CompTIA CAS-003 Online Practice Questions and Exam Preparation

CompTIA CAS-003 Online Questions & Answers

• Question 521:

  An analyst has noticed unusual activities in the SIEM to a .cn domain name. Which of the following should the analyst use to identify the content of the traffic?

  A. Log review
  B. Service discovery
  C. Packet capture
  D. DNS harvesting
  D. DNS harvesting

• Question 522:

  A network administrator with a company's NSP has received a CERT alert for targeted adversarial behavior at the company. In addition to the company's physical security, which of the following can the network administrator use to detect the presence of a malicious actor physically accessing the company's network or information systems from within? (Select TWO).

  A. RAS
  B. Vulnerability scanner
  C. HTTP intercept
  D. HIDS
  E. Port scanner
  F. Protocol analyzer
  D. HIDS
  F. Protocol analyzer

  ---

  A protocol analyzer can be used to capture and analyze signals and data traffic over a communication channel which makes it ideal for use to assess a company's network from within under the circumstances.

  HIDS is used as an intrusion detection system that can monitor and analyze the internal company network especially the dynamic behavior and the state of the computer systems; behavior such as network packets targeted at that specific host, which programs accesses what resources etc.

• Question 523:

  A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior. The company must deploy a host solution to meet the following requirements:

  1.

  Detect administrative actions

  2.

  Block unwanted MD5 hashes

  3.

  Provide alerts

  4.

  Stop exfiltration of cardholder data

  Which of the following solutions would BEST meet these requirements? (Choose two.)

  A. AV
  B. EDR
  C. HIDS
  D. DLP
  E. HIPS
  F. EFS
  B. EDR
  E. HIPS

• Question 524:

  An analyst connects to a company web conference hosted on www.webconference.com/meetingID#01234 and observes that numerous guests have been allowed to join, without providing identifying information. The topics covered during the web conference are considered proprietary to the company. Which of the following security concerns does the analyst present to management?

  A. Guest users could present a risk to the integrity of the company's information.
  B. Authenticated users could sponsor guest access that was previously approved by management.
  C. Unauthenticated users could present a risk to the confidentiality of the company's information.
  D. Meeting owners could sponsor guest access if they have passed a background check.
  C. Unauthenticated users could present a risk to the confidentiality of the company's information.

  ---

  The issue at stake in this question is confidentiality of information. Topics covered during the web conference are considered proprietary and should remain confidential, which means it should not be shared with unauthorized users.

• Question 525:

  A technician is configuring security options on the mobile device manager for users who often utilize public Internet connections while travelling. After ensuring that full disk encryption is enabled, which of the following security measures should the technician take? (Choose two.)

  A. Require all mobile device backups to be encrypted
  B. Ensure all mobile devices back up using USB OTG
  C. Issue a remote wipe of corporate and personal partitions
  D. Restrict devices from making long-distance calls during business hours
  E. Implement an always-on VPN
  C. Issue a remote wipe of corporate and personal partitions
  E. Implement an always-on VPN

• Question 526:

  To meet a SLA, which of the following documents should be drafted, defining the company's internal interdependent unit responsibilities and delivery timelines.

  A. BPA
  B. OLA
  C. MSA
  D. MOU
  B. OLA

  ---

  OLA is an agreement between the internal support groups of an institution that supports SLA. According to the Operational Level Agreement, each internal support group has certain responsibilities to the other group. The OLA clearly depicts the performance and relationship of the internal service groups. The main objective of OLA is to ensure that all the support groups provide the intended ServiceLevelAgreement.

• Question 527:

  An enterprise is configuring an SSL client-based VPN for certificate authentication. The trusted root certificate from the CA is imported into the firewall, and the VPN configuration in the firewall is configured for certificate authentication. Signed certificates from the trusted CA are distributed to user devices. The CA certificate is set as trusted on the end-user devices, and the VPN client is configured on the end-user devices When the end users attempt to connect however, the firewall rejects the connection after a brief period Which of the following is the MOST likely reason the firewall rejects the connection?

  A. In the firewall, compatible cipher suites must be enabled
  B. In the VPN client, the CA CRL address needs to be specified manually
  C. In the router, IPSec traffic needs to be allowed in bridged mode
  D. In the CA. the SAN field must be set for the root CA certificate and then reissued
  A. In the firewall, compatible cipher suites must be enabled

• Question 528:

  A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP. Block is an except of output from the troubleshooting session:

  

  Which of the following BEST explains why secure LDAP is not working? (Select TWO.)

  A. The clients may not trust idapt by default.
  B. The secure LDAP service is not started, so no connections can be made.
  C. Danvills.com is under a DDoS-inator attack and cannot respond to OCSP requests.
  D. Secure LDAP should be running on UDP rather than TCP.
  E. The company is using the wrong port. It should be using port 389 for secure LDAP.
  F. Secure LDAP does not support wildcard certificates.
  G. The clients may not trust Chicago by default.
  B. The secure LDAP service is not started, so no connections can be made.
  E. The company is using the wrong port. It should be using port 389 for secure LDAP.

• Question 529:

  Which of the following BEST sets expectation between the security team and business units within an organization?

  A. Risk assessment
  B. Memorandum of understanding
  C. Business impact analysis
  D. Business partnership agreement
  E. Services level agreement
  C. Business impact analysis

• Question 530:

  A small firm's newly created website has several design flaws The developer created the website to be fully compatible with ActiveX scripts in order to use various digital certificates and trusting certificate authorities. However, vulnerability testing indicates sandboxes were enabled, which restricts the code's access to resources within the user's computer. Which of the following is the MOST likely cause of the error?

  A. The developer inadvertently used Java applets.
  B. The developer established a corporate account with a non-reputable certification authority.
  C. The developer used fuzzy logic to determine how the web browser would respond once ports 80 and 443 were both open
  D. The developer did not consider that mobile code would be transmitted across the network.
  A. The developer inadvertently used Java applets.