CAS-003 문제 61
Click on the exhibit buttons to view the four messages.
A security architect is working with a project team to deliver an important service that stores and processes customer banking details. The project, internally known as ProjectX, is due to launch its first set of features publicly within a week, but the team has not been able to implement encryption-at-rest of the customer records. The security architect is drafting an escalation email to senior leadership.
Which of the following BEST conveys the business impact for senior leadership?
A security architect is working with a project team to deliver an important service that stores and processes customer banking details. The project, internally known as ProjectX, is due to launch its first set of features publicly within a week, but the team has not been able to implement encryption-at-rest of the customer records. The security architect is drafting an escalation email to senior leadership.
Which of the following BEST conveys the business impact for senior leadership?
CAS-003 문제 62
Ann, a member of the finance department at a large corporation, has submitted a suspicious email she received to the information security team. The team was not expecting an email from Ann, and it contains a PDF file inside a ZIP compressed archive. The information security team is not sure which files were opened. A security team member uses an air-gapped PC to open the ZIP and PDF, and it appears to be a social engineering attempt to deliver an exploit.
Which of the following would provide greater insight on the potential impact of this attempted attack?
Which of the following would provide greater insight on the potential impact of this attempted attack?
CAS-003 문제 63
As part of the asset management life cycle, a company engages a certified equipment disposal vendor to appropriately recycle and destroy company assets that are no longer in use. As part of the company's vendor due diligence, which of the following would be MOST important to obtain from the vendor?
CAS-003 문제 64
A company is implementing a new secure identity application, given the following requirements
* The cryptographic secrets used in the application must never be exposed to users or the OS
* The application must work on mobile devices.
* The application must work with the company's badge reader system
Which of the following mobile device specifications are required for this design? (Select TWO).
* The cryptographic secrets used in the application must never be exposed to users or the OS
* The application must work on mobile devices.
* The application must work with the company's badge reader system
Which of the following mobile device specifications are required for this design? (Select TWO).
CAS-003 문제 65
A system engineer is reviewing output from a web application vulnerability scan. The engineer has determined data is entering the application from an untrusted source and is being used to construct a query dynamically.
Which of the following code snippets would BEST protect the application against an SQL injection attack?
A)
B)
C)
D)
Which of the following code snippets would BEST protect the application against an SQL injection attack?
A)
B)
C)
D)