1. Home
  2. CompTIA
  3. CAS-003

CompTIA Advanced Security Practitioner (CASP+)

Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CompTIA Certifications CAS-003 Questions & Answers

  • Question 481:

    Two new technical SMB security settings have been enforced and have also become policies that increase secure communications.

    Network Client: Digitally sign communication Network Server: Digitally sign communication

    A storage administrator in a remote location with a legacy storage array, which contains time-sensitive data, reports employees can no longer connect to their department shares. Which of the following mitigation strategies should an information security manager recommend to the data owner?

    A. Accept the risk, reverse the settings for the remote location, and have the remote location file a risk exception until the legacy storage device can be upgraded

    B. Accept the risk for the remote location, and reverse the settings indefinitely since the legacy storage device will not be upgraded

    C. Mitigate the risk for the remote location by suggesting a move to a cloud service provider. Have the remote location request an indefinite risk exception for the use of cloud storage

    D. Avoid the risk, leave the settings alone, and decommission the legacy storage device

  • Question 482:

    A penetration test is being scoped for a set of web services with API endpoints. The APIs will be hosted on existing web application servers. Some of the new APIs will be available to unauthenticated users, but some will only be available to authenticated users. Which of the following tools or activities would the penetration tester MOST likely use or do during the engagement? (Select TWO.)

    A. Static code analyzer

    B. Intercepting proxy

    C. Port scanner

    D. Reverse engineering

    E. Reconnaissance gathering

    F. User acceptance testing

  • Question 483:

    The finance department has started to use a new payment system that requires strict PII security restrictions on various network devices. The company decides to enforce the restrictions and configure all devices appropriately. Which of the following risk response strategies is being used?

    A. Avoid

    B. Mitigate

    C. Transfer

    D. Accept

  • Question 484:

    A project manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor's cloud-based infrastructure. The organization will maintain responsibility for the software but will not manage the underlying server applications. Which of the following does the organization plan to leverage?

    A. SaaS

    B. PaaS

    C. IaaS

    D. Hybrid cloud

    E. Network virtualization

  • Question 485:

    A security engineer is embedded with a development team to ensure security is built into products being developed. The security engineer wants to ensure developers are not blocked by a large number of security requirements applied at specific schedule points. Which of the following solutions BEST meets the engineer's goal?

    A. Schedule weekly reviews of al unit test results with the entire development team and follow up between meetings with surprise code inspections.

    B. Develop and implement a set of automated security tests to be installed on each development team leader's workstation.

    C. Enforce code quality and reuse standards into the requirements definition phase of the waterfall development process.

    D. Deploy an integrated software tool that builds and tests each portion of code committed by developers and provides feedback.

  • Question 486:

    A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive analysis attacks.

    Which of the following is the BEST solution?

    A. Use an entropy-as-a-service vendor to leverage larger entropy pools.

    B. Loop multiple pseudo-random number generators in a series to produce larger numbers.

    C. Increase key length by two orders of magnitude to detect brute forcing.

    D. Shift key generation algorithms to ECC algorithms.

  • Question 487:

    A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior. The company must deploy a host solution to meet the following requirements:

    1.

    Detect administrative actions

    2.

    Block unwanted MD5 hashes

    3.

    Provide alerts

    4.

    Stop exfiltration of cardholder data

    Which of the following solutions would BEST meet these requirements? (Choose two.)

    A. AV

    B. EDR

    C. HIDS

    D. DLP

    E. HIPS

    F. EFS

  • Question 488:

    During a security assessment, an organization is advised of inadequate control over network segmentation. The assessor explains that the organization's reliance on VLANs to segment traffic is insufficient to provide segmentation based on regulatory standards.

    Which of the following should the organization consider implementing along with VLANs to provide a greater level of segmentation?

    A. Air gaps

    B. Access control lists

    C. Spanning tree protocol

    D. Network virtualization

    E. Elastic load balancing

  • Question 489:

    After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees' devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees' devices into the network securely?

    A. Distribute a NAC client and use the client to push the company's private key to all the new devices.

    B. Distribute the device connection policy and a unique public/private key pair to each new employee's device.

    C. Install a self-signed SSL certificate on the company's RADIUS server and distribute the certificate's public key to all new client devices.

    D. Install an 802.1X supplicant on all new devices and let each device generate a self-signed certificate to use for network access.

  • Question 490:

    As a result of an acquisition, a new development team is being integrated into the company. The development team has BYOD laptops with IDEs installed, build servers, and code repositories that utilize SaaS. To have the team up and running effectively, a separate Internet connection has been procured. A stand up has identified the following additional requirements:

    1.

    Reuse of the existing network infrastructure

    2.

    Acceptable use policies to be enforced

    3.

    Protection of sensitive files

    4.

    Access to the corporate applications

    Which of the following solution components should be deployed to BEST meet the requirements? (Select three.)

    A. IPSec VPN

    B. HIDS

    C. Wireless controller

    D. Rights management

    E. SSL VPN

    F. NAC

    G. WAF

    H. Load balancer

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.