[Free] 2019(Oct) EnsurePass CompTIA CAS-003 Dumps with VCE and PDF 11-20

Get Full Version of the Exam
http://www.EnsurePass.com/CAS-003.html

Question No.11

A company has entered into a business agreement with abusiness partner for managed human resources services. The Chief Information Security Officer (CISO) has been asked to provide documentation that is required to set up a business-to-business VPN between the two organizations. Which of the following is required in this scenario?

  1. ISA

  2. BIA

  3. SLA

  4. RA

Correct Answer: C

Question No.12

A company has created a policy to allow employees to use their personally owned devices. The Chief Information Officer (CISO) is getting reports of company data appearing on unapproved forums and an increase in theft of personal electronic devices. Which of the following security controls would BEST reduce the risk of exposure?

  1. Disk encryption on the local drive

  2. Grouppolicy to enforce failed login lockout

  3. Multifactor authentication

  4. Implementation of email digital signatures

Correct Answer: A

Question No.13

The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review. Which of the following BEST meets the needs of the board?

  1. KRI:- Compliance with regulations- Backlog of unresolved security investigations- Severity of threats and vulnerabilities reported by sensors- Time to patch critical issues on a monthly basisKPI:- Time to resolve open security items- % of suppliers with approved security control frameworks- EDR coverage across the fleet- Threat landscape rating

  2. KRI:- EDR coverage across the fleet- Backlog of unresolved security investigations- Time to patch critical issues on a monthly basis- Threat landscape ratingKPI:- Time to resolve open security items- Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors

  3. KRI:- EDR coverage across the fleet- % of suppliers with approved security control framework- Backlog of unresolved security investigations- Threat landscape ratingKPI:- Time to resolve open security items- Compliance with regulations- Time to patch critical issues on a monthly basis- Severity of threats and vulnerabilities reported by sensors

  4. KPI:- Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors- Threat landscape ratingKRI:- Time to resolve open security items- Backlog of unresolved security investigations- EDR coverage across the fleet- Time to patch critical issues on a monthly basis

Correct Answer: A

Question No.14

As a result of an acquisition, a new development team is being integrated into the company. The development team has BYOD laptops with IDEs installed, build servers, and code repositories that utilizeSaaS. To have the team up and running effectively, a separate Internet connection has been procured. A stand up has identified the following additional requirements:

  1. Reuse of the existing network infrastructure

  2. Acceptable use policies to be enforced

  3. Protection of sensitive files

  4. Access to the corporate applications

Which of the following solution components should be deployed to BEST meet the requirements? (Select three.)

  1. IPSec VPN

  2. HIDS

  3. Wireless controller

  4. Rights management

  5. SSLVPN

  6. NAC

  7. WAF

  8. Load balancer

Correct Answer: DEF

Question No.15

A systems administrator has installed a disk wiping utility on all computers across the organization and configured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. The company has also instituted a policy that requires users to erase files containing sensitive information when they are no longer needed.

To ensure the process provides the intended results, an auditor reviews the following content from a randomly selected decommissioned hard disk:

image

Which of the following should be included in the auditor#39;s report based in the above findings?

  1. The harddisk contains bad sectors

  2. The disk has been degaussed.

  3. The data represents part of the disk BIOS.

  4. Sensitive data might still be present on the hard drives.

Correct Answer: A

Question No.16

At ameeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company#39;s web servers can be obtained publicly and is not proprietary in any way. The next day the company#39;swebsite is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website. Which of the following is the FIRST action the company should take?

  1. Refer to and followprocedures from the company#39;s incident response plan.

  2. Call a press conference to explain that the company has been hacked.

  3. Establish chain of custody for all systems to which the systems administrator has access.

  4. Conduct a detailed forensic analysis of the compromised system.

  5. Inform the communications and marketing department of the attack details.

Correct Answer: A

Question No.17

A newly hired systems administrator is trying to connect a new and fully updated, but very customized, Android device to access corporate resources. However, the MDM enrollment process continually fails. The administrator asks a security team member to look into the issue. Which of the following is the MOST likely reason the MDM is not allowing enrollment?

  1. The OS version is notcompatible

  2. The OEM is prohibited

  3. The device does not support FDE

  4. The device is rooted

Correct Answer: D

Question No.18

An organization is in the process ofintegrating its operational technology and information technology areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents. The following observations have been identified:

image

The ICS supplier has specified that any software installed will result in lack of support.

image

There is no documented trust boundary defined between the SCADA and corporate networks.

image

Operational technology staff have to manage the SCADA equipment via the engineering workstation.

image

There is a lack of understanding of what is within the SCADA network. Which of the following capabilities would BEST improve the security position?

  1. VNC, router, and HIPS

  2. SIEM, VPN, and firewall

  3. Proxy, VPN, and WAF

  4. IDS, NAC, and log monitoring

Correct Answer: A

Question No.19

The risk subcommittee of a corporate board typically maintains a master register of the most prominent risks to the company. A centralized holistic view of risk is particularlyimportant to the corporate Chief Information Security Officer (CISO) because:

  1. IT systems are maintained in silos to minimize interconnected risks and provide clear risk boundaries used to implement compensating controls

  2. risks introduced by a systemin one business unit can affect other business units in ways in which the individual business units have no awareness

  3. corporate general counsel requires a single system boundary to determine overall corporate risk

    exposure

  4. major risks identified bythe subcommittee merit the prioritized allocation of scare funding to address cybersecurity concerns

Correct Answer: A

Question No.20

The marketing department has developed a new marketing campaign involving significant social media outreach. The campaign includes allowing employees and customers to submit blog posts and pictures of their day-to-day experiences at the company. The information security manager has been asked to provide an informative letter to all participants regarding the security risks and how to avoid privacy and operational security issues. Which of the following is the MOSTimportant information to reference in the letter?

  1. After-action reports from prior incidents.

  2. Social engineering techniques

  3. Company policies and employee NDAs

  4. Data classification processes

Correct Answer: C

Get Full Version of the Exam
CAS-003 Dumps
CAS-003 VCE and PDF

Leave a Reply

Your email address will not be published. Required fields are marked *

Proudly powered by WordPress