CAS-003 문제 361
The director of sales asked the development team for some small changesto increase the usability of an application used by the sales team. Prior security reviews of the code showed no significant vulnerabilities, and since the changes were small, they were given a peer review and then pushed to the live environment.
Subsequent vulnerability scans now show numerous flaws that were not present in the previous versions of the code. Which of the following is an SDLC best practice that should have been followed?
Subsequent vulnerability scans now show numerous flaws that were not present in the previous versions of the code. Which of the following is an SDLC best practice that should have been followed?
CAS-003 문제 362
Company policy requires that all company laptops meet the following baseline requirements:
Software requirements:
Antivirus
Anti-malware
Anti-spyware
Log monitoring
Full-disk encryption
Terminal services enabled for RDP
Administrative access for local users
Hardware restrictions:
Bluetooth disabled
FireWire disabled
WiFi adapter disabled
Ann, a web developer, reports performance issues with her laptop and is not able to access any network resources. After further investigation, a bootkit was discovered and it was trying to access external websites.
Which of the following hardening techniques should be applied to mitigate this specific issue from reoccurring? (Select TWO).
Software requirements:
Antivirus
Anti-malware
Anti-spyware
Log monitoring
Full-disk encryption
Terminal services enabled for RDP
Administrative access for local users
Hardware restrictions:
Bluetooth disabled
FireWire disabled
WiFi adapter disabled
Ann, a web developer, reports performance issues with her laptop and is not able to access any network resources. After further investigation, a bootkit was discovered and it was trying to access external websites.
Which of the following hardening techniques should be applied to mitigate this specific issue from reoccurring? (Select TWO).
CAS-003 문제 363
법의학 분석가는 위반이 발생했다고 의심합니다. 보안 로그에 따르면 회사의 OS 패치 시스템이 손상되었을 수 있으며 제로 데이 익스플로잇 및 백도어가 포함된 패치를 제공하고 있습니다. 분석가는 클라이언트 컴퓨터와 패치 서버 간의 통신 패킷 캡처에서 실행 파일을 추출합니다. 다음 중 이 의심을 확인하기 위해 분석가는 무엇을 사용해야 합니까?
CAS-003 문제 364
An organization is in the process of integrating its operational technology and information technology areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents. The following observations have been identified:
* The ICS supplier has specified that any software installed will result in lack of support.
* There is no documented trust boundary defined between the SCADA and
corporate networks.
* Operational technology staff have to manage the SCADA equipment via
the engineering workstation.
* There is a lack of understanding of what is within the SCADA network.
Which of the following capabilities would BEST improve the security position?
* The ICS supplier has specified that any software installed will result in lack of support.
* There is no documented trust boundary defined between the SCADA and
corporate networks.
* Operational technology staff have to manage the SCADA equipment via
the engineering workstation.
* There is a lack of understanding of what is within the SCADA network.
Which of the following capabilities would BEST improve the security position?
CAS-003 문제 365
During the decommissioning phase of a hardware project, a security administrator is tasked with ensuring no sensitive data is released inadvertently. All paper records are scheduled to be shredded in a crosscut shredded, and the waste will be burned. The system drives and removable media have been removed prior to e-cycling the hardware.
Which of the following would ensure no data is recovered from the system droves once they are disposed of?
Which of the following would ensure no data is recovered from the system droves once they are disposed of?