CompTIA CompTIA Certifications CAS-003 Questions & Answers

• Question 321:

  Company leadership believes employees are experiencing an increased number of cyber attacks; however, the metrics do not show this. Currently, the company uses "Number of successful phishing attacks" as a KRI, but it does not show an increase.

  Which of the following additional information should be the Chief Information Security Officer (CISO) include in the report?

  A. The ratio of phishing emails to non-phishing emails

  B. The number of phishing attacks per employee

  C. The number of unsuccessful phishing attacks

  D. The percent of successful phishing attacks

  Correct Answer: D

• Question 322:

  A vulnerability was recently announced that allows a malicious user to gain root privileges on other virtual machines running within the same hardware cluster. Customers of which of the following cloud-based solutions should be MOST concerned about this vulnerability?

  A. Single-tenant private cloud

  B. Multitenant SaaS cloud

  C. Single-tenant hybrid cloud

  D. Multitenant IaaS cloud

  E. Multitenant PaaS cloud

  F. Single-tenant public cloud

  Correct Answer: E

• Question 323:

  A security appliance vendor is reviewing an RFP that is requesting solutions for the defense of a set of web-based applications. This RFP is from a financial institution with very strict performance requirements. The vendor would like to respond with its solutions.

  Before responding, which of the following factors is MOST likely to have an adverse effect on the vendor's qualifications?

  A. The solution employs threat information-sharing capabilities using a proprietary data model.

  B. The RFP is issued by a financial institution that is headquartered outside of the vendor's own country.

  C. The overall solution proposed by the vendor comes in less that the TCO parameter in the RFP.

  D. The vendor's proposed solution operates below the KPPs indicated in the RFP.

  Correct Answer: D

• Question 324:

  An internal application has been developed to increase the efficiency of an operational process of a global manufacturer. New code was implemented to fix a security bug, but it has caused operations to halt. The executive team has decided fixing the security bug is less important than continuing operations.

  Which of the following would BEST support immediate rollback of the failed fix? (Choose two.)

  A. Version control

  B. Agile development

  C. Waterfall development

  D. Change management

  E. Continuous integration

  Correct Answer: AD

• Question 325:

  An analyst is investigating behavior on a corporate-owned, corporate-managed mobile device with application whitelisting enabled, based on a name string. The employee to whom the device is assigned reports the approved email client is displaying warning messages that can launch browser windows and is adding unrecognized email addresses to the "compose" window.

  Which of the following would provide the analyst the BEST chance of understanding and characterizing the malicious behavior?

  A. Reverse engineer the application binary.

  B. Perform static code analysis on the source code.

  C. Analyze the device firmware via the JTAG interface.

  D. Change to a whitelist that uses cryptographic hashing.

  E. Penetration test the mobile application.

  Correct Answer: D

• Question 326:

  Given the code snippet below:

  

  Which of the following vulnerability types in the MOST concerning?

  A. Only short usernames are supported, which could result in brute forcing of credentials.

  B. Buffer overflow in the username parameter could lead to a memory corruption vulnerability.

  C. Hardcoded usernames with different code paths taken depend on which user is entered.

  D. Format string vulnerability is present for admin users but not for standard users.

  Correct Answer: B

• Question 327:

  During a routine network scan, a security administrator discovered an unidentified service running on a new embedded and unmanaged HVAC controller, which is used to monitor the company's datacenter

  Port state

  161/UDP open

  162/UDP open

  163/TCP open

  The enterprise monitoring service requires SNMP and SNMPTRAP connectivity to operate. Which of the following should the security administrator implement to harden the system?

  A. Patch and restart the unknown services.

  B. Segment and firewall the controller's network

  C. Disable the unidentified service on the controller.

  D. Implement SNMPv3 to secure communication.

  E. Disable TCP/UDP PORTS 161 THROUGH 163

  Correct Answer: D

• Question 328:

  With which of the following departments should an engineer for a consulting firm coordinate when determining the control and reporting requirements for storage of sensitive, proprietary customer information?

  A. Human resources

  B. Financial

  C. Sales

  D. Legal counsel

  Correct Answer: D

• Question 329:

  A security analyst is attempting to break into a client's secure network. The analyst was not given prior information about the client, except for a block of public IP addresses that are currently in use. After network enumeration, the analyst's NEXT step is to perform:

  A. a gray-box penetration test

  B. a risk analysis

  C. a vulnerability assessment

  D. an external security audit

  E. a red team exercise

  Correct Answer: A

• Question 330:

  A company has decided to lower costs by conducting an internal assessment on specific devices and various internal and external subnets. The assessment will be done during regular office hours, but it must not affect any production servers. Which of the following would MOST likely be used to complete the assessment? (Select two.)

  A. Agent-based vulnerability scan

  B. Black-box penetration testing

  C. Configuration review

  D. Social engineering

  E. Malware sandboxing

  F. Tabletop exercise

  Correct Answer: AC