CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 15)

Page 15 of 137
PDF with 683 Questions

A company is acquiring incident response and forensic assistance from a managed security service provider in the event of a data breach. The company has selected a partner and must now provide required documents to be reviewed and evaluated. Which of the following documents would BEST protect the company and ensure timely assistance? (Choose two.)

  1. RA
  2. BIA
  3. NDA
  4. RFI
  5. RFQ
  6. MSA

Answer(s): C,F



A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes. Which of the following controls would BEST mitigate the identified vulnerability?

  1. Issue digital certificates to all users, including owners of group mailboxes, and require S/MIME with AES- 256.
  2. Federate with an existing PKI provider, and reject all non-signed emails
  3. Implement two-factor email authentication, and require users to hash all email messages upon receipt
  4. Provide digital certificates to all systems, and eliminate the user group or shared mailboxes

Answer(s): A



Which of the following BEST represents a risk associated with merging two enterprises during an acquisition?

  1. The consolidation of two different IT enterprises increases the likelihood of the data loss because there are now two backup systems
  2. Integrating two different IT systems might result in a successful data breach if threat intelligence is not shared between the two enterprises
  3. Merging two enterprise networks could result in an expanded attack surface and could cause outages if trust and permission issues are not handled carefully
  4. Expanding the set of data owners requires an in-depth review of all data classification decisions, impacting availability during the review

Answer(s): C



Two competing companies experienced similar attacks on their networks from various threat actors. To improve response times, the companies wish to share some threat intelligence about the sources and methods of attack. Which of the following business documents would be BEST to document this engagement?

  1. Business partnership agreement
  2. Memorandum of understanding
  3. Service-level agreement
  4. Interconnection security agreement

Answer(s): D


Reference:

https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-47.pdf



Page 15 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote