Online Access Free CAS-003 Exam Questions

A security engineer is assessing the controls that are in place to secure the corporate-Internet-facing DNS server. The engineer notices that security ACLs exist but are not being used properly. The DNS server should respond to any source but only provide information about domains it has authority over. Additionally, the DNS administrator have identified some problematic IP addresses that should not be able to make DNS requests. Given the ACLs below:

Which of the following should the security administrator configure to meet the DNS security needs?

• A.Option B
• B.Option A
• C.Option C
• D.Option D

An organization is moving internal core data-processing functions related to customer data to a global public cloud provider that uses aggregated services from other partner organizations. Which of the following compliance issues will MOST likely be introduced as a result of the migration?

• A.Data privacy regulations, data sovereignty, and third-party providers
• B.Data ownership, internal data classification, and risk profiling of outsourcers
• C.Internal data integrity standards and outsourcing contracts and partnerships
• D.Company audit functions, cross-boarding jurisdictional challenges, and export controls

A security engineer is helping the web developers assess a new corporate web application The application will be Internet facing so the engineer makes the following recommendation:
In an htaccess file or the site config add:
or add to the location block:

Which of the following is the security engineer trying to accomplish via cookies? (Select TWO)

• A.Add a sequence ID to the cookie session ID while in transit to prevent CSRF.
• B.Create a temporary space on the user's drive root for ephemeral cookie storage
• C.Ensure session IDs are generated dynamically with each cookie request
• D.Prevent cookies from being transmitted to other domain names
• E.Enforce the use of plain text HTTP transmission with secure local cookie storage
• F.Allow cookie creation or updates only over TLS connections

The Chief Financial Officer (CFO) of a major hospital system has received a ransom letter that demands a large sum of cryptocurrency be transferred to an anonymous account. If the transfer does not take place within ten hours, the letter states that patient information will be released on the dark web. A partial listing of recent patients is included in the letter. This is the first indication that a breach took place. Which of the following steps should be done FIRST?

• A.Engage a counter-hacking team to retrieve the data
• B.Pay the hacker under the condition that all information is destroyed
• C.Notify the appropriate legal authorities and legal counsel
• D.Review audit logs to determine the extent of the breach

The Chief Information Security Officer (CISO) of a power generation facility s concerned about being able to detect missing security updates on the critical infrastructure in use at the facility Most of this critical infrastructure consists of ICS and SCADA systems that are maintained by vendors, and the vendors have warned the CISO that proxying network traffic is likely to cause a DoS condition. Which of the following would be BEST to address the CISO s concerns while keeping the critical systems functional?

• A.Deploying a data diode for internal websites
• B.Configuring the existing SIEM to ingest al log files property
• C.Adjusting Me access rules to use the concept of least privilege
• D.Implementing a passive vulnerability scanning solution
• E.Adding more frequent antivirus and anti-malware signature updates