[Q71-Q96] Use Real CAS-003 - 100% Cover Real Exam Questions [Sep-2021]

Use Real CAS-003 - 100% Cover Real Exam Questions [Sep-2021]

Dumps Brief Outline Of The CAS-003 Exam - BraindumpQuiz

NEW QUESTION 71
The following has been discovered in an internally developed application:
Error - Memory allocated but not freed:
char *myBuffer = malloc(BUFFER_SIZE);
if (myBuffer != NULL) {
*myBuffer = STRING_WELCOME_MESSAGE;
printf("Welcome to: %s\n", myBuffer);
}
exit(0);
Which of the following security assessment methods are likely to reveal this security weakness?
(Select TWO).

A. Manual code review
B. Penetration testing
C. Application sandboxing
D. Memory dumping
E. Static code analysis
F. Black box testing

Answer: A,E

Explanation:
A Code review refers to the examination of an application (the new network based software product in this case) that is designed to identify and assess threats to the organization.
Application code review ?whether manual or static will reveal the type of security weakness as shown in the exhibit.

NEW QUESTION 72
A Chief Information Security Officer (CISO) is reviewing the results of a gap analysis with an outside cybersecurity consultant. The gap analysis reviewed all procedural and technical controls and found the following:
* High-impact controls implemented: 6 out of 10
* Medium-impact controls implemented: 409 out of 472
* Low-impact controls implemented: 97 out of 1000
The report includes a cost-benefit analysis for each control gap. The analysis yielded the following information:
* Average high-impact control implementation cost: $15,000; Probable ALE for each high-impact control gap:
$95,000
* Average medium-impact control implementation cost: $6,250; Probable ALE for each medium-impact control gap: $11,000 Due to the technical construction and configuration of the corporate enterprise, slightly more than 50% of the medium-impact controls will take two years to fully implement. Which of the following conclusions could the CISO draw from the analysis?

A. The cybersecurity team has balanced residual risk for both high and medium controls
B. Too much emphasis has been placed on eliminating low-risk vulnerabilities in the past
C. The enterprise security team has focused exclusively on mitigating high-level risks
D. Because of the significant ALE for each high-risk vulnerability, efforts should be focused on those controls

Answer: D

NEW QUESTION 73
A bank is initiating the process of acquiring another smaller bank. Before negotiations happen between the organizations, which of the following business documents would be used as the FIRST step in the process?

A. OLA
B. NDA
C. BPA
D. MOU

Answer: B

NEW QUESTION 74
Drag and drop the cloud deployment model to the associated use-case scenario. Options may be used only once or not at all.

Answer:

Explanation:

NEW QUESTION 75
A developer is reviewing the following transaction logs from a web application:
Username: John Doe
Street name: Main St.
Street number: <script>alert(`test')</alert>
Which of the following code snippets should the developer implement given the above transaction logs?

A. <form name ="form1" action="/submit.php" onsubmit="return validate()" action=POST>
B. if ($input != strcmp($var1, "<>")) {die();}
C. $input=strip_tags(trim($_POST[`var1']));
D. <html><form name="myform" action="www.server.com/php/submit.php action=GET"

Answer: C

Explanation:
It is important to notice that this function (strip_tags), in real life, is not the most adequate to prevent XSS attacks, as seen in PHP manual: "Warning: This function should not be used to try to prevent XSS attacks. Use more appropriate functions like htmlspecialchars() or other means depending on the context of the output.".

NEW QUESTION 76
A security engineer is looking at a DNS server following a known incident. The engineer sees the following command as the most recent entry in the server's shell history:
id ^f=iev/sda of=/dev/sdb
Which of the following MOST likely occurred?

A. The DNS log files were rolled daily as expected
B. The drive was cloned for forensic analysis.
C. The hard drive was formatted after the incident.
D. A tape backup of the server was performed.

Answer: B

NEW QUESTION 77
A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes.
Which of the following controls would BEST mitigate the identified vulnerability?

A. Provide digital certificates to all systems, and eliminate the user group or shared mailboxes
B. Implement two-factor email authentication, and require users to hash all email messages upon receipt
C. Federate with an existing PKI provider, and reject all non-signed emails
D. Issue digital certificates to all users, including owners of group mailboxes, and require S/MIME with AES-
256.

Answer: D

NEW QUESTION 78
IT staff within a company often conduct remote desktop sharing sessions with vendors to troubleshoot vendor product-related issues. Drag and drop the following security controls to match the associated security concern.
Options may be used once or not at all.

Answer:

Explanation:

Explanation

Vendor may accidentally or maliciously make changes to the IT system - Allow view-only access.
With view-only access, the third party can view the desktop but cannot interact with it. In other words, they cannot control the keyboard or mouse to make any changes.
Desktop sharing traffic may be intercepted by network attackers - Use SSL for remote sessions.
SSL (Secure Sockets Layer) encrypts data in transit between computers. If an attacker intercepted the traffic, the data would be encrypted and therefore unreadable to the attacker.
No guarantees that shoulder surfing attacks are not occurring at the vendor - Identified control gap.
Shoulder surfing is where someone else gains information by looking at your computer screen. This should be identified as a risk. A control gap occurs when there are either insufficient or no actions taken to avoid or mitigate a significant risk.
Vendor may inadvertently see confidential material from the company such as email and IMs - Limit desktop session to certain windows.
The easiest way to prevent a third party from viewing your emails and IMs is to close the email and IM application windows for the duration of the desktop sharing session.

