C. SaaS solution in a community cloud

  D. Private SaaS solution in a single tenancy cloud.

  Correct Answer: D

• Question 58:

  A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.

  A security engineer is concerned about the security of the solution and notes the following:

  1.

  The critical devise send cleartext logs to the aggregator.

  2.

  The log aggregator utilize full disk encryption.

  3.

  The log aggregator sends to the analysis server via port 80.

  4.

  MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.

  5.

  The data is compressed and encrypted prior to being achieved in the cloud.

  Which of the following should be the engineer's GREATEST concern?

  A. Hardware vulnerabilities introduced by the log aggregate server

  B. Network bridging from a remote access VPN

  C. Encryption of data in transit

  D. Multinancy and data remnants in the cloud

  Correct Answer: C

• Question 59:

  A financial institution has several that currently employ the following controls:

  1.

  The severs follow a monthly patching cycle.

  2.

  All changes must go through a change management process.

  3.

  Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.

  4.

  The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.

  An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

  A. Require more than one approver for all change management requests.

  B. Implement file integrity monitoring with automated alerts on the servers.

  C. Disable automatic patch update capabilities on the servers

  D. Enhanced audit logging on the jump servers and ship the logs to the SIEM.

  Correct Answer: B

• Question 60:

  The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:

  1.

  Transaction being requested by unauthorized individuals.

  2.

  Complete discretion regarding client names, account numbers, and investment information.

  3.

  Malicious attackers using email to malware and ransomeware.

  4.

  Exfiltration of sensitive company information.

  The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the boar's concerns for this email migration?

  A. Data loss prevention

  B. Endpoint detection response

  C. SSL VPN

  D. Application whitelisting

  Correct Answer: A