Online Access Free CAS-003 Practice Test

The latest security scan of a web application reported multiple high vulnerabilities in session management Which of the following is the BEST way to mitigate the issue?

• A.Using secure and HttpOnly settings on cookies
• B.Using secure cookie storage and transmission
• C.Prohibiting session hijacking of cookies
• D.Performing state management on the server

An enterprise is trying to secure a specific web-based application by forcing the use of multifactor authentication. Currently, the enterprise cannot change the application's sign-in page to include an extra field. However, the web-based application supports SAML. Which of the following would BEST secure the application?

• A.Deploying Shibboleth to all web-based applications in the enterprise
• B.Using an SSO application that supports mutlifactor authentication
• C.Forcing higher-complexity passwords and frequent changes
• D.Enabling the web application to support LDAP integration

A security analyst discovered the following request to a public-facing web server m a log:

The security analyst recommended an extra protection, so the web application can resist the above attack Which of the following. did the security analyst recommend? (Select TWO)

• A.The web application must clear the SameSite field in the cookie
• B.The web application must configure tie cookie for HttpOnly
• C.The web application must set set-cookie secure.
• D.Disable the Windows location feature on the web server.
• E.The web application must blacklist the server 1.54.13.1
• F.Block port tcp'90 on the firewall.

The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review.
Which of the following BEST meets the needs of the board?

• A.KRI:- Compliance with regulations- Backlog of unresolved security investigations- Severity of threats and vulnerabilities reported by sensors- Time to patch critical issues on a monthly basisKPI:- Time to resolve open security items- % of suppliers with approved security control frameworks- EDR coverage across the fleet- Threat landscape rating
• B.KPI:- Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors- Threat landscape ratingKRI:- Time to resolve open security items- Backlog of unresolved security investigations- EDR coverage across the fleet- Time to patch critical issues on a monthly basis
• C.KRI:- EDR coverage across the fleet- Backlog of unresolved security investigations- Time to patch critical issues on a monthly basis- Threat landscape ratingKPI:- Time to resolve open security items- Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors
• D.KRI:- EDR coverage across the fleet- % of suppliers with approved security control framework- Backlog of unresolved security investigations- Threat landscape ratingKPI:- Time to resolve open security items- Compliance with regulations- Time to patch critical issues on a monthly basis- Severity of threats and vulnerabilities reported by sensors

A SaaS provider decides to offer data storage as a service. For simplicity, the company wants to make the service available over industry standard APIs, routable over the public Internet. Which of the following controls offers the MOST protection to the company and its customers' information?

• A.Use of non-standard ports
• B.Multifactor authentication
• C.Web application firewall
• D.Detailed application logging