CAS-003 문제 276
소프트웨어 개발 팀은 COTS 솔루션을 사용하여 내부적으로 개발된 웹 애플리케이션의 기능 및 사용자 승인 테스트를 수행하고 있습니다. 자동화된 테스트를 위해 솔루션은 엔터프라이즈 디렉토리의 유효한 사용자 자격 증명을 사용하여 각 애플리케이션을 인증합니다. 이 솔루션은 사용자 이름을 일반 텍스트로 저장하고 해당 암호를 전역적으로 액세스 가능한 네트워크 공유에 있는 파일 내의 스크립트에 인코딩된 문자열로 저장합니다. 사용된 계정 자격 증명은 개발 팀 리더에게 속합니다. 진행 중인 테스트의 중단을 최소화하면서 이 시나리오와 관련된 위험을 줄이려면 다음 중 취해야 할 가장 좋은 조치는 무엇입니까? (2개를 선택하세요.)
CAS-003 문제 277
A security administrator wants to implement two-factor authentication for network switches and routers. The solution should integrate with the company's RADIUS server, which is used for authentication to the network infrastructure devices. The security administrator implements the following:
* An HOTP service is installed on the RADIUS server.
* The RADIUS server is configured to require the HOTP service for authentication.
The configuration is successfully tested using a software supplicant and enforced across all network devices. Network administrators report they are unable to log onto the network devices because they are not being prompted for the second factor.
Which of the following should be implemented to BEST resolve the issue?
* An HOTP service is installed on the RADIUS server.
* The RADIUS server is configured to require the HOTP service for authentication.
The configuration is successfully tested using a software supplicant and enforced across all network devices. Network administrators report they are unable to log onto the network devices because they are not being prompted for the second factor.
Which of the following should be implemented to BEST resolve the issue?
CAS-003 문제 278
The network administrator at an enterprise reported a large data leak. One compromised server was used to aggregate data from several critical application servers and send it out to the Internet using HTTPS. Upon investigation, there have been no user logins over the previous week and the endpoint protection software is not reporting any issues. Which of the following BEST provides insight into where the compromised server collected the information?
CAS-003 문제 279
An organization based in the United States is planning to expand its operations into the European market later in the year Legal counsel is exploring the additional requirements that must be established as a result of the expansion. The BEST course of action would be to
CAS-003 문제 280
A system owner has requested support from data owners to evaluate options for the disposal of equipment containing sensitive data. Regulatory requirements state the data must be rendered unrecoverable via logical means or physically destroyed. Which of the following factors is the regulation intended to address?