A security analyst is tasked to create an executive briefing, which explains the activity and motivation of a cyber adversary. Which of the following is the MOST important content for the brief for management personnel to understand?
A. Unsophisticated agents, organized groups, and nation states
B. Threat actor types, threat actor motivation, and attack tools
C. Threat actor types, threat actor motivation, and the attack impact
D. Threat actor types, attack sophistication, and the anatomy of an attack
正解:C
質問 2:
A security engineer at a bank has detected a Zeus variant, which relies on covert communication channels to receive new instructions and updates from the malware developers. As a result, NIPS and AV systems did not detect the configuration files received by staff in emails that appeared as normal files. Which of the following BEST describes the technique used by the malware developers?
A. Stenography
B. Transport encryption
C. Confusion
D. Perfect forward secrecy
E. Diffusion
正解:A
質問 3:
A healthcare company recently purchased the building next door located on the same campus. The building previously did not have any IT infrastructure. The building manager has selected four potential locations to place IT equipment consisting of a half height open server rack with five switches, a router, a firewall, and two servers. Given the descriptions below, where would the security engineer MOST likely recommend placing the rack?
The Boiler Room: The rack can be placed 5 feet (1.5 meters) up on the wall, between the second and third boiler. The room is locked and only maintenance has access to it.
The Reception AreA.The reception area is an open area right as customers enter. There is a closet 5 feet by 5 feet (1.5 meters by 1.5 meters) that the rack will be placed in with floor mounts. There is a 3 digit PIN lock that the receptionist sets.
The Rehabilitation AreA.The rack needs to be out of the way from patients using the whirlpool bath, so it will be wall mounted 8 feet (2.4 meters) up as the area has high ceilings. The rehab area is staffed full time and admittance is by key card only.
The Finance AreA.There is an unused office in the corner of the area that can be used for the server rack. The rack will be floor mounted. The finance area is locked and alarmed at night.
A. The Finance Area
B. The Reception Area
C. The Rehabilitation Area
D. The Boiler Room
正解:A
質問 4:
A small customer focused bank with implemented least privilege principles, is concerned about the possibility of branch staff unintentionally aiding fraud in their day to day interactions with customers. Bank staff has been encouraged to build friendships with customers to make the banking experience feel more personal. The security and risk team have decided that a policy needs to be implemented across all branches to address the risk. Which of the following BEST addresses the security and risk team's concerns?
A. Awareness training
B. Job rotation
C. Separation of duties
D. Information disclosure policy
正解:A
質問 5:
When attending the latest security conference, an information security administrator noticed only a few people carrying a laptop around. Most other attendees only carried their smartphones.
Which of the following would impact the security of conference's resources?
A. Network security may need to be increased by reducing the number of available physical network jacks.
B. Physical security may need to be increased to deter or prevent theft of mobile devices.
C. Wireless network security may need to be increased to decrease access of mobile devices.
D. Wireless network security may need to be decreased to allow for increased access of mobile devices.
正解:A
質問 6:
Two storage administrators are discussing which SAN configurations will offer the MOST confidentiality. Which of the following configurations would the administrators use? (Select TWO).
A. Zoning
B. Snapshots
C. Deduplication
D. LUN masking
E. Multipathing
正解:A,D
質問 7:
A small company's Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company's security posture with regard to targeted attacks. Which of the following should the CSO conduct FIRST?
A. Conduct an internal audit against industry best practices to perform a gap analysis.
B. Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic.
C. Deploy a UTM solution that receives frequent updates from a trusted industry vendor.
D. Survey threat feeds from analysts inside the same industry.
正解:D
Kawamura -
CAS-001試験は難しいですが、CAS-001試験参考書があるので、私は合格しました。ありがとうございました!