CAS-003 Real Exam Dumps Questions and answers 71-80

Get Full Version of the Exam

Question No.71

A systems security engineer is assisting an organization#39;s market survey team in reviewing requirements for an upcoming acquisition of mobile devices. The engineer expresses concerns to the survey team about a particular class of devices that uses a separate SoC for baseband radio I/O. For which of the following reasons is the engineer concerned?

  1. These devices can communicate over networks older than HSPA and LTE standards, exposing device communications to poor encryptions routines

  2. The organization will be unable to restrict the use of NFC, electromagnetic induction, and Bluetooth technologies

  3. The associated firmware is more likely to remain out of date and potentially vulnerable

  4. The manufacturers of the baseband radios are unable to enforce mandatory access controls within their driver set

Correct Answer: B

Question No.72

A technician receives the following security alert from the firewall#39;s automated system:


After reviewing the alert, which of the following is the BEST analysis?

  1. This alert is false positive because DNS is a normalnetwork function.

  2. This alert indicates a user was attempting to bypass security measures using dynamic DNS.

  3. This alert was generated by the SIEM because the user attempted too many invalid login attempts.

  4. This alert indicates an endpoint may be infected and is potentially contacting a suspect host.

Correct Answer: B

Question No.73

A hospital uses a legacy electronic medical record system that requires multicast for traffic between the applicationservers and databases on virtual hosts that support segments of the application. Following a switch upgrade, the electronic medical record is unavailable despite

physical connectivity between the hypervisor and the storage being in place. The network teammust enable multicast traffic to restore access to the electronic medical record. The ISM states that the network team must reduce the footprint of multicast traffic on the network.


Using the above information, on which VLANs should multicast be enabled?

  1. VLAN201, VLAN202, VLAN400

  2. VLAN201, VLAN202, VLAN700

  3. VLAN201, VLAN202, VLAN400, VLAN680, VLAN700

  4. VLAN400, VLAN680, VLAN700

Correct Answer: D

Question No.74

Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatmentstrategies. As part of the CISO#39;s evaluation, a judgment of potential impact based on the identified risk is performed. To prioritize response actions, the CISO uses past experience to take into account the exposure factor as well as the external accessibility of the weakness identified. Which of the following is the CISO performing?

  1. Documentation of lessons learned

  2. Quantitative risk assessment

  3. Qualitative assessment of risk

  4. Business impact scoring

  5. Threat modeling

Correct Answer: B

Question No.75

A security analyst is inspecting pseudocode of the following multithreaded application:

  1. perform daily ETL of data

    1. validate that yesterday#39;s data model file exists

    2. validate that today#39;s data model file does not exist

    1. extract yesterday#39;s data model

    2. transform the format

    3. load the transformed data into today#39;s data model file

    4. exit

Which of the following security concerns is evident in the above pseudocode?

  1. Time of check/time of use

  2. Resource exhaustion

  3. Improper storage of sensitive data

  4. Privilege escalation

Correct Answer: A

Question No.76

An analyst has noticed unusual activities in the SIEM to a .cn domain name. Which of the following should the analyst use toidentify the content of the traffic?

  1. Log review

  2. Service discovery

  3. Packet capture

  4. DNS harvesting

Correct Answer: D

Question No.77

A security analystis reviewing logs and discovers that a company-owned computer issued to an employee is generating many alerts and analyst continues to review the log events and discovers that a non-company-owned device from a different, unknown IP address is general sameevents. The analyst informs the manager of these finding, and the manager explains that these activities are already known and … ongoing simulation. Given this scenario, which of the following roles are the analyst, the employee, and the manager fillings?

  1. The analyst is red team The employee is blue team The manager is white team

  2. The analyst is white team The employee is red team The manager is blue team

  3. The analyst is red team

    The employee is white team Themanager is blue team

  4. The analyst is blue team The employee is red team The manager is white team

Correct Answer: D

Question No.78

An organization has established the following controls matrix:


The following control sets have been defined by the organization and are applied in aggregatefashion:




Systems containing PII are protected with the minimum control set. Systems containing medical data are protected at the moderate level. Systems containing cardholder data are protected at the high level.

The organization is preparing to deploya system that protects the confidentially of a database containing PII and medical data from clients. Based on the controls classification, which of the following controls would BEST meet these requirements?

  1. Proximity card access to the server room, context-based authentication, UPS, and full-disk encryption for the database server.

  2. Cipher lock on the server room door, FDE, surge protector, and static analysis of all application code.

  3. Peer review of all application changes, static analysis of application code, UPS, and penetration testing of the complete system.

  4. Intrusion detection capabilities, network-based IPS, generator, and context-based authentication.

Correct Answer: D

Question No.79

A recent assessment identified that several users#39; mobile devices are running outdated versions of endpoint security software that do not meet the company#39;s security policy. Which of the following should be performed to ensure the users can access the network and meet the company#39;s security requirements?

  1. Vulnerability assessment

  2. Risk assessment

  3. Patch management

  4. Device quarantine

  5. Incident management

Correct Answer: C

Question No.80

A database administrator is required to adhere to and implement privacy principles when executing daily tasks. A manager directs the administrator to reduce the number of unique instances of PII stored within an organization#39;s systems to the greatest extent possible. Which of the following principles is being demonstrated?

  1. Administrator accountability

  2. PII security

  3. Record transparency

  4. Data minimization

Correct Answer: D

Get Full Version of CAS-003 Dumps