CompTIA CAS-003 Online Practice Questions and Exam Preparation

CompTIA CAS-003 Online Questions & Answers

• Question 461:

  News outlets are beginning to report on a number of retail establishments that are experiencing payment card data breaches. The data exfiltration is enabled by malware on a compromised computer. After the initial exploit, network mapping and fingerprinting is conducted to prepare for further exploitation. Which of the following is the MOST effective solution to protect against unrecognized malware infections?

  A. Remove local admin permissions from all users and change anti-virus to a cloud aware, push technology.
  B. Implement an application whitelist at all levels of the organization.
  C. Deploy a network based heuristic IDS, configure all layer 3 switches to feed data to the IDS for more effective monitoring.
  D. Update router configuration to pass all network traffic through a new proxy server with advanced malware detection.
  B. Implement an application whitelist at all levels of the organization.

  ---

  In essence a whitelist screening will ensure that only acceptable applications are passed / or granted access.

• Question 462:

  A managed service provider is designing a log aggregation service for customers who no longer want to manage an internal SIEM infrastructure. The provider expects that customers will send all types of logs to them, and that log files could contain very sensitive entries. Customers have indicated they want on-premises and cloud-based infrastructure logs to be stored in this new service. An engineer, who is designing the new service, is deciding how to segment customers.

  Which of the following is the BEST statement for the engineer to take into consideration?

  A. Single-tenancy is often more expensive and has less efficient resource utilization. Multi-tenancy may increase the risk of cross-customer exposure in the event of service vulnerabilities.
  B. The managed service provider should outsource security of the platform to an existing cloud company. This will allow the new log service to be launched faster and with well-tested security controls.
  C. Due to the likelihood of large log volumes, the service provider should use a multi-tenancy model for the data storage tier, enable data deduplication for storage cost efficiencies, and encrypt data at rest.
  D. The most secure design approach would be to give customers on-premises appliances, install agents on endpoints, and then remotely manage the service via a VPN.
  A. Single-tenancy is often more expensive and has less efficient resource utilization. Multi-tenancy may increase the risk of cross-customer exposure in the event of service vulnerabilities.

• Question 463:

  An organization is in the process of integrating its operational technology and information technology areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents. The following observations have been identified:

  1.

  The ICS supplier has specified that any software installed will result in lack of support.

  2.

  There is no documented trust boundary defined between the SCADA and corporate networks.

  3.

  Operational technology staff have to manage the SCADA equipment via the engineering workstation.

  4.

  There is a lack of understanding of what is within the SCADA network. Which of the following capabilities would BEST improve the security position?

  A. VNC, router, and HIPS
  B. SIEM, VPN, and firewall
  C. Proxy, VPN, and WAF
  D. IDS, NAC, and log monitoring
  B. SIEM, VPN, and firewall

• Question 464:

  An enterprise must ensure that all devices that connect to its networks have been previously approved. The solution must support dual factor mutual authentication with strong identity assurance. In order to reduce costs and administrative overhead, the security architect wants to outsource identity proofing and second factor digital delivery to the third party. Which of the following solutions will address the enterprise requirements?

  A. Implementing federated network access with the third party.
  B. Using a HSM at the network perimeter to handle network device access.
  C. Using a VPN concentrator which supports dual factor via hardware tokens.
  D. Implementing 802.1x with EAP-TTLS across the infrastructure.
  D. Implementing 802.1x with EAP-TTLS across the infrastructure.

  ---

  IEEE 802.1X (also known as Dot1x) is an IEEE Standard for Port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

  802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client device (such as a laptop) that wishes to attach to the LAN/WLAN - though the term 'supplicant' is also used interchangeably to refer to the software running on the client that provides credentials to the authenticator. The authenticator is a network device, such as an Ethernet switch or wireless access point; and the authentication server is typically a host running software supporting the RADIUS and EAP protocols.

