CAS-003 Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-003 Online Questions & Answers

  • Question 211:

    An attacker wants to gain information about a company's database structure by probing the database listener. The attacker tries to manipulate the company's database to see if it has any vulnerabilities that can be exploited to help carry out an attack. To prevent this type of attack, which of the following should the company do to secure its database?

    A. Mask the database banner
    B. Tighten database authentication and limit table access
    C. Harden web and Internet resources
    D. Implement challenge-based authentication

  • Question 212:

    During the migration of a company's human resources application to a PaaS provider, the Chief Privacy Officer (CPO) expresses concern the vendor's staff may be able to access data within the migrating applications. The application stack

    includes a multitier architecture and uses commercially available, vendor-supported software packages.

    Which of the following BEST addresses the CPO's concerns?

    A. Execute non-disclosure agreements and background checks on vendor staff.
    B. Ensure the platform vendor implement date-at-rest encryption on its storage.
    C. Enable MFA to the vendor's tier of the architecture.
    D. Impalement a CASB that tokenizes company data in transit to the migrated applications.

  • Question 213:

    A company's IT department currently performs traditional patching, and the servers have a significant longevity that may span over five years. A security architect is moving the company toward an immune server architecture in which servers are replaced rather than patched. Instead of having static servers for development, test, and production, the severs will move from environment to environment dynamically. Which of the following are required to move to this type of architecture? (Select Two.)

    A. Network segmentation
    B. Forward proxy
    C. Netflow
    D. Load balancers
    E. Automated deployments

  • Question 214:

    A request has been approved for a vendor to access a new internal server using only HTTPS and SSH to manage the back-end system for the portal. Internal users just need HTTP and HTTPS access to all internal web servers. All other external access to the new server and its subnet is not allowed. The security manager must ensure proper access is configured.

    Below is a snippet from the firewall related to that server (access is provided in a top-down model):

    Which of the following lines should be configured to allow the proper access? (Choose two.)

    A. Move line 3 below line 4 and change port 80 to 443 on line 4.
    B. Move line 3 below line 4 and add port 443 to line.
    C. Move line 4 below line 5 and add port 80 to 8080 on line 2.
    D. Add port 22 to line 2.
    E. Add port 22 to line 5.
    F. Add port 443 to line 2.
    G. Add port 443 to line 5.

  • Question 215:

    A security consultant is conducting a penetration test against a customer enterprise local comprises local hosts and cloud-based servers The hosting service employs a multitenancy model with elastic provisioning to meet customer demand The customer runs multiple virtualized servers on each provisioned cloud host. The security consultant is able to obtain multiple sets of administrator credentials without penetrating the customer network. Which of the following is the MOST likely risk the tester exploited?

    A. Data-at-rest encryption misconfiguration and repeated key usage
    B. Offline attacks against the cloud security broker service
    C. The ability to scrape data remnants in a multitenancy environment
    D. VM escape attacks against the customer network hypervisors

  • Question 216:

    A company's Chief Information Security Officer (CISO) is working with the product owners to perform a business impact assessment. The product owners provide feedback related to the critically of various business processes, personal, and technologies. Transitioning into risk assessment activities, which of the following types of information should the CISO require to determine the proper risk ranking? (Select TWO).

    A. Trend analysis
    B. Likelihood
    C. TCO
    D. Compensating controls
    E. Magnitude
    F. ROI

  • Question 217:

    During the deployment of a new system, the implementation team determines that APIs used to integrate the new system with a legacy system are not functioning properly. Further investigation shows there is a misconfigured encryption algorithm used to secure data transfers between systems. Which of the following should the project manager use to determine the source of the defined algorithm in use?

    A. Code repositories
    B. Security requirements traceability matrix
    C. Software development lifecycle
    D. Data design diagram
    E. Roles matrix
    F. Implementation guide

  • Question 218:

    A company is facing penalties for failing to effectively comply with e-discovery requests. Which of the following could reduce the overall risk to the company from this issue?

    A. Establish a policy that only allows filesystem encryption and disallows the use of individual file encryption.
    B. Require each user to log passwords used for file encryption to a decentralized repository.
    C. Permit users to only encrypt individual files using their domain password and archive all old user passwords.
    D. Allow encryption only by tools that use public keys from the existing escrowed corporate PKI.

  • Question 219:

    Ann, a corporate executive, has been the recent target of increasing attempts to obtain corporate secrets by competitors through advanced, well-funded means. Ann frequently leaves her laptop unattended and physically unsecure in hotel rooms during travel. A security engineer must find a practical solution for Ann that minimizes the need for user training. Which of the following is the BEST solution in this scenario?

    A. Full disk encryption
    B. Biometric authentication
    C. An eFuse-based solution
    D. Two-factor authentication

  • Question 220:

    During the migration of a company's human resources application to a PaaS provider, the Chief Privacy Officer (CPO) expresses concern the vendor's staff may be able to access data within the migrating application The application stack

    includes a multitier architecture and uses commercially available, vendor-supported software packages.

    Which of the following BEST addresses the CPO's concerns?

    A. Execute non-disclosure agreements and background checks on vendor staff
    B. Ensure the platform vendor implements data-at-rest encryption on its storage
    C. Enable MFA to the vendor's tier of the architecture
    D. Implement a CASB that tokenizes company data in transit to the migrated applications.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.