CompTIA CompTIA Certifications CAS-003 Questions & Answers

• Question 491:

  A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares. Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two.)

  A. Conduct role-based training for privileged users that highlights common threats against them and covers best practices to thwart attacks

  B. Increase the frequency at which host operating systems are scanned for vulnerabilities, and decrease the amount of time permitted between vulnerability identification and the application of corresponding patches

  C. Enforce command shell restrictions via group policies for all workstations by default to limit which native operating system tools are available for use

  D. Modify the existing rules of behavior to include an explicit statement prohibiting users from enumerating user and file directories using available tools and/or accessing visible resources that do not directly pertain to their job functions

  E. For all workstations, implement full-disk encryption and configure UEFI instances to require complex passwords for authentication

  F. Implement application blacklisting enforced by the operating systems of all machines in the enterprise

  Correct Answer: CD

• Question 492:

  A new cluster of virtual servers has been set up in a lab environment and must be audited before being allowed on the production network. The security manager needs to ensure unnecessary services are disabled and all system accounts are using strong credentials.

  Which of the following tools should be used? (Choose two.)

  A. Fuzzer

  B. SCAP scanner

  C. Packet analyzer

  D. Password cracker

  E. Network enumerator

  F. SIEM

  Correct Answer: BF

• Question 493:

  A company has gone through a round of phishing attacks. More than 200 users have had their workstation infected because they clicked on a link in an email. An incident analysis has determined an executable ran and compromised the administrator account on each workstation. Management is demanding the information security team prevent this from happening again. Which of the following would BEST prevent this from happening again?

  A. Antivirus

  B. Patch management

  C. Log monitoring

  D. Application whitelisting

  E. Awareness training

  Correct Answer: A

• Question 494:

  A newly hired security analyst has joined an established SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concerned about it.

  Which of the following is the MOST likely reason for the team lead's position?

  A. The organization has accepted the risks associated with web-based threats.

  B. The attack type does not meet the organization's threat model.

  C. Web-based applications are on isolated network segments.

  D. Corporate policy states that NIPS signatures must be updated every hour.

  Correct Answer: A

• Question 495:

  A security assessor is working with an organization to review the policies and procedures associated with managing the organization's virtual infrastructure. During a review of the virtual environment, the assessor determines the organization is using servers to provide more than one primary function, which violates a regulatory requirement. The assessor reviews hardening guides and determines policy allows for this configuration. It would be MOST appropriate for the assessor to advise the organization to:

  A. segment dual-purpose systems on a hardened network segment with no external access

  B. assess the risks associated with accepting non-compliance with regulatory requirements

  C. update system implementation procedures to comply with regulations

  D. review regulatory requirements and implement new policies on any newly provisioned servers

  Correct Answer: A

• Question 496:

  A company monitors the performance of all web servers using WMI. A network administrator informs the security engineer that web servers hosting the company's client-facing portal are running slowly today. After some investigation, the security engineer notices a large number of attempts at enumerating host information via SNMP from multiple IP addresses.

  Which of the following would be the BEST technique for the security engineer to employ in an attempt to prevent reconnaissance activity?

  A. Install a HIPS on the web servers

  B. Disable inbound traffic from offending sources

  C. Disable SNMP on the web servers

  D. Install anti-DDoS protection in the DMZ

  Correct Answer: A

• Question 497:

  The marketing department has developed a new marketing campaign involving significant social media outreach. The campaign includes allowing employees and customers to submit blog posts and pictures of their day-to-day experiences at the company. The information security manager has been asked to provide an informative letter to all participants regarding the security risks and how to avoid privacy and operational security issues. Which of the following is the MOST important information to reference in the letter?

  A. After-action reports from prior incidents.

  B. Social engineering techniques

  C. Company policies and employee NDAs

  D. Data classification processes

  Correct Answer: C

• Question 498:

  A security engineer is analyzing an application during a security assessment to ensure it is configured to protect against common threats. Given the output below:

  

  Which of the following tools did the security engineer MOST likely use to generate this output?

  A. Application fingerprinter

  B. Fuzzer

  C. HTTP interceptor

  D. Vulnerability scanner

  Correct Answer: C

• Question 499:

  Developers are working on anew feature to add to a social media platform. Thew new feature involves users uploading pictures of what they are currently doing. The data privacy officer (DPO) is concerned about various types of abuse that might occur due to this new feature. The DPO state the new feature cannot be released without addressing the physical safety concerns of the platform's users. Which of the following controls would BEST address the DPO's concerns?

  A. Increasing blocking options available to the uploader

  B. Adding a one-hour delay of all uploaded photos

  C. Removing all metadata in the uploaded photo file

  D. Not displaying to the public who uploaded the photo

  E. Forcing TLS for all connections on the platform

  Correct Answer: B

• Question 500:

  Which of the following BEST represents a risk associated with merging two enterprises during an acquisition?

  A. The consolidation of two different IT enterprises increases the likelihood of the data loss because there are now two backup systems

  B. Integrating two different IT systems might result in a successful data breach if threat intelligence is not shared between the two enterprises

  C. Merging two enterprise networks could result in an expanded attack surface and could cause outages if trust and permission issues are not handled carefully

  D. Expanding the set of data owners requires an in-depth review of all data classification decisions, impacting availability during the review

  Correct Answer: C