1. Home
  2. CompTIA
  3. CAS-003

CompTIA CAS-003 Online Practice Questions and Exam Preparation

CAS-003 Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-003 Online Questions & Answers

  • Question 581:

    A security auditor suspects two employees of having devised a scheme to steal money from the company. While one employee submits purchase orders for personal items, the other employee approves these purchase orders. The auditor has contacted the human resources director with suggestions on how to detect such illegal activities. Which of the following should the human resource director implement to identify the employees involved in these activities and reduce the risk of this activity occurring in the future?

    A. Background checks
    B. Job rotation
    C. Least privilege
    D. Employee termination procedures

  • Question 582:

    An information security officer reviews a report and notices a steady increase in outbound network traffic over the past ten months. There is no clear explanation for the increase The security officer interviews several business units and discovers an unsanctioned cloud storage provider was used to share marketing materials with potential customers. Which of the following services would be BEST for the security officer to recommend to the company?

    A. NIDS
    B. HIPS
    C. CASB
    D. SFTP

  • Question 583:

    A newly hired security analyst has joined an established SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concerned about it.

    Which of the following is the MOST likely reason for the team lead's position?

    A. The organization has accepted the risks associated with web-based threats.
    B. The attack type does not meet the organization's threat model.
    C. Web-based applications are on isolated network segments.
    D. Corporate policy states that NIPS signatures must be updated every hour.

  • Question 584:

    A company uses an application in its warehouse that works with several commercially available tablets and can only be accessed inside the warehouse. The support department would like the selection of tablets to be limited to three models to provide better support and ensure spares are on hand. Users often keep the tablets after they leave the department, as many of them store personal media items.

    Which of the following should the security engineer recommend to meet these requirements?

    A. COPE with geofencing
    B. BYOD with containerization
    C. MDM with remote wipe
    D. CYOD with VPN

  • Question 585:

    The SOC has noticed an unusual volume of traffic coming from an open WiFi guest network that appears correlated with a broader network slowdown The network team is unavailable to capture traffic but logs from network services are available

    1.

    No users have authenticated recently through the guest network's captive portal

    2.

    DDoS mitigation systems are not alerting

    3.

    DNS resolver logs show some very long domain names

    Which of the following is the BEST step for a security analyst to take next?

    A. Block all outbound traffic from the guest network at the border firewall
    B. Verify the passphrase on the guest network has not been changed.
    C. Search antivirus logs for evidence of a compromised company device
    D. Review access pent fogs to identify potential zombie services

  • Question 586:

    A global company has decided to implement a cross-platform baseline of security settings for all company laptops. A security engineer is planning and executing the project. Which of the following should the security engineer recommend?

    A. Replace each laptop in the company's environment with a standardized laptop that is preconfigured to match the baseline settings
    B. Create batch script files that will enable the baseline security settings and distribute them to global employees for execution
    C. Send each laptop to a regional IT office to be reimaged with the new baseline security settings enabled and then redeployed
    D. Establish GPO configurations for each baseline setting, test that each works as expected, and have each setting deployed to the laptops.
    E. Leverage an MDM solution to apply the baseline settings and deploy continuous monitoring of security configurations.

  • Question 587:

    A security analyst sees some suspicious entries in a log file from a web server website, which has a form that allows customers to leave feedback on the company's products. The analyst believes a malicious actor is scanning the web form. To know which security controls to put in place, the analyst first needs to determine the type of activity occurring to design a control. Given the log below: Which of the following is the MOST likely type of activity occurring?

    A. SQL injection
    B. XSS scanning
    C. Fuzzing
    D. Brute forcing

  • Question 588:

    A network administrator is concerned about a particular server that is attacked occasionally from hosts on the Internet. The server is not critical; however, the attacks impact the rest of the network. While the company's current ISP is cost effective, the ISP is slow to respond to reported issues. The administrator needs to be able to mitigate the effects of an attack immediately without opening a trouble ticket with the ISP. The ISP is willing to accept a very small network route advertised with a particular BGP community string. Which of the following is the BESRT way for the administrator to mitigate the effects of these attacks?

    A. Use the route protection offered by the ISP to accept only BGP routes from trusted hosts on the Internet, which will discard traffic from attacking hosts.
    B. Work with the ISP and subscribe to an IPS filter that can recognize the attack patterns of the attacking hosts, and block those hosts at the local IPS device.
    C. Advertise a /32 route to the ISP to initiate a remotely triggered black hole, which will discard traffic destined to the problem server at the upstream provider.
    D. Add a redundant connection to a second local ISP, so a redundant connection is available for use if the server is being attacked on one connection.

  • Question 589:

    A security administrator notices a recent increase in workstations becoming compromised by malware. Often, the malware is delivered via drive-by downloads, from malware hosting websites, and is not being detected by the corporate antivirus. Which of the following solutions would provide the BEST protection for the company?

    A. Increase the frequency of antivirus downloads and install updates to all workstations.
    B. Deploy a cloud-based content filter and enable the appropriate category to prevent further infections.
    C. Deploy a WAF to inspect and block all web traffic which may contain malware and exploits.
    D. Deploy a web based gateway antivirus server to intercept viruses before they enter the network.

  • Question 590:

    A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented. The CISO wants to know upfront what the projected TCO would be before looking further into this concern. Two vendor proposals have been

    received:

    Vendor A: product-based solution which can be purchased by the pharmaceutical company. Capital expenses to cover central log collectors, correlators, storage and management consoles expected to be $150,000. Operational expenses are

    expected to be a 0.5 full time employee (FTE) to manage the solution, and 1 full time employee to respond to incidents per year.

    Vendor B: managed service-based solution which can be the outsourcer for the pharmaceutical company's needs.

    Bundled offering expected to be $100,000 per year.

    Operational expenses for the pharmaceutical company to partner with the vendor are expected to be a 0.5 FTE per year.

    Internal employee costs are averaged to be $80,000 per year per FTE. Based on calculating TCO of the two vendor proposals over a 5 year period, which of the following options is MOST accurate?

    A. Based on cost alone, having an outsourced solution appears cheaper.
    B. Based on cost alone, having an outsourced solution appears to be more expensive.
    C. Based on cost alone, both outsourced an in-sourced solutions appear to be the same.
    D. Based on cost alone, having a purchased product solution appears cheaper.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.