[2022] Pass CompTIA CAS-003 Test Practice Test Questions Exam Dumps
Verified CAS-003 dumps Q&As - CAS-003 dumps with Correct Answers
CompTIA CASP+ CAS-003 Practice Test Questions, CompTIA CASP+ CAS-003 Exam Practice Test Questions
The CompTIA CAS-003 exam determines if the applicants are advanced in their competency regarding risk management, enterprise security, collaboration, and research. It also checks their capabilities in integrating enterprise security. Passing this test enables you to obtain the CompTIA Advanced Security Practitioner certification, also known as CASP+. Getting it is an indication of bearing advanced skills in risk analysis, security control, technologies for virtualization and Cloud, and cryptographic techniques.
NEW QUESTION 231
A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the following would MOST appropriately address Joe's concerns?
- A. Contract and configure scrubbing services with third-party DDoS mitigation providers.
- B. Ensure web services hosting the event use TCP cookies and deny_hosts.
- C. Purchase additional bandwidth from the company's Internet service provider.
- D. Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions.
Answer: A
Explanation:
Explanation
Scrubbing is an excellent way of dealing with this type of situation where the company wants to stay connected no matter what during the one-time high profile event. It involves deploying a multi-layered security approach backed by extensive threat research to defend against a variety of attacks with a guarantee of always-on.
NEW QUESTION 232
After investigating virus outbreaks that have cost the company $1,000 per incident, the company's Chief Information Security Officer (CISO) has been researching new antivirus software solutions to use and be fully supported for the next two years. The CISO has narrowed down the potential solutions to four candidates that meet all the company's performance and capability requirements:
Using the table above, which of the following would be the BEST business-driven choice among five possible solutions?
- A. Product E
- B. Product B
- C. Product C
- D. Product A
- E. Product D
Answer: A
Explanation:
Section: (none)
NEW QUESTION 233
An advanced threat emulation engineer is conducting testing against a client's network. The engineer conducts the testing in as realistic a manner as possible. Consequently, the engineer has been gradually ramping up the volume of attacks over a long period of time. Which of the following combinations of techniques would the engineer MOST likely use in this testing? (Choose three.)
- A. Black box testing
- B. External auditing
- C. Social engineering
- D. Vulnerability assessment
- E. Gray box testing
- F. Pivoting
- G. Self-assessment
- H. Code review
- I. White teaming
Answer: A,D,F
NEW QUESTION 234
A developer emails the following output to a security administrator for review:
Which of the following tools might the security administrator use to perform further security assessment of this issue?
- A. HTTP interceptor
- B. Vulnerability scanner
- C. Fuzzer
- D. Port scanner
Answer: A
NEW QUESTION 235
An administrator is working with management to develop policies related to the use of cloud- based resources that contain corporate data Management plans to require some control offer organizational data stored on personal devices such as tablets.
Which of the following controls would BEST support managements policy?
- A. MDM
- B. MFA
- C. Sandboxing
- D. FDE
- E. Mobile tokenization
Answer: A
NEW QUESTION 236
An engineer is evaluating the control profile to assign to a system containing PII, financial, and proprietary data.
Based on the data classification table above, which of the following BEST describes the overall classification?
- A. High confidentiality, high availability
- B. High integrity, low availability
- C. High confidentiality, medium availability
- D. Low availability, low confidentiality
Answer: C
NEW QUESTION 237
A regional transportation and logistics company recently hired its first Chief Information Security Officer (CISO).
The CISO's first project after onboarding involved performing a vulnerability assessment against the company's public facing network. The completed scan found a legacy collaboration platform application with a critically rated vulnerability. While discussing this issue with the line of business, the CISO learns the vulnerable application cannot be updated without the company incurring significant losses due to downtime or new software purchases.
Which of the following BEST addresses these concerns?
- A. The company should implement a WAF in front of the vulnerable application to filter out any traffic attempting to exploit the vulnerability.
- B. The company should build a parallel system and perform a cutover from the old application to the new application, with less downtime than an upgrade.
