CAS-003 Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-003 Online Questions & Answers

  • Question 741:

    A company's chief cybersecurity architect wants to configure mutual authentication to access an internal payroll website. The architect has asked the administration team to determine the configuration that would provide the best defense against MITM attacks. Which of the following implementation approaches would BEST support the architect's goals?

    A. Utilize a challenge-response prompt as required input at username/password entry.
    B. Implement TLS and require the client to use its own certificate during handshake.
    C. Configure a web application proxy and institute monitoring of HTTPS transactions.
    D. Install a reverse proxy in the corporate DMZ configured to decrypt TLS sessions.

  • Question 742:

    A SaaS provider decides to offer data storage as a service. For simplicity, the company wants to make the service available over industry standard APIs, routable over the public Internet. Which of the following controls offers the MOST protection to the company and its customers' information?

    A. Detailed application logging
    B. Use of non-standard ports
    C. Web application firewall
    D. Multifactor authentication

  • Question 743:

    The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. The Chief Information Officer (CIO) wants to determine which additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable. Which of the following BEST describes the scenario presented and the document the ISO is reviewing?

    A. The ISO is evaluating the business implications of a recent telephone system failure within the BIA.
    B. The ISO is investigating the impact of a possible downtime of the messaging system within the RA.
    C. The ISO is calculating the budget adjustment needed to ensure audio/video system redundancy within the RFQ.
    D. The ISO is assessing the effect of a simulated downtime involving the telecommunication system within the AAR.

  • Question 744:

    A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer's company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?

    A. DLP
    B. Mail gateway
    C. Data flow enforcement
    D. UTM

  • Question 745:

    A vulnerability scanner report shows that a client-server host monitoring solution operating in the credit card corporate environment is managing SSL sessions with a weak algorithm which does not meet corporate policy. Which of the following are true statements? (Select TWO).

    A. The X509 V3 certificate was issued by a non trusted public CA.
    B. The client-server handshake could not negotiate strong ciphers.
    C. The client-server handshake is configured with a wrong priority.
    D. The client-server handshake is based on TLS authentication.
    E. The X509 V3 certificate is expired.
    F. The client-server implements client-server mutual authentication with different certificates.

  • Question 746:

    A small company is developing a new Internet-facing web application. The security requirements are:

    Users of the web application must be uniquely identified and authenticated.

    Users of the web application will not be added to the company's directory services.

    Passwords must not be stored in the code.

    Which of the following meets these requirements?

    A. Use OpenID and allow a third party to authenticate users.
    B. Use TLS with a shared client certificate for all users.
    C. Use SAML with federated directory services.
    D. Use Kerberos and browsers that support SAML.

  • Question 747:

    A security analyst is reviewing the following company requirements prior to selecting the appropriate technical control configuration and parameter:

    1.

    RTO:2 days

    2.

    RPO:36 hours

    3.

    MTTR:24 hours

    4.

    MTBF:60 days

    Which of the following solutions will address the RPO requirements?

    A. Remote Syslog facility collecting real-time events
    B. Server farm behind a load balancer delivering five-nines uptime
    C. Backup solution that implements daily snapshots
    D. Cloud environment distributed across geographic regions

  • Question 748:

    The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the Chief Security Officer's (CSO) request to harden the corporate network's perimeter. The CEO argues that the company cannot protect its employees at home, so the risk at work is no different. Which of the following BEST explains why this company should proceed with protecting its corporate network boundary?

    A. The corporate network is the only network that is audited by regulators and customers.
    B. The aggregation of employees on a corporate network makes it a more valuable target for attackers.
    C. Home networks are unknown to attackers and less likely to be targeted directly.
    D. Employees are more likely to be using personal computers for general web browsing when they are at home.

  • Question 749:

    A deployment manager is working with a software development group to assess the security of a new version of the organization's internally developed ERP tool. The organization prefers to not perform assessment activities following deployment, instead focusing on assessing security throughout the life cycle. Which of the following methods would BEST assess the security of the product?

    A. Static code analysis in the IDE environment
    B. Penetration testing of the UAT environment
    C. Vulnerability scanning of the production environment
    D. Penetration testing of the production environment
    E. Peer review prior to unit testing

  • Question 750:

    A company's existing forward proxies support software-based TLS decryption, but are currently at 60% load just dealing with AV scanning and content analysis for HTTP traffic. More than 70% outbound web traffic is currently encrypted. The switching and routing network infrastructure precludes adding capacity, preventing the installation of a dedicated TLS decryption system. The network firewall infrastructure is currently at 30% load and has software decryption modules that can be activated by purchasing additional license keys. An existing project is rolling out agent updates to end-user desktops as part of an endpoint security refresh.

    Which of the following is the BEST way to address these issues and mitigate risks to the organization?

    A. Purchase the SSL, decryption license for the firewalls and route traffic back to the proxies for end-user categorization and malware analysis.
    B. Roll out application whitelisting to end-user desktops and decommission the existing proxies, freeing up network ports.
    C. Use an EDP solution to address the malware issue and accept the diminishing role of the proxy for URL categorization in the short team.
    D. Accept the current risk and seek possible funding approval in the next budget cycle to replace the existing proxies with ones with more capacity.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.