CompTIA CAS-003 Online Practice Questions and Exam Preparation

CompTIA CAS-003 Online Questions & Answers

• Question 501:

  A developer is determining the best way to improve security within the code being developed. The developer is focusing on input fields where customers enter their credit card details. Which of the following techniques, if implemented in the code, would be the MOST effective in protecting the fields from malformed input?

  A. Client side input validation
  B. Stored procedure
  C. Encrypting credit card details
  D. Regular expression matching
  D. Regular expression matching

  ---

  Regular expression matching is a technique for reading and validating input, particularly in web software. This question is asking about securing input fields where customers enter their credit card details. In this case, the expected input into the credit card number field would be a sequence of numbers of a certain length. We can use regular expression matching to verify that the input is indeed a sequence of numbers. Anything that is not a sequence of numbers could be malicious code.

• Question 502:

  A company has issued a new mobile device policy permitting BYOD and company-issued devices. The company-issued device has a managed middleware client that restricts the applications allowed on company devices and provides those that are approved. The middleware client provides configuration standardization for both company owned and BYOD to secure data and communication to the device according to industry best practices. The policy states that, "BYOD clients must meet the company's infrastructure requirements to permit a connection." The company also issues a memorandum separate from the policy, which provides instructions for the purchase, installation, and use of the middleware client on BYOD. Which of the following is being described?

  A. Asset management
  B. IT governance
  C. Change management
  D. Transference of risk
  B. IT governance

  ---

  It governance is aimed at managing information security risks. It entails educating users about risk and implementing policies and procedures to reduce risk.

• Question 503:

  A company is implementing a new secure identity application, given the following requirements

  1.

  The cryptographic secrets used in the application must never be exposed to users or the OS

  2.

  The application must work on mobile devices.

  3.

  The application must work with the company's badge reader system

  Which of the following mobile device specifications are required for this design? (Select TWO).

  A. Secure element
  B. Biometrics
  C. UEFI
  D. SEAndroid
  E. NFC
  F. HSM
  B. Biometrics
  E. NFC

• Question 504:

  A project manager is working with a software development group to collect and evaluate user scenarios related to the organization's internally designed data analytics tool. While reviewing stakeholder input, the project manager would like to formally document the needs of the various stakeholders and the associated organizational compliance objectives supported by the project.

  Which of the following would be MOST appropriate to use?

  A. Roles matrix
  B. Peer review
  C. BIA
  D. SRTM
  D. SRTM

• Question 505:

  A company is the victim of a phishing and spear-phishing campaign Users are Clicking on website links that look like common bank sites and entering their credentials accidentally A security engineer decides to use a layered defense to prevent the phishing or lessen its impact Which of the following should the security engineer implement? (Select TWO)

  A. Spam filter
  B. Host intrusion prevention
  C. Client certificates
  D. Content filter
  E. Log monitoring
  F. Data loss prevention
  A. Spam filter
  D. Content filter

• Question 506:

  A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relations employee who has access to several of the compromised accounts. Subsequent antivirus scans of the device do not return an findings, but the CIRT finds undocumented services running on the device. Which of the following controls would reduce the discovery time for similar in the future.

  A. Implementing application blacklisting
  B. Configuring the mall to quarantine incoming attachment automatically
  C. Deploying host-based firewalls and shipping the logs to the SIEM
  D. Increasing the cadence for antivirus DAT updates to twice daily
  C. Deploying host-based firewalls and shipping the logs to the SIEM

• Question 507:

  A company recently deployed an agent-based DLP solution to all laptop in the environment. The DLP solution is configured to restrict the following:

  1.

  USB ports

  2.

  FTP connections

  3.

  Access to cloud-based storage sites

  4.

  Outgoing email attachments

  5.

  Saving data on the local C: drive

  6.

  Despite these restrictions, highly confidential data was from a secure fileshare in the research department.

  Which of the following should the security team implement FIRST?

  A. Application whitelisting for all company-owned devices
  B. A secure VDI environment for research department employees
  C. NIDS/NIPS on the network segment used by the research department
  D. Bluetooth restriction on all laptops
  A. Application whitelisting for all company-owned devices

  ---

  Questions and Answers PDF P-246

• Question 508:

  A user has a laptop configured with multiple operating system installations. The operating systems are all installed on a single SSD, but each has its own partition and logical volume. Which of the following is the BEST way to ensure confidentiality of individual operating system data?

  A. Encryption of each individual partition
  B. Encryption of the SSD at the file level
  C. FDE of each logical volume on the SSD
  D. FDE of the entire SSD as a single disk
  A. Encryption of each individual partition

  ---

  In this question, we have multiple operating system installations on a single disk. Some operating systems store their boot loader in the MBR of the disk. However, some operating systems install their boot loader outside the MBR especially when multiple operating systems are installed. We need to encrypt as much data as possible but we cannot encrypt the boot loaders. This would prevent the operating systems from loading.

  Therefore, the solution is to encrypt each individual partition separately.

• Question 509:

  A security engineer is assisting a developer with input validation, and they are studying the following code block:

  

  The security engineer wants to ensure strong input validation is in place for customer-provided account identifiers. These identifiers are ten-digit numbers. The developer wants to ensure input validation is fast because a large number of people use the system.

  Which of the following would be the BEST advice for the security engineer to give to the developer?

  A. Replace code with Java-based type checks
  B. Parse input into an array
  C. Use regular expressions
  D. Canonicalize input into string objects before validation
  C. Use regular expressions

• Question 510:

  The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality. Which of the following equipment MUST be deployed to guard against unknown threats?

  A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates.
  B. Implementation of an offsite data center hosting all company data, as well as deployment of VDI for all client computing needs.
  C. Host based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs.
  D. Behavior based IPS with a communication link to a cloud based vulnerability and threat feed.
  D. Behavior based IPS with a communication link to a cloud based vulnerability and threat feed.

  ---

  Good preventive security practices are a must. These include installing and keeping firewall policies carefully matched to business and application needs, keeping antivirus software updated, blocking potentially harmful file attachments and keeping all systems patched against known vulnerabilities. Vulnerability scans are a good means of measuring the effectiveness of preventive procedures. Real-time protection: Deploy inline intrusion-prevention systems (IPS) that offer comprehensive protection. When considering an IPS, seek the following capabilities: network-level protection, application integrity checking, application protocol Request for Comment (RFC) validation, content validation and forensics capability. In this case it would be behavior-based IPS with a communication link to a cloud-based vulnerability and threat feed.