CompTIA CAS-003 Online Practice Questions and Exam Preparation

CompTIA CAS-003 Online Questions & Answers

• Question 661:

  A cybersecunty analyst receives a ticket that indicates a potential incident is occurring. There has been a large increase in log files generated by a website containing a ‘Contact Us' form. The analyst must determine if the increase in website traffic is due to a recent marketing campaign or if this is a potential incident.

  Which of the following would BEST assist the analyst?

  A. Ensuring proper input validation is configured on the ‘Contact Us' form
  B. Deploying a WAF in front of the public website
  C. Checking for new rules from the inbound network IPS vendor
  D. Running the website log files through a log reduction and analysis tool
  B. Deploying a WAF in front of the public website

  ---

  By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine's identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server

• Question 662:

  A hospital is deploying new imaging software that requires a web server for access to images for both local and remote users. The web server allows user authentication via secure LDAP. The information security officer wants to ensure the server does not allow unencrypted access to the imaging server by using Nmap to gather additional information. Given the following:

  1.

  The imaging server IP is 192.168.101.24.

  2.

  The domain controller IP is 192.168.100.1.

  3.

  The client machine IP is 192.168.200.37.

  Which of the following should be used to confirm this is the only open port on the web server?

  A. nmap -p 80,443 192.168.101.24
  B. nmap -p 80, 443,389,636 192.168.100.1
  C. nmap --p 80,389 192.168.200.37
  D. nmap -p- 192.168.101.24
  D. nmap -p- 192.168.101.24

• Question 663:

  A penetration tester noticed special characters in a database table. The penetration tester configured the browser to use an HTTP interceptor to verify that the front-end user registration web form accepts invalid input in the user's age field. The developer was notified and asked to fix the issue.

  Which of the following is the MOST secure solution for the developer to implement?

  A. IF $AGE == "!@#%^and*()_+?":{}[]" THEN ERROR
  B. IF $AGE == [1234567890] {1,3} THEN CONTINUE
  C. IF $AGE != "a-bA-Z!@#$%^and*()_+?"{}[]"THEN CONTINUE
  D. IF $AGE == [1-0] {0,2} THEN CONTINUE
  B. IF $AGE == [1234567890] {1,3} THEN CONTINUE

• Question 664:

  A systems administrator receives an advisory email that a recently discovered exploit is being used in another country and the financial institutions have ceased operations while they find a way to respond to the attack. Which of the following BEST describes where the administrator should look to find information on the attack to determine if a response must be prepared for the systems? (Choose two.)

  A. Bug bounty websites
  B. Hacker forums
  C. Antivirus vendor websites
  D. Trade industry association websites
  E. CVE database
  F. Company's legal department
  B. Hacker forums
  D. Trade industry association websites

• Question 665:

  A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch?

  A. Set up an air gap for the switch.
  B. Change the default password for the switch.
  C. Place the switch in a Faraday cage.
  D. Install a cable lock on the switch.
  B. Change the default password for the switch.

• Question 666:

  Which of the following activities is commonly deemed "OUT OF SCOPE" when undertaking a penetration test?

  A. Test password complexity of all login fields and input validation of form fields
  B. Reverse engineering any thick client software that has been provided for the test
  C. Undertaking network-based denial of service attacks in production environment
  D. Attempting to perform blind SQL injection and reflected cross-site scripting attacks
  E. Running a vulnerability scanning tool to assess network and host weaknesses
  C. Undertaking network-based denial of service attacks in production environment

  ---

  Penetration testing is done to look at a network in an adversarial fashion with the aim of looking at what an attacker will use. Penetration testing is done without malice and undertaking a network-based denial of service attack in the production environment is as such `OUT OF SCOPE'.

• Question 667:

  A systems administrator recently conducted a vulnerability scan of the intranet. Subsequently, the organization was successfully attacked by an adversary. Which of the following is the MOST likely explanation for why the organization's network was compromised?

  A. There was a false positive since the network was fully patched
  B. The systems administrator did not perform a full system scan
  C. The systems administrator performed a credentialed scan
  D. The vulnerability database was not updated
  C. The systems administrator performed a credentialed scan

• Question 668:

  An organization is facing budget constraints The Chief Technology Officer (CTO) wants to add a new marketing platform but the organization does not have the resources to obtain separate servers to run the new platform. The CTO recommends running the new marketing platform on a virtualized video-conferencing server because video conferencing is rarely used The Chief Information Security Officer (CISO) denies this request Which of the following BEST explains the reason why the CISO has not approved the request?

  A. Privilege escalation attacks
  B. Performance and availability
  C. Weak DAR encryption
  D. Disparate security requirements
  D. Disparate security requirements

• Question 669:

  An attacker has been compromising banking institution targets across a regional area. The Chief Information Security Officer (CISO) at a local bank wants to detect and prevent an attack before the bank becomes a victim. Which of the following actions should the CISO take?

  A. Utilize cloud-based threat analytics to identify anomalous behavior in the company's B2B and vendor traffic
  B. Purchase a CASB solution to identify and control access to cloud-based applications and services and integrate them with on-premises legacy security monitoring
  C. Instruct a security engineer to configure the IDS to consume threat intelligence feeds from an information-sharing association in the banking sector
  D. Attend and present at the regional banking association lobbying group meetings each month and facilitate a discussion on the topic.
  C. Instruct a security engineer to configure the IDS to consume threat intelligence feeds from an information-sharing association in the banking sector

• Question 670:

  A server (10.0.0.2) on the corporate network is experiencing a DoS from a number of marketing desktops that have been compromised and are connected to a separate network segment. The security engineer implements the following configuration on the management router:

  

  Which of the following is the engineer implementing?

  A. Remotely triggered black hole
  B. Route protection
  C. Port security
  D. Transport security
  E. Address space layout randomization
  B. Route protection