← Back to exam page

CAS-003 CompTIA Advanced Security Practitioner (CASP) CAS-003

Loading demo links...

Showing 16–18 of 20 questions

Question 16

A Chief Information Security Officer (CISO) is creating a security committee involving multiple business units of the corporation.

Which of the following is the BEST justification to ensure collaboration across business units?

Select an option, then click Submit answer.

  • A risk to one business unit is a risk avoided by all business units, and liberal BYOD policies create new and unexpected avenues for attackers to exploit enterprises.

  • A single point of coordination is required to ensure cybersecurity issues are addressed in protected, compartmentalized groups.

  • Without business unit collaboration, risks introduced by one unit that affect another unit may go without compensating controls.

  • The CISO is uniquely positioned to control the flow of vulnerability information between business units.
Question 17

A hospital is deploying new imaging software that requires a web server for access to images for both local and remote users. The web server allows user authentication via secure LDAP. The information security officer wants to ensure the server does not allow unencrypted access to the imaging server by using Nmap to gather additional information. Given the following:

The imaging server IP is 192.168.101.24.

The domain controller IP is 192.168.100.1. The client machine IP is 192.168.200.37.

Which of the following should be used to confirm this is the only open port on the web server?

Select an option, then click Submit answer.

  • nmap -p 80,443 192.168.101.24

  • nmap -p 80, 443,389,636 192.168.100.1

  • nmap —p 80,389 192.168.200.37

  • nmap -p- 192.168.101.24
Question 18

Company leadership believes employees are experiencing an increased number of cyber attacks; however, the metrics do not show this. Currently, the company uses “Number of successful phishing attacks” as a KRI, but it does not show an increase.

Which of the following additional information should be the Chief Information Security Officer (CISO) include in the report?

Select an option, then click Submit answer.

  • The ratio of phishing emails to non-phishing emails

  • The number of phishing attacks per employee

  • The number of unsuccessful phishing attacks

  • The percent of successful phishing attacks