CAS-003 Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-003 Online Questions & Answers

  • Question 201:

    A breach was caused by an insider threat in which customer PII was compromised. Following the breach, a lead security analyst is asked to determine which vulnerabilities the attacker used to access company resources. Which of the following should the analyst use to remediate the vulnerabilities?

    A. Protocol analyzer
    B. Root cause analysis
    C. Behavioral analytics
    D. Data leak prevention

  • Question 202:

    An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application is released to the public, report come In that a previously vulnerability has returned. Which of the following should the developer integrate into the process to BEST prevent this type of behavior?

    A. Peer review
    B. Regression testing
    C. User acceptance
    D. Dynamic analysis

  • Question 203:

    Which of the following technologies prevents an unauthorized HBA from viewing iSCSI target information?

    A. Deduplication
    B. Data snapshots
    C. LUN masking
    D. Storage multipaths

  • Question 204:

    Company XYZ finds itself using more cloud-based business tools, and password management is becoming onerous. Security is important to the company; as a result, password replication and shared accounts are not acceptable. Which of the following implementations addresses the distributed login with centralized authentication and has wide compatibility among SaaS vendors?

    A. Establish a cloud-based authentication service that supports SAML.
    B. Implement a new Diameter authentication server with read-only attestation.
    C. Install a read-only Active Directory server in the corporate DMZ for federation.
    D. Allow external connections to the existing corporate RADIUS server.

  • Question 205:

    A security analyst is reviewing logs and discovers that a company-owned computer issued to an employee is generating many alerts and analyst continues to review the log events and discovers that a non-company-owned device from a different, unknown IP address is general same events. The analyst informs the manager of these finding, and the manager explains that these activities are already known and . . . ongoing simulation. Given this scenario, which of the following roles are the analyst, the employee, and the manager fillings?

    A. The analyst is red team The employee is blue team The manager is white team
    B. The analyst is white team The employee is red team The manager is blue team
    C. The analyst is red team The employee is white team The manager is blue team
    D. The analyst is blue team The employee is red team The manager is white team

  • Question 206:

    A Chief Information Security Officer (CISO) recently changed jobs into a new industry. The CISO's first task is to write a new, relevant risk assessment for the organization. Which of the following help to the CISO find relevant risks to the organization? (Choose two.)

    A. Perform a penetration test.
    B. Conduct a regulatory audit.
    C. Hire a third-party consultant.
    D. Define the threat model.
    E. Review the existing BIA.
    F. Perform an attack path analysis.

  • Question 207:

    A network engineer is upgrading the network perimeter and installing a new firewall, IDS, and external edge router. The IDS is reporting elevated UDP traffic, and the internal routers are reporting high utilization. Which of the following is the BEST solution?

    A. Reconfigure the firewall to block external UDP traffic.
    B. Establish a security baseline on the IDS.
    C. Block echo reply traffic at the firewall.
    D. Modify the edge router to not forward broadcast traffic.

  • Question 208:

    A recent assessment identified that several users' mobile devices are running outdated versions of endpoint security software that do not meet the company's security policy. Which of the following should be performed to ensure the users can access the network and meet the company's security requirements?

    A. Vulnerability assessment
    B. Risk assessment
    C. Patch management
    D. Device quarantine
    E. Incident management

  • Question 209:

    The government is concerned with remote military missions being negatively being impacted by the use of technology that may fail to protect operational security. To remediate this concern, a number of solutions have been implemented, including the following:

    1.

    End-to-end encryption of all inbound and outbound communication, including personal email and chat sessions that allow soldiers to securely communicate with families.

    2.

    Layer 7 inspection and TCP/UDP port restriction, including firewall rules to only allow TCP port 80 and 443 and approved applications

    3.

    A host-based whitelist of approved websites and applications that only allow mission-related tools and sites

    4.

    The use of satellite communication to include multiple proxy servers to scramble the source IP address

    Which of the following is of MOST concern in this scenario?

    A. Malicious actors intercepting inbound and outbound communication to determine the scope of the mission
    B. Family members posting geotagged images on social media that were received via email from soldiers
    C. The effect of communication latency that may negatively impact real-time communication with mission control
    D. The use of centrally managed military network and computers by soldiers when communicating with external parties

  • Question 210:

    A security analyst is reviewing weekly email reports and finds an average of 1.000 emails received daily from the internal security alert email address. Which of the following should be implemented?

    A. Tuning the network monitoring service
    B. Separation of duties for systems administrators
    C. Machine learning algorithms
    D. DoS attack prevention

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.