SlideShare a Scribd company logo

CAS-003 Exam Practice Questions

J
jenie Emmons

This document contains a practice exam for certification CAS-003. It includes 20 multiple choice questions covering topics like cloud deployment models, authentication options, security controls, firewall configuration, social engineering, and penetration testing. It provides the questions, possible answers, and in some cases exhibits or additional context to the questions. The exam is assessing knowledge of security, risk management, and penetration testing concepts.

Education
1 of 13
Download to read offline
Exam: CAS-003 Demo Edition CCCEEERRRTTTMMMAAAGGGIIICCC CAS-003 1 http://www.certmagic.com
QUESTION: 1 DRAG DROP Drag and drop the cloud deployment model to the associated use-case scenario. Options may be used only once or not at all. Answer: Exhibit CAS-003 2 http://www.certmagic.com
QUESTION: 2 DRAG DROP A security consultant is considering authentication options for a financial institution. The following authentication options are available security mechanism to the appropriate use case. Options may be used once. CAS-003 3 http://www.certmagic.com
Answer: Exhibit QUESTION: 3 An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the final negotiations, there are a number of outstanding issues, including: 1. Indemnity clauses have identified the maximum liability 2. The data will be hosted and managed outside of the company’s geographical location The number of users accessing the system will be small, and no sensitive data will be CAS-003 4 http://www.certmagic.com
hosted in the solution. As the security consultant on the project, which of the following should the project’s security consultant recommend as the NEXT step? A. Develop a security exemption, as it does not meet the security policies B. Mitigate the risk by asking the vendor to accept the in-country privacy principles C. Require the solution owner to accept the identified risks and consequences D. Review the entire procurement process to determine the lessons learned Answer: C QUESTION: 4 DRAG DROP A security administrator must configure the database server shown below the comply with the four requirements listed. Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement. Answer options may be used once or not at all. Exhibit CAS-003 5 http://www.certmagic.com
Answer: Exhibit QUESTION: 5 A security administrator is hardening a TrustedSolaris server that processes sensitive data. The data owner has established the following security requirements: The data is for internal consumption only and shall not be distributed to outside individuals The systems administrator should not have access to the data processed by the server The integrity of the kernel image is maintained Which of the following host- based security controls BEST enforce the data owner’s requirements? (Choose three.) CAS-003 6 http://www.certmagic.com
A. SELinux B. DLP C. HIDS D. Host-based firewall E. Measured boot F. Data encryption G. Watermarking Answer: C, E, F QUESTION: 6 An SQL database is no longer accessible online due to a recent security breach. An investigation reveals that unauthorized access to the database was possible due to an SQL injection vulnerability. To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two.) A. Secure storage policies B. Browser security updates C. Input validation D. Web application firewall E. Secure coding standards F. Database activity monitoring Answer: C, F QUESTION: 7 A company has entered into a business agreement with a business partner for managed human resources services. The Chief Information Security Officer (CISO) has been asked to provide documentation that is required to set up a business-to-business VPN between the two organizations. Which of the following is required in this scenario? A. ISA B. BIA C. SLA D. RA Answer: C QUESTION: 8 Given the following output from a local PC: CAS-003 7 http://www.certmagic.com
Which of the following ACLs on a stateful host-based firewall would allow the PC to serve an intranet website? A. Allow 172.30.0.28:80 -> ANY B. Allow 172.30.0.28:80 -> 172.30.0.0/16 C. Allow 172.30.0.28:80 -> 172.30.0.28:443 D. Allow 172.30.0.28:80 -> 172.30.0.28:53 Answer: B QUESTION: 9 A penetration tester has been contracted to conduct a physical assessment of a site. Which of the following is the MOST plausible method of social engineering to be conducted during this engagement? A. Randomly calling customer employees and posing as a help desk technician requiring user password to resolve issues B. Posing as a copier service technician and indicating the equipment had “phoned home” to alert the technician for a service call C. Simulating an illness while at a client location for a sales call and then recovering once listening devices are installed D. Obtaining fake government credentials and impersonating law enforcement to gain access to a company facility Answer: A QUESTION: 10 A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet: CAS-003 8 http://www.certmagic.com
Which of the following should the penetration tester conclude about the command output? A. The public/private views on the Comptia.org DNS servers are misconfigured B. Comptia.org is running an older mail server, which may be vulnerable to exploits C. The DNS SPF records have not been updated for Comptia.org D. 192.168.102.67 is a backup mail server that may be more vulnerable to attack Answer: B QUESTION: 11 Two new technical SMB security settings have been enforced and have also become policies that increase secure communications. Network Client: Digitally sign communication Network Server: Digitally sign communication A storage administrator in a remote location with a legacy storage array, which contains time- sensitive data, reports employees can no longer connect to their department shares. Which of the following mitigation strategies should an information security manager recommend to the data owner? A. Accept the risk, reverse the settings for the remote location, and have the remote location file a risk exception until the legacy storage device can be upgraded B. Accept the risk for the remote location, and reverse the settings indefinitely since the legacy storage device will not be upgraded C. Mitigate the risk for the remote location by suggesting a move to a cloud service provider. Have the remote location request an indefinite risk exception for the use of cloud storage D. Avoid the risk, leave the settings alone, and decommission the legacy storage device Answer: A QUESTION: 12 A security engineer is designing a system in which offshore, outsourced staff can push code from the development environment to the production environment securely. The security engineer is concerned with data loss, while the business does not want to slow down its development process. Which of the following solutions BEST balances security requirements with business need? CAS-003 9 http://www.certmagic.com
