CAS-003 Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-003 Online Questions & Answers

  • Question 191:

    A cybersecurity analyst has received an alert that well-known "call home" messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the massages. After determining the alert was a true positive, which of the following represents OST likely cause?

    A. Attackers are running reconnaissance on company resources.
    B. An outside command and control system is attempting to reach an infected system.
    C. An insider trying to exfiltrate information to a remote network.
    D. Malware is running on a company system

  • Question 192:

    During an incident involving the company main database, a team of forensics experts is hired to respond to the breach. The team is in charge of collecting forensics evidence from the company's database server. Which of the following is the correct order in which the forensics team should engage?

    A. Notify senior management, secure the scene, capture volatile storage, capture non-volatile storage, implement chain of custody, and analyze original media.
    B. Take inventory, secure the scene, capture RAM, capture hard drive, implement chain of custody, document, and analyze the data.
    C. Implement chain of custody, take inventory, secure the scene, capture volatile and non-volatile storage, and document the findings.
    D. Secure the scene, take inventory, capture volatile storage, capture non-volatile storage, document, and implement chain of custody.

  • Question 193:

    Within the past six months, a company has experienced a series of attacks directed at various collaboration tools. Additionally, sensitive information was compromised during a recent security breach of a remote access session from an unsecure site. As a result, the company is requiring all collaboration tools to comply with the following:

    Secure messaging between internal users using digital signatures Secure sites for video-conferencing sessions Presence information for all office employees Restriction of certain types of messages to be allowed into the network.

    Which of the following applications must be configured to meet the new requirements? (Select TWO.)

    A. Remote desktop
    B. VoIP
    C. Remote assistance
    D. Email
    E. Instant messaging
    F. Social media websites

  • Question 194:

    Users of a newly deployed VoIP solution report multiple instances of dropped or garbled calls. Thirty users connect to the primary site via a site-to-site VPN, and the primary site supplies a dial tone to all satellite locations. The network engineer who installed the equipment copied the configuration from a site that has two users on a low bandwidth DSL connection. Which of the following is MOST likely to restore telephone availability at the 30-user site?

    A. Disable Layer 2 encryption on the site-to-site VPNs throughout the company
    B. Provision new firewalls at all sites to enable QoS management of VoIP traffic
    C. Enable point-to-point tunneling for all VoIP traffic at the new site
    D. Configure QoS settings to support the larger bandwidth available
    E. Prioritize ICMP and TCP traffic over UDP traffic using QoS

  • Question 195:

    Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in secure environment?

    A. NDA
    B. MOU
    C. BIA
    D. SLA

  • Question 196:

    A company recently experienced a security incident in which its domain controllers were the target of a DoS attack. In which of the following steps should technicians connect domain controllers to the network and begin authenticating users again?

    A. Preparation
    B. Identification
    C. Containment
    D. Eradication
    E. Recovery
    F. Lessons learned

  • Question 197:

    A Chief Information Security Officer (CISO) requests the following external hosted services be scanned for malware, unsecured PII, and healthcare data:

    Corporate intranet site Online storage application Email and collaboration suite

    Security policy also is updated to allow the security team to scan and detect any bulk downloads of corporate data from the company's intranet and online storage site. Which of the following is needed to comply with the corporate security policy and the CISO's request?

    A. Port scanner
    B. CASB
    C. DLP agent
    D. Application sandbox
    E. SCAP scanner

  • Question 198:

    A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:

    Which of the following MOST appropriate corrective action to document for this finding?

    A. The product owner should perform a business impact assessment regarding the ability to implement a WAF.
    B. The product owner should perform a business impact assessment regarding the ability to implement a WAF.
    C. The system administrator should evaluate dependencies and perform upgrade as necessary.
    D. The system administrator should evaluate dependencies and perform upgrade as necessary.

  • Question 199:

    A security administrator wants to calculate the ROI of a security design which includes the purchase of new equipment. The equipment costs $50,000 and it will take 50 hours to install and configure the equipment. The administrator plans to hire a contractor at a rate of $100/hour to do the installation. Given that the new design and equipment will allow the company to increase revenue and make an additional $100,000 on the first year, which of the following is the ROI expressed as a percentage for the first year?

    A. -45 percent
    B. 5.5 percent
    C. 45 percent
    D. 82 percent

  • Question 200:

    Given the following information about a company's internal network:

    User IP space: 192.168.1.0/24 Server IP space: 192.168.192.0/25

    A security engineer has been told that there are rogue websites hosted outside of the proper server space, and those websites need to be identified. Which of the following should the engineer do?

    A. Use a protocol analyzer on 192.168.1.0/24
    B. Use a port scanner on 192.168.1.0/24
    C. Use an HTTP interceptor on 192.168.1.0/24
    D. Use a port scanner on 192.168.192.0/25
    E. Use a protocol analyzer on 192.168.192.0/25
    F. Use an HTTP interceptor on 192.168.192.0/25

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.