CompTIA CAS-003 Online Practice Questions and Exam Preparation

CompTIA CAS-003 Online Questions & Answers

• Question 621:

  Company policy requires that all company laptops meet the following baseline requirements:

  Software requirements:

  Antivirus Anti-malware Anti-spyware Log monitoring Full-disk encryption Terminal services enabled for RDP Administrative access for local users

  Hardware restrictions:

  Bluetooth disabled FireWire disabled WiFi adapter disabled

  Ann, a web developer, reports performance issues with her laptop and is not able to access any network resources. After further investigation, a bootkit was discovered and it was trying to access external websites. Which of the following hardening techniques should be applied to mitigate this specific issue from reoccurring? (Select TWO).

  A. Group policy to limit web access
  B. Restrict VPN access for all mobile users
  C. Remove full-disk encryption
  D. Remove administrative access to local users
  E. Restrict/disable TELNET access to network resources
  F. Perform vulnerability scanning on a daily basis
  G. Restrict/disable USB access
  D. Remove administrative access to local users
  G. Restrict/disable USB access

  ---

  A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed (for example, to an unauthorized user) while at the same time masking its existence or the existence of other software. A bootkit is similar to a rootkit except the malware infects the master boot record on a hard disk. Malicious software such as bootkits or rootkits typically require administrative privileges to be installed.

  Therefore, one method of preventing such attacks is to remove administrative access for local users.

  A common source of malware infections is portable USB flash drives. The flash drives are often plugged into less secure computers such as a user's home computer and then taken to work and plugged in to a work computer. We can prevent this from happening by restricting or disabling access to USB devices.

• Question 622:

  A Chief Information Security Officer (CISO) needs to establish a KRI for a particular system. The system holds archives of contracts that are no longer in use. The contracts contain intellectual property and have a data classification of nonpublic. Which of the following be the BEST risk indicator for this system?

  A. Average minutes of downtime per quarter
  B. Percent of patches applied in the past 30 days
  C. Count of login failures per week
  D. Number of accounts accessing the system per day
  C. Count of login failures per week

• Question 623:

  Which of the following BEST represents a risk associated with merging two enterprises during an acquisition?

  A. The consolidation of two different IT enterprises increases the likelihood of the data loss because there are now two backup systems
  B. Integrating two different IT systems might result in a successful data breach if threat intelligence is not shared between the two enterprises
  C. Merging two enterprise networks could result in an expanded attack surface and could cause outages if trust and permission issues are not handled carefully
  D. Expanding the set of data owners requires an in-depth review of all data classification decisions, impacting availability during the review
  C. Merging two enterprise networks could result in an expanded attack surface and could cause outages if trust and permission issues are not handled carefully

• Question 624:

  An application development company implements object reuse to reduce life-cycle costs for the company and its clients Despite the overall cost savings, which of the following BEST describes a security risk to customers inherent within this model?

  A. Configurations of applications will affect multiple products.
  B. Reverse engineering of applications will lead to intellectual property loss
  C. Software patch deployment will occur less often
  D. Homogeneous vulnerabilities will occur across multiple products
  D. Homogeneous vulnerabilities will occur across multiple products

• Question 625:

  Legal counsel has notified the information security manager of a legal matter that will require the preservation of electronic records for 2000 sales force employees. Source records will be email, PC, network shares, and applications.

  After all restrictions have been lifted, which of the following should the information manager review?

  A. Data retention policy
  B. Legal hold
  C. Chain of custody
  D. Scope statement
  B. Legal hold

• Question 626:

  A security manager is determining the best DLP solution for an enterprise A list of requirements was created to use during the source selection. The security manager wants to confirm a solution exists for the requirements that have been defined. Which of the following should the security manager use?

  A. NDA
  B. RFP
  C. RFQ
  D. MSA
  E. RFI
  E. RFI

• Question 627:

  A company has expenenced negative publicity associated with users giving out their credentials accidentally or sharing intellectual secrets were not properly defined. The company recently implemented some new policies and is now testing

  their effectiveness. Over the last three months, the number of phishing victims-dropped from 100 to only two in the last test The DLP solution that was implemented catches potential material leaks, and the user responsible is retrained

  Personal email accounts and USB drives are restricted from the corporate network.

  Given the improvements, which of the following would a security engineer identify as being needed in a gap analysis?

  A. Additional corporate-wide training on phishing.
  B. A policy outlining what is and is not acceptable on social media.
  C. Notifications when a user falls victim to a phishing attack.
  D. Positive DLP preventions with stronger enforcement.
  B. A policy outlining what is and is not acceptable on social media.

• Question 628:

  A cybersecurity analyst is conducting packet analysis on the following:

  

  Which of the following is occurring in the given packet capture?

  A. ARP spoofing
  B. Broadcast storm
  C. Smurf attack
  D. Network enurneration
  E. Zero-day exploit
  A. ARP spoofing

• Question 629:

  A technician is reviewing the following log:

  

  Which of the following tools should the organization implement to reduce the highest risk identified in this log?

  A. NIPS
  B. DLP
  C. NGFW
  D. SIEM
  B. DLP

• Question 630:

  An internal staff member logs into an ERP platform and clicks on a record. The browser URL changes to:

  URL: http://192.168.0.100/ERP/accountId=5andaction=SELECT

  Which of the following is the MOST likely vulnerability in this ERP platform?

  A. Brute forcing of account credentials
  B. Plan-text credentials transmitted over the Internet
  C. Insecure direct object reference
  D. SQL injection of ERP back end
  C. Insecure direct object reference