NEW QUESTION 79
An architect was recently hired by a power utility to increase the security posture of the company's power generation and distribution sites. Upon review, the architect identifies legacy hardware with highly vulnerable and unsupported software driving critical operations. These systems must exchange data with each other, be highly synchronized, and pull from the Internet time sources. Which of the following architectural decisions would BEST reduce the likelihood of a successful attack without harming operational capability? (Choose two.)

A. Isolate the systems on their own network
B. Upgrade the software on critical systems
C. Configure the systems to use government-hosted NTP servers
D. Employ own stratum-0 and stratum-1 NTP servers
E. Install a firewall and IDS between systems and the LAN

Answer: C,E

NEW QUESTION 80
With which of the following departments should an engineer for a consulting firm coordinate when
determining the control and reporting requirements for storage of sensitive, proprietary customer
information?

A. Financial
B. Legal counsel
C. Human resources
D. Sales

Answer: B

NEW QUESTION 81
Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client and server components of the proprietary web application before launch. Which of the following is the penetration tester MOST likely to use while performing black box testing of the security of the company's purchased application? (Select TWO).

A. Fuzzer
B. Code review
C. Local proxy
D. Port scanner
E. Sandbox

Answer: A,C

Explanation:
Explanation
C: Local proxy will work by proxying traffic between the web client and the web server. This is a tool that can be put to good effect in this case.
D: Fuzzing is another form of blackbox testing and works by feeding a program multiple input iterations that are specially written to trigger an internal error that might indicate a bug and crash it.

NEW QUESTION 82
An organization is reviewing endpoint security solutions. In evaluating products, the organization has the following requirements:
* Support server, laptop, and desktop infrastructure
* Due to limited security resources, implement active protection capabilities
* Provide users with the ability to self-service classify information and apply policies
* Protect data-at-rest and data-in-use
Which of the following endpoint capabilities would BEST meet the above requirements? (Select two.)

A. Endpoint detect and respond
B. Rights management
C. Application whitelisting
D. Data loss prevention
E. Log monitoring
F. Antivirus

Answer: A,F

NEW QUESTION 83
An engineer is evaluating the control profile to assign to a system containing PII, financial, and proprietary data.

Based on the data classification table above, which of the following BEST describes the overall classification?

A. High confidentiality, medium availability
B. High confidentiality, high availability
C. High integrity, low availability
D. Low availability, low confidentiality

Answer: A

NEW QUESTION 84
A forensics analyst suspects that a breach has occurred. Security logs show the company's OS patch system may be compromised, and it is serving patches that contain a zero-day exploit and backdoor. The analyst extracts an executable file from a packet capture of communication between a client computer and the patch server. Which of the following should the analyst use to confirm this suspicion?

A. Checksums
B. File size
C. Anti-malware software
D. Sandboxing
E. Digital signature

Answer: E

Explanation:
Section: (none)

NEW QUESTION 85
A company wants to extend its help desk availability beyond business hours. The Chief Information Officer (CIO) decides to augment the help desk with a third-party service that will answer calls and provide Tier 1 problem resolution, such as password resets and remote assistance. The security administrator implements the following firewall change:

The administrator provides the appropriate path and credentials to the third-party company. Which of the following technologies is MOST likely being used to provide access to the third company?

A. LDAP
B. WAYF
C. RADIUS
D. SAML
E. OpenID

Answer: C

NEW QUESTION 86
An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions. Which of the following types of information could be drawn from such participation?

A. Risk metrics
B. Vulnerability data
C. Threat intelligence
D. Exploit frameworks
E. Threat modeling
F. Risk assessment

Answer: D

NEW QUESTION 87
During an incident involving the company main database, a team of forensics experts is hired to respond to the breach. The team is in charge of collecting forensics evidence from the company's database server. Which of the following is the correct order in which the forensics team should engage?

A. Take inventory, secure the scene, capture RAM, capture hard drive, implement chain of custody, document, and analyze the data.
B. Implement chain of custody, take inventory, secure the scene, capture volatile and non-volatile storage, and document the findings.
C. Notify senior management, secure the scene, capture volatile storage, capture non-volatile storage, implement chain of custody, and analyze original media.
D. Secure the scene, take inventory, capture volatile storage, capture non-volatile storage, document, and implement chain of custody.

Answer: D

Explanation:
Explanation
The scene has to be secured first to prevent contamination. Once a forensic copy has been created, an analyst will begin the process of moving from most volatile to least volatile information. The chain of custody helps to protect the integrity and reliability of the evidence by keeping an evidence log that shows all access to evidence, from collection to appearance in court.

