1. Home
  2. CompTIA
  3. CAS-003

CompTIA Advanced Security Practitioner (CASP+)

Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CompTIA Certifications CAS-003 Questions & Answers

  • Question 641:

    A cybersecurity analyst is hired to review the security the posture of a company. The cybersecurity analyst notice a very high network bandwidth consumption due to SYN floods from a small number of IP addresses. Which of the following would be the BEST action to take to support incident response?

    A. Increase the company's bandwidth.

    B. Apply ingress filters at the routers.

    C. Install a packet capturing tool.

    D. Block all SYN packets.

  • Question 642:

    Ann, a terminated employee, left personal photos on a company-issued laptop and no longer has access to them. Ann emails her previous manager and asks to get her personal photos back. Which of the following BEST describes how the manager should respond?

    A. Determine if the data still exists by inspecting to ascertain if the laptop has already been wiped and if the storage team has recent backups.

    B. Inform Ann that the laptop was for company data only and she should not have stored personal photos on a company asset.

    C. Report the email because it may have been a spoofed request coming from an attacker who is trying to exfiltrate data from the company laptop.

    D. Consult with the legal and/or human resources department and check company policies around employment and termination procedures.

  • Question 643:

    A Chief Information Security Officer (CISO) is reviewing the results of a gap analysis with an outside cybersecurity consultant. The gap analysis reviewed all procedural and technical controls and found the following:

    1.

    High-impact controls implemented: 6 out of 10

    2.

    Medium-impact controls implemented: 409 out of 472

    3.

    Low-impact controls implemented: 97 out of 1000

    The report includes a cost-benefit analysis for each control gap. The analysis yielded the following information:

    1.

    Average high-impact control implementation cost: $15,000; Probable ALE for each high-impact control gap: $95,000

    2.

    Average medium-impact control implementation cost: $6,250; Probable ALE for each medium-impact control gap: $11,000

    Due to the technical construction and configuration of the corporate enterprise, slightly more than 50% of the medium-impact controls will take two years to fully implement. Which of the following conclusions could the CISO draw from the

    analysis?

    A. Too much emphasis has been placed on eliminating low-risk vulnerabilities in the past

    B. The enterprise security team has focused exclusively on mitigating high-level risks

    C. Because of the significant ALE for each high-risk vulnerability, efforts should be focused on those controls

    D. The cybersecurity team has balanced residual risk for both high and medium controls

  • Question 644:

    A security controls assessor intends to perform a holistic configuration compliance test of networked assets. The assessor has been handed a package of definitions provided in XML format, and many of the files have two common tags within them: "" and "". Which of the following tools BEST supports the use of these definitions?

    A. HTTP interceptor

    B. Static code analyzer

    C. SCAP scanner

    D. XML fuzzer

  • Question 645:

    An administrator is working with management to develop policies related to the use of the cloud-based resources that contain corporate data. Management plans to require some control over organizational data stored on personal devices, such as tablets. Which of the following controls would BEST support management's policy?

    A. MDM

    B. Sandboxing

    C. Mobile tokenization

    D. FDE

    E. MFA

  • Question 646:

    An enterprise with global sites processes and exchanges highly sensitive information that is protected under several countries' arms trafficking laws. There is new information that malicious nation-state-sponsored activities are targeting the use of encryption between the geographically disparate sites. The organization currently employs ECDSA and ECDH with P-384, SHA-384, and AES-256-GCM on VPNs between sites.

    Which of the following techniques would MOST likely improve the resilience of the enterprise to attack on cryptographic implementation?

    A. Add a second-layer VPN from a different vendor between sites.

    B. Upgrade the cipher suite to use an authenticated AES mode of operation.

    C. Use a stronger elliptic curve cryptography algorithm.

    D. Implement an IDS with sensors inside (clear-text) and outside (cipher-text) of each tunnel between sites.

    E. Ensure cryptography modules are kept up to date from vendor supplying them.

  • Question 647:

    A hospital uses a legacy electronic medical record system that requires multicast for traffic between the application servers and databases on virtual hosts that support segments of the application. Following a switch upgrade, the electronic medical record is unavailable despite physical connectivity between the hypervisor and the storage being in place. The network team must enable multicast traffic to restore access to the electronic medical record. The ISM states that the network team must reduce the footprint of multicast traffic on the network.

    Using the above information, on which VLANs should multicast be enabled?

    A. VLAN201, VLAN202, VLAN400

    B. VLAN201, VLAN202, VLAN700

    C. VLAN201, VLAN202, VLAN400, VLAN680, VLAN700

    D. VLAN400, VLAN680, VLAN700

  • Question 648:

    Given the following code snippet: Which of the following failure modes would the code exhibit?

    A. Open

    B. Secure

    C. Halt

    D. Exception

  • Question 649:

    A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production code on the project.

    Which of the following methods could be used in addition to an integrated development environment to reduce the severity of the issue?

    A. Conduct a penetration test on each function as it is developed

    B. Develop a set of basic checks for common coding errors

    C. Adopt a waterfall method of software development

    D. Implement unit tests that incorporate static code analyzers

  • Question 650:

    An investigation showed a worm was introduced from an engineer's laptop. It was determined the company does not provide engineers with company-owned laptops, which would be subject to a company policy and technical controls. Which of the following would be the MOST secure control implement?

    A. Deploy HIDS on all engineer-provided laptops, and put a new router in the management network.

    B. Implement role-based group policies on the management network for client access.

    C. Utilize a jump box that is only allowed to connect to client from the management network.

    D. Deploy a company-wide approved engineering workstation for management access.

    • Related Exams:

    Tips on How to Prepare for the Exams

    Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.