- C. The company should plan future maintenance windows such legacy application can be updated as needed.
- D. The CISO must accept the risk of the legacy application, as the cost of replacing the application greatly exceeds the risk to the company.
Answer: A
NEW QUESTION 238
After an employee was terminated, the company discovered the employee still had access to emails and attached content that should have been destroyed during the off-boarding. The employee's laptop and cell phone were confiscated and accounts were disabled promptly. Forensic investigation suggests the company's DLP was effective, and the content in question was not sent outside of work or transferred to removable media. Personality owned devices are not permitted to access company systems or information.
Which of the following would be the MOST efficient control to prevent this from occurring in the future?
- A. Prevent backup of mobile devices to personally owned computers.
- B. Disallow side loading of applications on mobile devices.
- C. Install application whitelist on mobile devices.
- D. Restrict access to company systems to expected times of day and geographic locations.
- E. Perform unannounced insider threat testing on high-risk employees.
Answer: B
NEW QUESTION 239
A network engineer wants to deploy user-based authentication across the company's wired and wireless infrastructure at layer 2 of the OSI model. Company policies require that users be centrally managed and authenticated and that each user's network access be controlled based on the user's role within the company.
Additionally, the central authentication system must support hierarchical trust and the ability to natively authenticate mobile devices and workstations. Which of the following are needed to implement these requirements? (Select TWO).
- A. Shibboleth
- B. RADIUS
- C. SAML
- D. PKI
- E. WAYF
- F. LDAP
Answer: B,F
Explanation:
Explanation
RADIUS is commonly used for the authentication of WiFi connections. We can use LDAP and RADIUS for the authentication of users and devices.
LDAP and RADIUS have something in common. They're both mainly protocols (more than a database) which uses attributes to carry information back and forth. They're clearly defined in RFC documents so you can expect products from different vendors to be able to function properly together.
RADIUS is NOT a database. It's a protocol for asking intelligent questions to a user database. LDAP is just a database. In recent offerings it contains a bit of intelligence (like Roles, Class of Service and so on) but it still is mainly just a rather stupid database. RADIUS (actually RADIUS servers like FreeRADIUS) provide the administrator the tools to not only perform user authentication but also to authorize users based on extremely complex checks and logic. For instance you can allow access on a specific NAS only if the user belongs to a certain category, is a member of a specific group and an outside script allows access. There's no way to perform any type of such complex decisions in a user database.
NEW QUESTION 240
Designing a system in which only information that is essential for a particular job task is allowed to be viewed can be accomplished successfully by using:
- A. role-based access control
- B. separation of duties
- C. mandatory vacations.
- D. discretionary access
- E. job rotations
Answer: A
NEW QUESTION 241
A security consultant is considering authentication options for a financial institution. The following authentication options are available. Drag and drop the security mechanism to the appropriate use case. Options may be used once.
Answer:
Explanation:
NEW QUESTION 242
A security analyst has requested network engineers integrate sFlow into the SOC's overall monitoring picture.
For this to be a useful addition to the monitoring capabilities, which of the following must be considered by the engineering team?
- A. Overall bandwidth available at Internet PoP
- B. Availability of application layer visualizers
- C. Effective deployment of network taps
- D. Optimal placement of log aggregators
Answer: B
NEW QUESTION 243
A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. In addition to the normal complement of security controls (e.g. antivirus, host hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on the VMs. Which of the following will meet this goal without requiring any hardware pass-through implementations?
- A. TPM
- B. HSM
- C. vTPM
- D. INE
Answer: C
Explanation:
A Trusted Platform Module (TPM) is a microchip designed to provide basic security-related functions, primarily involving encryption keys. The TPM is usually installed on the motherboard of a computer, and it communicates with the remainder of the system by using a hardware bus.
A vTPM is a virtual Trusted Platform Module.
IBM extended the current TPM V1.2 command set with virtual TPM management commands that allow us to create and delete instances of TPMs. Each created instance of a TPM holds an association with a virtual machine (VM) throughout its lifetime on the platform.
NEW QUESTION 244
A large organization has recently suffered a massive credit card breach. During the months of Incident Response, there were multiple attempts to assign blame for whose fault it was that the incident occurred. In which part of the incident response phase would this be addressed in a controlled and productive manner?
- A. During the Identification Phase
- B. During the Preparation Phase
- C. During the Lessons Learned phase
- D. During the Containment Phase
Answer: C
Explanation:
The Lessons Learned phase is the final step in the Incident Response process, when everyone involved reviews what happened and why.
Incorrect Answers:
A: The Identification Phase is the second step in the Incident Response process that deals with the detection of events and incidents.
C: The Containment Phase is the third step in the Incident Response process that deals with the planning, training, and execution of the incident response plan.
D: The Preparation Phase is the first step in the Incident Response process that deals with policies and procedures required to attend to the potential of security incidents.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, p. 249
NEW QUESTION 245
Which of the following attacks can be mitigated by proper data retention policies?
- A. Watering hole
- B. Dumpster diving
- C. Man-in-the browser
- D. Spear phishing
Answer: B
NEW QUESTION 246
A security consultant is considering authentication options for a financial institution. The following authentication options are available. Drag and drop the security mechanism to the appropriate use case. Options may be used once.
Answer:
Explanation:
NEW QUESTION 247
A security analyst is reviewing weekly email reports and finds an average of 1.000 emails received daily from the internal security alert email address. Which of the following should be implemented?
- A. Separation of duties for systems administrators
- B. Tuning the networking monitoring service
- C. DoS attack prevention
- D. Machine learning algorithms
Answer: B
NEW QUESTION 248
Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client and server components of the proprietary web application before launch. Which of the following is the penetration tester MOST likely to use while performing black box testing of the security of the company's purchased application? (Select TWO).
- A. Local proxy
- B. Sandbox
- C. Code review
- D. Fuzzer
- E. Port scanner
Answer: A,D
Explanation:
C: Local proxy will work by proxying traffic between the web client and the web server. This is a tool that can be put to good effect in this case.
D: Fuzzing is another form of blackbox testing and works by feeding a program multiple input iterations that are specially written to trigger an internal error that might indicate a bug and crash it.
Incorrect Answers:
A: A Code review refers to the examination of an application (the new HTML5 application in this case) that is designed to identify and assess threats to the organization. But this is not the most likely test to be carried out when performing black box testing.
B: Application sandboxing refers to the process of writing files to a temporary storage are (the so-called sandbox) so that you limit the ability of possible malicious code to execute on your computer.
E: Port scanning is used to scan TCP and UDP ports and report on their status. You can thus determine which services are running on a targeted computer.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 147, 154, 168-169, 174
NEW QUESTION 249
A storage as a service company implements both encryption at rest as well as encryption in transit of customers' data. The security administrator is concerned with the overall security of the encrypted customer data stored by the company servers and wants the development team to implement a solution that will strengthen the customer's encryption key. Which of the following, if implemented, will MOST increase the time an offline password attack against the customers' data would take?
- A. key = aes128(sha256(password), password))
- B. password = password + sha(password+salt) + aes256(password+salt)
- C. key = NULL ; for (int i=0; i<5000; i++) { key = sha(key + password) }
- D. password = NULL ; for (int i=0; i<10000; i++) { password = sha256(key) }
Answer: C
Explanation:
References:
http://stackoverflow.com/questions/4948322/fundamental-difference-between-hashing-and-encryption-algorithms
NEW QUESTION 250
......
Exam Topics
The certification exam is designed to evaluate specific skills. The candidates must be able to demonstrate competence in the following topics to achieve success in the test.
CAS-003 certification guide Q&A from Training Expert RealVCE: https://www.realvce.com/CAS-003_free-dumps.html
The Best CASP Recertification Study Guide for the CAS-003 Exam: https://drive.google.com/open?id=1CbEB4ssUbDpWsmmgyWQARDOhvgSL9DtH