CAS-003 Exam Dumps | A Chief Information Security Officer (CISO) is reviewing the results of a gap analysis with an outside

<< Prev Question

Question 200/200

A Chief Information Security Officer (CISO) is reviewing the results of a gap analysis with an outside cybersecurity consultant. The gap analysis reviewed all procedural and technical controls and found the following:
High-impact controls implemented: 6 out of 10
Medium-impact controls implemented: 409 out of 472
Low-impact controls implemented: 97 out of 1000
The report includes a cost-benefit analysis for each control gap. The analysis yielded the following information:
Average high-impact control implementation cost: $15,000; Probable ALE for each high-impact control gap: $95,000 Average medium-impact control implementation cost: $6,250; Probable ALE for each medium-impact control gap: $11,000 Due to the technical construction and configuration of the corporate enterprise, slightly more than 50% of the medium-impact controls will take two years to fully implement. Which of the following conclusions could the CISO draw from the analysis?

A. Because of the significant ALE for each high-risk vulnerability, efforts should be focused on those controls

B. The cybersecurity team has balanced residual risk for both high and medium controls

C. The enterprise security team has focused exclusively on mitigating high-level risks

D. Too much emphasis has been placed on eliminating low-risk vulnerabilities in the past

Question List (200q): Question 1: A vulnerability was recently announced that allows a malicio...; Question 2: A security consultant is performing a penetration test on ww...; Question 3: The board of a financial services company has requested that...; Question 4: Several days after deploying an MDM for smartphone control, ...; Question 5: A Chief Information Security Officer (CISO) is working with ...; Question 6: An engineer is assisting with the design of a new virtualize...; Question 7: An engineer is reviewing the security architecture for an en...; Question 8: A manufacturing company employs SCADA systems to drive assem...; Question 9: A company that all mobile devices be encrypted, commensurate...; Question 10: During a criminal investigation, the prosecutor submitted th...; Question 11: Compliance with company policy requires a quarterly review o...; Question 12: A systems security engineer is assisting an organization's m...; Question 13: A small company needs to reduce its operating costs. vendors...; Question 14: During a routine network scan, a security administrator disc...; Question 15: An analyst execute a vulnerability scan against an internet-...; Question 16: The email administrator must reduce the number of phishing e...; Question 17: An organization relies heavily on third-party mobile applica...; Question 18: A consultant is hired to perform a passive vulnerability ass...; Question 19: A Chief Information Security Officer (CISO) needs to establi...; Question 20: An information security manager conducted a gap analysis, wh...; Question 21: A security consultant is conducting a penetration test again...; Question 22: A security administrator was informed that a server unexpect...; Question 23: A regional transportation and logistics company recently hir...; Question 24: Given the following output from a security tool in Kali: (Ex...; Question 25: A malware infection spread to numerous workstations within t...; Question 26: A university's help desk is receiving reports that Internet ...; Question 27: An enterprise is trying to secure a specific web-based appli...; Question 28: A Chief Information Security Officer (CISO) is reviewing the...; Question 29: A company is concerned about disgruntled employees transferr...; Question 30: A cybersecurity analyst has received an alert that well-know...; Question 31: An engineering team is developing and deploying a fleet of m...; Question 32: A security administrator is updating corporate policies to r...; Question 33: A security administrator is opening connectivity on a firewa...; Question 34: A company is purchasing an application that will be used to ...; Question 35: A security administrator receives reports that several works...; Question 36: A security analyst who is concerned about sensitive data exf...; Question 37: An e-commerce company that provides payment gateways is conc...; Question 38: A security engineer has implemented an internal user access ...; Question 39: A company is the victim of a phishing and spear-phishing cam...; Question 40: The SOC has noticed an unusual volume of traffic coming from...; Question 41: A security administrator wants to implement an MDM solution ...; Question 42: Following a recent and very large corporate merger, the numb...; Question 43: A security analyst for a bank received an anonymous tip on t...; Question 44: A security engineer is working with a software development t...; Question 45: The Chief Executive Officers (CEOs) from two different compa...; Question 46: A security administrator is concerned about employees connec...; Question 47: A technician uses an old SSL server due to budget constraint...; Question 48: An organization is attempting to harden its web servers and ...; Question 49: A company has adopted and established a continuous-monitorin...; Question 50: As part of an organization's ongoing vulnerability assessmen...; Question 51: A security analyst is comparing two virtual servers that wer...; Question 52: (Exhibit); Question 53: An analyst has noticed unusual activities in the SIEM to a ....; Question 54: A security analyst has requested network engineers integrate...; Question 55: An engineer needs to provide access to company resources