A Chief Information Security Officer (CISO) has created a survey that will be distributed to managers of mission-critical functions across the organization The survey requires the managers to determine how long their respective units can operate in the event of an extended IT outage before the organization suffers monetary losses from the outage To which of the following is the survey question related? (Select TWO)
A. Risk avoidanceAn organization has been notified of a breach related to its sensitive data The point of compromise is the use of weak encryption algorithms on a web server that provides access to a legacy API The organization had previously decided to
accept the nsk of using weak algorithms due to the cost to continually develop the legacy platform.
Other system owners need to be aware of the increased likelihood of this threat.
Which of the following should be reviewed by the CERT and presented to system owners to ensure a proper nsk analysis is performed?
A. Lessons learnedThe email administrator must reduce the number of phishing emails by utilizing more appropriate security controls The following configurations already are in place
1.
Keyword Mocking based on word lists
2.
URL rewriting and protection
3.
Stopping executable files from messages
Which of the following is the BEST configuration change for the administrator to make?
A. Configure more robust word lists for blocking suspicious emailsGiven the following code snippet:

Of which of the following is this snippet an example?
A. Data execution preventionA project manager is working with system owners to develop maintenance windows for system pathing and upgrades in a cloud-based PaaS environment. Management has indicated one maintenance windows will be authorized per month, but clients have stated they require quarterly maintenance windows to meet their obligations. Which of the following documents should the project manager review?
A. MOUA security engineer is helping the web developers assess a new corporate web application The application will be Internet facing so the engineer makes the following recommendation:
In an htaccess file or the site config add:
or add to the location block:

Which of the following is the security engineer trying to accomplish via cookies? (Select TWO)
A. Ensure session IDs are generated dynamically with each cookie requestAn organization is concerned with potential data loss in the event of a disaster, and created a backup datacenter as a mitigation strategy. The current storage method is a single NAS used by all servers in both datacenters. Which of the following options increases data availability in the event of a datacenter failure?
A. Replicate NAS changes to the tape backups at the other datacenter.Due to a recent breach, the Chief Executive Officer (CEO) has requested the following activities be conducted during incident response planning:
Involve business owners and stakeholders Create an applicable scenario Conduct a biannual verbal review of the incident response plan Report on the lessons learned and gaps identified
Which of the following exercises has the CEO requested?
A. Parallel operationsA server was compromised recently, and two unauthorized daemons were set up to listen for incoming connections. In addition, CPU cycles were being used by an additional unauthorized cron job. Which of the following would have prevented the breach if it was properly configured?
A. Set up log forwarding and utilize a SIEM for centralized management and alerting.An organization is preparing to develop a business continuity plan. The organization is required to meet regulatory requirements relating to confidentiality and availability, which are well-defined. Management has expressed concern following initial meetings that the organization is not fully aware of the requirements associated with the regulations.
Which of the following would be MOST appropriate for the project manager to solicit additional resources for during this phase of the project?
A. After-action reportsNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.