CompTIA CAS-003 Online Practice Questions and Exam Preparation

CompTIA CAS-003 Online Questions & Answers

• Question 711:

  A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. This requirement is BEST described as an implementation of:

  A. an administrative control
  B. dual control
  C. separation of duties
  D. least privilege
  E. collusion
  C. separation of duties

  ---

  Separation of duties requires more than one person to complete a task.

• Question 712:

  The Chief Information Security Officer (CISO) has asked the security team to determine whether the organization is susceptible to a zero-day exploit utilized in the banking industry and whether attribution is possible. The CISO has asked what process would be utilized to gather the information, and then wants to apply signatureless controls to stop these kinds of attacks in the future. Which of the following are the MOST appropriate ordered steps to take to meet the CISO's request?

  A. 1. Perform the ongoing research of the best practices2. Determine current vulnerabilities and threats3. Apply Big Data techniques4. Use antivirus control
  B. 1. Apply artificial intelligence algorithms for detection2. Inform the CERT team3. Research threat intelligence and potential adversaries4. Utilize threat intelligence to apply Big Data techniques
  C. 1. Obtain the latest IOCs from the open source repositories2. Perform a sweep across the network to identify positive matches3. Sandbox any suspicious files4. Notify the CERT team to apply a future proof threat model
  D. 1. Analyze the current threat intelligence2. Utilize information sharing to obtain the latest industry IOCs3. Perform a sweep across the network to identify positive matches4. Apply machine learning algorithms
  C. 1. Obtain the latest IOCs from the open source repositories2. Perform a sweep across the network to identify positive matches3. Sandbox any suspicious files4. Notify the CERT team to apply a future proof threat model

• Question 713:

  An e-commerce company that provides payment gateways is concerned about the growing expense and time associated with PCI audits of its payment gateways and external audits by customers for their own compliance reasons The Chief Information Officer (CIO) asks the security team to provide a list of options that will:

  1.

  Reduce the overall cost of these audits

  2.

  Leverage existing infrastructure where possible

  3.

  Keep infrastructure costs to a minimum

  4.

  Provide some level of attestation of compliance

  Which of the following will BEST address the CIO"s concerns? (Select TWO)

  A. Invest in new UBA to detect report, and remediate attacks faster
  B. Segment the network to reduce and limit the audit scope
  C. Undertake ISO certification for all core infrastructure including datacenters.
  D. Implement a GRC system to track and monitor controls
  E. Implement DLP controls on HTTP'HTTPS and email
  F. Install EDR agents on all corporate endpoints
  C. Undertake ISO certification for all core infrastructure including datacenters.
  E. Implement DLP controls on HTTP'HTTPS and email

• Question 714:

  A security administrator wants to stand up a NIPS that is multilayered and can incorporate many security technologies into a single platform The product should have diverse capabilities, such as antivirus, VPN, and firewall services, and be able to be updated in a timely manner to meet evolving threats. Which of the following network prevention system types can be used to satisfy the requirements?

  A. Application firewall
  B. Unified threat management
  C. Enterprise firewall
  D. Content-based IPS
  A. Application firewall

• Question 715:

  An organization is engaged in international business operations and is required to comply with various legal frameworks. In addition to changes in legal frameworks, which of the following is a primary purpose of a compliance management program?

  A. Following new requirements that result from contractual obligations
  B. Answering requests from auditors that relate to e-discovery
  C. Responding to changes in regulatory requirements
  D. Developing organizational policies that relate to hiring and termination procedures
  C. Responding to changes in regulatory requirements

• Question 716:

  Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client and server components of the proprietary web application before launch. Which of the following is the penetration tester MOST likely to use while performing black box testing of the security of the company's purchased application? (Select TWO).

  A. Code review
  B. Sandbox
  C. Local proxy
  D. Fuzzer
  E. Port scanner
  C. Local proxy
  D. Fuzzer

  ---

  C: Local proxy will work by proxying traffic between the web client and the web server. This is a tool that can be put to good effect in this case.

  D: Fuzzing is another form of blackbox testing and works by feeding a program multiple input iterations that are specially written to trigger an internal error that might indicate a bug and crash it.

• Question 717:

  A security administrator is advocating for enforcement of a new policy that would require employers with privileged access accounts to undergo periodic inspections and review of certain job performance data. To which of the following policies is the security administrator MOST likely referring?

  A. Background investigation
  B. Mandatory vacation
  C. Least privilege
  D. Separation of duties
  B. Mandatory vacation

• Question 718:

  A firewall specialist has been newly assigned to participate in red team exercises and needs to ensure the skills represent real-world threats.

  Which of the following would be the BEST choice to help the new team member learn bleeding-edge techniques?

  A. Attend hacking conventions.
  B. Research methods while using Tor.
  C. Interview current red team members.
  D. Attend web-based training.
  A. Attend hacking conventions.

• Question 719:

  Given the following code snippet:

  

  Which of the following failure modes would the code exhibit?

  A. Open
  B. Secure
  C. Halt
  D. Exception
  D. Exception

• Question 720:

  A security administrator wants to prevent sensitive data residing on corporate laptops and desktops from leaking outside of the corporate network. The company has already implemented full-disk encryption and has disabled all peripheral devices on its desktops and laptops. Which of the following additional controls MUST be implemented to minimize the risk of data leakage? (Select TWO).

  A. A full-system backup should be implemented to a third-party provider with strong encryption for data in transit.
  B. A DLP gateway should be installed at the company border.
  C. Strong authentication should be implemented via external biometric devices.
  D. Full-tunnel VPN should be required for all network communication.
  E. Full-drive file hashing should be implemented with hashes stored on separate storage.
  F. Split-tunnel VPN should be enforced when transferring sensitive data.
  B. A DLP gateway should be installed at the company border.
  D. Full-tunnel VPN should be required for all network communication.

  ---

  Web mail, Instant Messaging and personal networking sites are some of the most common means by which corporate data is leaked.

  Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer. DLP software products use business rules to classify and protect confidential and critical information so that unauthorized end users cannot accidentally or maliciously share data whose disclosure could put the organization at risk. For

  example, if an employee tried to forward a business email outside the corporate domain or upload a corporate file to a consumer cloud storage service like Dropbox, the employee would be denied permission.

  Full-tunnel VPN should be required for all network communication. This will ensure that all data transmitted over the network is encrypted which would prevent a malicious user accessing the data by using packet sniffing.