A. Set up a VDI environment that prevents copying and pasting to the local workstations of outsourced staff members B. Install a client-side VPN on the staff laptops and limit access to the development network C. Create an IPSec VPN tunnel from the development network to the office of the outsourced staff D. Use online collaboration tools to initiate workstation-sharing sessions with local staff who have access to the development network Answer: D QUESTION: 13 A systems security engineer is assisting an organization’s market survey team in reviewing requirements for an upcoming acquisition of mobile devices. The engineer expresses concerns to the survey team about a particular class of devices that uses a separate SoC for baseband radio I/O. For which of the following reasons is the engineer concerned? A. These devices can communicate over networks older than HSPA+ and LTE standards, exposing device communications to poor encryptions routines B. The organization will be unable to restrict the use of NFC, electromagnetic induction, and Bluetooth technologies C. The associated firmware is more likely to remain out of date and potentially vulnerable D. The manufacturers of the baseband radios are unable to enforce mandatory access controls within their driver set Answer: B QUESTION: 14 During a security assessment, an organization is advised of inadequate control over network segmentation. The assessor explains that the organization’s reliance on VLANs to segment traffic is insufficient to provide segmentation based on regulatory standards. Which of the following should the organization consider implementing along with VLANs to provide a greater level of segmentation? A. Air gaps B. Access control lists C. Spanning tree protocol D. Network virtualization E. Elastic load balancing Answer: D CAS-003 10 http://www.certmagic.com
QUESTION: 15 A security administrator was informed that a server unexpectedly rebooted. The administrator received an export of syslog entries for analysis: Which of the following does the log sample indicate? (Choose two.) A. A root user performed an injection attack via kernel module B. Encrypted payroll data was successfully decrypted by the attacker C. Jsmith successfully used a privilege escalation attack D. Payroll data was exfiltrated to an attacker-controlled host E. Buffer overflow in memory paging caused a kernel panic F. Syslog entries were lost due to the host being rebooted Answer: C, E QUESTION: 16 An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions. Which of the following types of information could be drawn from such participation? CAS-003 11 http://www.certmagic.com
A. Threat modeling B. Risk assessment C. Vulnerability data D. Threat intelligence E. Risk metrics F. Exploit frameworks Answer: F QUESTION: 17 A recent penetration test identified that a web server has a major vulnerability. The web server hosts a critical shipping application for the company and requires 99.99% availability. Attempts to fix the vulnerability would likely break the application. The shipping application is due to be replaced in the next three months. Which of the following would BEST secure the web server until the replacement web server is ready? A. Patch management B. Antivirus C. Application firewall D. Spam filters E. HIDS Answer: E QUESTION: 18 To prepare for an upcoming audit, the Chief Information Security Officer (CISO) asks for all 1200 vulnerabilities on production servers to be remediated. The security engineer must determine which vulnerabilities represent real threats that can be exploited so resources can be prioritized to migrate the most dangerous risks. The CISO wants the security engineer to act in the same manner as would an external threat, while using vulnerability scan results to prioritize any actions. Which of the following approaches is described? A. Blue team B. Red team C. Black box D. White team Answer: C QUESTION: 19 An engineer is evaluating the control profile to assign to a system containing PII, CAS-003 12 http://www.certmagic.com
financial, and proprietary dat a. Based on the data classification table above, which of the following BEST describes the overall classification? A. High confidentiality, high availability B. High confidentiality, medium availability C. Low availability, low confidentiality D. High integrity, low availability Answer: B QUESTION: 20 A security analyst is reviewing the corporate MDM settings and notices some disabled settings, which consequently permit users to download programs from untrusted developers and manually install them. After some conversations, it is confirmed that these settings were disabled to support the internal development of mobile applications. The security analyst is now recommending that developers and testers have a separate device profile allowing this, and that the rest of the organization’s users do not have the ability to manually download and install untrusted applications. Which of the following settings should be toggled to achieve the goal? (Choose two.) A. OTA updates B. Remote wiping C. Side loading D. Sandboxing E. Containerization F. Signed applications Answer: E, F CAS-003 13 http://www.certmagic.com

