The DLP solution has been showing some unidentified encrypted data being sent using FTP to a remote server. A vulnerability scan found a collection of Linux servers that are missing OS level patches. Upon further investigation, a technician notices that there are a few unidentified processes running on a number of the servers. What would be a key FIRST step for the data security team to undertake at this point?
A. Capture process ID data and submit to anti-virus vendor for review.An organization is attempting to harden its web servers and reduce the information that might be disclosed by potential attackers. A security anal... reviewing vulnerability scan result from a recent web server scan. Portions of the scan results are shown below: Finding# 5144322 First time detected 10 nov 2015 09:00 GMT_0600 Last time detected 10 nov 2015 09:00 GMT_0600 CVSS base: 5 Access path: http://myorg.com/mailinglist.htm Request: GET http://mailinglist.aspx?content=volunteer Response: C:\Docments\MarySmith\malinglist.pdf Which of the following lines indicates information disclosure about the host that needs to be remediated?
A. Response: C:\Docments\marysmith\malinglist.pdfAn organization wants to allow its employees to receive corporate email on their own smartphones. A security analyst is reviewing the following information contained within the file system of an employee's smartphone:
1.
FamilyPix.jpg
2.
Taxreturn.tax
3.
paystub.pdf
4.
employeesinfo.xls
5.
SoccerSchedule.doc
6.
RecruitmentPlan.xls
Based on the above findings, which of the following should the organization implement to prevent further exposure? (Select two).
A. Remote wipingAn investigator wants to collect the most volatile data first in an incident to preserve the data that runs the highest risk of being lost. After memory, which of the following BEST represents the remaining order of volatility that the investigator should follow?
A. File system information, swap files, network processes, system processes and raw disk blocks.A product manager is concerned about the unintentional sharing of the company's intellectual property through employees' use of social media. Which of the following would BEST mitigate this risk?
A. Virtual desktop environmentA risk manager has decided to use likelihood and consequence to determine the risk of an event occurring to a company asset. Which of the following is a limitation of this approach to risk management?
A. Subjective and based on an individual's experience.A consultant is planning an assessment of a customer-developed system. The system consists of a custom-engineered board with modified open-source drivers and a one-off management GUI The system relies on two- factor authentication for interactive sessions, employs strong certificate-based data-in-transit encryption, and randomly switches ports for each session. Which of the following would yield the MOST useful information?
A. Password crackerThe Chief Executive Officer (CEO) of a fast-growing company no longer knows all the employees and is concerned about the company's intellectual property being stolen by an employee. Employees are allowed to work remotely with flexible hours, creating unpredictable schedules. Roles are poorly defined due to frequent shifting needs across the company. Which of the following new initiatives by the information security team would BEST secure the company and mitigate the CEO's concerns?
A. Begin simulated phishing campaigns for employees and follow up with additional security awareness training.Given the code snippet below:

Which of the following vulnerability types in the MOST concerning?
A. Only short usernames are supported, which could result in brute forcing of credentials.An organization is currently working with a client to migrate data between a legacy ERP system and a cloud-based ERP tool using a global PaaS provider. As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements. Which of the following is the MOST likely reason for the need to sanitize the client data? (Choose two.)
A. Data aggregationNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.