CompTIA CompTIA Certifications CAS-003 Questions & Answers

• Question 291:

  An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the final negotiation, there are a number of outstanding issues, including:

  1.

  Indemnity clauses have identified the maximum liability.

  2.

  The data will be hosted and managed outside of the company's geographical location.

  The number of users accessing the system will be small, and no sensitive data will be hosted in the solution. As the security consultant of the project, which of the following should the project's security consultant recommend as the NEXT step?

  A. Develop a security exemption, as it does not meet the security policies.

  B. Require the solution owner to accept the identified risks and consequences.

  C. Mitigate the risk by asking the vendor to accept the in-country privacy principles.

  D. Review the procurement process to determine the lessons learned.

  Correct Answer: B

• Question 292:

  A security administrator is updating corporate policies to respond to an incident involving collusion between two systems administrators that went undetected for more than six months. Which of the following policies would have MOST likely uncovered the collusion sooner? (Choose two.)

  A. Mandatory vacation

  B. Separation of duties

  C. Continuous monitoring

  D. Incident response

  E. Time-of-day restrictions

  F. Job rotation

  Correct Answer: BF

• Question 293:

  An organization is deploying IoT locks, sensors, and cameras, which operate over 802.11, to replace legacy building access control systems. These devices are capable of triggering physical access changes, including locking and unlocking doors and gates. Unfortunately, the devices have known vulnerabilities for which the vendor has yet to provide firmware updates.

  Which of the following would BEST mitigate this risk?

  A. Direct wire the IoT devices into physical switches and place them on an exclusive VLAN.

  B. Require sensors to sign all transmitted unlock control messages digitally.

  C. Associate the devices with an isolated wireless network configured for WPA2 and EAP-TLS.

  D. Implement an out-of-band monitoring solution to detect message injections and attempts.

  Correct Answer: C

• Question 294:

  Following a recent and very large corporate merger, the number of log files an SOC needs to review has approximately tripled. The Chief Information Security Officer (CISO) has not been allowed to hire any more staff for the SOC, but is looking for other ways to automate the log review process so the SOC receives less noise. Which of the following would BEST reduce log noise for the SOC?

  A. SIEM filtering

  B. Machine learning

  C. Outsourcing

  D. Centralized IPS

  Correct Answer: A

• Question 295:

  A security engineer is assessing the controls that are in place to secure the corporate-Internet-facing DNS server. The engineer notices that security ACLs exist but are not being used properly. The DNS server should respond to any source but only provide information about domains it has authority over. Additionally, the DNS administrator have identified some problematic IP addresses that should not be able to make DNS requests. Given the ACLs below:

  

  Which of the following should the security administrator configure to meet the DNS security needs?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: D

• Question 296:

  A security architect is reviewing the code for a company's financial website. The architect suggests adding the following HTML element, along with a server-side function, to generate a random number on the page used to initiate a funds transfer:

  Which of the following attacks is the security architect attempting to prevent?

  A. SQL injection

  B. XSRF

  C. XSS

  D. Clickjacking

  Correct Answer: D

• Question 297:

  A large, public university has recently been experiencing an increase in ransomware attacks against computers connected to its network. Security engineers have discovered various staff members receiving seemingly innocuous files in their email that are being run. Which of the following would BEST mitigate this attack method?

  A. Improving organizations email filtering

  B. Conducting user awareness training

  C. Upgrading endpoint anti-malware software

  D. Enabling application whitelisting

  Correct Answer: B

• Question 298:

  A financial institution's information security officer is working with the risk management officer to determine what to do with the institution's residual risk after all security controls have been implemented. Considering the institution's very low risk tolerance, which of the following strategies would be BEST?

  A. Transfer the risk.

  B. Avoid the risk

  C. Mitigate the risk.

  D. Accept the risk.

  Correct Answer: A

• Question 299:

  An organization wants to arm its cybersecurity defensive suite automatically with intelligence on zero-day threats shortly after they emerge. Acquiring tools and services that support which of the following data standards would BEST enable the organization to meet this objective?

  A. XCCDF

  B. OVAL

  C. STIX

  D. CWE

  E. CVE

  Correct Answer: C

• Question 300:

  After significant vulnerabilities and misconfigurations were found in numerous production web applications, a security manager identified the need to implement better development controls. Which of the following controls should be verified? (Select two).

  A. Input validation routines are enforced on the server side.

  B. Operating systems do not permit null sessions.

  C. Systems administrators receive application security training.

  D. VPN connections are terminated after a defined period of time.

  E. Error-handling logic fails securely.

  F. OCSP calls are handled effectively.

  Correct Answer: AE