CAS-003 Exam Question 86
An organization has established the following controls matrix:
The following control sets have been defined by the organization and are applied in aggregate fashion:
* Systems containing PII are protected with the minimum control set.
* Systems containing medical data are protected at the moderate level.
* Systems containing cardholder data are protected at the high level.
The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients. Based on the controls classification, which of the following controls would BEST meet these requirements?
The following control sets have been defined by the organization and are applied in aggregate fashion:
* Systems containing PII are protected with the minimum control set.
* Systems containing medical data are protected at the moderate level.
* Systems containing cardholder data are protected at the high level.
The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients. Based on the controls classification, which of the following controls would BEST meet these requirements?
CAS-003 Exam Question 87
A security engineer successfully exploits an application during a penetration test. As proof of the exploit, the security engineer takes screenshots of how data was compromised in the application. Given the information below from the screenshot.
Which of the following tools was MOST likely used to exploit the application?
Which of the following tools was MOST likely used to exploit the application?
CAS-003 Exam Question 88
A company wants to extend its help desk availability beyond business hours. The Chief Information Officer (CIO) decides to augment the help desk with a third-party service that will answer calls and provide Tier 1 problem resolution, such as password resets and remote assistance. The security administrator implements the following firewall change:
The administrator provides the appropriate path and credentials to the third-party company. Which of the following technologies is MOST likely being used to provide access to the third company?
The administrator provides the appropriate path and credentials to the third-party company. Which of the following technologies is MOST likely being used to provide access to the third company?
CAS-003 Exam Question 89
A large enterprise acquires another company which uses antivirus from a different vendor.
The CISO has requested that data feeds from the two different antivirus platforms be combined in a way that allows management to assess and rate the overall effectiveness of antivirus across the entire organization. Which of the following tools can BEST meet the CISO's requirement?
The CISO has requested that data feeds from the two different antivirus platforms be combined in a way that allows management to assess and rate the overall effectiveness of antivirus across the entire organization. Which of the following tools can BEST meet the CISO's requirement?
CAS-003 Exam Question 90
A security administrator must configure the database server shown below to comply with the four requirements listed. Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement. Answer options may be used once or not at all.
