1. Home
  2. CompTIA
  3. CAS-003

CompTIA CAS-003 Online Practice Questions and Exam Preparation

CAS-003 Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-003 Online Questions & Answers

  • Question 441:

    A company provides on-demand cloud computing resources for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two-factor authentication for customer access to the administrative website. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data from customer A was found on a hidden directory within the VM of company

    A. Company B is not in the same industry as company A and the two are not competitors. Which of the following has MOST likely occurred?
    B. Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to access each and move the data.
    C. A stolen two factor token was used to move data from one virtual guest to another host on the same network segment.
    D. A hypervisor server was left un-patched and an attacker was able to use a resource exhaustion attack to
    E. gain unauthorized access.
    F. An employee with administrative access to the virtual guests was able to dump the guest memory onto a mapped disk.

  • Question 442:

    A penetration tester is trying to gain access to a remote system. The tester is able to see the secure login page and knows one user account and email address, but has not yet discovered a password.

    Which of the following would be the EASIEST method of obtaining a password for the known account?

    A. Man-in-the-middle
    B. Reverse engineering
    C. Social engineering
    D. Hash cracking

  • Question 443:

    An advanced threat emulation engineer is conducting testing against a client's network. The engineer conducts the testing in as realistic a manner as possible. Consequently, the engineer has been gradually ramping up the volume of attacks over a long period of time. Which of the following combinations of techniques would the engineer MOST likely use in this testing? (Choose three.)

    A. Black box testing
    B. Gray box testing
    C. Code review
    D. Social engineering
    E. Vulnerability assessment
    F. Pivoting
    G. Self-assessment
    H. White teaming
    I. External auditing

  • Question 444:

    A penetration tester is given an assignment lo gain physical access to a secure facility with perimeter cameras. The secure facility does not accept visitors and entry is available only through a door protected by an RFID key and a guard stationed inside the door Which of the following would be BEST for the penetration tester to attempt?

    A. Gam entry into the building by posing as a contractor who is performing routine building maintenance
    B. Tailgate into the facility with an employee who has a valid RFID badge to enter
    C. Duplicate an employees RFID badge and use an IR camera to see when the guard leaves the post
    D. Look for an open window that can be used to gain unauthorized entry into the facility

  • Question 445:

    During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy. Six months later, the company is audited for compliance to regulations. The audit discovers that 40 percent of the desktops do not meet requirements. Which of the following is the MOST likely cause of the noncompliance?

    A. The devices are being modified and settings are being overridden in production.
    B. The patch management system is causing the devices to be noncompliant after issuing the latest patches.
    C. The desktop applications were configured with the default username and password.
    D. 40 percent of the devices use full disk encryption.

  • Question 446:

    A security analyst is reviewing an endpoint that was found to have a rookit installed. The rootkit survived multiple attempts to clean the endpoints, as well as an attempt to reinstall the QS. The security analyst needs to implement a method to prevent other endpoint from having similar issues. Which of the following would BEST accomplish this objective?

    A. Utilize measured boot attestation.
    B. Enforce the secure boot process.
    C. Reset the motherboard's TPM chip.
    D. Reinstall the OS with known-good media.
    E. Configure custom anti-malware rules.

  • Question 447:

    A company's Chief Operating Officer (COO) is concerned about the potential for competitors to infer proprietary information gathered from employees' social media accounts.

    Which of the following methods should the company use to gauge its social media threat level without targeting individual employees?

    A. Utilize insider threat consultants to provide expertise.
    B. Require that employees divulge social media accounts.
    C. Leverage Big Data analytical algorithms.
    D. Perform social engineering tests to evaluate employee awareness.

  • Question 448:

    While an employee is on vacation, suspicion arises that the employee has been involved in malicious activity on the network. The security engineer is concerned the investigation may need to continue after the employee returns to work. Given this concern, which of the following should the security engineer recommend to maintain the integrity of the investigation?

    A. Create archival copies of all documents and communications related to the employee
    B. Create a forensic image of network infrastructure devices
    C. Create an image file of the employee's network drives and store it with hashes
    D. Install a keylogger to capture the employee's communications and contacts

  • Question 449:

    A developer is reviewing the following transaction logs from a web application:

    Username: John Doe Street name: Main St. Street number: