CompTIA CAS-003 Online Practice
Questions and Exam Preparation
CAS-003 Exam Details
Exam Code
:CAS-003
Exam Name
:CompTIA Advanced Security Practitioner (CASP+)
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:791 Q&As
Last Updated
:Jan 22, 2024
CompTIA CAS-003 Online Questions &
Answers
Question 161:
A medical facility wants to purchase mobile devices for doctors and nurses. To ensure accountability, each individual will be assigned a separate mobile device. Additionally, to protect patients' health information, management has identified
the following requirements:
Data must be encrypted at rest.
The device must be disabled if it leaves the facility.
The device must be disabled when tampered with.
Which of the following technologies would BEST support these requirements? (Select two.)
A. eFuse B. NFC C. GPS D. Biometric E. USB 4.1 F. MicroSD
C. GPS D. Biometric
Question 162:
A security manager wants to standardize security settings, firmware, and software across a heterogeneous environment. Which of the following can be used in combination to meet these goals? (Choose three).
A. Attestation services B. TPM C. HIPS software D. OOB management software E. Group Policy F. EDR software G. MDM software
B. TPM E. Group Policy F. EDR software
Question 163:
A security administrator wants to deploy a dedicated storage solution which is inexpensive, can natively integrate with AD, allows files to be selectively encrypted and is suitable for a small number of users at a satellite office. Which of the following would BEST meet the requirement?
A. SAN B. NAS C. Virtual SAN D. Virtual storage
B. NAS
A NAS is an inexpensive storage solution suitable for small offices. Individual files can be encrypted by using the EFS (Encrypted File System) functionality provided by the NTFS file system.
NAS typically uses a common Ethernet network and can provide storage services to any authorized devices on that network.
Two primary NAS protocols are used in most environments. The choice of protocol depends largely on the type of computer or server connecting to the storage. Network File System (NFS) protocol usually used by servers to access storage in a NAS environment. Common Internet File System (CIFS), also sometimes called Server Message Block (SMB), is usually used for desktops, especially those running Microsoft Windows.
Unlike DAS and SAN, NAS is a file-level storage technology. This means the NAS appliance maintains and controls the files, folder structures, permission, and attributes of the data it holds. A typical NAS deployment integrates the NAS appliance with a user database, such as Active Directory, so file permissions can be assigned based on established users and groups. With Active Directory integration, most Windows New Technology File System (NTFS) permissions can be set on the files contained on a NAS device.
Question 164:
As part of an organization's ongoing vulnerability assessment program, the Chief Information Security Officer (CISO) wants to evaluate the organization's systems, personnel, and facilities for various threats As part of the assessment the CISO plans to engage an independent cybersecurity assessment firm to perform social engineering and physical penetration testing against the organization's corporate offices and remote locations. Which of the following techniques would MOST likely be employed as part of this assessment? (Select THREE).
A. Privilege escalation B. SQL injection C. TOC/TOU exploitation D. Rogue AP substitution E. Tailgating F. Vulnerability scanning G. Vishing H. Badge skimming
E. Tailgating G. Vishing H. Badge skimming
Question 165:
A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?
A. The malware file's modify, access, change time properties. B. The timeline analysis of the file system. C. The time stamp of the malware in the swap file. D. The date/time stamp of the malware detection in the antivirus logs.
B. The timeline analysis of the file system.
Timelines can be used in digital forensics to identify when activity occurred on a computer. Timelines are mainly used for data reduction or identifying specific state changes that have occurred on a computer.
Question 166:
A company wants to confirm sufficient executable space protection is in place for scenarios in which malware may be attempting buffer overflow attacks. Which of the following should the security engineer check?
A. NX/XN B. ASLR C. strcpy D. ECC
A. NX/XN
Question 167:
A security technician receives a copy of a report that was originally sent to the board of directors by the Chief Information Security Officer (CISO). The report outlines the following KPI/KRI data for the last 12 months: Which of the following BEST describes what could be interpreted from the above data?
