CompTIA CompTIA Certifications CAS-003 Questions & Answers

• Question 411:

  A security technician is incorporating the following requirements in an RFP for a new SIEM:

  New security notifications must be dynamically implemented by the SIEM engine The SIEM must be able to identify traffic baseline anomalies Anonymous attack data from all customers must augment attack detection and risk scoring

  Based on the above requirements, which of the following should the SIEM support? (Choose two.)

  A. Autoscaling search capability

  B. Machine learning

  C. Multisensor deployment

  D. Big Data analytics

  E. Cloud-based management

  F. Centralized log aggregation

  Correct Answer: BD

• Question 412:

  First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss in a rush to isolate the three hosts that were calling out to the NAS to encrypt whole directories, the hosts were shut down immediately without investigation and then isolated. Which of the following were missed? (Choose two.)

  A. CPU, process state tables, and main memory dumps

  B. Essential information needed to perform data restoration to a known clean state

  C. Temporary file system and swap space

  D. Indicators of compromise to determine ransomware encryption

  E. Chain of custody information needed for investigation

  Correct Answer: AC

• Question 413:

  An internal penetration tester was assessing a recruiting page for potential issues before it was pushed to the production website. The penetration tester discovers an issue that must be corrected before the page goes live. The web host administrator collects the log files below and gives them to the development team so improvements can be made to the security design of the website.

  

  Which of the following types of attack vector did the penetration tester use?

  A. SQL injection

  B. CSRF

  C. Brute force

  D. XSS

  E. TOC/TOU

  Correct Answer: B

• Question 414:

  A software company is releasing a new mobile application to a broad set of external customers. Because the software company is rapidly releasing new features, it has built in an over-the-air software update process that can automatically update the application at launch time. Which of the following security controls should be recommended by the company's security architect to protect the integrity of the update process? (Choose two.)

  A. Validate cryptographic signatures applied to software updates

  B. Perform certificate pinning of the associated code signing key

  C. Require HTTPS connections for downloads of software updates

  D. Ensure there are multiple download mirrors for availability

  E. Enforce a click-through process with user opt-in for new features

  Correct Answer: AB

• Question 415:

  A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate RTO and RPO for the organization's ERP. Which of the following should the CISO interview as MOST qualified to provide RTO/RPO metrics?

  A. Data custodian

  B. Data owner

  C. Security analyst

  D. Business unit director

  E. Chief Executive Officer (CEO)

  Correct Answer: D

• Question 416:

  A security administrator was informed that a server unexpectedly rebooted. The administrator received an export of syslog entries for analysis: Which of the following does the log sample indicate? (Choose two.)

  

  A. A root user performed an injection attack via kernel module

  B. Encrypted payroll data was successfully decrypted by the attacker

  C. Jsmith successfully used a privilege escalation attack

  D. Payroll data was exfiltrated to an attacker-controlled host

  E. Buffer overflow in memory paging caused a kernel panic

  F. Syslog entries were lost due to the host being rebooted

  Correct Answer: CE

• Question 417:

  A managed service provider is designing a log aggregation service for customers who no longer want to manage an internal SIEM infrastructure. The provider expects that customers will send all types of logs to them, and that log files could contain very sensitive entries. Customers have indicated they want on-premises and cloud-based infrastructure logs to be stored in this new service. An engineer, who is designing the new service, is deciding how to segment customers.

  Which of the following is the BEST statement for the engineer to take into consideration?

  A. Single-tenancy is often more expensive and has less efficient resource utilization. Multi-tenancy may increase the risk of cross-customer exposure in the event of service vulnerabilities.

  B. The managed service provider should outsource security of the platform to an existing cloud company. This will allow the new log service to be launched faster and with well-tested security controls.

  C. Due to the likelihood of large log volumes, the service provider should use a multi-tenancy model for the data storage tier, enable data deduplication for storage cost efficiencies, and encrypt data at rest.

  D. The most secure design approach would be to give customers on-premises appliances, install agents on endpoints, and then remotely manage the service via a VPN.

  Correct Answer: A

• Question 418:

  A security architect is determining the best solution for a new project. The project is developing a new intranet with advanced authentication capabilities, SSO for users, and automated provisioning to streamline Day 1 access to systems. The security architect has identified the following requirements:

  1.

  Information should be sourced from the trusted master data source.

  2.

  There must be future requirements for identity proofing of devices and users.

  3.

  A generic identity connector that can be reused must be developed.

  4.

  The current project scope is for internally hosted applications only.

  Which of the following solution building blocks should the security architect use to BEST meet the requirements?

  A. LDAP, multifactor authentication, oAuth, XACML

  B. AD, certificate-based authentication, Kerberos, SPML

  C. SAML, context-aware authentication, oAuth, WAYF

  D. NAC, radius, 802.1x, centralized active directory

  Correct Answer: A

• Question 419:

  A company has adopted and established a continuous-monitoring capability, which has proven to be effective in vulnerability management, diagnostics, and mitigation. The company wants to increase the likelihood that it is able to discover and therefore respond to emerging threats earlier in the life cycle.

  Which of the following methodologies would BEST help the company to meet this objective? (Choose two.)

  A. Install and configure an IPS.

  B. Enforce routine GPO reviews.

  C. Form and deploy a hunt team.

  D. Institute heuristic anomaly detection.

  E. Use a protocol analyzer with appropriate connectors.

  Correct Answer: AD

• Question 420:

  Given the following code snippet:

  

  Of which of the following is this snippet an example?

  A. Data execution prevention

  B. Buffer overflow

  C. Failure to use standard libraries

  D. Improper filed usage

  E. Input validation

  Correct Answer: D