1. Home
  2. CompTIA
  3. CAS-003

CompTIA Advanced Security Practitioner (CASP+)

Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CompTIA Certifications CAS-003 Questions & Answers

  • Question 61:

    A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following.

    1.

    Transactions being required by unauthorized individual

    2.

    Complete discretion regarding client names, account numbers, and investment information.

    3.

    Malicious attacker using email to distribute malware and ransom ware.

    4.

    Exfiltration of sensitivity company information.

    The cloud-based email solution will provide an6-malware, reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the board's concerns for this email migration?

    A. Data loss prevention

    B. Endpoint detection response

    C. SSL VPN

    D. Application whitelisting

  • Question 62:

    A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation's. Given the following output:

    The penetration testers MOST likely took advantage of:

    A. A TOC/TOU vulnerability

    B. A plain-text password disclosure

    C. An integer overflow vulnerability

    D. A buffer overflow vulnerability

  • Question 63:

    Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?

    A. Traffic interceptor log analysis

    B. Log reduction and visualization tools

    C. Proof of work analysis

    D. Ledger analysis software

  • Question 64:

    A company requires a task to be carried by more than one person concurrently. This is an example of:

    A. separation of d duties.

    B. dual control

    C. least privilege

    D. job rotation

  • Question 65:

    The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

    A. Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier's post-contract renewal with a dedicated risk management team.

    B. Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.

    C. Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.

    D. Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier's rating. Report finding units that rely on the suppliers and the various risk teams.

  • Question 66:

    An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

    Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

    A. Password cracker

    B. Port scanner

    C. Account enumerator

    D. Exploitation framework

  • Question 67:

    A threat analyst notices the following URL while going through the HTTP logs.

    Which of the following attack types is the threat analyst seeing?

    A. SQL injection

    B. CSRF

    C. Session hijacking

    D. XSS

  • Question 68:

    A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.

    Which of the following should the security analyst perform?

    A. Contact the security department at the business partner and alert them to the email event.

    B. Block the IP address for the business partner at the perimeter firewall.

    C. Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.

    D. Configure the email gateway to automatically quarantine all messages originating from the business partner.

  • Question 69:

    A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

    A. Increased network latency

    B. Unavailable of key escrow

    C. Inability to selected AES-256 encryption

    D. Removal of user authentication requirements

  • Question 70:

    Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the must occur to ensure the integrity of the image?

    A. The image must be password protected against changes.

    B. A hash value of the image must be computed.

    C. The disk containing the image must be placed in a seated container.

    D. A duplicate copy of the image must be maintained

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.