CompTIA CAS-003 Online Practice Questions and Exam Preparation

CompTIA CAS-003 Online Questions & Answers

• Question 671:

  Company ABC's SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to buying a new SAN?

  A. Enable multipath to increase availability
  B. Enable deduplication on the storage pools
  C. Implement snapshots to reduce virtual disk size
  D. Implement replication to offsite datacenter
  B. Enable deduplication on the storage pools

  ---

  Storage-based data deduplication reduces the amount of storage needed for a given set of files. It is most effective in applications where many copies of very similar or even identical data are stored on a single disk.

  It is common for multiple copies of files to exist on a SAN. By eliminating (deduplicating) repeated copies of the files, we can reduce the disk space used on the existing SAN. This solution is a cost effective alternative to buying a new SAN.

• Question 672:

  A firm's Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the product's reliability, stability, and performance. Which of the following would provide the MOST thorough testing and satisfy the CEO's requirements?

  A. Sign a MOU with a marketing firm to preserve the company reputation and use in-house resources for random testing.
  B. Sign a BPA with a small software consulting firm and use the firm to perform Black box testing and address all findings.
  C. Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.
  D. Use the most qualified and senior developers on the project to perform a variety of White box testing and code reviews.
  C. Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.

  ---

  Gray box testing has limited knowledge of the system as an attacker would. The base code would remain confidential. This would further be enhanced by a Non-disclosure agreement (NDA) which is designed to protect confidential information.

• Question 673:

  An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management (CRM) application. Which of the following ensures the organization mitigates the risk of managing separate user credentials?

  A. Ensure the SaaS provider supports dual factor authentication.
  B. Ensure the SaaS provider supports encrypted password transmission and storage.
  C. Ensure the SaaS provider supports secure hash file exchange.
  D. Ensure the SaaS provider supports role-based access control.
  E. Ensure the SaaS provider supports directory services federation.
  E. Ensure the SaaS provider supports directory services federation.

  ---

  A SaaS application that has a federation server within the customer's network that interfaces with the customer's own enterprise user-directory service can provide single sign-on authentication. This federation server has a trust relationship with a corresponding federation server located within the SaaS provider's network.

  Single sign-on will mitigate the risk of managing separate user credentials.

• Question 674:

  A software development team is conducting functional and user acceptance testing of internally developed web applications using a COTS solution. For automated testing, the solution uses valid user credentials from the enterprise directory to authenticate to each application. The solution stores the username in plain text and the corresponding password as an encoded string in a script within a file, located on a globally accessible network share. The account credentials used belong to the development team lead. To reduce the risks associated with this scenario while minimizing disruption to ongoing testing, which of the following are the BEST actions to take? (Choose two.)

  A. Restrict access to the network share by adding a group only for developers to the share's ACL
  B. Implement a new COTS solution that does not use hard-coded credentials and integrates with directory services
  C. Obfuscate the username within the script file with encoding to prevent easy identification and the account used
  D. Provision a new user account within the enterprise directory and enable its use for authentication to the target applications. Share the username and password with all developers for use in their individual scripts
  E. Redesign the web applications to accept single-use, local account credentials for authentication
  A. Restrict access to the network share by adding a group only for developers to the share's ACL
  B. Implement a new COTS solution that does not use hard-coded credentials and integrates with directory services

• Question 675:

  As part of the asset management life cycle, a company engages a certified equipment disposal vendor to appropriately recycle and destroy company assets that are no longer in use. As part of the company's vendor due diligence, which of the following would be MOST important to obtain from the vendor?

  A. A copy of the vendor's information security policies.
  B. A copy of the current audit reports and certifications held by the vendor.
  C. A signed NDA that covers all the data contained on the corporate systems.
  D. A copy of the procedures used to demonstrate compliance with certification requirements.
  C. A signed NDA that covers all the data contained on the corporate systems.

• Question 676:

  A security engineer is performing an assessment again for a company. The security engineer examines the following output from the review:

  Which of the following tools is the engineer utilizing to perform this assessment?

  

  A. Vulnerability scanner
  B. SCAP scanner
  C. Port scanner
  D. Interception proxy
  B. SCAP scanner

• Question 677:

  A manufacturing company employs SCADA systems to drive assembly lines across geographically dispersed sites. Therefore, the company must use the Internet to transport control messages and responses. Which of the following architectural changes when integrated will BEST reduce the manufacturing control system's attack surface? (Select TWO)

  A. Design a patch management capability for control systems.
  B. Implement supply chain security.
  C. Integrate message authentication
  D. Add sensors and collectors at the Internet boundary.
  E. Isolate control systems from enterprise systems.
  F. Implement a site-to-site VPN across sites
  A. Design a patch management capability for control systems.
  E. Isolate control systems from enterprise systems.

• Question 678:

  An insurance company is looking to purchase a smaller company in another country. Which of the following tasks would the security administrator perform as part of the security due diligence?

  A. Review switch and router configurations
  B. Review the security policies and standards
  C. Perform a network penetration test
  D. Review the firewall rule set and IPS logs
  B. Review the security policies and standards

  ---

  IT security professionals should have a chance to review the security controls and practices of a company targeted for acquisition. Any irregularities that are found should be reported to management so that expenses and concerns are properly identified.

• Question 679:

  The network administrator at an enterprise reported a large data leak. One compromised server was used to aggregate data from several critical application servers and send it out to the Internet using HTTPS. Upon investigation, there have been no user logins over the previous week and the endpoint protection software is not reporting any issues. Which of the following BEST provides insight into where the compromised server collected the information?

  A. Review the flow data against each server's baseline communications profile.
  B. Configure the server logs to collect unusual activity including failed logins and restarted services.
  C. Correlate data loss prevention logs for anomalous communications from the server.
  D. Setup a packet capture on the firewall to collect all of the server communications.
  A. Review the flow data against each server's baseline communications profile.

  ---

  Network logging tools such as Syslog, DNS, NetFlow, behavior analytics, IP reputation, honeypots, and DLP solutions provide visibility into the entire infrastructure. This visibility is important because signature-based systems are no longer sufficient for identifying the advanced attacker that relies heavily on custom malware and zero-day exploits. Having knowledge of each host's communications, protocols, and traffic volumes as well as the content of the data in question is key to identifying zero-day and APT (advance persistent threat) malware and agents. Data intelligence allows forensic analysis to identify anomalous or suspicious communications by comparing suspected traffic patterns against normal data communication behavioral baselines. Automated network intelligence and next-generation live forensics provide insight into network events and rely on analytical decisions based on known vs. unknown behavior taking place within a corporate network.

• Question 680:

  A company's employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones

  continue to sync email while traveling.

  Which of the following is the MOST likely explanation? (Choose two.)

  A. Outdated geographic IP information
  B. Privilege escalation attack
  C. VPN on the mobile device
  D. Unrestricted email administrator accounts
  E. Client use of UDP protocols
  F. Disabled GPS on mobile devices
  A. Outdated geographic IP information
  C. VPN on the mobile device