CAS-003 Real Exam Dumps Questions and answers 81-90

Get Full Version of the Exam

Question No.81

Two new technical SMB security settings have beenenforced and have also become policies that increase secure communications.

Network Client: Digitally sign communication Network Server: Digitally sign communication

A storage administrator in a remote location with a legacy storage array, which containstime- sensitive data, reports employees can no longer connect to their department shares. Which of the following mitigation strategies should an information security manager recommend to the data owner?

  1. Accept the risk, reverse the settings for the remote location, and have the remote location file a risk exception until the legacy storage device can be upgraded

  2. Accept the risk for the remote location, and reverse the settings indefinitely since the legacy storage device will not be upgraded

  3. Mitigate the risk for the remote location by suggesting a move to a cloud service provider. Have the remote location request an indefinite risk exception for the use of cloud storage

  4. Avoid the risk, leave the settings alone, and decommission the legacy storagedevice

Correct Answer: A

Question No.82

The security configuration management policy states that all patches must undergo testing procedures before being moved into production. The sec… analyst notices a single web application server has been downloading and applying patches during non-business hours without testing. There are no apparent adverse reaction, server functionality does not seem to be affected, and no malware was found after a scan. Which of the following action should the analyst take?

  1. Reschedule the automated patching to occur during business hours.

  2. Monitor the web application service for abnormal bandwidth consumption.

  3. Create an incident ticket for anomalous activity.

  4. Monitor the web application for service interruptions caused from the patching.

Correct Answer: C

Question No.83

An SQL database is no longer accessible online due to a recent security breach. An investigation reveals thatunauthorized access to the database was possible due to an SQL injection vulnerability. To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two.)

  1. Secure storage policies

  2. Browser security updates

  3. Input validation

  4. Web application firewall

  5. Secure coding standards

  6. Database activity monitoring

Correct Answer: CF

Question No.84

A penetration tester is conducting an assessment on and runs the following command from a coffee shop while connected to the public Internet:


Which of the following should the penetration tester conclude about the command output?

  1. The public/private views on the DNS servers are misconfigured

  2. is running an older mail server, which may be vulnerable to exploits

  3. The DNS SPF records have not been updated for

  4. is a backup mail server that may be more vulnerable to attack

Correct Answer: B

Question No.85

A penetration tester has been contracted to conduct a physical assessment of asite. Which of the following is the MOST plausible method of social engineering to be conducted during this engagement?

  1. Randomly calling customer employees and posing as a help desk technician requiring user password to resolve issues

  2. Posing as a copier service technician and indicating the equipment had quot;phoned homequot; to alert the technician for a service call

  3. Simulating an illness while at a client location for a sales call and then recovering once listening devices are installed

  4. Obtaining fake government credentials and impersonating law enforcement to gain access to a company facility

Correct Answer: A

Question No.86

An administrator wants to install a patch to an application.


Given the scenario, download, verify, and install the patch in the most secure manner. The last install that is completed will be the final submission.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.




Correct Answer: See the explanation below.


In this case the second link should be used (This may vary in actual exam). The first link showed the following error so it should not be used.


Also, Two of the link choices used HTTP and not HTTPS as shown when hovering over the links as shown:


Since we need to do this in the most secure manner possible, they should not be used.Finally, the second link was used and the MD5 utility of MD5sum should be used on the install.exe file as shown. Make sure that the hash matches.


Finally, type in install.exe to install it and make sure there are no signature verification errors.

Question No.87

During a security assessment, activities were divided into two phases; internal and external exploitation. The security assessment team set a hard time limit on external activities before moving to a compromised box within the enterprise perimeter. Which of the following methods is theassessment team most likely to employ NEXT?

  1. Pivoting from the compromised, moving laterally through the enterprise, and trying to exfiltrate data and compromise devices.

  2. Conducting a social engineering attack attempt with the goal of accessing the compromised box physically.

  3. Exfiltrating network scans from the compromised box as a precursor to social media reconnaissance

  4. Open-source intelligence gathering to identify the network perimeter and scope to enable further system compromises.

Correct Answer: A

Question No.88

During asecurity event investigation, a junior analyst fails to create an image of a server#39;s hard drive before removing the drive and sending it to the forensics analyst. Later, the evidence from the analysis is not usable in the prosecution of the attackers dueto the uncertainty of tampering. Which of the following should the junior analyst have followed?

  1. Continuity of operations

  2. Chain of custody

  3. Order of volatility

  4. Data recovery

Correct Answer: C

Question No.89

A recent CRM upgrade at a branch office was completed after the desired deadline. Several technical issues were found during the upgrade and need to be discussed in depth before the next branch office is upgraded. Which of the following shouldbe used to identify weak processes and other vulnerabilities?

  1. Gap analysis

  2. Benchmarks and baseline results

  3. Risk assessment

  4. Lessons learned report

Correct Answer: D

Question No.90

A security engineer is attempting to convey the importance of including job rotation in a company#39;s standard security policies. Which of the following would be the BEST justification?

  1. Making employees rotate through jobs ensures succession plans can be implemented and prevents single point of failure.

  2. Forcing different people to perform the same job minimizes the amount of time malicious actions go undetected by forcing malicious actors to attempt collusion between two or more people.

  3. Administrators and engineers who perform multiple job functions throughout the day benefit from being cross-trained in new job areas.

  4. It eliminates the need to share administrative account passwords because employees gain administrative rights as they rotate into a new job area.

Correct Answer: B

Get Full Version of CAS-003 Dumps