CompTIA CAS-003 Online Practice Questions and Exam Preparation

CompTIA CAS-003 Online Questions & Answers

• Question 481:

  A security engineer is employed by a hospital that was recently purchased by a corporation. Throughout the acquisition process, all data on the virtualized file servers must be shared by departments within both organizations. The security engineer considers data ownership to determine:

  A. the amount of data to be moved.
  B. the frequency of data backups.
  C. which users will have access to which data
  D. when the file server will be decommissioned
  C. which users will have access to which data

• Question 482:

  A security engineer must establish a method to assess compliance with company security policies as they apply to the unique configuration of individual endpoints, as well as to the shared configuration policies of common devices.

  

  Which of the following tools is the security engineer using to produce the above output?

  A. Vulnerability scanner
  B. SIEM
  C. Port scanner
  D. SCAP scanner
  B. SIEM

• Question 483:

  An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

  

  Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

  A. Password cracker
  B. Port scanner
  C. Account enumerator
  D. Exploitation framework
  A. Password cracker

• Question 484:

  A large enterprise acquires another company which uses antivirus from a different vendor. The CISO has requested that data feeds from the two different antivirus platforms be combined in a way that allows management to assess and rate the overall effectiveness of antivirus across the entire organization. Which of the following tools can BEST meet the CISO's requirement?

  A. GRC
  B. IPS
  C. CMDB
  D. Syslog-ng
  E. IDS
  A. GRC

  ---

  GRC is a discipline that aims to coordinate information and activity across governance, risk management and compliance with the purpose of operating more efficiently, enabling effective information sharing, more effectively reporting activities and avoiding wasteful overlaps. An integrated GRC (iGRC) takes data feeds from one or more sources that detect or sense abnormalities, faults or other patterns from security or business applications.

• Question 485:

  A facilities manager requests approval to deploy a new key management system that integrates with logical network access controls to provide conditional access. The security analyst who is assessing the risk has no experience with the category of products.

  Which of the following is the FIRST step the analyst should take to begin the research?

  A. Seek documented industry best practices.
  B. Review the preferred vendor's white papers.
  C. Compare the product function to relevant RFCs
  D. Execute a non-disclosure agreement with the vendor
  A. Seek documented industry best practices.

• Question 486:

  An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:

  1.

  Be based on open-source Android for use familiarity and ease

  2.

  Provide a single application for inventory management of physical assets.

  3.

  Permit use of the camera by only the inventory application for the purposes of scanning

  4.

  Disallow any and all configuration baseline modifications.

  5.

  Restnct all access to any devices resource other than those required for use of the inventory management application.

  Which of the following approaches would BEST meet these security requirements?

  A. Set an application wrapping policy, wrap the application distribute the Inventory APK via the MAM tool, and test the application restrictions.
  B. Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode.
  C. Swap out Android's Linux kernel version for >2.4 .0, build the kernel, build Android, remove unnecessary functions via MDM. configure to block network access, and perform integration testing.
  D. Build and install an Android middleware policy with requirements added, copy the file into /usr/init, and then build the inventory application.
  C. Swap out Android's Linux kernel version for >2.4 .0, build the kernel, build Android, remove unnecessary functions via MDM. configure to block network access, and perform integration testing.

• Question 487:

  An attacker exploited an unpatched vulnerability in a web framework, and then used an application service account that had an insecure configuration to download a rootkit The attacker was unable to obtain root privileges Instead the attacker then downloaded a crypto-currency mining program and subsequently was discovered The server was taken offline, rebuilt, and patched. Which of the following should the security engineer suggest to help prevent a similar scenario in the future?

  A. Remove root privileges from the application service account
  B. Implement separation of duties.
  C. Properly configure SELinux and set it to enforce.
  D. Use cron to schedule regular restarts of the service to terminate sessions.
  E. Perform regular uncredentialed vulnerability scans
  E. Perform regular uncredentialed vulnerability scans

• Question 488:

  The Chief Information Security Officer (CISO) at a large organization has been reviewing some security-related incidents at the organization and comparing them to current industry trends. The desktop security engineer feels that the use of USB storage devices on office computers has contributed to the frequency of security incidents. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Every user receives a popup warning about this policy upon login. The SIEM system produces a report of USB violations on a monthly basis; yet violations continue to occur.

  Which of the following preventative controls would MOST effectively mitigate the logical risks associated with the use of USB storage devices?

  A. Revise the corporate policy to include possible termination as a result of violations
  B. Increase the frequency and distribution of the USB violations report
  C. Deploy PKI to add non-repudiation to login sessions so offenders cannot deny the offense
  D. Implement group policy objects
  D. Implement group policy objects

  ---

  A Group Policy Object (GPO) can apply a common group of settings to all computers in Windows domain. One GPO setting under the Removable Storage Access node is: All removable storage classes: Deny all access.

  This setting can be applied to all computers in the network and will disable all USB storage devices on the computers.

• Question 489:

  A security manager wants to implement a policy that will management with the ability to monitor employees' activities with minimum impact to productivity.

  Which of the following policies Is BEST suited for this scenario?

  A. Separation of duties
  B. Mandatory vacations
  C. Least privilege
  D. Incident response
  A. Separation of duties

• Question 490:

  A security firm is writing a response to an RFP from a customer that is building a new network based software product. The firm's expertise is in penetration testing corporate networks. The RFP explicitly calls for all possible behaviors of the product to be tested, however, it does not specify any particular method to achieve this goal. Which of the following should be used to ensure the security and functionality of the product? (Select TWO).

  A. Code review
  B. Penetration testing
  C. Grey box testing
  D. Code signing
  E. White box testing
  A. Code review
  E. White box testing

  ---

  A Code review refers to the examination of an application (the new network based software product in this case) that is designed to identify and assess threats to the organization.

  White box testing assumes that the penetration test team has full knowledge of the network and the infrastructure per se thus rendering the testing to follow a more structured approach.