Question #:1
A security analyst is inspecting pseudocode of the following multithreaded application:
1. perform daily ETL of data
1.1 validate that yesterday’s data model file exists
1.2 validate that today’s data model file does not exist
1.2 extract yesterday’s data model
1.3 transform the format
1.4 load the transformed data into today’s data model file
1.5 exit
Which of the following security concerns is evident in the above pseudocode?
A.Time of check/time of use
B.Resource exhaustion
C.Improper storage of sensitive data
D.Privilege escalation
Answer: A
Question #:2
A Chief Information Security Officer (CISO) recently changed jobs into a new industry. The CISO’s first task
is to write a new, relevant risk assessment for the organization. Which of the following help to the CISO find
Frelevant risks to the organization? (Choose two.)
A.Perform a penetration test.
B.Conduct a regulatory audit.
C.Hire a third-party consultant.
D.Define the threat model.
E.Review the existing BIA.
F.Perform an attack path analysis.
Answer: C E
Question #:4
A manufacturing company's security engineer is concerned a remote actor may be able to access the ICS that
is used to monitor the factory lines. The security engineer recently proposed some techniques to reduce the
attack surface of the ICS to the Chief Information Security Officer (CISO). Which of the following would
BEST track the reductions to show the CISO the engineer's plan is successful during each phase?
A.Conducting tabletop exercises to evaluate system risk
B.Contracting a third-party auditor after the project is finished
C.Performing pre- and post-implementation penetration tests
D.Running frequent vulnerability scans during the project
Answer: D
Question #:7
A legacy web application, which is being used by a hospital, cannot be upgraded for 12 months. A new
vulnerability is found in the legacy application, and the networking team is tasked with mitigation.
Middleware for mitigation will cost $100,000 per year. Which of the following must be calculated to
determine ROI? (Choose two.)
A. ALE
B. RTO
C. MTBF
D. ARO
E. RPO
Answer: A D
Question #:8
A SaaS-based email service provider often receives reports from legitimate customers that their IP netblocks
are on blacklists and they cannot send email. The SaaS has confirmed that affected customers typically have IP
addresses within broader network ranges and some abusive customers within the same IP ranges may have
performed spam campaigns. Which of the following actions should the SaaS provider perform to minimize
legitimate customer impact?
A. nform the customer that the service provider does not have any control over third-party blacklist
entries. The customer should reach out to the blacklist operator directly
B. Perform a takedown of any customer accounts that have entries on email blacklists because this is a
strong indicator of hostile behavior
C. Work with the legal department and threaten legal action against the blacklist operator if the netblocks
are not removed because this is affecting legitimate traffic
D. Establish relationship with a blacklist operators so broad entries can be replaced with more granular
entries and incorrect entries can be quickly pruned
Answer: D
Question #:9
The security configuration management policy states that all patches must undergo testing procedures before
being moved into production. The sec… analyst notices a single web application server has been downloading
and applying patches during non-business hours without testing. There are no apparent adverse reaction, server
functionality does not seem to be affected, and no malware was found after a scan. Which of the following
action should the analyst take?
A. Reschedule the automated patching to occur during business hours.
B. Monitor the web application service for abnormal bandwidth consumption.
C. Create an incident ticket for anomalous activity.
D. Monitor the web application for service interruptions caused from the patching.
Answer: C
It gives me pleasure to share such a beautiful experience of success with CAS-003 dumps. I owe thanks to Exam4Lead for all the sincere help and support. I prepared for my IT exam with CAS-003 dumps under the supervision of qualified experts.
ReplyDeleteMy all the efforts were well directed by the experts who know how papers are arranged for IT candidates. It was a nice experience with CAS-003 Dumps PDF. I felt mature after swallowing the information given in this short study guide. After this wonderful experience PassExam4Sure has my favorite learning platform for IT exam. I say thanks for this expertly help.
ReplyDelete