CompTIA CompTIA Advanced Security Practitioner CAS-003 Questions & Answers

• Question 11:

  A Chief Information Security Officer (CISO) has launched an initiative to create a rebust BCP/DR plan for the entire company. As part of the initiative, the secunty team must gather data supporting operational importance for the applications

  used by the business and determine the order in which the applications must be brought back online.

  Which of the following should be the FIRST step taken by the team?

  A. Perform a review of all policies and procedures related to BCP and DR and create an educational module that can be assigned to all employees to provide training on BCP/DR events.

  B. Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

  C. Have each business unit conduct a BIA and categorize the applications according to the cumulative data gathered.

  D. Implement replication of all servers and application data to back up datacenters that are geographically dispersed from the central datacenter and release an updated BPA to all clients.

  Correct Answer: C

• Question 12:

  A small company is implementing a new technology that promises greater performance but does not abide by accepted RFCs.

  Which of the following should the company do to ensure the risks associated with implementing the standard-violating technology are addressed?

  A. Document the technology's differences in a system security plan.

  B. Require the vendor to provide justification for the product's deviation.

  C. Increase the frequency of vulnerability scanning of all systems using the technology.

  D. Block the use of non-standard ports or protocols to and from the system.

  Correct Answer: A

  Reference: https://www.sciencedirect.com/toDics/computer-science/svstem-securitv-plan

• Question 13:

  An organization relies heavily on third-party mobile applications for official use within a BYOD deployment scheme An excerpt from an approved text-based-chat client application AndroidManifest xml is as follows:

  

  Which of the following would restrict application permissions while minimizing the impact to normal device operations?

  A. Add the application to the enterprise mobile whitelist.

  B. Use the MDM to disable the devices' recording microphones and SMS.

  C. Wrap the application before deployment.

  D. Install the application outside of the corporate container.

  Correct Answer: B

• Question 14:

  A security manager wants to implement a policy that will provide management with the ability to monitor employee's activities with minimum impact to productivity. Which of the following policies is BEST suited for this scenario?

  A. Separation of duties

  B. Mandatory vacations

  C. Least privilege

  D. Incident response

  Correct Answer: A

• Question 15:

  A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregator and allows remote access to MSSP analysts. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud The data is then sent from the log aggregator to a public IP address in the MSSP's datacenter for analysis. A security engineer is concerned about the secunty of the solution and notes the following

  1.

  The critical devices send cleartext logs to the aggregator.

  2.

  The log aggregator utilizes full disk encryption.

  3.

  The log aggregator sends to the analysis server via port 80.

  4.

  MSSP analysts utilize an SSL VPN with MFA to access the log aggregator remotely.

  5.

  The data is compressed and encrypted prior to being archived in the cloud.

  Which of the following should be the secunty engineer's GREATEST concern?

  A. Hardware vulnerabilities introduced by the log aggregator server.

  B. Network bridging from a remote access VPN.

  C. Encryption of data in transit.

  D. Multitenancy and data remnants in the cloud.

  Correct Answer: C

• Question 16:

  An information security officer reviews a report and notices a steady increase in outbound network traffic over the past ten months. There is no clear explanation for the increase. The security officer interviews several business units and

  discovers an unsanctioned cloud storage provider was used to share marketing materials with potential customers.

  Which of the following services would be BEST for the security officer to recommend to the company?

  A. NIDS

  B. HIPS

  C. CASB

  D. SFTP

  Correct Answer: C

• Question 17:

  The Chief Information Security Officer (CISO) of a small, local bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually. Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?

  A. Black-box testing

  B. Gray-box testing

  C. Red-team hunting

  D. White-box testing

  E. Blue-team exercises

  Correct Answer: D

• Question 18:

  A company has expenenced negative publicity associated with users giving out their credentials accidentally or sharing intellectual secrets were not properly defined. The company recently implemented some new policies and is now testing

  their effectiveness. Over the last three months, the number of phishing victims-dropped from 100 to only two in the last test The DLP solution that was implemented catches potential material leaks, and the user responsible is retrained

  Personal email accounts and USB drives are restricted from the corporate network.

  Given the improvements, which of the following would a security engineer identify as being needed in a gap analysis?

  A. Additional corporate-wide training on phishing.

  B. A policy outlining what is and is not acceptable on social media.

  C. Notifications when a user falls victim to a phishing attack.

  D. Positive DLP preventions with stronger enforcement.

  Correct Answer: B

• Question 19:

  A security tester is performing a black-box assessment of an RFID access control system. The tester has a handful of RFID tags and is able to access the reader. However the tester cannot disassemble the reader because it is in use by the

  company.

  Which of the following shows the steps the tester should take to assess the RFID access control system in the correct order?

  A. 1 Attempt to eavesdrop and replay RFID communications.

  2.

  Determine the protocols being used between the tag and the reader.

  3.

  Retrieve the RFID tag identifier and manufacturer details.

  4.

  Take apart an RFID tag and analyze the chip.

  B. 1. Determine the protocols being used between the tag and the reader.

  2.

  Take apart an RFID tag and analyze the chip.

  3.

  Retrieve the RFID tag identifier and manufacturer details.

  4.

  Attempt to eavesdrop and replay RFID communications.

  C. 1. Retrieve the RFID tag identifier and manufacturer details.

  2. Determine the protocols is being used between the tag and the reader.

  3 Attempt to eavesdrop and replay RFID communications.

  4. Take apart an RFID tag and analyze the chip.

  D. 1 Take apart an RFID tag and analyze the chip.

  2.

  Retrieve the RFID tag identifier and manufacturer details.

  3.

  Determine the protocols being used between the tag and the reader.

  4.

  Attempt to eavesdrop and replay RFID communications.

  Correct Answer: B

• Question 20:

  A network engineer is concerned about hosting web, SFTP. and email services in a single DMZ that is hosted in the same security zone This could potentially allow lateral movement within the environment. Which of the following should the engineer implement to mitigate the risk?

  A. Put all the services on a single host to reduce the number of servers.

  B. Create separate security zones for each service and use ACLs for segmentation.

  C. Keep the web server in the DMZ and move the other server services to the internal network.

  D. Deploy a switch and create VLANs for each service.

  Correct Answer: B