CompTIA CompTIA Certifications CAS-003 Questions & Answers

• Question 451:

  A systems administrator recently joined an organization and has been asked to perform a security assessment of controls on the organization's file servers, which contain client data from a number of sensitive systems. The administrator needs to compare documented access requirements to the access implemented within the file system.

  Which of the following is MOST likely to be reviewed during the assessment? (Select two.)

  A. Access control list

  B. Security requirements traceability matrix

  C. Data owner matrix

  D. Roles matrix

  E. Data design document

  F. Data access policies

  Correct Answer: DF

• Question 452:

  A Chief Information Security Officer (CISO) requests the following external hosted services be scanned for malware, unsecured PII, and healthcare data:

  Corporate intranet site Online storage application Email and collaboration suite

  Security policy also is updated to allow the security team to scan and detect any bulk downloads of corporate data from the company's intranet and online storage site. Which of the following is needed to comply with the corporate security policy and the CISO's request?

  A. Port scanner

  B. CASB

  C. DLP agent

  D. Application sandbox

  E. SCAP scanner

  Correct Answer: B

• Question 453:

  A security analyst sees some suspicious entries in a log file from a web server website, which has a form that allows customers to leave feedback on the company's products. The analyst believes a malicious actor is scanning the web form. To know which security controls to put in place, the analyst first needs to determine the type of activity occurring to design a control. Given the log below:

  

  Which of the following is the MOST likely type of activity occurring?

  A. SQL injection

  B. XSS scanning

  C. Fuzzing

  D. Brute forcing

  Correct Answer: A

• Question 454:

  An organization is reviewing endpoint security solutions. In evaluating products, the organization has the following requirements:

  Support server, laptop, and desktop infrastructure Due to limited security resources, implement active protection capabilities Provide users with the ability to self-service classify information and apply policies Protect data-at-rest and data-in-use Which of the following endpoint capabilities would BEST meet the above requirements? (Select two.)

  A. Data loss prevention

  B. Application whitelisting

  C. Endpoint detect and respond

  D. Rights management

  E. Log monitoring

  F. Antivirus

  Correct Answer: CF

• Question 455:

  While conducting a BIA for a proposed acquisition, the IT integration team found that both companies outsource CRM services to competing and incompatible third-party cloud services. The decision has been made to bring the CRM service in-house, and the IT team has chosen a future solution. With which of the following should the Chief Information Security Officer (CISO) be MOST concerned? (Choose two.)

  A. Data remnants

  B. Sovereignty

  C. Compatible services

  D. Storage encryption

  E. Data migration

  F. Chain of custody

  Correct Answer: AE

• Question 456:

  A newly hired Chief Information Security Officer (CISO) is reviewing the organization's security budget from the previous year. The CISO notices $100,000 worth of fines were paid for not properly encrypting outbound email messages. The CISO expects next year's costs associated with fines to double and the volume of messages to increase by 100%. The organization sent out approximately 25,000 messages per year over the last three years. Given the table below:

  

  Which of the following would be BEST for the CISO to include in this year's budget?

  A. A budget line for DLP Vendor A

  B. A budget line for DLP Vendor B

  C. A budget line for DLP Vendor C

  D. A budget line for DLP Vendor D

  E. A budget line for paying future fines

  Correct Answer: A

• Question 457:

  A network engineer is upgrading the network perimeter and installing a new firewall, IDS, and external edge router. The IDS is reporting elevated UDP traffic, and the internal routers are reporting high utilization. Which of the following is the BEST solution?

  A. Reconfigure the firewall to block external UDP traffic.

  B. Establish a security baseline on the IDS.

  C. Block echo reply traffic at the firewall.

  D. Modify the edge router to not forward broadcast traffic.

  Correct Answer: B

• Question 458:

  An organization is considering the use of a thin client architecture as it moves to a cloud-hosted environment. A security analyst is asked to provide thoughts on the security advantages of using thin clients and virtual workstations. Which of the following are security advantages of the use of this combination of thin clients and virtual workstations?

  A. Malicious insiders will not have the opportunity to tamper with data at rest and affect the integrity of the system.

  B. Thin client workstations require much less security because they lack storage and peripherals that can be easily compromised, and the virtual workstations are protected in the cloud where security is outsourced.

  C. All thin clients use TPM for core protection, and virtual workstations use vTPM for core protection with both equally ensuring a greater security advantage for a cloud-hosted environment.

  D. Malicious users will have reduced opportunities for data extractions from their physical thin client workstations, this reducing the effectiveness of local attacks.

  Correct Answer: B

• Question 459:

  A networking administrator was recently promoted to security administrator in an organization that handles highly sensitive data. The Chief Information Security Officer (CISO) has just asked for all IT security personnel to review a zero-day vulnerability and exploit for specific application servers to help mitigate the organization's exposure to that risk. Which of the following should the new security administrator review to gain more information? (Choose three.)

  A. CVE database

  B. Recent security industry conferences

  C. Security vendor pages

  D. Known vendor threat models

  E. Secure routing metrics

  F. Server's vendor documentation

  G. Verified security forums

  H. NetFlow analytics

  Correct Answer: BDG

• Question 460:

  A penetration tester has been contracted to conduct a physical assessment of a site. Which of the following is the MOST plausible method of social engineering to be conducted during this engagement?

  A. Randomly calling customer employees and posing as a help desk technician requiring user password to resolve issues

  B. Posing as a copier service technician and indicating the equipment had "phoned home" to alert the

  C. technician for a service call

  D. Simulating an illness while at a client location for a sales call and then recovering once listening devices are installed

  E. Obtaining fake government credentials and impersonating law enforcement to gain access to a company facility

  Correct Answer: A