CompTIA CAS-003 Exam Questions & Answers

A security analyst is reviewing the corporate MDM settings and notices some disabled settings, which consequently permit users to download programs from untrusted developers and manually install them. After some conversations, it is confirmed that these settings were disabled to support the internal development of mobile applications. The security analyst is now recommending that developers and testers have a separate device profile allowing this, and that the rest of the organization's users do not have the ability to manually download and install untrusted applications. Which of the following settings should be toggled to achieve the goal? (Choose two.)

A. OTA updates

B. Remote wiping

C. Side loading

D. Sandboxing

E. Containerization

F. Signed applications

The Chief Executive Officer (CEO) of a company has considered implementing a cost-saving measure that might result in new risk to the company. When deciding whether to implement this measure, which of the following would be the BEST course of action to manage the organization's risk?

A. Present the detailed risk resulting from the change to the company's board of directors

B. Pilot new mitigations that cost less than the total amount saved by the change

C. Modify policies and standards to discourage future changes that increase risk

D. Capture the risk in a prioritized register that is shared routinely with the CEO

A healthcare company wants to increase the value of the data it collects on its patients by making the data available to third-party researchers for a fee. Which of the following BEST mitigates the risk to the company?

A. Log all access to the data and correlate with the researcher.

B. Anonymize identifiable information using keyed strings

C. Ensure all data is encrypted in transit to the researcher.

D. Ensure all researchers sign and abide by non-disclosure agreements.

E. Sanitize date and time stamp information in the records.