Recommended

Cas 003-q&a-demo-exam area
Cas 003-q&a-demo-exam areaCas 003-q&a-demo-exam area
Cas 003-q&a-demo-exam areaSamanthaGreen16
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Tim Wright
 
Assignment 1
Assignment 1Assignment 1
Assignment 1Jeewanthi Fernando
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment ReportHarshit Singh Bhatia
 
Ciss previsionnotes
Ciss previsionnotesCiss previsionnotes
Ciss previsionnotesmadunix
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
Item46763
Item46763Item46763
Item46763madunix
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5madunix
 

Recommended

Cas 003-q&a-demo-exam area
Cas 003-q&a-demo-exam areaCas 003-q&a-demo-exam area
Cas 003-q&a-demo-exam areaSamanthaGreen16
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Tim Wright
 
Assignment 1
Assignment 1Assignment 1
Assignment 1Jeewanthi Fernando
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment ReportHarshit Singh Bhatia
 
Ciss previsionnotes
Ciss previsionnotesCiss previsionnotes
Ciss previsionnotesmadunix
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
Item46763
Item46763Item46763
Item46763madunix
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5madunix
 
Pen test methodology
Pen test methodologyPen test methodology
Pen test methodologyCahyo Darujati
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present DangersPeter Wood
 
Ambesh
AmbeshAmbesh
AmbeshAmbesh Sharma
 
Nii sample pt_report
Nii sample pt_reportNii sample pt_report
Nii sample pt_reportChandan Bagai, GWAPT, CEHv8, CCNA
 
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSymantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSree Harsha Boyapati
 
PACE-IT: Network Access Control
PACE-IT: Network Access ControlPACE-IT: Network Access Control
PACE-IT: Network Access ControlPace IT at Edmonds Community College
 
Slide Deck Class Session 11 – FRSecure CISSP Mentor Program
Slide Deck Class Session 11 – FRSecure CISSP Mentor ProgramSlide Deck Class Session 11 – FRSecure CISSP Mentor Program
Slide Deck Class Session 11 – FRSecure CISSP Mentor ProgramFRSecure
 
Nss labs-breach-detection
Nss labs-breach-detectionNss labs-breach-detection
Nss labs-breach-detectionMichael Kurzidim
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataJames Sirota
 
Automating networksecurityassessment
Automating networksecurityassessmentAutomating networksecurityassessment
Automating networksecurityassessmentGlib Pakharenko
 
Sy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magicSy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magicjenie Emmons
 
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injectionCeh v5 module 14 sql injection
Ceh v5 module 14 sql injectionVi Tính Hoàng Nam
 
Slide Deck Class Session 10 – FRSecure CISSP Mentor Program
Slide Deck Class Session 10 – FRSecure CISSP Mentor ProgramSlide Deck Class Session 10 – FRSecure CISSP Mentor Program
Slide Deck Class Session 10 – FRSecure CISSP Mentor ProgramFRSecure
 
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...IRJET Journal
 
Check Point designing a security
Check Point designing a securityCheck Point designing a security
Check Point designing a securityGroup of company MUK
 
Analyzing the Effectivess of Web Application Firewalls
Analyzing the Effectivess of Web Application FirewallsAnalyzing the Effectivess of Web Application Firewalls
Analyzing the Effectivess of Web Application FirewallsLarry Suto
 
Load Test Methodology: Server Load Testing
Load Test Methodology: Server Load TestingLoad Test Methodology: Server Load Testing
Load Test Methodology: Server Load TestingIxia
 
Developing an Effective
Developing an Effective Developing an Effective
Developing an Effective webhostingguy
 
Fact vs-hype top10
Fact vs-hype top10Fact vs-hype top10
Fact vs-hype top10Usman Arif
 
Symantec Endpoint Protection
Symantec Endpoint ProtectionSymantec Endpoint Protection
Symantec Endpoint ProtectionMindRiver Group
 
