Tag - CAS-003 exam

An investigation showed a worm was introduced from an engineer’s laptop. It was determined the company does not provide engineers with company-owned laptops, which would be subject to a company policy and technical controls. Which of the following would be the MOST secure control implement?A . Deploy HIDS on all...

A system owner has requested support from data owners to evaluate options for the disposal of equipment containing sensitive data. Regulatory requirements state the data must be rendered unrecoverable via logical means or physically destroyed. Which of the following factors is the regulation intended to address?A . SovereigntyB . E-wasteC...

A government entity is developing requirements for an RFP to acquire a biometric authentication system. When developing these requirements, which of the following considerations is MOST critical to the verification and validation of the SRTM?A . Local and national laws and regulationsB . Secure software development requirementsC . Environmental constraint...

A system administrator recently conducted a vulnerability scan of the internet. Subsequently, the organization was successfully attacked by an adversary. Which of the following in the MOST likely explanation for why the organization network was compromised?A . There was a false positive since the network was fully patched.B . The...

A company has completed the implementation of technical and management controls as required by its adopted security, ponies and standards. The implementation took two years and consumed s the budget approved to security projects. The board has denied any further requests for additional budget. Which of the following should the...

A cloud architect needs to isolate the most sensitive portion of the network while maintaining hosting in a public cloud. Which of the following configurations can be employed to support this effort?A . Create a single-tenancy security group in the public cloud that hosts only similar types of serversB ....

An agency has implemented a data retention policy that requires tagging data according to type before storing it in the data repository. The policy requires all business emails be automatically deleted after two years. During an open records investigation, information was found on an employee’s work computer concerning a conversation...

An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the...

The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation. The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board...

Which of the following BEST represents a risk associated with merging two enterprises during an acquisition?A . The consolidation of two different IT enterprises increases the likelihood of the data loss because there are now two backup systemsB . Integrating two different IT systems might result in a successful data...