CAS-005 Exam Dumps | A Chief Information Security Officer (CISO) is developing a third-party risk management program and wants

<< Prev Question Next Question >>

Question 143/223

A Chief Information Security Officer (CISO) is developing a third-party risk management program and wants to establish an order of preference for solicitation and acceptance of audit and assessment results from business partners. The CISO prefers a formal certification against an established framework, which should be considered more reliable than self-attestations. Which of the following is most likely the reason for this perspective?

A. A certification audit is managed by a central authority.

B. Certifications are typically issued against a formal standard.

C. Assessments are based on evidence, not judgments.

D. For standards like PCI, self-attestations are more reliable than certifications.

Question List (223q): Question 1: In a recent audit, several critical legacy systems, which ar...; Question 2: A malware analyst must examine the following partial file sa...; Question 3: A security engineer wants to stay up-to-date on new detectio...; Question 4: A user reports application access issues to the help desk. T...; Question 5: An organization is researching the automation capabilities f...; Question 6: A company plans to implement a research facility with intell...; Question 7: A company wants to implement a three-tier approach to separa...; Question 8: Which of the following best explains why AI output could be ...; Question 9: While reviewing recent incident reports a security officer d...; Question 10: An organization must provide access to its internal system d...; Question 11: A security architect is performing threat-modeling activitie...; Question 12: A cloud security engineer is setting up a cloud-hosted WAF. ...; Question 13: SIMULATION An incident occurred at Site A when an attacker s...; Question 14: The principal security analyst for a global manufacturer is ...; Question 15: After remote desktop capabilities were deployed in the envir...; Question 16: A cloud security architect has been tasked with selecting th...; Question 17: A security analyst received a report that an internal web pa...; Question 18: While investigating a security event an analyst finds eviden...; Question 19: A security officer is requiring all personnel working on a s...; Question 20: An IT department is currently working to implement an enterp...; Question 21: A company wants to prevent a partner company from denying ag...; Question 22: A security engineer needs to create multiple servers in a co...; Question 23: An analyst has prepared several possible solutions to a succ...; Question 24: A software engineer is creating a CI/CD pipeline to support ...; Question 25: A company must meet the following security requirements when...; Question 26: A security analyst reviews the following event timeline from...; Question 27: A company wants to perform threat modeling on an internally ...; Question 28: Which of the following explains why an organization should c...; Question 29: A company is migrating from company-owned phones to a BYOD s...; Question 30: A security engineer wants to reduce the attack surface of a ...; Question 31: A developer makes a small change to a resource allocation mo...; Question 32: A security analyst reviews the following report: (Exhibit) W...; Question 33: During DAST scanning, applications are consistently reportin...; Question 34: A university issues badges through a homegrown identity mana...; Question 35: Due to an infrastructure optimization plan, a company has mo...; Question 36: An organization wants to implement a platform to better iden...; Question 37: A company needs a highly secure method to transfer documents...; Question 38: A company recently experienced an incident in which an advan...; Question 39: Which of the following is the best way to protect the websit...; Question 40: A systems administrator decides to take a programmatic appro...; Question 41: A company was recently infected by malware. During the root ...; Question 42: A security engineer added a new server to the company email ...; Question 43: Based on the results of a SAST report on a legacy applicatio...; Question 44: During a gap assessment, an organization notes that BYOD usa...; Question 45: A company currently uses manual processes to regularly addre...; Question 46: A company's help desk is experiencing a large number of call...; Question 47: An organization would like to increase the effectiveness of ...; Question 48: A security architect is onboarding a new EDR agent on server...; Question 49: A central bank implements strict risk mitigations for the ha...; Question 50: A pharmaceutical lab hired a consultant to identify potentia...; Question 51: An external threat actor attacks public infrastructure provi...; Question 52: Which of the following items should be included when craftin...; Question 53: A company implemented a NIDS and a NIPS on the most critical...; Question 54: During an adversarial simulation exercise, an external team ...; Question 55: A company updates its cloud-based services by saving infrast...; Question 56: An auditor is reviewing the logs from a web application to d...; Question 57: A customer requires secure communication of subscribed web s...; Question 58: An endpoint security engineer finds that a newly acquired co...; Question 59: A company needs to define a new road map for improving secur...; Question 60: During a security review for the CI/CD process, a security e...; Question 61: A hospital provides tablets to its medical staff to enable t...; Question 62: A water treatment plant uses specialized systems to control ...; Question 63: A security engineer performed a code scan that resulted in m...; Question 64: A security configure is building a solution to disable weak ...; Question 65: A security architect wants to prevent security impacts from ...; Question 66: A company acquires a location with a large infrastructure of...; Question 67: Embedded malware has been discovered in a popular PDF reader...; Question 68: A security engineer