CompTIA CAS-003 Online Practice Questions and Exam Preparation

CompTIA CAS-003 Online Questions & Answers

• Question 491:

  An electric car company hires an IT consulting company to improve the cybersecurity of us vehicles. Which of the following should achieve the BEST long-term result for the company?

  A. Designing Developing add-on security components for fielded vehicles
  B. Reviewing proposed designs and prototypes for cybersecurity vulnerabilities
  C. Performing a cyber-risk assessment on production vehicles
  D. Reviewing and influencing requirements for an early development vehicle
  B. Reviewing proposed designs and prototypes for cybersecurity vulnerabilities

• Question 492:

  The legal department has required that all traffic to and from a company's cloud-based word processing and email system is logged. To meet this requirement, the Chief Information Security Officer (CISO) has implemented a next-generation firewall to perform inspection of the secure traffic and has decided to use a cloud-based log aggregation solution for all traffic that is logged. Which of the following presents a long-term risk to user privacy in this scenario?

  A. Confidential or sensitive documents are inspected by the firewall before being logged.
  B. Latency when viewing videos and other online content may increase.
  C. Reports generated from the firewall will take longer to produce due to more information from inspected traffic.
  D. Stored logs may contain non-encrypted usernames and passwords for personal websites.
  A. Confidential or sensitive documents are inspected by the firewall before being logged.

• Question 493:

  A security administrator is concerned about the increasing number of users who click on malicious links contained within phishing emails. Although the company has implemented a process to block these links at the network perimeter, many accounts are still becoming compromised. Which of the following should be implemented for further reduce the number of account compromises caused by remote users who click these links?

  A. Anti-spam gateways
  B. Security awareness training
  C. URL rewriting
  D. Internal phishing campaign
  B. Security awareness training

• Question 494:

  A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization's customer database. The database will be accessed by both the company's users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO).

  A. Physical penetration test of the datacenter to ensure there are appropriate controls.
  B. Penetration testing of the solution to ensure that the customer data is well protected.
  C. Security clauses are implemented into the contract such as the right to audit.
  D. Review of the organizations security policies, procedures and relevant hosting certifications.
  E. Code review of the solution to ensure that there are no back doors located in the software.
  C. Security clauses are implemented into the contract such as the right to audit.
  D. Review of the organizations security policies, procedures and relevant hosting certifications.

  ---

  Due diligence refers to an investigation of a business or person prior to signing a contract. Due diligence verifies information supplied by vendors with regards to processes, financials, experience, and performance. Due diligence should verify the data supplied in the RFP and concentrate on the following: Company profile, strategy, mission, and reputation Financial status, including reviews of audited financial statements Customer references, preferably from companies that have outsourced similar processes Management qualifications, including criminal background checks Process expertise, methodology, and effectiveness

  Quality initiatives and certifications Technology, infrastructure stability, and applications Security and audit controls

  Legal and regulatory compliance, including any outstanding complaints or litigation

  Use of subcontractors Insurance Disaster recovery and business continuity policies C and D form part of Security and audit controls.

• Question 495:

  A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet:

  

  Which of the following should the penetration tester conclude about the command output?

  A. The public/private views on the Comptia.org DNS servers are misconfigured
  B. Comptia.org is running an older mail server, which may be vulnerable to exploits
  C. The DNS SPF records have not been updated for Comptia.org
  D. 192.168.102.67 is a backup mail server that may be more vulnerable to attack
  B. Comptia.org is running an older mail server, which may be vulnerable to exploits

• Question 496:

  An agency has implemented a data retention policy that requires tagging data according to type before storing it in the data repository. The policy requires all business emails be automatically deleted after two years. During an open records investigation, information was found on an employee's work computer concerning a conversation that occurred three years prior and proved damaging to the agency's reputation. Which of the following MOST likely caused the data leak?

  A. The employee manually changed the email client retention settings to prevent deletion of emails
  B. The file that contained the damaging information was mistagged and retained on the server for longer than it should have been
  C. The email was encrypted and an exception was put in place via the data classification application
  D. The employee saved a file on the computer's hard drive that contained archives of emails, which were more than two years old
  D. The employee saved a file on the computer's hard drive that contained archives of emails, which were more than two years old

• Question 497:

  A security engineer successfully exploits an application during a penetration test. As proof of the exploit, the security engineer takes screenshots of how data was compromised in the application. Given the information below from the screenshot.

  

  Which of the following tools was MOST likely used to exploit the application?

  A. The engineer captured the data with a protocol analyzer, and then utilized Python to edit the data
  B. The engineer queried the server and edited the data using an HTTP proxy interceptor
  C. The engineer used a cross-site script sent via curl to edit the data
  D. The engineer captured the HTTP headers, and then replaced the JSON data with a banner-grabbing tool
  B. The engineer queried the server and edited the data using an HTTP proxy interceptor

• Question 498:

  A small company's Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company's security posture quickly with regard to targeted attacks. Which of the following should the CSO conduct FIRST?

  A. Survey threat feeds from services inside the same industry.
  B. Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic.
  C. Conduct an internal audit against industry best practices to perform a qualitative analysis.
  D. Deploy a UTM solution that receives frequent updates from a trusted industry vendor.
  A. Survey threat feeds from services inside the same industry.

  ---

  Security posture refers to the overall security plan from planning through to implementation and comprises technical and non-technical policies, procedures and controls to protect from both internal and external threats. From a security standpoint, one of the first questions that must be answered in improving the overall security posture of an organization is to identify where data resides. All the advances that were made by technology make this very difficult. The best way then to improve your company's security posture is to first survey threat feeds from services inside the same industry.

• Question 499:

  An employee decides to log into an authorized system. The system does not prompt the employee for authentication prior to granting access to the console, and it cannot authenticate the network resources. Which of the following attack types can this lead to if it is not mitigated?

  A. Memory leak
  B. Race condition
  C. Smurf
  D. Resource exhaustion
  C. Smurf

• Question 500:

  A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.

  A security engineer is concerned about the security of the solution and notes the following:

  1.

  The critical devise send cleartext logs to the aggregator.

  2.

  The log aggregator utilize full disk encryption.

  3.

  The log aggregator sends to the analysis server via port 80.

  4.

  MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.

  5.

  The data is compressed and encrypted prior to being achieved in the cloud.

  Which of the following should be the engineer's GREATEST concern?

  A. Hardware vulnerabilities introduced by the log aggregate server
  B. Network bridging from a remote access VPN
  C. Encryption of data in transit
  D. Multinancy and data remnants in the cloud
  C. Encryption of data in transit