Free CAS-003 Exam Braindumps (page: 46)

A security manager recently categorized an information system. During the categorization effort, the manager determined the loss of integrity of a specific information type would impact business significantly. Based on this, the security manager recommends the implementation of several solutions. Which of the following, when combined, would BEST mitigate this risk? (Choose two.)

A security analyst is reviewing the following company requirements prior to selecting the appropriate technical control configuration and parameter:

RTO: 2 days
RPO: 36 hours
MTTR: 24 hours
MTBF: 60 days

Which of the following solutions will address the RPO requirements?

A penetration test is being scoped for a set of web services with API endpoints. The APIs will be hosted on existing web application servers. Some of the new APIs will be available to unauthenticated users, but some will only be available to authenticated users. Which of the following tools or activities would the penetration tester MOST likely use or do during the engagement? (Choose two.)

A recent overview of the network’s security and storage applications reveals a large amount of data that needs to be isolated for security reasons. Below are the critical applications and devices configured on the network:

-Firewall
-Core switches
-RM server
-Virtual environment
-NAC solution

The security manager also wants data from all critical applications to be aggregated to correlate events from multiple sources. Which of the following must be configured in certain applications to help ensure data aggregation and data isolation are implemented on the critical applications and devices? (Choose two.)