CySA+_CS0-002_May_2023-v1.1.pdf
CySA+_CS0-002_May_2023-v1.1.pdfCySA+_CS0-002_May_2023-v1.1.pdf
CySA+_CS0-002_May_2023-v1.1.pdfCCIEHOMER
 
Cv0 001-q&a-demo-cert magic
Cv0 001-q&a-demo-cert magicCv0 001-q&a-demo-cert magic
Cv0 001-q&a-demo-cert magicjenie Emmons
 

More Related Content

What's hot

Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present DangersPeter Wood
 
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSymantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSree Harsha Boyapati
 
Slide Deck Class Session 11 – FRSecure CISSP Mentor Program
Slide Deck Class Session 11 – FRSecure CISSP Mentor ProgramSlide Deck Class Session 11 – FRSecure CISSP Mentor Program
Slide Deck Class Session 11 – FRSecure CISSP Mentor ProgramFRSecure
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataJames Sirota
 
Automating networksecurityassessment
Automating networksecurityassessmentAutomating networksecurityassessment
Automating networksecurityassessmentGlib Pakharenko
 
Sy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magicSy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magicjenie Emmons
 
Slide Deck Class Session 10 – FRSecure CISSP Mentor Program
Slide Deck Class Session 10 – FRSecure CISSP Mentor ProgramSlide Deck Class Session 10 – FRSecure CISSP Mentor Program
Slide Deck Class Session 10 – FRSecure CISSP Mentor ProgramFRSecure
 
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...IRJET Journal
 
Analyzing the Effectivess of Web Application Firewalls
Analyzing the Effectivess of Web Application FirewallsAnalyzing the Effectivess of Web Application Firewalls
Analyzing the Effectivess of Web Application FirewallsLarry Suto
 
Load Test Methodology: Server Load Testing
Load Test Methodology: Server Load TestingLoad Test Methodology: Server Load Testing
Load Test Methodology: Server Load TestingIxia
 
Developing an Effective
Developing an Effective Developing an Effective
Developing an Effective webhostingguy
 
Fact vs-hype top10
Fact vs-hype top10Fact vs-hype top10
Fact vs-hype top10Usman Arif
 
Symantec Endpoint Protection
Symantec Endpoint ProtectionSymantec Endpoint Protection
Symantec Endpoint ProtectionMindRiver Group
 

What's hot (20)

Pen test methodology
Pen test methodologyPen test methodology
Pen test methodology
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
 
Ambesh
AmbeshAmbesh
Ambesh
 
Nii sample pt_report
Nii sample pt_reportNii sample pt_report
Nii sample pt_report
 
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSymantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
 
PACE-IT: Network Access Control
PACE-IT: Network Access ControlPACE-IT: Network Access Control
PACE-IT: Network Access Control
 
Slide Deck Class Session 11 – FRSecure CISSP Mentor Program
Slide Deck Class Session 11 – FRSecure CISSP Mentor ProgramSlide Deck Class Session 11 – FRSecure CISSP Mentor Program
Slide Deck Class Session 11 – FRSecure CISSP Mentor Program
 
Nss labs-breach-detection
Nss labs-breach-detectionNss labs-breach-detection
Nss labs-breach-detection
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking Data
 
Automating networksecurityassessment
Automating networksecurityassessmentAutomating networksecurityassessment
Automating networksecurityassessment
 
Sy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magicSy0 401-q&a-demo-cert magic
Sy0 401-q&a-demo-cert magic
 
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injectionCeh v5 module 14 sql injection
Ceh v5 module 14 sql injection
 
Slide Deck Class Session 10 – FRSecure CISSP Mentor Program
Slide Deck Class Session 10 – FRSecure CISSP Mentor ProgramSlide Deck Class Session 10 – FRSecure CISSP Mentor Program
Slide Deck Class Session 10 – FRSecure CISSP Mentor Program
 
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
 
Check Point designing a security
Check Point designing a securityCheck Point designing a security
Check Point designing a security
 
Analyzing the Effectivess of Web Application Firewalls
Analyzing the Effectivess of Web Application FirewallsAnalyzing the Effectivess of Web Application Firewalls
Analyzing the Effectivess of Web Application Firewalls
 
Load Test Methodology: Server Load Testing
Load Test Methodology: Server Load TestingLoad Test Methodology: Server Load Testing
Load Test Methodology: Server Load Testing
 
Developing an Effective
Developing an Effective Developing an Effective
Developing an Effective
 