needs 10 secure the OT environment based...; Question 69: An organization found a significant vulnerability associated...; Question 70: Which of the following utilizes policies that route packets ...; Question 71: A government agency implements a configuration that disables...; Question 72: An organization handles sensitive information that must be d...; Question 73: A security engineer would like to control configurations on ...; Question 74: A company is developing a new service product offering that ...; Question 75: A company that relies on an COL system must keep it operatin...; Question 76: A threat intelligence company's business objective is to all...; Question 77: An organization has noticed an increase in phishing campaign...; Question 78: A security engineer must integrate device attestation into u...; Question 79: A cyberanalyst has been tasked with recovering PDF files fro...; Question 80: A user tried to access a web page at http://10.1.1.1. Previo...; Question 81: A global organization is reviewing potential vendors to outs...; Question 82: An analyst reviews a SIEM and generates the following report...; Question 83: Which of the following are risks associated with vendor lock...; Question 84: A security analyst discovers a compromised internal server a...; Question 85: A company is migrating from a Windows Server to Linux-based ...; Question 86: A retail organization wants to properly test and verify its ...; Question 87: A security team is creating tickets to track the progress of...; Question 88: During a recent security event, access from the non-producti...; Question 89: A company reduced its staff 60 days ago, and applications ar...; Question 90: A security engineer receives reports through the organizatio...; Question 91: After a cybersecurity incident, a security analyst was able ...; Question 92: A company notices that cloud environment costs increased aft...; Question 93: Engineers are unable to control pumps at Site A from Site B ...; Question 94: A malware researcher has discovered a credential stealer is ...; Question 95: A hospital provides tablets to its medical staff to enable t...; Question 96: A security manager is creating a connection between two netw...; Question 97: A security engineer is troubleshooting an outage of a site-t...; Question 98: An organization determined its preparedness for a ransomware...; Question 99: To prevent data breaches, security leaders at a company deci...; Question 100: A Chief Information Security Officer is concerned about the ...; Question 101: A security engineer needs to remediate a SWEET32 vulnerabili...; Question 102: A company's Chief Information Security Officer learns that t...; Question 103: An organization recently migrated data to a new file managem...; Question 104: A company wants to modify its process to comply with privacy...; Question 105: A software developer is working on a piece of code required ...; Question 106: An organization decides to move to a distributed workforce m...; Question 107: An organization is prioritizing efforts to remediate or miti...; Question 108: Which of the following includes best practices for validatin...; Question 109: A Chief Information Security Officer (CISO) is concerned tha...; Question 110: A security engineer is implementing security measures on new...; Question 111: A senior cybersecurity engineer is solving a digital certifi...; Question 112: A company finds logs with modified time stamps when compared...; Question 113: Company A is merging with Company B. Company A is a small, l...; Question 114: During a periodic internal audit, a company identifies a few...; Question 115: A security architect for a global organization with a distri...; Question 116: A Chief Information Security Officer requests an action plan...; Question 117: A company hired an email service provider called my-email.co...; Question 118: A security architect examines a section of code and discover...; Question 119: A security architect discovers the following while reviewing...; Question 120: A security analyst is reviewing suspicious log-in activity a...; Question 121: Which of the following best describes the challenges associa...; Question 122: An engineer wants to automate several tasks by running comma...; Question 123: A security analyst collects the logs from the web server tha...; Question 124: An organization is looking to establish more robust security...; Question 125: A security architect must implement security controls in a s...; Question 126: SIMULATION A security engineer needs to review the configura...; Question 127: During a recent assessment, a security analyst observed the ...; Question 128: A security engineer is developing a solution to meet the fol...; Question 129: An organization has deployed a cloud-based application that ...; Question 130: A DNS forward lookup zone named comptia.org must: - Ensure t...; Question 131: The security team is receiving escalated support tickets sta...; Question 132: A systems administrator wants to introduce a newly released ...; Question 133: An organization hires a security consultant to establish a S...; Question 134: A security engineer is assessing a new tool to segment data ...; Question 135: A SIEM generated an alert after a third-party database admin...; Question 136: A compliance officer is reviewing the data sovereignty laws ...; Question 137: Which of the following best describes the reason a network a...; Question 138: Due to budget constraints, an organization created a policy ...; Question 139: A company wants to implement hardware security key authentic...; Question 140: Audit findings indicate several user endpoints are not utili...; Question 141: An organization that performs real-time financial processing...; Question 142: An organization is increasing its focus on training that add...; Question 143: A Chief Information Security Officer (CISO) is developing a ...; Question 144: A global company's Chief Financial Officer (CFO) receives a ...; Question 145: A security analyst notices a number of SIEM events that show...; Question 146: An audit finding reveals that a legacy