CompTIA CompTIA Advanced Security Practitioner CAS-003 Questions & Answers

• Question 21:

  A healthcare company wants to increase the value of the data it collects on its patients by making the data available to third-party researchers for a fee. Which of the following BEST mitigates the risk to the company?

  A. Log all access to the data and correlate with the researcher.

  B. Anonymize identifiable information using keyed strings

  C. Ensure all data is encrypted in transit to the researcher.

  D. Ensure all researchers sign and abide by non-disclosure agreements.

  E. Sanitize date and time stamp information in the records.

  Correct Answer: C

  Encryption plays a major role in data protection and is a popular tool for secunng data both in transit at-rest.

• Question 22:

  An analyst discovers the following while reviewing some recent activity logs:

  

  Which of the following tools would MOST likely identify a future incident in a timely manner?

  A. DDoS protection

  B. File integrity monitoring

  C. SCAP scanner

  D. Protocol analyzer

  Correct Answer: A

  Reference: https7%ww cloudflare com/lp/DDc/ddos-m/?and bt=545481184035and bk=ddos%20protectionand bm=eand bn=qand bq=107086992232and placement=and tarqet=and loc=9076927and dv=candawsearchcpc=1andQclid=C|0KCQ [wv5uKBhD6ARIsAGv9a-xs25kzPU42pMSSkiJt03hbOoC8mxs4MIGe9rG9UDbakhBhBs30YaAikQEALwwcBandaclsrc=aw ds

• Question 23:

  A security engineer is performing a routine audit of a company's decommissioned devices. The current process involves a third-party firm removing the hard drive from a company device, wiping it using a seven-pass software, placing it back

  into the device, and tagging the device for reuse or disposal. The audit reveals sensitive information is present in the hard drive cluster tips.

  Which of the following should the third-party firm implement NEXT to ensure all data is permanently removed?

  A. Degauss the drives using a commercial tool.

  B. Scramble the file allocation table

  C. Wipe the drives using a 21-pass overwrite

  D. Disable the logic board using high-voltage input

  Correct Answer: A

  Erasing your hard drive with a degaussing tool prevents your information from being accessed by anyone, which helps prevent different and unfortunate events, such as employee theft, media loss dunng transport, and improper media destruction. Reference: https://potomacecycle com/what-does-it-mean-to-degauss-a-hard-drive

• Question 24:

  A security analyst is reviewing weekly email reports and finds an average of 1.000 emails received daily from the internal security alert email address. Which of the following should be implemented?

  A. Tuning the network monitoring service

  B. Separation of duties for systems administrators

  C. Machine learning algorithms

  D. DoS attack prevention

  Correct Answer: D

  Reference: https://www.mimecast.com/bloq/what-is-dos-attack-and-how-to-Drevent-it/

• Question 25:

  A company's employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones

  continue to sync email while traveling.

  Which of the following is the MOST likely explanation? (Choose two.)

  A. Outdated geographic IP information

  B. Privilege escalation attack

  C. VPN on the mobile device

  D. Unrestricted email administrator accounts

  E. Client use of UDP protocols

  F. Disabled GPS on mobile devices

  Correct Answer: AC

• Question 26:

  A cybersecunty engineer analyzed a system for vulnerabilities. The tool created an OVAL Results document as output Which of the following would enable the engineer to interpret the results in a human readable form? (Choose two.)

  A. Text editor

  B. OOXML editor

  C. Event Viewer

  D. XML style sheet

  E. SCAPtool

  F. Debugging utility

  Correct Answer: DE

  XSLT 1.0 stylesheet. The stylesheet contains all the instructions used to organize and format the output report and can be understood by any XSLT 1.0 processor When the SCAP content is represented by multiple XML files, the OVAL Definition file can be distnbuted along with the XCCDF file. In such a situation, OVAL Definitions may depend on variables that are exported from the XCCDF file during the scan, and separate evaluation of the OVAL definition(s) would produce misleading results.

• Question 27:

  A company's internet connection is commonly saturated during business hours, affecting internet availability. The company requires all Internet traffic to be business related After analyzing the traffic over a period of a few hours, the security administrator observes the following:

  

  The majority of the IP addresses associated with the TCP/SSL traffic resolve to CDNs

  Which of the following should the administrator recommend for the CDN traffic to meet the corporate security requirements?

  A. Block outbound SSL traffic to prevent data exfiltration.

  B. Confirm the use of the CDN by monitoring NetFlow data.

  C. Further investigate the traffic using a sanctioned MITM proxy.

  D. Implement an IPS to drop packets associated with the CDN.

  Correct Answer: A

• Question 28:

  The Chief Information Officer (CIO) wants to establish a non-binding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a formal partnership. Which of the following would MOST likely be used?

  A. MOU

  B. OLA

  C. NDA

  D. SLA

  Correct Answer: A

• Question 29:

  security analyst is validating the MAC policy on a set of Android devices The policy was written to ensure non-cntical applications are unable to access certain resources. When reviewing dmesg, the analyst notes many entries, such as:

  avc: denied { open } for pid=1018 comm= "ire" path= "/dev/if0"dev= "tmpfs" scontext=u:r:irc:sO tcontext=u:object_r:default:s0tclass=chr_file permissive=l

  Despite the deny message, this action was still permitted Which of the following is the MOST likely fix for this issue?

  A. Add the objects of concern to the default context

  B. Set the devices to enforcing mode

  C. Create separate domain and context files for irc

  D. Rebuild the sepolicy, reinstall, and test

  Correct Answer: B

• Question 30:

  Following the most recent patch deployment, a security engineer receives reports that the ERP application is no longer accessible The security engineer reviews the situation and determines a critical secunty patch that was applied to the ERP server is the cause. The patch is subsequently backed out.

  Which of the following security controls would be BEST to implement to mitigate the threat caused by the missing patch?

  A. Anti-malware

  B. Patch testing

  C. HIPS

  D. Vulnerability scanner

  Correct Answer: C

  A Host Intrusion Prevention System (HIPS) is newer than a HIDS, with the main difference being that a HIPS can take action toward mitigating a detected threat Reference: https://www.sciencedirect.com/topics/comDuter-science/host-intrusion-Drevention-svstem