CompTIA CAS-003 Online Practice Questions and Exam Preparation

CompTIA CAS-003 Online Questions & Answers

• Question 561:

  The technology steering committee is struggling with increased requirements stemming from an increase in telecommuting. The organization has not addressed telecommuting in the past. The implementation of a new SSL-VPN and a VOIP phone solution enables personnel to work from remote locations with corporate assets. Which of the following steps must the committee take FIRST to outline senior management's directives?

  A. Develop an information classification scheme that will properly secure data on corporate systems.
  B. Implement database views and constrained interfaces so remote users will be unable to access PII from personal equipment.
  C. Publish a policy that addresses the security requirements for working remotely with company equipment.
  D. Work with mid-level managers to identify and document the proper procedures for telecommuting.
  C. Publish a policy that addresses the security requirements for working remotely with company equipment.

  ---

  The question states that "the organization has not addressed telecommuting in the past". It is therefore unlikely that a company policy exists for telecommuting workers.

  There are many types of company policies including Working time, Equality and diversity, Change management, Employment policies, Security policies and Data Protection policies.

  In this question, a new method of working has been employed: remote working or telecommuting. Policies should be created to establish company security requirements (and any other requirements) for users working remotely.

• Question 562:

  Following a complete outage of the electronic medical record system for more than 18 hours, the hospital's Chief Executive Officer (CEO) has requested that the Chief Information Security Officer (CISO) perform an investigation into the possibility of a disgruntled employee causing the outage maliciously. To begin the investigation, the CISO pulls all event logs and device configurations from the time of the outage. The CISO immediately notices the configuration of a top-ofrack switch from one day prior to the outage does not match the configuration that was in place at the time of the outage. However, none of the event logs show who changed the switch configuration, and seven people have the ability to change it. Because of this, the investigation is inconclusive.

  Which of the following processes should be implemented to ensure this information is available for future investigations?

  A. Asset inventory management
  B. Incident response plan
  C. Test and evaluation
  D. Configuration and change management
  D. Configuration and change management

• Question 563:

  SIMULATION

  Compliance with company policy requires a quarterly review of firewall rules. A new administrator is asked to conduct this review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more

  restrictive. Given the following information answer the questions below:

  User Subnet: 192.168.1.0/24 Server Subnet: 192.168.2.0/24 Finance Subnet:192.168.3.0/24

  Instructions: To perform the necessary tasks, please modify the DST port, Protocol, Action, and/or Rule Order columns. Firewall ACLs are read from the top down

  Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working. Identify the rule and correct this issue.

  Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to allow communications.

  Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue.

  Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is allowed.

  Check the solution below.

  

  Check the answer below

  

  Check the answer in explanation.

  Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working. Identify the rule and correct this issue.

  The rule shown in the image below is the rule in question. It is not working because the action is set to Deny.

  This needs to be set to Permit.

  Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to allow communications.

  The web servers rule is shown in the image below. Port 80 (HTTP) needs to be changed to port 443 for HTTPS (HTTP over SSL).

  Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue.

  The SQL Server rule is shown in the image below. It is not working because the protocol is wrong. It should be TCP, not UDP.

  Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is allowed.

  The network time rule is shown in the image below.

  However, this rule is not being used because the `any' rule shown below allows all traffic and the rule is placed above the network time rule. To block all other traffic, the `any' rule needs to be set to Deny, not Permit and the rule needs to be

  placed below all the other rules (it needs to be placed at the bottom of the list to the rule is enumerated last).

• Question 564:

  A security consultant is considering authentication options for a financial institution. The following authentication options are available security mechanism to the appropriate use case. Options may be used once.

  Select and Place:

  

  

• Question 565:

  The administrator is troubleshooting availability issues on an FCoE-based storage array that uses deduplication. The single controller in the storage array has failed, so the administrator wants to move the drives to a storage array from a different manufacturer in order to access the data. Which of the following issues may potentially occur?

  A. The data may not be in a usable format.
  B. The new storage array is not FCoE based.
  C. The data may need a file system check.
  D. The new storage array also only has a single controller.
  B. The new storage array is not FCoE based.