for...; Question 56: A company is developing requirements for a customized OS bui...; Question 57: Ann, a terminated employee, left personal photos on a compan...; Question 58: A malware infection spread to numerous workstations within t...; Question 59: An internal application has been developed to increase the e...; Question 60: Which of the following is the MOST likely reason an organiza...; Question 61: A company wants to perform analysis of a tool that is suspec...; Question 62: A company contracts a security consultant to perform a remot...; Question 63: A developer emails the following output to a security admini...; Question 64: A security administrator is hardening a TrustedSolaris serve...; Question 65: A Chief Security Officer (CSO) is reviewing the organization...; Question 66: A Chief Information Security Officer (CISO) recently changed...; Question 67: Joe an application security engineer is performing an audit ...; Question 68: An organization is considering the use of a thin client arch...; Question 69: During an audit, it was determined from a sample that four o...; Question 70: A security analyst is reviewing an endpoint that was found t...; Question 71: Designing a system in which only information that is essenti...; Question 72: As part of a systems modernization program, the use of a wea...; Question 73: A company relies on an ICS to perform equipment monitoring f...; Question 74: A security controls assessor intends to perform a holistic c...; Question 75: Immediately following the report of a potential breach, a se...; Question 76: A developer needs to provide feedback on a peer's work durin...; Question 77: A security analyst is reviewing the following pseudo-output ...; Question 78: Company A is establishing a contractual with Company B. The ...; Question 79: A security analyst is troubleshooting a scenario in which an...; Question 80: A company's claims processed department has a mobile workfor...; Question 81: The SOC is reviewing processes and procedures after a recent...; Question 82: A company wants to extend its help desk availability beyond ...; Question 83: Within the past six months, a company has experienced a seri...; Question 84: An organization has recently deployed an EDR solution across...; Question 85: A new security policy slates all wireless and wired authenti...; Question 86: The Chief Information Security Officer (CISO) is preparing a...; Question 87: A technician receives the following security alert from the ...; Question 88: A newly hired Chief Information Security Officer (CISO) is r...; Question 89: A penetration tester is trying to gain access to a remote sy...; Question 90: An architect was recently hired by a power utility to increa...; Question 91: A company contracts a security engineer to perform a penetra...; Question 92: When reviewing KRIs of the email security appliance with the...; Question 93: A corporate forensic investigator has been asked to acquire ...; Question 94: The legal department has required that all traffic to and fr...; Question 95: A technician is reviewing the following log: (Exhibit) Which...; Question 96: An international e-commerce company has identified attack tr...; Question 97: When implementing a penetration testing program, the Chief I...; Question 98: A penetration tester has been contracted to conduct a physic...; Question 99: During a recent incident, sensitive data was disclosed and s...; Question 100: A hospital's security team recently determined its network w...; Question 101: A penetration testing manager is contributing to an RFP for ...; Question 102: A user asks a security practitioner for recommendations on s...; Question 103: Which of the following system would be at the GREATEST risk ...; Question 104: After a large organization has completed the acquisition of ...; Question 105: The government is concerned with remote military missions be...; Question 106: An organization enables BYOD but wants to allow users to acc...; Question 107: Following a recent outage a systems administrator is conduct...; Question 108: Click on the exhibit buttons to view the four messages. (Exh...; Question 109: One of the objectives of a bank is to instill a security awa...; Question 110: The Chief Information Officer (CIO) wants to increase securi...; Question 111: The Chief Information Security Officer (CISO) for an organiz...; Question 112: An internal penetration tester was assessing a recruiting pa...; Question 113: Company leadership believes employees are experiencing an in...; Question 114: Users have reported that an internally developed web applica...; Question 115: A regional business is expecting a severe winter storm next ...; Question 116: An engineer wants to assess the OS security configurations o...; Question 117: A forensic analyst suspects that a buffer overflow exists in...; Question 118: A company in the financial sector receives a substantial num...; Question 119: An administrator is working with management to develop polic...; Question 120: A security analyst is classifying data based on input from d...; Question 121: An administrator has noticed mobile devices from an adjacent...; Question 122: An organization is concerned that its hosted web servers are...; Question 123: A Chief Information Security Officer (CISO) has created a su...; Question 124: A company is deploying a DIP solution and scanning workstati...; Question 125: Company.org has requested a black-box security assessment be...; Question 126: A project manager is working with system owners to develop m...; Question 127: An information security officer is responsible for one secur...; Question 128: Given the code snippet below: (Exhibit) Which of the followi...; Question 