platform has not reta...; Question 147: A company that provides services to clients who work with hi...; Question 148: A hospital's requirements for remote third-party monitoring ...; Question 149: A security analyst was monitoring the networks of a group of...; Question 150: Which of the following best describes the advantage of homom...; Question 151: An organization is developing an AI-enabled digital worker t...; Question 152: The information security manager at a 24-hour manufacturing ...; Question 153: A company's internal network is experiencing a security brea...; Question 154: A security team is responding to malicious activity and need...; Question 155: A security analyst wants to use lessons learned from a prior...; Question 156: A security engineer is developing a solution to meet the fol...; Question 157: A security engineer is given the following requirements: - A...; Question 158: A security audit of a company's application finds that custo...; Question 159: Which of the following security risks should be considered a...; Question 160: During a security assessment using an EDR solution, a securi...; Question 161: A building camera is remotely accessed and disabled from the...; Question 162: Employees use their badges to track the number of hours they...; Question 163: After an increase in adversarial activity, a company wants t...; Question 164: A company is decommissioning old servers and hard drives tha...; Question 165: A security analyst detects a possible RAT infection on a com...; Question 166: A company that provides kiosk workstations wants to improve ...; Question 167: A recent security audit identified multiple endpoints have t...; Question 168: SIMULATION An organization is planning for disaster recovery...; Question 169: An attacker infiltrated the code base of a hardware manufact...; Question 170: A company that uses several cloud applications wants to prop...; Question 171: A programmer is reviewing the following proprietary piece of...; Question 172: Due to reports of malware targeting companies in the same in...; Question 173: As part of a new software development method, a program mana...; Question 174: A systems administrator needs to address risks associated wi...; Question 175: After an organization met with its ISAC, the organization de...; Question 176: A security analyst is reviewing a SIEM and generates the fol...; Question 177: A company sells a security appliance assembled from globally...; Question 178: A pharmaceutical company acquired a growing startup. The pha...; Question 179: A systems administrator needs to identify new attacks that c...; Question 180: A security architect is implementing more restrictive polici...; Question 181: A security architect wants to ensure a remote host's identit...; Question 182: An enterprise is deploying APIs that utilize a private key a...; Question 183: A company is developing an application that will be used to ...; Question 184: Users are experiencing a variety of issues when trying to ac...; Question 185: Company A acquired Company B and needs to determine how the ...; Question 186: A security engineer wants to enhance the security posture of...; Question 187: A global company with a remote workforce implemented a new V...; Question 188: A vulnerability can on a web server identified the following...; Question 189: An incident response team completed recovery from offline ba...; Question 190: After a company discovered a zero-day vulnerability in its V...; Question 191: A security analyst wants to keep track of all outbound web c...; Question 192: The identity and access management team is sending logs to t...; Question 193: Developers have been creating and managing cryptographic mat...; Question 194: A game developer wants to reach new markets and is advised b...; Question 195: A compliance officer is facilitating a business impact analy...; Question 196: Which of the following best describes a risk associated with...; Question 197: A security manager at a local hospital wants to secure patie...; Question 198: Which of the following is the reason why security engineers ...; Question 199: A firewall administrator needs to ensure all traffic across ...; Question 200: A security architect performs a baseline review on the SIEM....; Question 201: The security team is looking into aggressive bot behavior th...; Question 202: After the latest risk assessment, the Chief Information Secu...; Question 203: The material findings from a recent compliance audit indicat...; Question 204: The results of an internal audit indicate several employees ...; Question 205: An organization is looking for gaps in its detection capabil...; Question 206: A technician is reviewing the logs and notices a large numbe...; Question 207: A security analyst is performing a review of a web applicati...; Question 208: After a vendor identified a recent vulnerability, a severity...; Question 209: A security analyst reviews network logs and notices a large ...; Question 210: A company receives several complaints from customers regardi...; Question 211: A security professional is investigating a trend in vulnerab...; Question 212: SIMULATION You are a security analyst tasked with interpreti...; Question 213: A security analyst detected unusual network traffic related ...; Question 214: While investigating an email server that crashed, an analyst...; Question 215: An organization wants to create a threat model to identity v...; Question 216: Which of the following key management practices ensures that...; Question 217: An organization with a remote workforce has a new client wit...; Question 218: To bring digital evidence in a court of law, the evidence mu...; Question 219: After an incident response exercise, a security administrato...; Question 220: A company moved its on-premises services to the cloud. Altho...; Question 221: A company that operates in different countries has local ema...; Question 222: A company recently acquired a SaaS company and performed a g...; Question 223: An organization has been using self-managed encryption keys ...

Question 143/223

LEAVE A REPLY

Download PDF File