CAS-003 문제 481
의료 기기 회사는 제조 공장에서 새로운 COTS 안티바이러스 솔루션을 구현하고 있습니다.
검증된 모든 기계 및 기기는 새 소프트웨어와의 상호 운용성을 위해 다시 테스트해야 합니다. 다음 중 소프트웨어와 기기가 설계된 대로 작동하는지 가장 잘 확인하는 것은 무엇입니까?
검증된 모든 기계 및 기기는 새 소프트웨어와의 상호 운용성을 위해 다시 테스트해야 합니다. 다음 중 소프트웨어와 기기가 설계된 대로 작동하는지 가장 잘 확인하는 것은 무엇입니까?
CAS-003 문제 482
An advanced threat emulation engineer is conducting testing against a client's network. The engineer
conducts the testing in as realistic a manner as possible. Consequently, the engineer has been gradually
ramping up the volume of attacks over a long period of time. Which of the following combinations of
techniques would the engineer MOST likely use in this testing? (Choose three.)
conducts the testing in as realistic a manner as possible. Consequently, the engineer has been gradually
ramping up the volume of attacks over a long period of time. Which of the following combinations of
techniques would the engineer MOST likely use in this testing? (Choose three.)
CAS-003 문제 483
An assessor identifies automated methods for identifying security control compliance through validating sensors at the endpoint and at Tier 2. Which of the following practices satisfy continuous monitoring of authorized information systems?
CAS-003 문제 484
The security administrator finds unauthorized tables and records, which were not present before, on a Linux database server. The database server communicates only with one web server, which connects to the database server via an account with SELECT only privileges. Web server logs show the following:
90.76.165.40 - - [08/Mar/2014:10:54:04] "GET calendar.php?create%20table%20hidden HTTP/1.1" 200 5724
90.76.165.40 - - [08/Mar/2014:10:54:05] "GET ../../../root/.bash_history HTTP/1.1" 200 5724
90.76.165.40 - - [08/Mar/2014:10:54:04] "GET index.php?user=<script>Create</script> HTTP/1.1" 200 5724 The security administrator also inspects the following file system locations on the database server using the command 'ls -al /root' drwxrwxrwx 11 root root 4096 Sep 28 22:45 .
drwxr-xr-x 25 root root 4096 Mar 8 09:30 ..
-rws------ 25 root root 4096 Mar 8 09:30 .bash_history
-rw------- 25 root root 4096 Mar 8 09:30 .bash_history
-rw------- 25 root root 4096 Mar 8 09:30 .profile
-rw------- 25 root root 4096 Mar 8 09:30 .ssh
Which of the following attacks was used to compromise the database server and what can the security administrator implement to detect such attacks in the future? (Select TWO).
90.76.165.40 - - [08/Mar/2014:10:54:04] "GET calendar.php?create%20table%20hidden HTTP/1.1" 200 5724
90.76.165.40 - - [08/Mar/2014:10:54:05] "GET ../../../root/.bash_history HTTP/1.1" 200 5724
90.76.165.40 - - [08/Mar/2014:10:54:04] "GET index.php?user=<script>Create</script> HTTP/1.1" 200 5724 The security administrator also inspects the following file system locations on the database server using the command 'ls -al /root' drwxrwxrwx 11 root root 4096 Sep 28 22:45 .
drwxr-xr-x 25 root root 4096 Mar 8 09:30 ..
-rws------ 25 root root 4096 Mar 8 09:30 .bash_history
-rw------- 25 root root 4096 Mar 8 09:30 .bash_history
-rw------- 25 root root 4096 Mar 8 09:30 .profile
-rw------- 25 root root 4096 Mar 8 09:30 .ssh
Which of the following attacks was used to compromise the database server and what can the security administrator implement to detect such attacks in the future? (Select TWO).
CAS-003 문제 485
A government contracting company issues smartphones to employees to enable access to corporate resources. Several employees will need to travel to a foreign country for business purposes and will require access to their phones. However, the company recently received intelligence that its intellectual property is highly desired by the same country's government. Which of the following MDM configurations would BEST reduce the risk of compromise while on foreign soil?