CompTIA CompTIA Certifications CAS-003 Questions & Answers

• Question 371:

  A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable.

  Which of the following solutions BEST meets all of the architect's objectives?

  A. An internal key infrastructure that allows users to digitally sign transaction logs

  B. An agreement with an entropy-as-a-service provider to increase the amount of randomness in generated keys.

  C. A publicly verified hashing algorithm that allows revalidation of message integrity at a future date.

  D. An open distributed transaction ledger that requires proof of work to append entries.

  Correct Answer: A

• Question 372:

  Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in secure environment?

  A. NDA

  B. MOU

  C. BIA

  D. SLA

  Correct Answer: D

• Question 373:

  The director of sales asked the development team for some small changes to increase the usability of an application used by the sales team. Prior security reviews of the code showed no significant vulnerabilities, and since the changes were small, they were given a peer review and then pushed to the live environment. Subsequent vulnerability scans now show numerous flaws that were not present in the previous versions of the code. Which of the following is an SDLC best practice that should have been followed?

  A. Versioning

  B. Regression testing

  C. Continuous integration

  D. Integration testing

  Correct Answer: B

• Question 374:

  An organization's Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer (CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO's inbox from a familiar name with an attachment. Which of the following should the CISO task a security analyst with to determine whether or not the attachment is safe?

  A. Place it in a malware sandbox.

  B. Perform a code review of the attachment.

  C. Conduct a memory dump of the CFO's PC.

  D. Run a vulnerability scan on the email server.

  Correct Answer: A

• Question 375:

  A breach was caused by an insider threat in which customer PII was compromised. Following the breach, a lead security analyst is asked to determine which vulnerabilities the attacker used to access company resources. Which of the following should the analyst use to remediate the vulnerabilities?

  A. Protocol analyzer

  B. Root cause analysis

  C. Behavioral analytics

  D. Data leak prevention

  Correct Answer: D

• Question 376:

  A large company with a very complex IT environment is considering a move from an on-premises, internally managed proxy to a cloud-based proxy solution managed by an external vendor. The current proxy provides caching, content filtering, malware analysis, and URL categorization for all staff connected behind the proxy. Staff members connect directly to the Internet outside of the corporate network. The cloud-based version of the solution would provide content filtering, TLS decryption, malware analysis, and URL categorization. After migrating to the cloud solution, all internal proxies would be decommissioned. Which of the following would MOST likely change the company's risk profile?

  A. 1. There would be a loss of internal intellectual knowledge regarding proxy configurations and application data flows.

  2.

  There would be a greater likelihood of Internet access outages due to lower resilience of cloud gateways.

  3.

  There would be data sovereignty concerns due to changes required in routing and proxy PAC files.

  B. 1. The external vendor would have access to inbound and outbound gateway traffic.

  2.

  The service would provide some level of protection for staff working from home.

  3.

  Outages would be likely to occur for systems or applications with hard-coded proxy information.

  C. 1. The loss of local caching would dramatically increase ISP charges and impact existing bandwidth.

  2.

  There would be a greater likelihood of Internet access outages due to lower resilience of cloud gateways.

  3.

  There would be a loss of internal intellectual knowledge regarding proxy configurations and application data flows.

  D. 1. Outages would be likely to occur for systems or applications with hard-coded proxy information.

  2.

  The service would provide some level of protection for staff members working from home.

  3.

  Malware detection times would decrease due to third-party management of the service.

  Correct Answer: D

• Question 377:

  A company is not familiar with the risks associated with IPv6. The systems administrator wants to isolate IPv4 from IPv6 traffic between two different network segments. Which of the following should the company implement? (Select TWO)

  A. Use an internal firewall to block UDP port 3544.

  B. Disable network discovery protocol on all company routers.

  C. Block IP protocol 41 using Layer 3 switches.

  D. Disable the DHCPv6 service from all routers.

  E. Drop traffic for ::/0 at the edge firewall.

  F. Implement a 6in4 proxy server.

  Correct Answer: DE

• Question 378:

  A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization's vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to the organization. The CISO determines systems administrators need to participate in industry security events. Which of the following is the CISO looking to improve?

  A. Vendor diversification

  B. System hardening standards

  C. Bounty programs

  D. Threat awareness

  E. Vulnerability signatures

  Correct Answer: D

• Question 379:

  A technician receives the following security alert from the firewall's automated system:

  

  After reviewing the alert, which of the following is the BEST analysis?

  A. This alert is false positive because DNS is a normal network function.

  B. This alert indicates a user was attempting to bypass security measures using dynamic DNS.

  C. This alert was generated by the SIEM because the user attempted too many invalid login attempts.

  D. This alert indicates an endpoint may be infected and is potentially contacting a suspect host.

  Correct Answer: B

• Question 380:

  A security engineer is employed by a hospital that was recently purchased by a corporation. Throughout the acquisition process, all data on the virtualized file servers must be shared by departments within both organizations. The security engineer considers data ownership to determine:

  A. the amount of data to be moved.

  B. the frequency of data backups.

  C. which users will have access to which data

  D. when the file server will be decommissioned

  Correct Answer: C