BEST CASP+ CAS-003 STUDY GUIDE 2019
Your organization has been working to formally document all of its third-party agreements.
Management contacts you, requesting that you provide access to a document that spells out
exactly the security measures that should be taken with respect to the handling of data exchanged
between your organization and a third party. Which of the following documents should you
provide?
A BYOD
B TCA
C ISO
D SOE Ans: B
Which of the following cloud approaches offers the maximum control over company data?
A public
B private
C hybrid
D composite Ans: B
Which cloud solution can reduce costs to the participating organizations?
A diversified
B hybrid
C community
D private Ans: C
Your company is merging with a larger organization. Which of the following is not a
responsibility of the due diligence team?
A Create a risk profile for all identified risks involved in moving data.
B Ensure that auditors and the compliance team are using different frameworks.
C Define a plan to set and measure security controls at every step of the process.
D Prioritize processes and identify those that require immediate attention. Ans: B
Which of the following outline goals but do not give any specific ways to accomplish the stated
goals?
A rules
B procedures
C policies
,D standards Ans: C
Which of the following refers to responsibilities that an organization has due to partnerships with
other organizations and customers?
A due process
B downstream liability
C due diligence
D indirect costs Ans: B
Which of the following tenets has been satisfied when an organization takes all the actions it can
reasonably take to prevent security issues or to mitigate damage if security breaches occur?
A due care
B due diligence
C due process
D CIA Ans: A
Which of the following is most likely to be affected by the Sarbanes-Oxley (SOX) Act?
A healthcare company
B publicly traded corporation
C federal contracting company
D retail company Ans: B
Which of the following is not an example of de-perimeterization?
A telecommuting
B cloud computing
C BYOD
D three-legged firewall Ans: D
Generally speaking, an increase in security measures in a network is accompanied by what?
A an increase in performance
B an increased ease of use
C a decrease in performance
D a decrease in security Ans: C
organization has recently been the victim of fraud perpetrated by a single employee. After a
thorough analysis has been completed of the event, security experts recommend that security
controls be established to require multiple employees to complete a task. Which control should
you implement, based on the expert recommendations?
A mandatory vacation
B separation of duties
,C least privilege
D continuous monitoring Ans: B
Your company has recently decided to switch Internet service providers. The new provider has
provided a document that lists all the guaranteed performance levels of the new connection.
Which document contains this information?
A SLA
B ISA
C MOU
D IA Ans: A
Your organization has signed a new contract to provide database services to another company.
The partner company has requested that the appropriate privacy protections be in place within
your organization. Which document should be used to ensure data privacy?
A ISA
B IA
C NDA
D PII Ans: C
Your organization has recently undergone major restructuring. During this time, a new chief
security officer (CSO) was hired. He has asked you to make recommendations for the
implementation of organizational security policies. Which of the following should you not
recommend?
A All personnel are required to use their vacation time.
B All personnel should be cross-trained and should rotate to multiple positions throughout the
year.
C All high-level transactions should require a minimum of two personnel to complete.
D The principle of least privilege should be implemented only for all high-level positions. Ans:
D
What is the primary concern of PII?
A availability
B confidentiality
C integrity
D authentication Ans: B
Which of the following is an example of an incident?
A an invalid user account's login attempt
, B account lockout for a single user account
C several invalid password attempts for multiple users
D a user attempting to access a folder to which he does not have access Ans: C
What is the first step of a risk assessment?
A Balance threat impact with countermeasure cost.
B Calculate threat probability and business impact.
C Identify vulnerabilities and threats.
D Identify assets and asset value. Ans: D
During a recent security audit, your organization provided the auditor with an SOA. What was
the purpose of this document?
A to identify the controls chosen by an organization and explain how and why the controls are
appropriate
B to document the performance levels that are guaranteed
C to document risks
D to prevent the disclosure of confidential information Ans: A
Which document requires that a vendor reply with a formal bid proposal?
A RFI
B RFP
C RFQ
D agreement Ans: B
Your company has decided to deploy network access control (NAC) on the enterprise to ensure
that all devices comply with corporate security policies. Which of the following should be done
first?
A Develop the process for NAC.
B Develop the procedures for NAC.
C Develop the policy for NAC.