  The authenticator acts like a security guard to a protected network. The supplicant (i.e., client device) is not allowed access through the authenticator to the protected side of the network until the supplicant's identity has been validated and authorized. An analogy to this is providing a valid visa at the airport's arrival immigration before being allowed to enter the country. With 802.1X port-based authentication, the supplicant provides credentials, such as user name/password or digital certificate, to the authenticator, and the authenticator forwards the credentials to the authentication server for verification. If the authentication server determines the credentials are valid, the supplicant (client device) is allowed to access resources located on the protected side of the network.

  EAP-TTLS (Tunneled Transport Layer Security) is designed to provide authentication that is as strong as EAP-TLS, but it does not require that each user be issued a certificate. Instead, only the authentication servers are issued certificates. User authentication is performed by password, but the password credentials are transported in a securely encrypted tunnel established based upon the server certificates.

• Question 465:

  SIMULATION

  A product development team has submitted code snippets for review pnor to release INSTRUCTIONS.

  Analyze the code snippets and then select one vulnerability and one fix for each code snippet If at any time you would like to bang back the initial state of the simulation, please click the Reset All button.

  

  Check the answer in explanation below

  

  

• Question 466:

  An organization has implemented an Agile development process for front end web application development. A new security architect has just joined the company and wants to integrate security activities into the SDLC. Which of the following activities MUST be mandated to ensure code quality from a security perspective? (Select TWO).

  A. Static and dynamic analysis is run as part of integration
  B. Security standards and training is performed as part of the project
  C. Daily stand-up meetings are held to ensure security requirements are understood
  D. For each major iteration penetration testing is performed
  E. Security requirements are story boarded and make it into the build
  F. A security design is performed at the end of the requirements phase
  A. Static and dynamic analysis is run as part of integration
  D. For each major iteration penetration testing is performed

  ---

  SDLC stands for systems development life cycle. An agile project is completed in small sections called iterations. Each iteration is reviewed and critiqued by the project team. Insights gained from the critique of an iteration are used to determine what the next step should be in the project. Each project iteration is typically scheduled to be completed within two weeks.

  Static and dynamic security analysis should be performed throughout the project. Static program analysis is the analysis of computer software that is performed without actually executing programs (analysis performed on executing programs is known as dynamic analysis). In most cases the analysis is performed on some version of the source code, and in the other cases, some form of the object code.

  For each major iteration penetration testing is performed. The output of a major iteration will be a functioning part of the application. This should be penetration tested to ensure security of the application.

• Question 467:

  A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline.

  Which of the following tools should be implemented to detect similar attacks?

  A. Vulnerability scanner
  B. TPM
  C. Host-based firewall
  D. File integrity monitor
  E. NIPS
  D. File integrity monitor

• Question 468:

  A security engineer is deploying an IdP to broker authentication between applications. These applications all utilize SAML 2.0 for authentication. Users log into the IdP with their credentials and are given a list of applications they may access. One of the application's authentications is not functional when a user initiates an authentication attempt from the IdP. The engineer modifies the configuration so users browse to the application first, which corrects the issue. Which of the following BEST describes the root cause?

  A. The application only supports SP-initiated authentication.
  B. The IdP only supports SAML 1.0
  C. There is an SSL certificate mismatch between the IdP and the SaaS application.
  D. The user is not provisioned correctly on the IdP.
  A. The application only supports SP-initiated authentication.

• Question 469:

  A security administrator is opening connectivity on a firewall between Organization A and Organization B Organization B just acquired Organization A. Which of the following risk mitigation strategies should the administrator implement to reduce the risk involved with this change?

  A. DLP on internal network nodes
  B. A network traffic analyzer for incoming traffic
  C. A proxy server to examine outgoing web traffic
  D. IPS/IDS monitoring on the new connection
  D. IPS/IDS monitoring on the new connection

• Question 470:

  DRAG DROP

  A vulnerability scan with the latest definitions was performed across Sites A and B.

  INSTRUCTIONS

  Match each relevant finding to the affected host.

  After associating the finding with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

  Each finding may be used more than once.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  Select and Place: