무료 온라인 액세스 CompTIA.CAS-003.v2022-12-20.q589 모의 시험 (Page 52)

CAS-003 문제 251

IT 환경이 매우 복잡한 대기업에서 내부적으로 관리되는 온프레미스 프록시에서 외부 공급업체가 관리하는 클라우드 기반 프록시 솔루션으로의 전환을 고려하고 있습니다. 현재 프록시는 프록시 뒤에 연결된 모든 직원을 위해 캐싱, 콘텐츠 필터링, 맬웨어 분석 및 URL 분류를 제공합니다.
직원은 회사 네트워크 외부에서 인터넷에 직접 연결합니다. 클라우드 기반 버전의 솔루션은 콘텐츠 필터링, TLS 암호 해독, 맬웨어 분석 및 URL 분류를 제공합니다. 클라우드 솔루션으로 마이그레이션한 후 모든 내부 프록시는 폐기됩니다. 다음 중 회사의 위험 프로필을 가장 많이 변경할 수 있는 것은 무엇입니까?

A. 1. 프록시 구성 및 애플리케이션 데이터 흐름에 관한 내부 지적 지식이 손실될 수 있습니다.
2. 클라우드 게이트웨이의 낮은 복원력으로 인해 인터넷 액세스가 중단될 가능성이 더 커집니다.
3. 라우팅 및 프록시 PAC 파일에 필요한 변경으로 인해 데이터 주권 문제가 발생할 수 있습니다.

B. 1. 외부 공급업체는 인바운드 및 아웃바운드 게이트웨이 트래픽에 액세스할 수 있습니다.
2. 이 서비스는 집에서 일하는 직원을 어느 정도 보호합니다.
3. 하드 코딩된 프록시 정보가 있는 시스템 또는 응용 프로그램의 경우 중단이 발생할 수 있습니다.

C. 1. 로컬 캐싱의 손실은 ISP 요금을 크게 증가시키고 기존 대역폭에 영향을 미칩니다.
2. 클라우드 게이트웨이의 낮은 복원력으로 인해 인터넷 액세스가 중단될 가능성이 더 커집니다.
3. 프록시 구성 및 애플리케이션 데이터 흐름에 관한 내부 지적 지식이 손실될 수 있습니다.

D. 1. 하드 코딩된 프록시 정보가 있는 시스템 또는 응용 프로그램의 경우 중단이 발생할 수 있습니다.
2. 이 서비스는 집에서 일하는 직원들을 어느 정도 보호할 것입니다.
3. 서비스의 제3자 관리로 인해 악성코드 탐지 시간이 감소합니다.

CAS-003 문제 252

The DLP solution has been showing some unidentified encrypted data being sent using FTP to a remote server. A vulnerability scan found a collection of Linux servers that are missing OS level patches. Upon further investigation, a technician notices that there are a few unidentified processes running on a number of the servers. What would be a key FIRST step for the data security team to undertake at this point?

A. Capture process ID data and submit to anti-virus vendor for review.

B. Reboot the Linux servers, check running processes, and install needed patches.

C. Remove a single Linux server from production and place in quarantine.

D. Notify upper management of a security breach.

E. Conduct a bit level image, including RAM, of one or more of the Linux servers.

정답: E

Incident management (IM) is a necessary part of a security program. When effective, it mitigates business impact, identifies weaknesses in controls, and helps fine-tune response processes.
In this question, an attack has been identified and confirmed. When a server is compromised or used to commit a crime, it is often necessary to seize it for forensics analysis. Security teams often face two challenges when trying to remove a physical server from service: retention of potential evidence in volatile storage or removal of a device from a critical business process.
Evidence retention is a problem when the investigator wants to retain RAM content. For example, removing power from a server starts the process of mitigating business impact, but it also denies forensic analysis of data, processes, keys, and possible footprints left by an attacker.
A full a bit level image, including RAM should be taken of one or more of the Linux servers. In many cases, if your environment has been deliberately attacked, you may want to take legal action against the perpetrators. In order to preserve this option, you should gather evidence that can be used against them, even if a decision is ultimately made not to pursue such action. It is extremely important to back up the compromised systems as soon as possible. Back up the systems prior to performing any actions that could affect data integrity on the original media.
Incorrect Answers:
A: Capturing process ID data and submitting it to anti-virus vendor for review would not be the first step. Furthermore, it is unlikely that a virus is the cause of the problem on the LINUX servers. It is much more likely that the missing OS level patches left the systems vulnerable.
B: Rebooting the Linux servers would lose the contents of the running RAM. This may be needed for litigation so a full backup including RAM should be taken first. Then the servers can be cleaned and patched.
C: Removing a single Linux server from production and placing it in quarantine would probably involve powering off the server. Powering off the server would lose the contents of the running RAM. This may be needed for litigation so a full backup including RAM should be taken first.
D: Notifying upper management of a security breach probably should be done after the security breach is contained. You should follow standard incident management procedures first. Reporting on the incident is one of the later steps in the process.
References:
http://whatis.techtarget.com/reference/Five-Steps-to-Incident-Management-in-a-Virtualized-Environment
https://technet.microsoft.com/en-us/library/cc700825.aspx

CAS-003 문제 253

An accountant at a small business is trying to understand the value of a server to determine if the business can afford to buy another server for DR. The risk manager only provided the accountant with the SLE of $24,000, ARO of 20% and the exposure factor of 25%. Which of the following is the correct asset value calculated by the accountant?

A. $4,800

B. $24,000

C. $96,000

D. $120,000

CAS-003 문제 254

Developers are working on anew feature to add to a social media platform. Thew new feature involves users uploading pictures of what they are currently doing. The data privacy officer (DPO) is concerned about various types of abuse that might occur due to this new feature. The DPO state the new feature cannot be released without addressing the physical safety concerns of the platform's users. Which of the following controls would BEST address the DPO's concerns?

A. Notdisplayingto the publicwhouploaded thephoto

B. Addinga one-hourdelay ofalluploadedphotos

C. Removingall metadata in the uploaded photofile

D. ForcingTLSfor allconnectionsontheplatform

E. Increasingblocking optionsavailableto theuploader

CAS-003 문제 255

A company's IT department currently performs traditional patching, and the servers have a significant longevity that may span over five years. A security architect is moving the company toward an immune server architecture in which servers are replaced rather than patched. Instead of having static servers for development, test, and production, the severs will move from environment to environment dynamically.
Which of the following are required to move to this type of architecture? (Select Two.)

A. Forward proxy

B. Netflow

C. Load balancers

D. Automated deployments

E. Network segmentation

다른 버전: 5039CompTIA.CAS-003.v2022-07-04.q589; 2159CompTIA.CAS-003.v2022-05-09.q215

최근 업로드: 108Oracle.1Z0-1160-1.v2025-09-10.q18; 107Oracle.1z0-1054-25.v2025-09-10.q50; 104Cisco.300-710.v2025-09-10.q297; 106VMware.2V0-41.24.v2025-09-10.q104; 152Avaya.78201X.v2025-09-09.q135; 141CompTIA.220-1202.v2025-09-09.q57; 173CheckPoint.156-215.81.v2025-09-09.q391; 205ECCouncil.312-50v13.v2025-09-09.q347; 130Supermicro.SMI300XS.v2025-09-08.q15; 125Oracle.1z0-1104-25.v2025-09-08.q12