Fact vs-hype top10
Fact vs-hype top10Fact vs-hype top10
Fact vs-hype top10
 
Symantec Endpoint Protection
Symantec Endpoint ProtectionSymantec Endpoint Protection
Symantec Endpoint Protection
 

Similar to CAS-003 Exam Practice Questions

CySA+_CS0-002_May_2023-v1.1.pdf
CySA+_CS0-002_May_2023-v1.1.pdfCySA+_CS0-002_May_2023-v1.1.pdf
CySA+_CS0-002_May_2023-v1.1.pdfCCIEHOMER
 
Cv0 001-q&a-demo-cert magic
Cv0 001-q&a-demo-cert magicCv0 001-q&a-demo-cert magic
Cv0 001-q&a-demo-cert magicjenie Emmons
 
156 815
156 815156 815
156 815edfina
 
St0 029 question answers
St0 029 question answersSt0 029 question answers
St0 029 question answersMarcoMCervantes
 
H19-401_V1.0 HCSP-Presales-Campus Network Planning and Design V1.0 Exam Quest...
H19-401_V1.0 HCSP-Presales-Campus Network Planning and Design V1.0 Exam Quest...H19-401_V1.0 HCSP-Presales-Campus Network Planning and Design V1.0 Exam Quest...
H19-401_V1.0 HCSP-Presales-Campus Network Planning and Design V1.0 Exam Quest...PassquestionExamTrai
 
Check Point CCSA R81 156-215.81 Practice Test Questions
Check Point CCSA R81 156-215.81 Practice Test QuestionsCheck Point CCSA R81 156-215.81 Practice Test Questions
Check Point CCSA R81 156-215.81 Practice Test QuestionsPassquestionExamTrai
 
1z0-1104-21 Dumps Questions
1z0-1104-21 Dumps Questions1z0-1104-21 Dumps Questions
1z0-1104-21 Dumps QuestionsStudy Material
 
CISSP Exam Dumps 2022
CISSP Exam Dumps 2022CISSP Exam Dumps 2022
CISSP Exam Dumps 2022bronxfugly43
 
Assess CAS-004 Study Material For Comptia Exam.pdf
Assess CAS-004 Study Material For Comptia Exam.pdfAssess CAS-004 Study Material For Comptia Exam.pdf
Assess CAS-004 Study Material For Comptia Exam.pdfshirlybaker1
 
Further develop Your CAS-004 Dumps By Using The Study Kit.pdf
Further develop Your CAS-004 Dumps By Using The Study Kit.pdfFurther develop Your CAS-004 Dumps By Using The Study Kit.pdf
Further develop Your CAS-004 Dumps By Using The Study Kit.pdfshirlybaker1
 
IBM QRadar SIEM V7.3.2 Deployment C1000-055 Questions
IBM QRadar SIEM V7.3.2 Deployment C1000-055 QuestionsIBM QRadar SIEM V7.3.2 Deployment C1000-055 Questions
IBM QRadar SIEM V7.3.2 Deployment C1000-055 QuestionswilliamLeo13
 
2022 Update PCNSE Certification Exam Questions
2022 Update PCNSE Certification Exam Questions2022 Update PCNSE Certification Exam Questions
2022 Update PCNSE Certification Exam QuestionswilliamLeo13
 
1 y0 253-q&a-demo-certmagic
1 y0 253-q&a-demo-certmagic1 y0 253-q&a-demo-certmagic
1 y0 253-q&a-demo-certmagicaniejhon56
 
200 355-q&a-demo-exam area
200 355-q&a-demo-exam area200 355-q&a-demo-exam area
200 355-q&a-demo-exam areaSamanthaGreen16
 
Examcollection 300-360 Braindumps
Examcollection 300-360 Braindumps Examcollection 300-360 Braindumps
Examcollection 300-360 Braindumpsalexenderaxil
 
CS0-002 Exam Questinos | CS0002 Guidebook
CS0-002 Exam Questinos | CS0002 GuidebookCS0-002 Exam Questinos | CS0002 Guidebook
CS0-002 Exam Questinos | CS0002 Guidebookbronxfugly43
 
因應雲端服務之資訊技術發展趨勢
因應雲端服務之資訊技術發展趨勢因應雲端服務之資訊技術發展趨勢
因應雲端服務之資訊技術發展趨勢Ray James X
 
Exams4sure Juniper JN0-1332 Exam Dumps 2021
Exams4sure Juniper JN0-1332 Exam Dumps 2021Exams4sure Juniper JN0-1332 Exam Dumps 2021
Exams4sure Juniper JN0-1332 Exam Dumps 2021bronxfugly43
 

