1. Home
  2. CompTIA
  3. CAS-003

CompTIA CAS-003 Online Practice Questions and Exam Preparation

CAS-003 Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-003 Online Questions & Answers

  • Question 691:

    The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation. The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board meeting. Which of the following would be the BEST methods to prepare this report? (Choose two.)

    A. Review the CVE database for critical exploits over the past year
    B. Use social media to contact industry analysts
    C. Use intelligence gathered from the Internet relay chat channels
    D. Request information from security vendors and government agencies
    E. Perform a penetration test of the competitor's network and share the results with the board

  • Question 692:

    Which of the following is an external pressure that causes companies to hire security assessors and penetration testers?

    A. Lack of adequate in-house testing skills.
    B. Requirements for geographically based assessments
    C. Cost reduction measures
    D. Regulatory insistence on independent reviews.

  • Question 693:

    A networking administrator was recently promoted to security administrator in an organization that handles highly sensitive data. The Chief Information Security Officer (CISO) has just asked for all IT security personnel to review a zero-day vulnerability and exploit for specific application servers to help mitigate the organization's exposure to that risk. Which of the following should the new security administrator review to gain more information? (Choose three.)

    A. CVE database
    B. Recent security industry conferences
    C. Security vendor pages
    D. Known vendor threat models
    E. Secure routing metrics
    F. Server's vendor documentation
    G. Verified security forums
    H. NetFlow analytics

  • Question 694:

    The Chief Financial Officer (CFO) of an organization wants the IT department to add the CFO's account to the domain administrator group The IT department thinks this is nsky and wants support from the security manager before proceeding. Which of the following BEST supports the argument against providing the CFO with domain administrator access?

    A. Discretionary access control
    B. Separation of duties
    C. Data classification
    D. Mandatory access control

  • Question 695:

    A security researcher is gathering information about a recent spoke in the number of targeted attacks against multinational banks. The spike is on top of already sustained attacks against the banks. Some of the previous attacks have resulted in the loss of sensitive data, but as of yet the attackers have not successfully stolen any funds.

    Based on the information available to the researcher, which of the following is the MOST likely threat profile?

    A. Nation-state-sponsored attackers conducting espionage for strategic gain.
    B. Insiders seeking to gain access to funds for illicit purposes.
    C. Opportunists seeking notoriety and fame for personal gain.
    D. Hacktivists seeking to make a political statement because of socio-economic factors.

  • Question 696:

    A network engineer is attempting to design-in resiliency characteristics for an enterprise network's VPN services.

    If the engineer wants to help ensure some resilience against zero-day vulnerabilities exploited against the VPN implementation, which of the following decisions would BEST support this objective?

    A. Implement a reverse proxy for VPN traffic that is defended and monitored by the organization's SOC with near-real-time alerting to administrators.
    B. Subscribe to a managed service provider capable of supporting the mitigation of advanced DDoS attacks on the enterprise's pool of VPN concentrators.
    C. Distribute the VPN concentrators across multiple systems at different physical sites to ensure some backup services are available in the event of primary site loss.
    D. Employ a second VPN layer concurrently where the other layer's cryptographic implementation is sourced from a different vendor.

  • Question 697:

    An organization is currently performing a market scan for managed security services and EDR capability. Which of the following business documents should be released to the prospective vendors in the first step of the process? (Select TWO).

    A. MSA
    B. RFP
    C. NDA
    D. RFI
    E. MOU
    F. RFQ

  • Question 698:

    A project manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor's cloud-based infrastructure. The organization will maintain responsibility for the software but will not manage the underlying server applications. Which of the following does the organization plan to leverage?

    A. SaaS
    B. PaaS
    C. IaaS
    D. Hybrid cloud
    E. Network virtualization

  • Question 699:

    An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes. The machine is running a very recent release of the Linux OS. Which of the following technical approaches would be the MOST feasible way to accomplish this capture?

    A. Run the memdump utility with the -k flag.
    B. Use a loadable kernel module capture utility, such as LiME.
    C. Run dd on/dev/mem.
    D. Employ a stand-alone utility, such as FTK Imager.

  • Question 700:

    A security appliance vendor is reviewing an RFP that is requesting solutions for the defense of a set of web-based applications. This RFP is from a financial institution with very strict performance requirements. The vendor would like to respond with its solutions.

    Before responding, which of the following factors is MOST likely to have an adverse effect on the vendor's qualifications?

    A. The solution employs threat information-sharing capabilities using a proprietary data model.
    B. The RFP is issued by a financial institution that is headquartered outside of the vendor's own country.
    C. The overall solution proposed by the vendor comes in less that the TCO parameter in the RFP.
    D. The vendor's proposed solution operates below the KPPs indicated in the RFP.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.