1. Home
  2. CompTIA
  3. CAS-003

CompTIA Advanced Security Practitioner (CASP+)

Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CompTIA Certifications CAS-003 Questions & Answers

  • Question 401:

    While investigating suspicious activity on a server, a security administrator runs the following report:

    In addition, the administrator notices changes to the /etc/shadow file that were not listed in the report. Which of the following BEST describe this scenario? (Choose two.)

    A. An attacker compromised the server and may have used a collision hash in the MD5 algorithm to hide the changes to the /etc/shadow file

    B. An attacker compromised the server and may have also compromised the file integrity database to hide the changes to the /etc/shadow file

    C. An attacker compromised the server and may have installed a rootkit to always generate valid MD5 hashes to hide the changes to the /etc/shadow file

    D. An attacker compromised the server and may have used MD5 collision hashes to generate valid passwords, allowing further access to administrator accounts on the server

    E. An attacker compromised the server and may have used SELinux mandatory access controls to hide the changes to the /etc/shadow file

  • Question 402:

    Given the following output from a security tool in Kali:

    A. Log reduction

    B. Network enumerator

    C. Fuzzer

    D. SCAP scanner

  • Question 403:

    A project manager is working with a software development group to collect and evaluate user stories related to the organization's internally designed CRM tool. After defining requirements, the project manager would like to validate the developer's interpretation and understanding of the user's request. Which of the following would BEST support this objective?

    A. Peer review

    B. Design review

    C. Scrum

    D. User acceptance testing

    E. Unit testing

  • Question 404:

    A hospital's security team recently determined its network was breached and patient data was accessed by an external entity. The Chief Information Security Officer (CISO) of the hospital approaches the executive management team with this information, reports the vulnerability that led to the breach has already been remediated, and explains the team is continuing to follow the appropriate incident response plan. The executive team is concerned about the hospital's brand reputation and asks the CISO when the incident should be disclosed to the affected patients. Which of the following is the MOST appropriate response?

    A. When it is mandated by their legal and regulatory requirements

    B. As soon as possible in the interest of the patients

    C. As soon as the public relations department is ready to be interviewed

    D. When all steps related to the incident response plan are completed

    E. Upon the approval of the Chief Executive Officer (CEO) to release information to the public

  • Question 405:

    The Chief Information Security Officer (CISO) of an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local authorities, and when they arrive on-site, the authorities ask a

    security engineer to create a point-in-time copy of the running database in their presence.

    This is an example of:

    A. creating a forensic image

    B. deploying fraud monitoring

    C. following a chain of custody

    D. analyzing the order of volatility

  • Question 406:

    A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities. The analyst inspects the following portions of different configuration files:

    Configuration file 1:

    Operator ALL=/sbin/reboot

    Configuration file 2:

    Command="/sbin/shutdown now", no-x11-forwarding, no-pty, ssh-dss

    Configuration file 3:

    Operator:x:1000:1000::/home/operator:/bin/bash

    Which of the following explains why an intended operator cannot perform the intended action?

    A. The sudoers file is locked down to an incorrect command

    B. SSH command shell restrictions are misconfigured

    C. The passwd file is misconfigured

    D. The SSH command is not allowing a pty session

  • Question 407:

    Which of the following system would be at the GREATEST risk of compromise if found to have an open vulnerability associated with perfect ... secrecy?

    A. Endpoints

    B. VPN concentrators

    C. Virtual hosts

    D. SIEM

    E. Layer 2 switches

  • Question 408:

    Legal authorities notify a company that its network has been compromised for the second time in two years. The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks. Which of the following would have allowed the security team to use historical information to protect against the second attack?

    A. Key risk indicators

    B. Lessons learned

    C. Recovery point objectives

    D. Tabletop exercise

  • Question 409:

    A security engineer is attempting to convey the importance of including job rotation in a company's standard security policies. Which of the following would be the BEST justification?

    A. Making employees rotate through jobs ensures succession plans can be implemented and prevents single point of failure.

    B. Forcing different people to perform the same job minimizes the amount of time malicious actions go undetected by forcing malicious actors to attempt collusion between two or more people.

    C. Administrators and engineers who perform multiple job functions throughout the day benefit from being cross-trained in new job areas.

    D. It eliminates the need to share administrative account passwords because employees gain administrative rights as they rotate into a new job area.

  • Question 410:

    An organization is currently working with a client to migrate data between a legacy ERP system and a cloud-based ERP tool using a global PaaS provider. As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements. Which of the following is the MOST likely reason for the need to sanitize the client data? (Choose two.)

    A. Data aggregation

    B. Data sovereignty

    C. Data isolation

    D. Data volume

    E. Data analytics

    F. Data precision

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.