A. 1. AV coverage across the fleet improved 2. There is no correlation between infected systems and AV coverage. 3. There is no correlation between detected phishing attempts and infected systems 4. A correlation between threat landscape rating and infected systems appears to exist. 5. Effectiveness and performance of the security team appears to be degrading. B. 1. AV signature coverage has remained consistently high 2. AV coverage across the fleet improved 3. A correlation between phishing attempts and infected systems appears to exist 4. There is a correlation between the threat landscape rating and the security team's performance. 5. There is no correlation between detected phishing attempts and infected systems C. 1. There is no correlation between infected systems and AV coverage 2. AV coverage across the fleet improved 3. A correlation between phishing attempts and infected systems appears to exist 4. There is no correlation between the threat landscape rating and the security team's performance. 5. There is a correlation between detected phishing attempts and infected systems D. 1. AV coverage across the fleet declined 2. There is no correlation between infected systems and AV coverage. 3. A correlation between phishing attempts and infected systems appears to exist 4. There is no correlation between the threat landscape rating and the security team's performance 5. Effectiveness and performance of the security team appears to be degrading.
A. 1. AV coverage across the fleet improved 2. There is no correlation between infected systems and AV coverage. 3. There is no correlation between detected phishing attempts and infected systems 4. A correlation between threat landscape rating and infected systems appears to exist. 5. Effectiveness and performance of the security team appears to be degrading.
Question 168:
A security administrator has been asked to select a cryptographic algorithm to meet the criteria of a new application. The application utilizes streaming video that can be viewed both on computers and mobile devices. The application designers have asked that the algorithm support the transport encryption with the lowest possible performance overhead. Which of the following recommendations would BEST meet the needs of the application designers? (Select TWO).
A. Use AES in Electronic Codebook mode B. Use RC4 in Cipher Block Chaining mode C. Use RC4 with Fixed IV generation D. Use AES with cipher text padding E. Use RC4 with a nonce generated IV F. Use AES in Counter mode
E. Use RC4 with a nonce generated IV F. Use AES in Counter mode
In cryptography, an initialization vector (IV) is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom. Randomization is crucial for encryption schemes to achieve semantic security, a property whereby repeated usage of the scheme under the same key does not allow an attacker to infer relationships between segments of the encrypted message.
Some cryptographic primitives require the IV only to be non-repeating, and the required randomness is derived internally. In this case, the IV is commonly called a nonce (number used once), and the primitives are described as stateful as opposed to randomized. This is because the IV need not be explicitly forwarded to a recipient but may be derived from a common state updated at both sender and receiver side. An example of stateful encryption schemes is the counter mode of operation, which uses a sequence number as a nonce.
AES is a block cipher. Counter mode turns a block cipher into a stream cipher. It generates the next keystream block by encrypting successive values of a "counter". The counter can be any function which produces a sequence which is guaranteed not to repeat for a long time, although an actual increment-by-one counter is the simplest and most popular.
Question 169:
A school contracts with a vendor to devise a solution that will enable the school library to lend out tablet computers to students while on site. The tablets must adhere to string security and privacy practices. The school's key requirements are to:
1.
Maintain privacy of students in case of loss
2.
Have a theft detection control in place
3.
Be compliant with defined disability requirements
4.
Have a four-hour minimum battery life
Which of the following should be configured to BEST meet the requirements? (Choose two.)
A. Remote wiping B. Geofencing C. Antivirus software D. TPM E. FDE F. Tokenization
A. Remote wiping D. TPM
Question 170:
A security manager is looking into the following vendor proposal for a cloud-based SIEM solution. The intention is that the cost of the SIEM solution will be justified by having reduced the number of incidents and therefore saving on the
amount spent investigating incidents.
Proposal:
External cloud-based software as a service subscription costing $5,000 per month. Expected to reduce the number of current incidents per annum by 50%.
The company currently has ten security incidents per annum at an average cost of $10,000 per incident. Which of the following is the ROI for this proposal after three years?
A. -$30,000 B. $120,000 C. $150,000 D. $180,000
A. -$30,000
Return on investment = Net profit / Investment where:Net profit = gross profit expenses. or Return on investment = (gain from investment ?cost of investment) / cost of investment Subscriptions = 5,000 x 12 = 60,000 per annum 10 incidents @ 10,000 = 100.000 per annumreduce by 50% = 50,000 per annum Thus the rate of Return is -10,000 per annum and that makes for -$30,000 after three years. References: http://www.financeformulas.net/Return_on_Investment.html
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your CAS-003 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.