129: An internal penetration tester finds a legacy application th...; Question 130: The marketing department has developed a new marketing campa...; Question 131: A manufacturing company recently recovered from an attack on...; Question 132: As part of the asset management life cycle, a company engage...; Question 133: A security engineer is designing a system in which offshore,...; Question 134: A company has entered into a business agreement with a busin...; Question 135: An customers that their IP netblocks are on blacklists and t...; Question 136: A laptop is recovered a few days after it was stolen. Which ...; Question 137: The Chief Executive Officer (CEO) of a fast-growing company ...; Question 138: A security consultant is attempting to discover if the compa...; Question 139: After several industry comnpetitors suffered data loss as a ...; Question 140: A breach was caused by an insider threat in which customer P...; Question 141: A company has created a policy to allow employees to use the...; Question 142: A company is repeatedly being breached by hackers who valid ...; Question 143: A financial services company has proprietary trading algorit...; Question 144: A consulting firm was hired to conduct assessment for a comp...; Question 145: A company's existing forward proxies support software-based ...; Question 146: A system engineer is reviewing output from a web application...; Question 147: A security researcher is gathering information about a recen...; Question 148: Given the following code snippet: (Exhibit) Which of the fol...; Question 149: There have been several exploits to critical devices within ...; Question 150: A Chief Information Security Officer (CISO is reviewing and ...; Question 151: An organization is in the process of evaluating service prov...; Question 152: A security administrator is concerned about the increasing n...; Question 153: The security administrator of a small firm wants to stay cur...; Question 154: An application developer is including third-party background...; Question 155: A company makes consumer health devices and needs to maintai...; Question 156: Following a security assessment, the Chief Information Secur...; Question 157: A hospital uses a legacy electronic medical record system th...; Question 158: A security engineer wants to introduce key stretching techni...; Question 159: Which of the following is the GREATEST security concern with...; Question 160: First responders, who are part of a core incident response t...; Question 161: An organization is preparing to develop a business continuit...; Question 162: A company is migrating systems from an on-premises facility ...; Question 163: An organization implemented a secure boot on its most critic...; Question 164: Legal authorities notify a company that its network has been...; Question 165: An internal staff member logs into an ERP platform and click...; Question 166: While attending a meeting with the human resources departmen...; Question 167: An attacker has been compromising banking institution target...; Question 168: A company is not familiar with the risks associated with IPv...; Question 169: A security engineer is performing an assessment again for a ...; Question 170: A company's Chief Operating Officer (COO) is concerned about...; Question 171: Ann, a member of the finance department at a large corporati...; Question 172: A security analyst sees some suspicious entries in a log fil...; Question 173: A Chief Information Security Officer (CISO) requests the fol...; Question 174: An enterprise solution requires a central monitoring platfor...; Question 175: An investigation showed a worm was introduced from an engine...; Question 176: A cybersecurity analyst created the following tables to help...; Question 177: A consultant is planning an assessment of a customer-develop...; Question 178: Following a recent network intrusion, a company wants to det...; Question 179: A security administrator is performing an audit of a local n...; Question 180: A Chief Information Securiy Officer (CISO) is reviewing tech...; Question 181: A network engineer is upgrading the network perimeter and in...; Question 182: A security analyst is validating the MAC policy on a set of ...; Question 183: The Chief Information Security Officer (CISO) has asked the ...; Question 184: An external red team is brought into an organization to perf...; Question 185: During a sprint, developers are responsible for ensuring the...; Question 186: A security engineer is analyzing an application during a sec...; Question 187: A company recently implemented a variety of security service...; Question 188: A legal services company wants to ensure emails to clients m...; Question 189: The Chief Executive Officer (CEO) of a company has considere...; Question 190: Following the successful response to a data-leakage incident...; Question 191: An agency has implemented a data retention policy that requi...; Question 192: A security administrator is advocating for enforcement of a ...; Question 193: A Chief Information Officer (CIO) publicly announces the imp...; Question 194: The results of an external penetration test for a software d...; Question 195: During the deployment of a new system, the implementation te...; Question 196: Two competing companies experienced similar attacks on their...; Question 197: A security incident responder discovers an attacker has gain...; Question 198: A video-game developer has received reports of players who a...; Question 199: An organization's mobile device inventory recently provided ...; Question 200: A Chief Information Security Officer (CISO) is reviewing the...

Question 200/200

LEAVE A REPLY

Download PDF File