CAS-003 Real Exam Dumps Questions and answers 111-120

Get Full Version of the Exam

Question No.111

Given the following code snippet:


Of which of the following is this snippet an example?

  1. Data execution prevention

  2. Buffer overflow

  3. Failure to use standard libraries

  4. Improper filed usage

  5. Input validation

Correct Answer: D

Question No.112

A ChiefInformation Security Officer (CISO) is reviewing the results of a gap analysis with an outside cybersecurity consultant. The gap analysis reviewed all procedural and technical controls and found the following:




High-impact controls implemented: 6 out of 10 Medium-impact controls implemented: 409 out of 472 Low-impact controls implemented: 97 out of 1000

The report includes a cost-benefit analysis for each control gap. The analysis yielded the following information:


Average high-impact control implementation cost: $15,000; Probable ALE for each high-impact control gap: $95,000


Average medium-impact control implementation cost: $6,250; Probable ALE for each medium- impact control gap: $11,000

Due to the technical construction and configuration of the corporate enterprise, slightly more than 50% of the medium-impact controls will take two years to fully implement. Which of the following conclusions could the CISO draw from the analysis?

  1. Too much emphasis has been placed on eliminating low-risk vulnerabilities in the past

  2. The enterprise security team has focused exclusively on mitigating high-level risks

  3. Because of the significant ALE for each high-risk vulnerability, efforts should be focused on those controls

  4. The cybersecurity team hasbalanced residual risk for both high and medium controls

Correct Answer: C

Question No.113

An engineer is assisting with the design of a new virtualized environment that will house critical company services and reduce the datacenter#39;s physical footprint. The company has expressed concern about the integrity of operating systemsand wants to ensure a vulnerability exploited in one datacenter segment would not lead to the compromise of all others. Which of the following design objectives should the engineer complete to BEST mitigate the company#39;s concerns? (Choose two.)

  1. Deploy virtual desktop infrastructure with an OOB management network

  2. Employ the use of vTPM with boot attestation

  3. Leverage separate physical hardware for sensitive services and data

  4. Use a community CSP with independently managed security services

  5. Deploy to a private cloud with hosted hypervisors on each physical machine

Correct Answer: AC

Question No.114

An organization is currently working with aclient to migrate data between a legacy ERP system and a cloud-based ERP tool using a global PaaS provider. As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements. Which of the following is the MOST likely reason for the need to sanitize the client data?

  1. Data aggregation

  2. Data sovereignty

  3. Data isolation

  4. Data volume

  5. Data analytics

Correct Answer: A

Question No.115

A company monitors the performance of all web servers using WMI. A network administrator informs the security engineer that web servers hosting the company#39;s client-facing portal arerunning slowly today. After some investigation, the security engineer notices a large number of attempts at enumerating host information via SNMP from multiple IP addresses. Which of the following would be the BEST technique for the security engineer to employ in an attempt to prevent reconnaissance activity?

  1. Install a HIPS on the web servers

  2. Disable inbound traffic from offending sources

  3. Disable SNMP on the web servers

  4. Install anti-DDoS protection in the DMZ

Correct Answer: A

Question No.116

A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After invest the new vulnerability, it was determined that the web services providing are being impacted by this new threat. Which of the following data types a MOST likely at risk of exposure based on this new threat? (Select TWO)

  1. Cardholder data

  2. Intellectual property

  3. Personal health information

  4. Employee records

  5. Corporate financialdata

Correct Answer: AC

Question No.117

Click on the exhibit buttons to view the four messages.




A security architect isworking with a project team to deliver an important service that stores and processes customer banking details. The project, internally known as ProjectX, is due to launch its first set of features publicly within a week, but the team has not been able toimplement encryption-at-rest of the customer records. The security architect is drafting an escalation email to

senior leadership. Which of the following BEST conveys the business impact for senior leadership?

  1. Message 1

  2. Message 2

  3. Message 3

  4. Message 4

Correct Answer: D

Question No.118

The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation. The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board meeting. Which of the following would be the BEST methods to prepare this report? (Choose two.)

  1. Review the CVE database for critical exploits over the past year

  2. Use social media to contact industry analysts

  3. Use intelligence gathered from the Internet relay chat channels

  4. Request information from security vendors and government agencies

  5. Perform a penetration test of the competitor#39;s network and share the results with the board

Correct Answer: AD

Question No.119

An organization#39;s network engineering team recently deployed a new software encryption solution to ensure the confidentiality of data at rest, which was found to add 300ms of latency to data

read-write requests in storage, impacting business operations. Which of the following alternative approaches would BEST address performance requirements while meeting the intended security objective?

  1. Employ hardware FDE or SED solutions.

  2. Utilize a more efficientcryptographic hash function.

  3. Replace HDDs with SSD arrays.

  4. Use a FIFO pipe a multithreaded software solution.

Correct Answer: A

Question No.120

A security administrator wants to implement two-factor authentication for network switches androuters. The solution should integrate with the company#39;s RADIUS server, which is used for authentication to the network infrastructure devices. The security administrator implements the following:


An HOTP service is installed on the RADIUS server.


The RADIUS server is configured to require the HOTP service for authentication.

The configuration is successfully tested using a software supplicant and enforced across all network devices. Network administrators report they are unable to log onto the networkdevices because they are not being prompted for the second factor. Which of the following should be implemented to BEST resolve the issue?

  1. Replace the password requirement with the second factor. Network administrators will enter their username and then enter the token in place of their password in the password field.

  2. Configure the RADIUS server to accept the second factor appended to the password. Network administrators will enter a password followed by their token in the password field.

  3. Reconfigure network devices to prompt for username, password, and a token. Network administrators will enter their username and password, and then they will enter the token.

  4. Install a TOTP service on the RADIUS server in addition to the HOTP service. Use the HOTP on older devices that do not support two-factor authentication. Network administrators will use a web portal to log onto these devices.

Correct Answer: B

Get Full Version of CAS-003 Dumps