2020/January New Braindump2go CAS-003 Exam Dumps with PDF and VCE Free Updated Today! Following are some new CAS-003 ExamnQuestions,
Some mobile devices are jail-broken by connecting via USB cable and then exploiting software vulnerabilities to get kernel-level access.
Which of the following attack types represents this scenario? (Select TWO).
A. Session management attack
B. Protocol fuzzing
C. Root-kit compromise
D. Physical attack
E. Privilege escalation
The Chief Information Security Officer (CISO) regularly receives reports of a single department repeatedly violating the corporate security policy.
The head of the department in question informs the CISO that the offending behaviors are a result of necessary business activities.
The CISO assigns a junior security administrator to solve the issue.
Which of the following is the BEST course of action for the junior security administrator to take?
A. Work with the department head to find an acceptable way to change the business needs so
the department no longer violates the corporate security policy.
B. Draft an RFP for the purchase of a COTS product or consulting services to solve the
problem through implementation of technical controls.
C. Work with the CISO and department head to create an SLA specifying the response times
of the IT security department when incidents are reported.
D. Draft an MOU for the department head and CISO to approve, documenting the limits of the necessary behavior, and actions to be taken by both teams.
A university Chief Information Security Officer is analyzing various solutions for a new project involving the upgrade of the network infrastructure within the campus.
The campus has several dorms (two-four person rooms) and administrative buildings.
The network is currently setup to provide only two network ports in each dorm room and ten network ports per classroom.
Only administrative buildings provide 2.4 GHz wireless coverage.
The following three goals must be met after the new implementation:
1. Provide all users (including students in their dorms) connections to the Internet.
2. Provide IT department with the ability to make changes to the network environment to improve performance.
3. Provide high speed connections wherever possible all throughout campus including sporting event areas.
Which of the following risk responses would MOST likely be used to reduce the risk of network outages and financial expenditures while still meeting each of the goals stated above?
A. Avoid any risk of network outages by providing additional wired connections to each user
and increasing the number of data ports throughout the campus.
B. Transfer the risk of network outages by hiring a third party to survey, implement and manage
a 5.0 GHz wireless network.
C. Accept the risk of possible network outages and implement a WLAN solution to provide
complete 5.0 GHz coverage in each building that can be managed centrally on campus.
D. Mitigate the risk of network outages by implementing SOHO WiFi coverage throughout the
dorms and upgrading only the administrative buildings to 5.0 GHz coverage using a one for
one AP replacement.
In a SPML exchange, which of the following BEST describes the three primary roles?
A. The Provisioning Service Target (PST) entity makes the provisioning request, the
Provisioning Service Provider (PSP) responds to the PST requests, and the Provisioning
Service Target (PST) performs the provisioning.
B. The Provisioning Service Provider (PSP) entity makes the provisioning request, the
Provisioning Service Target (PST) responds to the PSP requests, and the Provisioning
Service Provider (PSP) performs the provisioning.
C. The Request Authority (RA) entity makes the provisioning request, the Provisioning Service Target (PST) responds to the RA requests, and the Provisioning Service Provider (PSP)
performs the provisioning.
D. The Request Authority (RA) entity makes the provisioning request, the Provisioning
Service Provider (PSP) responds to the RA requests, and the Provisioning Service Target
(PST) performs the provisioning.
The security administrator has just installed an active\passive cluster of two firewalls for enterprise perimeter defense of the corporate network.
Stateful firewall inspection is being used in the firewall implementation.
There have been numerous reports of dropped connections with external clients.
Which of the following is MOST likely the cause of this problem?
A. TCP sessions are traversing one firewall and return traffic is being sent through the
secondary firewall and sessions are being dropped.
B. TCP and UDP sessions are being balanced across both firewalls and connections are
being dropped because the session IDs are not recognized by the secondary firewall.
C. Prioritize UDP traffic and associated stateful UDP session information is traversing the
passive firewall causing the connections to be dropped.
D. The firewall administrator connected a dedicated communication cable between the firewalls
in order to share a single state table across the cluster causing the sessions to be dropped.
Which of the following types of attacks is the user attempting?
select id, firstname, lastname from authors
User input= firstname= Hack;man
A. XML injection
B. Command injection
C. Cross-site scripting
D. SQL injection
The code in the question is SQL code. The attack is a SQL injection attack.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department.
Which of the following represents the correct order of the investigation process?
A. Collection, Identification, Preservation, Examination, Analysis, Presentation.
B. Identification, Preservation, Collection, Examination, Analysis, Presentation.
C. Collection, Preservation, Examination, Identification, Analysis, Presentation.
D. Identification, Examination, Preservation, Collection, Analysis, Presentation.
A system administrator has a responsibility to maintain the security of the video teleconferencing system.
During a self-audit of the video teleconferencing room, the administrator notices that speakers and microphones are hard-wired and wireless enabled.
Which of the following security concerns should the system administrator have about the existing technology in the room?
A. Wired transmissions could be intercepted by remote users.
B. Bluetooth speakers could cause RF emanation concerns.
C. Bluetooth is an unsecure communication channel.
D. Wireless transmission causes interference with the video signal.
A large organization that builds and configures every data center against distinct requirements loses efficiency, which results in slow response time to resolve issues.
However, total uniformity presents other problems.
Which of the following presents the GREATEST risk when consolidating to a single vendor or design solution?
A. Competitors gain an advantage by increasing their service offerings.
B. Vendor lock in may prevent negotiation of lower rates or prices.
C. Design constraints violate the principle of open design.
D. Lack of diversity increases the impact of specific events or attacks.
A security engineer at a software development company has identified several vulnerabilities in a product late in the development cycle.
This causes a huge delay for the release of the product.
Which of the following should the administrator do to prevent these issues from occurring in the future?
A. Recommend switching to an SDLC methodology and perform security testing during each maintenance iteration
B. Recommend switching to a spiral software development model and perform security testing during the requirements gathering
C. Recommend switching to a waterfall development methodology and perform security testing during the testing phase
D. Recommend switching to an agile development methodology and perform security testing
The manager of the firewall team is getting complaints from various IT teams that firewall changes are causing issues.
Which of the following should the manager recommend to BEST address these issues?
A. Set up a weekly review for relevant teams to discuss upcoming changes likely to have a
B. Update the change request form so that requesting teams can provide additional details
about the requested changes.
C. Require every new firewall rule go through a secondary firewall administrator for review
before pushing the firewall policy.
D. Require the firewall team to verify the change with the requesting team before pushing the updated firewall policy.
An asset manager is struggling with the best way to reduce the time required to perform asset location activities in a large warehouse.
A project manager indicated that RFID might be a valid solution if the asset manager’s requirements were supported by current RFID capabilities.
Which of the following requirements would be MOST difficult for the asset manager to implement?
A. The ability to encrypt RFID data in transmission
B. The ability to integrate environmental sensors into the RFID tag
C. The ability to track assets in real time as they move throughout the facility
D. The ability to assign RFID tags a unique identifier
1.|2020 Latest Braindump2go CAS-003 Exam Dumps (PDF & VCE) Instant Download:
2.|2020 Latest Braindump2go CAS-003 Exam Questions & Answers Instant Download: