CAS-003 Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-003 Online Questions & Answers

  • Question 131:

    A company wants to secure a newly developed application that is used to access sensitive information and data from corporate resources The application was developed by a third- party organization, and it is now being used heavily despite lacking the following controls:

    1.

    Certificate pinning

    2.

    Tokenization

    3.

    Biometric authentication

    The company has already implemented the following controls:

    1.

    Full device encryption

    2.

    Screen lock

    3.

    Device password

    4.

    Remote wipe

    The company wants to defend against interception of data attacks Which of the following compensating controls should the company implement NEXT?

    A. Enforce the use of a VPN when using the newly developed application.
    B. Implement a geofencing solution that disables the application according to company requirements.
    C. Implement an out-of-band second factor to authenticate authorized users
    D. Install the application in a secure container requiring additional authentication controls.

  • Question 132:

    Following a recent outage, a systems administrator is conducting a study to determine a suitable bench stock on server hard drives.

    Which of the following metrics is MOST valuable to the administrator in determining how many hard drives to keep-on hand?

    A. TTR
    B. ALE
    C. MTBF
    D. SLE
    E. RPO

  • Question 133:

    While investigating suspicious activity on a server, a security administrator runs the following report: In addition, the administrator notices changes to the /etc/shadow file that were not listed in the report. Which of the following BEST describe this scenario? (Choose two.)

    A. An attacker compromised the server and may have used a collision hash in the MD5 algorithm to hide the changes to the /etc/shadow file
    B. An attacker compromised the server and may have also compromised the file integrity database to hide the changes to the /etc/shadow file
    C. An attacker compromised the server and may have installed a rootkit to always generate valid MD5 hashes to hide the changes to the /etc/shadow file
    D. An attacker compromised the server and may have used MD5 collision hashes to generate valid passwords, allowing further access to administrator accounts on the server
    E. An attacker compromised the server and may have used SELinux mandatory access controls to hide the changes to the /etc/shadow file

  • Question 134:

    A user is suspected of engaging in potentially illegal activities. Law enforcement has requested that the user continue to operate on the network as normal. However, they would like to have a copy of any communications from the user involving certain key terms. Additionally, the law enforcement agency has requested that the user's ongoing communication be retained in the user's account for future investigations. Which of the following will BEST meet the goals of law enforcement?

    A. Begin a chain-of-custody on for the user's communication. Next, place a legal hold on the user's email account.
    B. Perform an e-discover using the applicable search terms. Next, back up the user's email for a future investigation.
    C. Place a legal hold on the user's email account. Next, perform e-discovery searches to collect applicable emails.
    D. Perform a back up of the user's email account. Next, export the applicable emails that match the search terms.

  • Question 135:

    A systems administrator recently joined an organization and has been asked to perform a security assessment of controls on the organization's file servers, which contain client data from a number of sensitive systems. The administrator needs to compare documented access requirements to the access implemented within the file system.

    Which of the following is MOST likely to be reviewed during the assessment? (Select two.)

    A. Access control list
    B. Security requirements traceability matrix
    C. Data owner matrix
    D. Roles matrix
    E. Data design document
    F. Data access policies

  • Question 136:

    A security tester is testing a website and performs the following manual query:

    https://www.comptia.com/cookies.jsp?products=5%20and%201=1

    The following response is received in the payload:

    "ORA-000001: SQL command not properly ended"

    Which of the following is the response an example of?

    A. Fingerprinting
    B. Cross-site scripting
    C. SQL injection
    D. Privilege escalation

  • Question 137:

    A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares. Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two.)

    A. Conduct role-based training for privileged users that highlights common threats against them and covers best practices to thwart attacks
    B. Increase the frequency at which host operating systems are scanned for vulnerabilities, and decrease the amount of time permitted between vulnerability identification and the application of corresponding patches
    C. Enforce command shell restrictions via group policies for all workstations by default to limit which native operating system tools are available for use
    D. Modify the existing rules of behavior to include an explicit statement prohibiting users from enumerating user and file directories using available tools and/or accessing visible resources that do not directly pertain to their job functions
    E. For all workstations, implement full-disk encryption and configure UEFI instances to require complex passwords for authentication
    F. Implement application blacklisting enforced by the operating systems of all machines in the enterprise

  • Question 138:

    Two competing companies experienced similar attacks on their networks from various threat actors. To improve response times, the companies wish to share some threat intelligence about the sources and methods of attack.

    Which of the following business documents would be BEST to document this engagement?

    A. Business partnership agreement
    B. Memorandum of understanding
    C. Service-level agreement
    D. Interconnection security agreement

  • Question 139:

    A security analyst is attempting to break into a client's secure network. The analyst was not given prior information about the client, except for a block of public IP addresses that are currently in use. After network enumeration, the analyst's NEXT step is to perform:

    A. a gray-box penetration test
    B. a risk analysis
    C. a vulnerability assessment
    D. an external security audit
    E. a red team exercise

  • Question 140:

    Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.

    Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?

    A. Compile a list of firewall requests and compare than against interesting cloud services.
    B. Implement a CASB solution and track cloud service use cases for greater visibility.
    C. Implement a user-behavior system to associate user events and cloud service creation events.
    D. Capture all log and feed then to a SIEM and then for cloud service events

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.