CAS-003 Real Exam Dumps Questions and answers 31-40

Get Full Version of the Exam

Question No.31

An enterprise with global sites processes and exchanges highly sensitive information that is protected under several countries#39; arms trafficking laws. There is newinformation that malicious nation-state-sponsored activities are targeting the use of encryption between the geographically disparate sites. The organization currently employs ECDSA and ECDH with P-384, SHA-384, and AES-256-GCM on VPNs between sites. Whichof the following techniques would MOST likely improve the resilience of the enterprise to attack on cryptographic implementation?

  1. Add a second-layer VPN from a different vendor between sites.

  2. Upgrade the cipher suite to use an authenticated AES mode of operation.

  3. Use a stronger elliptic curve cryptography algorithm.

  4. Implement an IDS with sensors inside (clear-text) and outside (cipher-text) of each tunnel between sites.

  5. Ensure cryptography modules are kept up to date from vendor supplying them.

Correct Answer: C

Question No.32

A security analyst sees some suspicious entries in a log file from a web server website, which has a form that allows customers to leave feedback on the company#39;s products. The analyst believes a malicious actor is scanning the web form. To know which security controls to put in place, the analyst first needs to determine the type of activity occurring to design a control. Given the log below:


Which of the following is the MOST likely type of activity occurring?

  1. SQLinjection

  2. XSS scanning

  3. Fuzzing

  4. Brute forcing

Correct Answer: A

Question No.33

Ann, a member of the finance department at a large corporation, has submitted a suspicious email she received to the information security team. The team was notexpecting an email from Ann, and it contains a PDF file inside a ZIP compressed archive. The information security learn is not sure which files were opened. A security team member uses an air-gapped PC to open the ZIP and PDF, and it appears to be a socialengineering attempt to deliver an exploit. Which of the

following would provide greater insight on the potential impact of this attempted attack?

  1. Run an antivirus scan on the finance PC.

  2. Use a protocol analyzer on the air-gapped PC.

  3. Perform reverse engineering on the document.

  4. Analyze network logs for unusual traffic.

  5. Run a baseline analyzer against the user#39;s computer.

Correct Answer: B

Question No.34

A recent penetration test identified that a web server has a major vulnerability. The web server hosts a critical shipping application for the company and requires 99.99% availability. Attempts to fix the vulnerability would likely break the application. The shipping application is due to be replacedin the next three months. Which of the following would BEST secure the web server until the replacement web server is ready?

  1. Patch management

  2. Antivirus

  3. Application firewall

  4. Spam filters

  5. HIDS

Correct Answer: E

Question No.35

A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline. Which of the following tools should be implemented to detect similar attacks?

  1. Vulnerability scanner

  2. TPM

  3. Host-based firewall

  4. File integrity monitor

  5. NIPS

Correct Answer: CD

Question No.36 has requested a black-box security assessment be performed on key cyber terrain. On area of concern is the company#39;s SMTP services. The security assessor wants to run reconnaissance before taking any additional action and wishes to determine which SMTP server is Internet-facing. Which of the following commands should the assessor use to determine this information?

  1. dnsrecon -d -t SOA

  2. dig mx

  3. nc -v

  4. whois

Correct Answer: A

Question No.37

A security engineer is designing a system in which offshore, outsourced staff can push code from

the development environment to the production environment securely. The security engineer is concerned with data loss,while the business does not want to slow down its development process. Which of the following solutions BEST balances security requirements with business need?

  1. Set up a VDI environment that prevents copying and pasting to the localworkstations of outsourced staff members

  2. Install a client-side VPN on the staff laptops and limit access to the development network

  3. Create an IPSec VPN tunnel from the development network to the office of the outsourced staff

  4. Use online collaboration tools to initiate workstation-sharing sessions with local staff who have access to the development network

Correct Answer: D

Question No.38

The code snippet below controls all electronic door locks to a secure facility in which the doors should only fail open in an emergency. In the code, quot;criticalValuequot; indicates if an emergency is underway:


Which of the following is the BEST course of action for a security analyst to recommend to the software developer?

  1. Rewrite the software to implement fine-grained, conditions-based testing

  2. Add additional exception handling logic to the main program to prevent doors from being opened

  3. Apply for alife-safety-based risk exception allowing secure doors to fail open

  4. Rewrite the software#39;s exception handling routine to fail in a secure state

Correct Answer: B

Question No.39

A company has gone through a round of phishing attacks. More than 200 users have had their workstation infected because they clicked on alink in an email. An incident analysis has determined an executable ran and compromised the administrator account on each workstation. Management is demanding the information security team prevent this from happening again.

Which of the following would BEST prevent this from happening again?

  1. Antivirus

  2. Patch management

  3. Log monitoring

  4. Application whitelisting

  5. Awareness training

Correct Answer: A

Question No.40

An administrator has noticed mobile devices from an adjacent company on the corporate wireless network. Malicious activity is being reported from those devices. To add another layer of security in an enterprise environment, an administrator wants to add contextual authentication to allow users to access enterprise resources only while present in corporate buildings. Which of the following technologies would accomplish this?

  1. Port security

  2. Rogue device detection

  3. Bluetooth

  4. GPS

Correct Answer: D

Get Full Version of CAS-003 Dumps