NEW QUESTION 88
Given the code snippet below:

Which of the following vulnerability types in the MOST concerning?

A. Hardcoded usernames with different code paths taken depend on which user is entered.
B. Buffer overflow in the username parameter could lead to a memory corruption vulnerability.
C. Format string vulnerability is present for admin users but not for standard users.
D. Only short usernames are supported, which could result in brute forcing of credentials.

Answer: B

NEW QUESTION 89
A recent overview of the network's security and storage applications reveals a large amount of data that
needs to be isolated for security reasons. Below are the critical applications and devices configured on the
network:
Firewall

Core switches

RM server

Virtual environment

NAC solution

The security manager also wants data from all critical applications to be aggregated to correlate events
from multiple sources. Which of the following must be configured in certain applications to help ensure data
aggregation and data isolation are implemented on the critical applications and devices? (Select TWO).

A. Routing tables
B. Data remanants
C. Zones
D. NIC teaming
E. Log forwarding
F. Port aggregation

Answer: B,C

NEW QUESTION 90
An engineer wants to assess the OS security configurations on a company's servers. The engineer has downloaded some files to orchestrate configuration checks When the engineer opens a file in a text editor, the following excerpt appears:

Which of the following capabilities would a configuration compliance checker need to support to interpret this file?

A. Swagger file
B. SCAP
C. Nessus
D. WSDL
E. Netcat

Answer: C

NEW QUESTION 91
News outlets are beginning to report on a number of retail establishments that are experiencing payment card data breaches. The data exfiltration is enabled by malware on a compromised computer. After the initial exploit, network mapping and fingerprinting is conducted to prepare for further exploitation. Which of the following is the MOST effective solution to protect against unrecognized malware infections?

A. Remove local admin permissions from all users and change anti-virus to a cloud aware, push technology.
B. Deploy a network based heuristic IDS, configure all layer 3 switches to feed data to the IDS for more effective monitoring.
C. Implement an application whitelist at all levels of the organization.
D. Update router configuration to pass all network traffic through a new proxy server with advanced malware detection.

Answer: C

Explanation:
In essence a whitelist screening will ensure that only acceptable applications are passed / or granted access.

NEW QUESTION 92
A network administrator is concerned about a particular server that is attacked occasionally from hosts on the Internet. The server is not critical; however, the attacks impact the rest of the network. While the company's current ISP is cost effective, the ISP is slow to respond to reported issues. The administrator needs to be able to mitigate the effects of an attack immediately without opening a trouble ticket with the ISP. The ISP is willing to accept a very small network route advertised with a particular BGP community string. Which of the following is the BESRT way for the administrator to mitigate the effects of these attacks?

A. Use the route protection offered by the ISP to accept only BGP routes from trusted hosts on the Internet, which will discard traffic from attacking hosts.
B. Work with the ISP and subscribe to an IPS filter that can recognize the attack patterns of the attacking hosts, and block those hosts at the local IPS device.
C. Advertise a /32 route to the ISP to initiate a remotely triggered black hole, which will discard traffic destined to the problem server at the upstream provider.
D. Add a redundant connection to a second local ISP, so a redundant connection is available for use if the server is being attacked on one connection.

Answer: C

NEW QUESTION 93
As a result of an acquisition, a new development team is being integrated into the company. The development team has BYOD laptops with IDEs installed, build servers, and code repositories that utilize SaaS. To have the team up and running effectively, a separate Internet connection has been procured. A stand up has identified the following additional requirements:
1. Reuse of the existing network infrastructure
2. Acceptable use policies to be enforced
3. Protection of sensitive files
4. Access to the corporate applications
Which of the following solution components should be deployed to BEST meet the requirements? (Select three.)

A. WAF
B. Wireless controller
C. NAC
D. IPSec VPN
E. Load balancer
F. HIDS
G. SSL VPN
H. Rights management

Answer: C,G,H

NEW QUESTION 94
The Chief Information Security Officer (CISO) at a large organization has been reviewing some security-related incidents at the organization and comparing them to current industry trends. The desktop security engineer feels that the use of USB storage devices on office computers has contributed to the frequency of security incidents. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Every user receives a popup warning about this policy upon login. The SIEM system produces a report of USB violations on a monthly basis; yet violations continue to occur.
Which of the following preventative controls would MOST effectively mitigate the logical risks associated with the use of USB storage devices?

A. Implement group policy objects
B. Increase the frequency and distribution of the USB violations report
C. Revise the corporate policy to include possible termination as a result of violations
D. Deploy PKI to add non-repudiation to login sessions so offenders cannot deny the offense

Answer: A

Explanation:
A Group Policy Object (GPO) can apply a common group of settings to all computers in Windows domain.
One GPO setting under the Removable Storage Access node is: All removable storage classes: Deny all access.
This setting can be applied to all computers in the network and will disable all USB storage devices on the computers.

NEW QUESTION 95
A security administrator must configure the database server shown below the comply with the four requirements listed. Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement. Answer options may be used once or not at all.