CompTIA CompTIA Certifications CAS-003 Questions & Answers

• Question 351:

  Given the following:

  

  Which of the following vulnerabilities is present in the above code snippet?

  A. Disclosure of database credential

  B. SQL-based string concatenation

  C. DOM-based injection

  D. Information disclosure in comments

  Correct Answer: C

• Question 352:

  An organization is preparing to develop a business continuity plan. The organization is required to meet regulatory requirements relating to confidentiality and availability, which are well-defined. Management has expressed concern following initial meetings that the organization is not fully aware of the requirements associated with the regulations.

  Which of the following would be MOST appropriate for the project manager to solicit additional resources for during this phase of the project?

  A. After-action reports

  B. Gap assessment

  C. Security requirements traceability matrix

  D. Business impact assessment

  E. Risk analysis

  Correct Answer: B

• Question 353:

  A recent overview of the network's security and storage applications reveals a large amount of data that needs to be isolated for security reasons. Below are the critical applications and devices configured on the network:

  1.

  Firewall

  2.

  Core switches

  3.

  RM server

  4.

  Virtual environment

  5.

  NAC solution

  The security manager also wants data from all critical applications to be aggregated to correlate events from multiple sources. Which of the following must be configured in certain applications to help ensure data aggregation and data isolation are implemented on the critical applications and devices? (Select TWO).

  A. Routing tables

  B. Log forwarding

  C. Data remanants

  D. Port aggregation

  E. NIC teaming

  F. Zones

  Correct Answer: BF

• Question 354:

  A security researcher is gathering information about a recent spoke in the number of targeted attacks against multinational banks. The spike is on top of already sustained attacks against the banks. Some of the previous attacks have resulted in the loss of sensitive data, but as of yet the attackers have not successfully stolen any funds.

  Based on the information available to the researcher, which of the following is the MOST likely threat profile?

  A. Nation-state-sponsored attackers conducting espionage for strategic gain.

  B. Insiders seeking to gain access to funds for illicit purposes.

  C. Opportunists seeking notoriety and fame for personal gain.

  D. Hacktivists seeking to make a political statement because of socio-economic factors.

  Correct Answer: A

• Question 355:

  A company is developing requirements for a customized OS build that will be used in an embedded environment. The company procured hardware that is capable of reducing the likelihood of successful buffer overruns while executables are processing. Which of the following capabilities must be included for the OS to take advantage of this critical hardware-based countermeasure?

  A. Application whitelisting

  B. NX/XN bit

  C. ASLR

  D. TrustZone

  E. SCP

  Correct Answer: B

• Question 356:

  A company is migrating systems from an on-premises facility to a third-party managed datacenter. For continuity of operations and business agility, remote access to all hardware platforms must be available at all times. Access controls need to be very robust and provide an audit trail. Which of the following security controls will meet the company's objectives? (Select two.)

  A. Integrated platform management interfaces are configured to allow access only via SSH

  B. Access to hardware platforms is restricted to the systems administrator's IP address

  C. Access is captured in event logs that include source address, time stamp, and outcome

  D. The IP addresses of server management interfaces are located within the company's extranet

  E. Access is limited to interactive logins on the VDi

  F. Application logs are hashed cryptographically and sent to the SIEM

  Correct Answer: CE

• Question 357:

  A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence. The firm's systems are running modern operating systems and feature UEFI and TPMs. Which of the following technical options would provide the MOST preventive value?

  A. Update and deploy GPOs

  B. Configure and use measured boot

  C. Strengthen the password complexity requirements

  D. Update the antivirus software and definitions

  Correct Answer: D

• Question 358:

  A government contractor was the victim of a malicious attack that resulted in the theft of sensitive information. An analyst's subsequent investigation of sensitive systems led to the following discoveries:

  There was no indication of the data owner's or user's accounts being compromised.

  No database activity outside of previous baselines was discovered.

  All workstations and servers were fully patched for all known vulnerabilities at the time of the attack.

  It was likely not an insider threat, as all employees passed polygraph tests.

  Given this scenario, which of the following is the MOST likely attack that occurred?

  A. The attacker harvested the hashed credentials of an account within the database administrators group after dumping the memory of a compromised machine. With these credentials, the attacker was able to access the database containing sensitive information directly.

  B. An account, which belongs to an administrator of virtualization infrastructure, was compromised with a successful phishing attack. The attacker used these credentials to access the virtual machine manager and made a copy of the target virtual machine image. The attacker later accessed the image offline to obtain sensitive information.

  C. A shared workstation was physically accessible in a common area of the contractor's office space and was compromised by an attacker using a USB exploit, which resulted in gaining a local administrator account. Using the local administrator credentials, the attacker was able to move laterally to the server hosting the database with sensitive information.

  D. After successfully using a watering hole attack to deliver an exploit to a machine, which belongs to an employee of the contractor, an attacker gained access to a corporate laptop. With this access, the attacker then established a remote session over a VPN connection with the server hosting the database of sensitive information.

  Correct Answer: C

• Question 359:

  A forensics analyst suspects that a breach has occurred. Security logs show the company's OS patch system may be compromised, and it is serving patches that contain a zero-day exploit and backdoor. The analyst extracts an executable file from a packet capture of communication between a client computer and the patch server.

  Which of the following should the analyst use to confirm this suspicion?

  A. File size

  B. Digital signature

  C. Checksums

  D. Anti-malware software

  E. Sandboxing

  Correct Answer: B

• Question 360:

  A company wants to perform analysis of a tool that is suspected to contain a malicious payload. A forensic analyst is given the following snippet:

  ^32^[34fda19(fd^43gfd/home/user/lib/module.so.343jk^rfw(342fds43g

  Which of the following did the analyst use to determine the location of the malicious payload?

  A. Code deduplicators

  B. Binary reverse-engineering

  C. Fuzz testing

  D. Security containers

  Correct Answer: B