CompTIA CompTIA Advanced Security Practitioner CAS-003 Questions & Answers

• Question 31:

  Ann. a user, brings her laptop to an analyst after noticing it has been operating very slowly. The security analyst examines the laptop and obtains the following output:

  

  Which of the following will the analyst most likely use NEXT?

  A. Process explorer

  B. Vulnerability scanner

  C. Antivirus

  D. Network enumerator

  Correct Answer: B

• Question 32:

  A security analyst is trying to identify the source of a recent data loss incident The analyst has reviewed all the logs for the time surrounding the incident and identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application.

  Which of the following tools should the analyst use NEXT?

  A. Software decompiler

  B. Network enumerator

  C. Log reduction and analysis tool

  D. Static code analysis

  Correct Answer: A

• Question 33:

  A penetration tester is given an assignment to gam physical access to a secure facility with perimeter cameras. The secure facility does not accept visitors, and entry is available only through a door protected by an RFID key and a guard stationed inside the door.

  Which of the following would be BEST for the penetration tester to attempt?

  A. Gain entry into the building by posing as a contractor who is performing routine building maintenance

  B. Tailgate into the facility with an employee who has a valid RFID badge to enter

  C. Duplicate an employee's RFID badge and use an IR camera to see when the guard leaves the post

  D. Look for an open window that can be used to gain unauthorized entry into the facility.

  Correct Answer: C

• Question 34:

  A security auditor needs to review the manner in which an entertainment streaming device operates The auditor is analyzing the output of a port scanning tool to determine the next steps in the security review. Given the following log output:

  

  The best option for the auditor to use NEXT is:

  A. a SCAP assessment

  B. reverse engineering

  C. fuzzing

  D. network interception

  Correct Answer: B

• Question 35:

  A security administrator wants to implement an MDM solution to secure access to company email and files in a BYOD environment The solution must support the following requirements:

  1.

  Company administrators should not have access to employee's personal information.

  2.

  A rooted or jailbroken device should not have access to company sensitive information. Which of the following BEST addresses the associated risks?

  A. Codesigning

  B. VPN

  C. FDE

  D. Containerization

  Correct Answer: D

• Question 36:

  The email administrator must reduce the number of phishing emails by utilizing more appropriate security controls. The following configurations already are in place:

  1.

  Keyword blocking based on word lists

  2.

  URL rewnting and protection

  3.

  Stopping executable files from messages

  Which of the following is the BEST configuration change for the administrator to make?

  A. Configure more robust word lists for blocking suspicious emails

  B. Configure appropriate regular expression rules per suspicious email received

  C. Configure Bayesian filtering to block suspicious inbound email

  D. Configure the mail gateway to strip any attachments.

  Correct Answer: B

  Reference: https://www ibm.com/docs/en/rsoa-and-rD/36?tODic=Darsing-extension-customization

• Question 37:

  A facilities manager requests approval to deploy a new key management system that integrates with logical network access controls to provide conditional access. The security analyst who is assessing the risk has no experience with the category of products.

  Which of the following is the FIRST step the analyst should take to begin the research?

  A. Seek documented industry best practices.

  B. Review the preferred vendor's white papers.

  C. Compare the product function to relevant RFCs

  D. Execute a non-disclosure agreement with the vendor

  Correct Answer: A

• Question 38:

  A systems engineer is reviewing output from a web application vulnerability scan. The engineer has determined data is entenng the application from an untrusted source and is being used to construct a query dynamically. Which of the following code snippets would BEST protect the application against an SQL injection attack?

  A. String input = request.getParameter ("SeqNo"); String characterPattern = "[0-9a0zA-Z] If (! input. Matches (characterPattern)) { out.println ("Invalid Input"); }

  B. Cinput type= "text" maxlength= "30" name= "ecsChangePwdForm" size= "40" readonly= "true" value= '<%=ESAPI.encoder().encodeForHTML (request.getParameter("userName")) %>'/>

  C. catch (Exception e) { if (log.isDebugEnabled()) log.debug (context, EVENTS.ADHOC, "Caught InvalidGSMException Exception —andquot;

  + e.toString() );

  }

  D.

  Correct Answer: B

• Question 39:

  A company recently experienced a period of rapid growth, and it now needs to move to a more scalable cloud-based solution. Historically, salespeople have maintained separate systems for information on competing customers to prevent the inadvertent disclosure of one customer's information to another customer.

  Which of the following would be the BEST method to provide secure data separation?

  A. Use a CRM tool to separate data stores

  B. Migrate to a single-tenancy cloud infrastructure.

  C. Employ network segmentation to provide isolation among salespeople

  D. Implement an open-source public cloud CRM

  Correct Answer: C

• Question 40:

  The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working conditions, and all file integrity was verified

  Which of the following should the incident response team perform to understand the crash and prevent it in the future?

  A. Root cause analysis

  B. Continuity of operations plan

  C. After-action report

  D. Lessons learned

  Correct Answer: A