1. Home
  2. CompTIA
  3. CAS-003

CompTIA Advanced Security Practitioner (CASP+)

Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CompTIA Certifications CAS-003 Questions & Answers

  • Question 221:

    The email administrator must reduce the number of phishing emails by utilizing more appropriate security controls The following configurations already are in place

    1.

    Keyword Mocking based on word lists

    2.

    URL rewriting and protection

    3.

    Stopping executable files from messages

    Which of the following is the BEST configuration change for the administrator to make?

    A. Configure more robust word lists for blocking suspicious emails

    B. Configure appropriate regular expression rules per suspicious email received

    C. Configure Bayesian filtering to block suspicious inbound email

    D. Configure the mail gateway to strip any attachments

  • Question 222:

    A security administrator is investigating an incident involving suspicious word processing documents on an employee's computer, which was found powered off in the employee's office. Which of the following tools is BEST suited for extracting full or partial word processing documents from unallocated disk space?

    A. memdump

    B. forenoat

    C. dd

    D. nc

  • Question 223:

    A product owner is reviewing the output of a web-application penetration test and has identified an application that is presenting sensitive information in cleartext on a page. Which of the following code snippets would be BEST to use to remediate the vulnerability?

    A. Option A

    B. Option B

    C. Option C

    D. Option D

  • Question 224:

    While an employee is on vacation, suspicion arises that the employee has been involved in malicious activity on the network. The security engineer is concerned the investigation may need to continue after the employee returns to work. Given this concern, which of the following should the security engineer recommend to maintain the integrity of the investigation?

    A. Create archival copies of all documents and communications related to the employee

    B. Create a forensic image of network infrastructure devices

    C. Create an image file of the employee's network drives and store it with hashes

    D. Install a keylogger to capture the employee's communications and contacts

  • Question 225:

    A network service on a production system keeps crashing at random times. The systems administrator suspects a bug in the listener is causing the service to crash, resulting in a DoS. When the service crashes, a core dump is left in the /tmp directory. Which of the following tools can the systems administrator use to reproduce these symptoms?

    A. Fuzzer

    B. Vulnerability scanner

    C. Core dump analyzer

    D. Debugger

  • Question 226:

    The Chief Executive Officer (CEO) of a company has considered implementing a cost-saving measure that might result in new risk to the company. When deciding whether to implement this measure, which of the following would be the BEST course of action to manage the organization's risk?

    A. Present the detailed risk resulting from the change to the company's board of directors

    B. Pilot new mitigations that cost less than the total amount saved by the change

    C. Modify policies and standards to discourage future changes that increase risk

    D. Capture the risk in a prioritized register that is shared routinely with the CEO

  • Question 227:

    A systems administrator recently conducted a vulnerability scan of the intranet. Subsequently, the organization was successfully attacked by an adversary. Which of the following is the MOST likely explanation for why the organization's network was compromised?

    A. There was a false positive since the network was fully patched

    B. The systems administrator did not perform a full system scan

    C. The systems administrator performed a credentialed scan

    D. The vulnerability database was not updated

  • Question 228:

    A security analyst receives an email from a peer that includes a sample of code from a piece of malware found in an application running in the organization's staging environment. During the incident response process, it is determined the code was introduced into the environment as a result of a compromised laptop being used to harvest credentials and access the organization's code repository. While the laptop itself was not used to access the code repository, an attacker was able to leverage the harvested credentials from another system in the development environment to bypass the ACLs limiting access to the repositories. Which of the following controls MOST likely would have interrupted the kill chain in this attack?

    A. IP whitelisting on the perimeter firewall

    B. MFA for developer access

    C. Dynamic analysis scans in the production environment

    D. Blue team engagement in peer-review activities

    E. Time-based restrictions on developer access to code repositories

  • Question 229:

    A developer has executed code for a website that allows users to search for employees' phone numbers by last name. The query string sent by the browser is as follows:

    http://www.companywebsite.com/search.php?q=SMITH

    The developer has implemented a well-known JavaScript sanitization library and stored procedures, but a penetration test shows the website is vulnerable to XSS. Which of the following should the developer implement NEXT to prevent XSS? (Choose two.)

    A. Sanitization library

    B. Secure cookies

    C. TLS encryption

    D. Input serialization

    E. Output encoding

    F. PUT form submission

  • Question 230:

    Users of a newly deployed VoIP solution report multiple instances of dropped or garbled calls. Thirty users connect to the primary site via a site-to-site VPN, and the primary site supplies a dial tone to all satellite locations. The network engineer who installed the equipment copied the configuration from a site that has two users on a low bandwidth DSL connection. Which of the following is MOST likely to restore telephone availability at the 30-user site?

    A. Disable Layer 2 encryption on the site-to-site VPNs throughout the company

    B. Provision new firewalls at all sites to enable QoS management of VoIP traffic

    C. Enable point-to-point tunneling for all VoIP traffic at the new site

    D. Configure QoS settings to support the larger bandwidth available

    E. Prioritize ICMP and TCP traffic over UDP traffic using QoS

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.