Question: 1
An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the final negotiations, there are a number of outstanding issues, including 1. Indemnity clauses have identified maximum liability 2. The data will be hosted and managed outside of the company’s geographical location The number of users accessing the system will be small, and no sensitive data will be hosted in the solution. As the security consultant on the project, which of the following should the project’s security consultant recommend as the NEXT step?
A. Develop a security exemption, as it does not meet the security policies
B. Mitigate the risk by asking the vendor to accept the in-country privacy principles
C. Require the solution owner to accept the identified risks and consequences
D. Review the entire procurement process to determine the lessons learned
Answer: C
Question: 2
A security administrator is hardening a TrustedSolaris server that processes sensitive data. The data owner has established the following security requirements: The data is for internal consumption only and shall not be distributed to outside individuals The systems administrator should not have access to the data processed by the server The integrity of the kernel image is maintained Which of the following host-based security controls BEST enforce the data owner’s requirements? (Choose three.)
A. SELinux
B. DLP
C. HIDS
D. Host-based firewall
E. Measured boot
F. Data encryption
G. Watermarking
Answer: C,E,F
Question: 3
An SQL database is no longer accessible online due to a recent security breach. An investigation reveals that unauthorized access to the database was possible due to an SQL injection vulnerability. To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two.)
A. Secure storage policies
B. Browser security updates
C. Input validation
D. Web application firewall
E. Secure coding standards
F. Database activity monitoring
Answer: C, F
Question: 4
A company has entered into a business agreement with a business partner for managed human resources services. The Chief Information Security Officer (CISO) has been asked to provide documentation that is required to set up a business-to-business VPN between the two organizations. Which of the following is required in this scenario?
A. ISA
B. BIA
C. SLA
D. RA
Answer: A
Question: 5
A penetration tester has been contracted to conduct a physical assessment of a site. Which of the following is the MOST plausible method of social engineering to be conducted during this engagement?
A. Randomly calling customer employees and posing as a help desk technician requiring user password to resolve issues
B. Posing as a copier service technician and indicating the equipment had “phoned home” to alert the technician for a service call
C. Simulating an illness while at a client location for a sales call and then recovering once listening devices are installed
D. Obtaining fake government credentials and impersonating law enforcement to gain access to a company facility
Answer: A
I have attempted IT exam before but this time I enjoyed my study while preparing from CAS-003 Online Test Engine. I was worried about my preparation but this smart guide filled my head with knowledge about the field which helped me to solve all the questions in the paper. My sincere thanks are for DumpsSure for being so assistive and cooperative. I suggest everyone to use CAS-003 dumps.
ReplyDelete100% SECURE CHECKOUT
DOWNLOAD 100% FREE DEMO
100% MONEY BACK GUARANTEE
24/7 CUSTOMER SUPPORT
Visit: https://www.dumpssure.com
I can say with surety about the success of anyone with CAS-003 dumps. Experts have presented information in the form of questions and answers which are easy to understand. I covered my syllabus within no time and got my desired grades with CAS-003 dumps.
ReplyDeleteMy all the efforts were well directed by the experts who know how papers are arranged for IT candidates. It was a nice experience with CAS-003 Dumps PDF. I felt mature after swallowing the information given in this short study guide. After this wonderful experience PassExam4Sure has my favorite learning platform for IT exam. I say thanks for this expertly help.
ReplyDelete