  ---

  Fibre Channel over Ethernet (FCoE) is a computer network technology that encapsulates Fibre Channel frames over Ethernet networks. This allows Fibre Channel to use 10 Gigabit Ethernet networks (or higher speeds) while preserving the Fibre Channel protocol.

  When moving the disks to another storage array, you need to ensure that the array supports FCoE, not just regular Fiber Channel. Fiber Channel arrays and Fiber Channel over Ethernet arrays use different network connections, hardware and protocols. Fiber Channel arrays use the Fiber Channel protocol over a dedicated Fiber Channel network whereas FCoE arrays use the Fiber Channel protocol over an Ethernet network.

• Question 566:

  During a security assessment, an organization is advised of inadequate control over network segmentation. The assessor explains that the organization's reliance on VLANs to segment traffic is insufficient to provide segmentation based on regulatory standards.

  Which of the following should the organization consider implementing along with VLANs to provide a greater level of segmentation?

  A. Air gaps
  B. Access control lists
  C. Spanning tree protocol
  D. Network virtualization
  E. Elastic load balancing
  D. Network virtualization

• Question 567:

  Staff members are reporting an unusual number of device thefts associated with time out of the office. Thefts increased soon after the company deployed a new social networking app. Which of the following should the Chief Information Security Officer (CISO) recommend implementing?

  A. Automatic location check-ins
  B. Geolocated presence privacy
  C. Integrity controls
  D. NAC checks to quarantine devices
  B. Geolocated presence privacy

• Question 568:

  A regional transportation and logistics company recently hired its first Chief Information Security Officer (CISO). The CISO's first project after onboarding involved performing a vulnerability assessment against the company's public facing network. The completed scan found a legacy collaboration platform application with a critically rated vulnerability. While discussing this issue with the line of business, the CISO learns the vulnerable application cannot be updated without the company incurring significant losses due to downtime or new software purchases.

  Which of the following BEST addresses these concerns?

  A. The company should plan future maintenance windows such legacy application can be updated as needed.
  B. The CISO must accept the risk of the legacy application, as the cost of replacing the application greatly exceeds the risk to the company.
  C. The company should implement a WAF in front of the vulnerable application to filter out any traffic attempting to exploit the vulnerability.
  D. The company should build a parallel system and perform a cutover from the old application to the new application, with less downtime than an upgrade.
  C. The company should implement a WAF in front of the vulnerable application to filter out any traffic attempting to exploit the vulnerability.

• Question 569:

  After the install process, a software application executed an online activation process. After a few months, the system experienced a hardware failure. A backup image of the system was restored on a newer revision of the same brand and model device. After the restore, the specialized application no longer works. Which of the following is the MOST likely cause of the problem?

  A. The binary files used by the application have been modified by malware.
  B. The application is unable to perform remote attestation due to blocked ports.
  C. The restored image backup was encrypted with the wrong key.
  D. The hash key summary of hardware and installed software no longer match.
  D. The hash key summary of hardware and installed software no longer match.

  ---

  Different software vendors have different methods of identifying a computer used to activate software. However, a common component used in software activations is a hardware key (or hardware and software key). This key is a hash value generated based on the hardware (and possibly software) installed on the system.

  For example, when Microsoft software is activated on a computer, the software generates an installation ID that consists of the software product key used during the installation and a hardware key (hash value generated from the computer's hardware). The installation ID is submitted to Microsoft for software activation.

  Changing the hardware on a system can change the hash key which makes the software think it is installed on another computer and is therefore not activated for use on that computer. This is most likely what has happened in this question.

• Question 570:

  A manufacturing company's security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently proposed some techniques to reduce the attack surface of the ICS to the Chief Information Security Officer (CISO). Which of the following would BEST track the reductions to show the CISO the engineer's plan is successful during each phase?

  A. Conducting tabletop exercises to evaluate system risk
  B. Contracting a third-party auditor after the project is finished
  C. Performing pre- and post-implementation penetration tests
  D. Running frequent vulnerability scans during the project
  A. Conducting tabletop exercises to evaluate system risk