D Implement NAC. Ans: C
Your organization has been working to formally document all of its third-party agreements.
Management contacts you, requesting that you provide access to a document that spells out
exactly the security measures that should be taken with respect to the handling of data exchanged
between your organization and a third party. Which of the following documents should you
provide?
A BYOD
B TCA
C ISO
D SOE Ans: B
Which of the following cloud approaches offers the maximum control over company data?
A public
B private
C hybrid
D composite Ans: B
Which cloud solution can reduce costs to the participating organizations?
A diversified
B hybrid
C community
D private Ans: C
Your company is merging with a larger organization. Which of the following is not a
responsibility of the due diligence team?
A Create a risk profile for all identified risks involved in moving data.
B Ensure that auditors and the compliance team are using different frameworks.
C Define a plan to set and measure security controls at every step of the process.
D Prioritize processes and identify those that require immediate attention. Ans: B
Which of the following outline goals but do not give any specific ways to accomplish the stated
goals?
A rules
B procedures
C policies
,D standards Ans: C
Which of the following refers to responsibilities that an organization has due to partnerships with
other organizations and customers?
A due process
B downstream liability
C due diligence
D indirect costs Ans: B
Which of the following tenets has been satisfied when an organization takes all the actions it can
reasonably take to prevent security issues or to mitigate damage if security breaches occur?
A due care
B due diligence
C due process
D CIA Ans: A
Which of the following is most likely to be affected by the Sarbanes-Oxley (SOX) Act?
A healthcare company
B publicly traded corporation
C federal contracting company
D retail company Ans: B
Which of the following is not an example of de-perimeterization?
A telecommuting
B cloud computing
C BYOD
D three-legged firewall Ans: D
Generally speaking, an increase in security measures in a network is accompanied by what?
A an increase in performance
B an increased ease of use
C a decrease in performance
D a decrease in security Ans: C
organization has recently been the victim of fraud perpetrated by a single employee. After a
thorough analysis has been completed of the event, security experts recommend that security
controls be established to require multiple employees to complete a task. Which control should
you implement, based on the expert recommendations?
A mandatory vacation
B separation of duties
,C least privilege
D continuous monitoring Ans: B
Your company has recently decided to switch Internet service providers. The new provider has
provided a document that lists all the guaranteed performance levels of the new connection.
Which document contains this information?
A SLA
B ISA
C MOU
D IA Ans: A
Your organization has signed a new contract to provide database services to another company.
The partner company has requested that the appropriate privacy protections be in place within
your organization. Which document should be used to ensure data privacy?
A ISA
B IA
C NDA
D PII Ans: C
Your organization has recently undergone major restructuring. During this time, a new chief
security officer (CSO) was hired. He has asked you to make recommendations for the
implementation of organizational security policies. Which of the following should you not
recommend?
A All personnel are required to use their vacation time.
B All personnel should be cross-trained and should rotate to multiple positions throughout the
year.
C All high-level transactions should require a minimum of two personnel to complete.
D The principle of least privilege should be implemented only for all high-level positions. Ans:
D
What is the primary concern of PII?
A availability
B confidentiality
C integrity
D authentication Ans: B
Which of the following is an example of an incident?
A an invalid user account's login attempt
, B account lockout for a single user account
C several invalid password attempts for multiple users
D a user attempting to access a folder to which he does not have access Ans: C
What is the first step of a risk assessment?
A Balance threat impact with countermeasure cost.
B Calculate threat probability and business impact.
C Identify vulnerabilities and threats.
D Identify assets and asset value. Ans: D
During a recent security audit, your organization provided the auditor with an SOA. What was
the purpose of this document?
A to identify the controls chosen by an organization and explain how and why the controls are
appropriate
B to document the performance levels that are guaranteed
C to document risks
D to prevent the disclosure of confidential information Ans: A
Which document requires that a vendor reply with a formal bid proposal?
A RFI
B RFP
C RFQ
D agreement Ans: B
Your company has decided to deploy network access control (NAC) on the enterprise to ensure
that all devices comply with corporate security policies. Which of the following should be done
first?
A Develop the process for NAC.
B Develop the procedures for NAC.
C Develop the policy for NAC.
D Implement NAC. Ans: C