Similar to CAS-003 Exam Practice Questions (20)

CySA+_CS0-002_May_2023-v1.1.pdf
CySA+_CS0-002_May_2023-v1.1.pdfCySA+_CS0-002_May_2023-v1.1.pdf
CySA+_CS0-002_May_2023-v1.1.pdf
 
Cv0 001-q&a-demo-cert magic
Cv0 001-q&a-demo-cert magicCv0 001-q&a-demo-cert magic
Cv0 001-q&a-demo-cert magic
 
156 815
156 815156 815
156 815
 
St0 029 question answers
St0 029 question answersSt0 029 question answers
St0 029 question answers
 
312 50-demo
312 50-demo312 50-demo
312 50-demo
 
H19-401_V1.0 HCSP-Presales-Campus Network Planning and Design V1.0 Exam Quest...
H19-401_V1.0 HCSP-Presales-Campus Network Planning and Design V1.0 Exam Quest...H19-401_V1.0 HCSP-Presales-Campus Network Planning and Design V1.0 Exam Quest...
H19-401_V1.0 HCSP-Presales-Campus Network Planning and Design V1.0 Exam Quest...
 
Check Point CCSA R81 156-215.81 Practice Test Questions
Check Point CCSA R81 156-215.81 Practice Test QuestionsCheck Point CCSA R81 156-215.81 Practice Test Questions
Check Point CCSA R81 156-215.81 Practice Test Questions
 
1z0-1104-21 Dumps Questions
1z0-1104-21 Dumps Questions1z0-1104-21 Dumps Questions
1z0-1104-21 Dumps Questions
 
CISSP Exam Dumps 2022
CISSP Exam Dumps 2022CISSP Exam Dumps 2022
CISSP Exam Dumps 2022
 
Assess CAS-004 Study Material For Comptia Exam.pdf
Assess CAS-004 Study Material For Comptia Exam.pdfAssess CAS-004 Study Material For Comptia Exam.pdf
Assess CAS-004 Study Material For Comptia Exam.pdf
 
Further develop Your CAS-004 Dumps By Using The Study Kit.pdf
Further develop Your CAS-004 Dumps By Using The Study Kit.pdfFurther develop Your CAS-004 Dumps By Using The Study Kit.pdf
Further develop Your CAS-004 Dumps By Using The Study Kit.pdf
 
IBM QRadar SIEM V7.3.2 Deployment C1000-055 Questions
IBM QRadar SIEM V7.3.2 Deployment C1000-055 QuestionsIBM QRadar SIEM V7.3.2 Deployment C1000-055 Questions
IBM QRadar SIEM V7.3.2 Deployment C1000-055 Questions
 
2022 Update PCNSE Certification Exam Questions
2022 Update PCNSE Certification Exam Questions2022 Update PCNSE Certification Exam Questions
2022 Update PCNSE Certification Exam Questions
 
1 y0 253-q&a-demo-certmagic
1 y0 253-q&a-demo-certmagic1 y0 253-q&a-demo-certmagic
1 y0 253-q&a-demo-certmagic
 
300 208 exam dumps
300 208 exam dumps300 208 exam dumps
300 208 exam dumps
 
200 355-q&a-demo-exam area
200 355-q&a-demo-exam area200 355-q&a-demo-exam area
200 355-q&a-demo-exam area
 
Examcollection 300-360 Braindumps
Examcollection 300-360 Braindumps Examcollection 300-360 Braindumps
Examcollection 300-360 Braindumps
 
CS0-002 Exam Questinos | CS0002 Guidebook
CS0-002 Exam Questinos | CS0002 GuidebookCS0-002 Exam Questinos | CS0002 Guidebook
CS0-002 Exam Questinos | CS0002 Guidebook
 
因應雲端服務之資訊技術發展趨勢
因應雲端服務之資訊技術發展趨勢因應雲端服務之資訊技術發展趨勢
因應雲端服務之資訊技術發展趨勢
 
Exams4sure Juniper JN0-1332 Exam Dumps 2021
Exams4sure Juniper JN0-1332 Exam Dumps 2021Exams4sure Juniper JN0-1332 Exam Dumps 2021
Exams4sure Juniper JN0-1332 Exam Dumps 2021
 

Recently uploaded

PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 

Recently uploaded (20)

PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 

CAS-003 Exam Practice Questions

  • 2. QUESTION: 1 DRAG DROP Drag and drop the cloud deployment model to the associated use-case scenario. Options may be used only once or not at all. Answer: Exhibit CAS-003 2 http://www.certmagic.com
  • 3. QUESTION: 2 DRAG DROP A security consultant is considering authentication options for a financial institution. The following authentication options are available security mechanism to the appropriate use case. Options may be used once. CAS-003 3 http://www.certmagic.com
  • 4. Answer: Exhibit QUESTION: 3 An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the final negotiations, there are a number of outstanding issues, including: 1. Indemnity clauses have identified the maximum liability 2. The data will be hosted and managed outside of the company’s geographical location The number of users accessing the system will be small, and no sensitive data will be CAS-003 4 http://www.certmagic.com
  • 5. hosted in the solution. As the security consultant on the project, which of the following should the project’s security consultant recommend as the NEXT step? A. Develop a security exemption, as it does not meet the security policies B. Mitigate the risk by asking the vendor to accept the in-country privacy principles C. Require the solution owner to accept the identified risks and consequences D. Review the entire procurement process to determine the lessons learned Answer: C QUESTION: 4 DRAG DROP A security administrator must configure the database server shown below the comply with the four requirements listed. Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement. Answer options may be used once or not at all. Exhibit CAS-003 5 http://www.certmagic.com
  • 6. Answer: Exhibit QUESTION: 5 A security administrator is hardening a TrustedSolaris server that processes sensitive data. The data owner has established the following security requirements: The data is for internal consumption only and shall not be distributed to outside individuals The systems administrator should not have access to the data processed by the server The integrity of the kernel image is maintained Which of the following host- based security controls BEST enforce the data owner’s requirements? (Choose three.) CAS-003 6 http://www.certmagic.com
  • 7. A. SELinux B. DLP C. HIDS D. Host-based firewall E. Measured boot F. Data encryption G. Watermarking Answer: C, E, F QUESTION: 6 An SQL database is no longer accessible online due to a recent security breach. An investigation reveals that unauthorized access to the database was possible due to an SQL injection vulnerability. To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two.) A. Secure storage policies B. Browser security updates C. Input validation D. Web application firewall E. Secure coding standards F. Database activity monitoring Answer: C, F QUESTION: 7 A company has entered into a business agreement with a business partner for managed human resources services. The Chief Information Security Officer (CISO) has been asked to provide documentation that is required to set up a business-to-business VPN between the two organizations. Which of the following is required in this scenario? A. ISA B. BIA C. SLA D. RA Answer: C QUESTION: 8 Given the following output from a local PC: CAS-003 7 http://www.certmagic.com
  • 8. Which of the following ACLs on a stateful host-based firewall would allow the PC to serve an intranet website? A. Allow 172.30.0.28:80 -> ANY B. Allow 172.30.0.28:80 -> 172.30.0.0/16 C. Allow 172.30.0.28:80 -> 172.30.0.28:443 D. Allow 172.30.0.28:80 -> 172.30.0.28:53 Answer: B QUESTION: 9 A penetration tester has been contracted to conduct a physical assessment of a site. Which of the following is the MOST plausible method of social engineering to be conducted during this engagement? A. Randomly calling customer employees and posing as a help desk technician requiring user password to resolve issues B. Posing as a copier service technician and indicating the equipment had “phoned home” to alert the technician for a service call C. Simulating an illness while at a client location for a sales call and then recovering once listening devices are installed D. Obtaining fake government credentials and impersonating law enforcement to gain access to a company facility Answer: A QUESTION: 10 A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet: CAS-003 8 http://www.certmagic.com
  • 9. Which of the following should the penetration tester conclude about the command output? A. The public/private views on the Comptia.org DNS servers are misconfigured B. Comptia.org is running an older mail server, which may be vulnerable to exploits C. The DNS SPF records have not been updated for Comptia.org D. 192.168.102.67 is a backup mail server that may be more vulnerable to attack Answer: B QUESTION: 11 Two new technical SMB security settings have been enforced and have also become policies that increase secure communications. Network Client: Digitally sign communication Network Server: Digitally sign communication A storage administrator in a remote location with a legacy storage array, which contains time- sensitive data, reports employees can no longer connect to their department shares. Which of the following mitigation strategies should an information security manager recommend to the data owner? A. Accept the risk, reverse the settings for the remote location, and have the remote location file a risk exception until the legacy storage device can be upgraded B. Accept the risk for the remote location, and reverse the settings indefinitely since the legacy storage device will not be upgraded C. Mitigate the risk for the remote location by suggesting a move to a cloud service provider. Have the remote location request an indefinite risk exception for the use of cloud storage D. Avoid the risk, leave the settings alone, and decommission the legacy storage device Answer: A QUESTION: 12 A security engineer is designing a system in which offshore, outsourced staff can push code from the development environment to the production environment securely. The security engineer is concerned with data loss, while the business does not want to slow down its development process. Which of the following solutions BEST balances security requirements with business need? CAS-003 9 http://www.certmagic.com
