CompTIA CompTIA Certifications CAS-003 Questions & Answers

• Question 431:

  A software development team is conducting functional and user acceptance testing of internally developed web applications using a COTS solution. For automated testing, the solution uses valid user credentials from the enterprise directory to authenticate to each application. The solution stores the username in plain text and the corresponding password as an encoded string in a script within a file, located on a globally accessible network share. The account credentials used belong to the development team lead. To reduce the risks associated with this scenario while minimizing disruption to ongoing testing, which of the following are the BEST actions to take? (Choose two.)

  A. Restrict access to the network share by adding a group only for developers to the share's ACL

  B. Implement a new COTS solution that does not use hard-coded credentials and integrates with directory services

  C. Obfuscate the username within the script file with encoding to prevent easy identification and the account used

  D. Provision a new user account within the enterprise directory and enable its use for authentication to the target applications. Share the username and password with all developers for use in their individual scripts

  E. Redesign the web applications to accept single-use, local account credentials for authentication

  Correct Answer: AB

• Question 432:

  A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline.

  Which of the following tools should be implemented to detect similar attacks?

  A. Vulnerability scanner

  B. TPM

  C. Host-based firewall

  D. File integrity monitor

  E. NIPS

  Correct Answer: D

• Question 433:

  Following a recent network intrusion, a company wants to determine the current security awareness of all of its employees. Which of the following is the BEST way to test awareness?

  A. Conduct a series of security training events with comprehensive tests at the end

  B. Hire an external company to provide an independent audit of the network security posture

  C. Review the social media of all employees to see how much proprietary information is shared

  D. Send an email from a corporate account, requesting users to log onto a website with their enterprise account

  Correct Answer: D

• Question 434:

  An organization's network engineering team recently deployed a new software encryption solution to ensure the confidentiality of data at rest, which was found to add 300ms of latency to data read-write requests in storage, impacting business operations.

  Which of the following alternative approaches would BEST address performance requirements while meeting the intended security objective?

  A. Employ hardware FDE or SED solutions.

  B. Utilize a more efficient cryptographic hash function.

  C. Replace HDDs with SSD arrays.

  D. Use a FIFO pipe a multithreaded software solution.

  Correct Answer: A

• Question 435:

  An engineer needs to provide access to company resources for several offshore contractors. The contractors require:

  Access to a number of applications, including internal websites Access to database data and the ability to manipulate it The ability to log into Linux and Windows servers remotely

  Which of the following remote access technologies are the BEST choices to provide all of this access securely? (Choose two.)

  A. VTC

  B. VRRP

  C. VLAN

  D. VDI

  E. VPN

  F. Telnet

  Correct Answer: DE

• Question 436:

  One of the objectives of a bank is to instill a security awareness culture. Which of the following are techniques that could help to achieve this? (Choose two.)

  A. Blue teaming

  B. Phishing simulations

  C. Lunch-and-learn

  D. Random audits

  E. Continuous monitoring

  F. Separation of duties

  Correct Answer: BE

• Question 437:

  A medical device company is implementing a new COTS antivirus solution in its manufacturing plant. All validated machines and instruments must be retested for interoperability with the new software. Which of the following would BEST ensure the software and instruments are working as designed?

  A. System design documentation

  B. User acceptance testing

  C. Peer review

  D. Static code analysis testing

  E. Change control documentation

  Correct Answer: A

• Question 438:

  Which of the following is the GREATEST security concern with respect to BYOD?

  A. The filtering of sensitive data out of data flows at geographic boundaries.

  B. Removing potential bottlenecks in data transmission paths.

  C. The transfer of corporate data onto mobile corporate devices.

  D. The migration of data into and out of the network in an uncontrolled manner.

  Correct Answer: D

• Question 439:

  Click on the exhibit buttons to view the four messages.

  

  

  A security architect is working with a project team to deliver an important service that stores and processes customer banking details. The project, internally known as ProjectX, is due to launch its first set of features publicly within a week, but the team has not been able to implement encryption-at-rest of the customer records. The security architect is drafting an escalation email to senior leadership.

  Which of the following BEST conveys the business impact for senior leadership?

  A. Message 1

  B. Message 2

  C. Message 3

  D. Message 4

  Correct Answer: D

• Question 440:

  Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue. The security team needs to find a technical control mechanism that will meet the following requirements and aid in preventing these outbreaks:

  Stop malicious software that does not match a signature Report on instances of suspicious behavior Protect from previously unknown threats Augment existing security capabilities

  Which of the following tools would BEST meet these requirements?

  A. Host-based firewall

  B. EDR

  C. HIPS

  D. Patch management

  Correct Answer: C