1. Home
  2. CompTIA
  3. CAS-003

CompTIA CAS-003 Online Practice Questions and Exam Preparation

CAS-003 Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-003 Online Questions & Answers

  • Question 551:

    A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs. The program has highlighted the following requirements:

    Long-lived sessions are required, as users do not log in very often.

    The solution has multiple SPs, which include mobile and web applications.

    A centralized IdP is utilized for all customer digital channels.

    The applications provide different functionality types such as forums and customer portals.

    The user experience needs to be the same across both mobile and web-based applications.

    Which of the following would BEST improve security while meeting these requirements?

    A. Social login to IdP, securely store the session cookies, and implement one-time passwords sent to the mobile device
    B. Create-based authentication to IdP, securely store access tokens, and implement secure push notifications.
    C. Username and password authentication to IdP, securely store refresh tokens, and implement context-aware authentication.
    D. Username and password authentication to SP, securely store Java web tokens, and implement SMS OTPs.

  • Question 552:

    A security administrator wants to implement an MDM solution to secure access to company email and files in a BYOD environment The solution must support the following requirements:

    1.

    Company administrators should not have access to employee's personal information.

    2.

    A rooted or jailbroken device should not have access to company sensitive information. Which of the following BEST addresses the associated risks?

    A. Codesigning
    B. VPN
    C. FDE
    D. Containerization

  • Question 553:

    A legacy web application, which is being used by a hospital, cannot be upgraded for 12 months. A new vulnerability is found in the legacy application, and the networking team is tasked with mitigation. Middleware for mitigation will cost $100,000 per year. Which of the following must be calculated to determine ROI? (Choose two.)

    A. ALE
    B. RTO
    C. MTBF
    D. ARO
    E. RPO

  • Question 554:

    The email administrator must reduce the number of phishing emails by utilizing more appropriate security controls. The following configurations already are in place:

    1.

    Keyword blocking based on word lists

    2.

    URL rewnting and protection

    3.

    Stopping executable files from messages

    Which of the following is the BEST configuration change for the administrator to make?

    A. Configure more robust word lists for blocking suspicious emails
    B. Configure appropriate regular expression rules per suspicious email received
    C. Configure Bayesian filtering to block suspicious inbound email
    D. Configure the mail gateway to strip any attachments.

  • Question 555:

    An organization relies heavily on third-party mobile applications for official use within a BYOD deployment scheme An excerpt from an approved text-based-chat client application AndroidManifest xml is as follows:

    Which of the following would restrict application permissions while minimizing the impact to normal device operations?

    A. Add the application to the enterprise mobile whitelist.
    B. Use the MDM to disable the devices' recording microphones and SMS.
    C. Wrap the application before deployment.
    D. Install the application outside of the corporate container.

  • Question 556:

    An intruder was recently discovered inside the data center, a highly sensitive area. To gain access, the intruder circumvented numerous layers of physical and electronic security measures. Company leadership has asked for a thorough review of physical security controls to prevent this from happening again. Which of the following departments are the MOST heavily invested in rectifying the problem? (Select THREE).

    A. Facilities management
    B. Human resources
    C. Research and development
    D. Programming
    E. Data center operations
    F. Marketing
    G. Information technology

  • Question 557:

    Which of the following provides the BEST risk calculation methodology?

    A. Annual Loss Expectancy (ALE) x Value of Asset
    B. Potential Loss x Event Probability x Control Failure Probability
    C. Impact x Threat x Vulnerability
    D. Risk Likelihood x Annual Loss Expectancy (ALE)

  • Question 558:

    A security researcher at an organization is reviewing potential threats to the VoIP phone system infrastructure, which uses a gigabit Internet connection. The researcher finds a vulnerability and knows placing an IPS in front of the phone system will mitigate the risk. The researcher gathers the following information about various IPS systems:

    The organization is concerned about cost, but call quality is critical to its operations. Which of the following vendors would be BEST for the organization to choose?

    A. Vendor 1
    B. Vendor 2
    C. Vendor 3
    D. Vendor 4
    E. Vendor 5

  • Question 559:

    A security engineer is working with a software development team. The engineer is tasked with ensuring all security requirements are adhered to by the developers. Which of the following BEST describes the contents of the supporting document the engineer is creating?

    A. A series of ad-hoc tests that each verify security control functionality of the entire system at once.
    B. A series of discrete tasks that, when viewed in total, can be used to verify and document each individual constraint from the SRTM.
    C. A set of formal methods that apply to one or more of the programing languages used on the development project.
    D. A methodology to verify each security control in each unit of developed code prior to committing the code.

  • Question 560:

    The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation shows that a single 24 hours downtime in a critical business function will cost the business $2.3 million. Additionally, the business unit which depends on the critical business function has determined that there is a high probability that a threat will materialize based on historical data. The CIO's budget does not allow for full system hardware replacement in case of a catastrophic failure, nor does it allow for the purchase of additional compensating controls. Which of the following should the CIO recommend to the finance director to minimize financial loss?

    A. The company should mitigate the risk.
    B. The company should transfer the risk.
    C. The company should avoid the risk.
    D. The company should accept the risk.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.