  • 10. A. Set up a VDI environment that prevents copying and pasting to the local workstations of outsourced staff members B. Install a client-side VPN on the staff laptops and limit access to the development network C. Create an IPSec VPN tunnel from the development network to the office of the outsourced staff D. Use online collaboration tools to initiate workstation-sharing sessions with local staff who have access to the development network Answer: D QUESTION: 13 A systems security engineer is assisting an organization’s market survey team in reviewing requirements for an upcoming acquisition of mobile devices. The engineer expresses concerns to the survey team about a particular class of devices that uses a separate SoC for baseband radio I/O. For which of the following reasons is the engineer concerned? A. These devices can communicate over networks older than HSPA+ and LTE standards, exposing device communications to poor encryptions routines B. The organization will be unable to restrict the use of NFC, electromagnetic induction, and Bluetooth technologies C. The associated firmware is more likely to remain out of date and potentially vulnerable D. The manufacturers of the baseband radios are unable to enforce mandatory access controls within their driver set Answer: B QUESTION: 14 During a security assessment, an organization is advised of inadequate control over network segmentation. The assessor explains that the organization’s reliance on VLANs to segment traffic is insufficient to provide segmentation based on regulatory standards. Which of the following should the organization consider implementing along with VLANs to provide a greater level of segmentation? A. Air gaps B. Access control lists C. Spanning tree protocol D. Network virtualization E. Elastic load balancing Answer: D CAS-003 10 http://www.certmagic.com
  • 11. QUESTION: 15 A security administrator was informed that a server unexpectedly rebooted. The administrator received an export of syslog entries for analysis: Which of the following does the log sample indicate? (Choose two.) A. A root user performed an injection attack via kernel module B. Encrypted payroll data was successfully decrypted by the attacker C. Jsmith successfully used a privilege escalation attack D. Payroll data was exfiltrated to an attacker-controlled host E. Buffer overflow in memory paging caused a kernel panic F. Syslog entries were lost due to the host being rebooted Answer: C, E QUESTION: 16 An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions. Which of the following types of information could be drawn from such participation? CAS-003 11 http://www.certmagic.com
  • 12. A. Threat modeling B. Risk assessment C. Vulnerability data D. Threat intelligence E. Risk metrics F. Exploit frameworks Answer: F QUESTION: 17 A recent penetration test identified that a web server has a major vulnerability. The web server hosts a critical shipping application for the company and requires 99.99% availability. Attempts to fix the vulnerability would likely break the application. The shipping application is due to be replaced in the next three months. Which of the following would BEST secure the web server until the replacement web server is ready? A. Patch management B. Antivirus C. Application firewall D. Spam filters E. HIDS Answer: E QUESTION: 18 To prepare for an upcoming audit, the Chief Information Security Officer (CISO) asks for all 1200 vulnerabilities on production servers to be remediated. The security engineer must determine which vulnerabilities represent real threats that can be exploited so resources can be prioritized to migrate the most dangerous risks. The CISO wants the security engineer to act in the same manner as would an external threat, while using vulnerability scan results to prioritize any actions. Which of the following approaches is described? A. Blue team B. Red team C. Black box D. White team Answer: C QUESTION: 19 An engineer is evaluating the control profile to assign to a system containing PII, CAS-003 12 http://www.certmagic.com
  • 13. financial, and proprietary dat a. Based on the data classification table above, which of the following BEST describes the overall classification? A. High confidentiality, high availability B. High confidentiality, medium availability C. Low availability, low confidentiality D. High integrity, low availability Answer: B QUESTION: 20 A security analyst is reviewing the corporate MDM settings and notices some disabled settings, which consequently permit users to download programs from untrusted developers and manually install them. After some conversations, it is confirmed that these settings were disabled to support the internal development of mobile applications. The security analyst is now recommending that developers and testers have a separate device profile allowing this, and that the rest of the organization’s users do not have the ability to manually download and install untrusted applications. Which of the following settings should be toggled to achieve the goal? (Choose two.) A. OTA updates B. Remote wiping C. Side loading D. Sandboxing E. Containerization F. Signed applications Answer: E, F CAS-003 13 http://www.certmagic.com