CAS-003 Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-003 Online Questions & Answers

  • Question 751:

    A security engineer is making certain URLs from an internal application available on the Internet The development team requires the following

    1.

    The URLs are accessible only from internal IP addresses

    2.

    Certain countries are restricted

    3.

    TLS is implemented.

    4.

    System users transparently access internal application services in a round robin to maximize performance

    Which of the following should the security engineer deploy7

    A. DNS to direct traffic and a WAF with only the specific external URLs configured
    B. A load balancer with GeolP restrictions and least-load-sensing traffic distribution
    C. An application-aware firewall with geofencing and certificate services using DNS for traffic direction
    D. A load balancer with IP ACL restrictions and a commercially available PKI certificate

  • Question 752:

    A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. Where would the consultant find this information and why would it be valuable?

    A. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection.
    B. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network.
    C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections.
    D. This information can be found by querying the network's DNS servers, and is valuable because backup DNS servers typically allow recursive queries from Internet hosts.

  • Question 753:

    An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data leakage. Given that the ARO is twice per year, the ALE resulting from a data leak is $25,000 and the ALE after implementing the web filter is $15,000. The web filtering solution will cost the organization $10,000 per year. Which of the following values is the single loss expectancy of a data leakage event after implementing the web filtering solution?

    A. $0
    B. $7,500
    C. $10,000
    D. $12,500
    E. $15,000

  • Question 754:

    Ann is testing the robustness of a marketing website through an intercepting proxy. She has intercepted the following HTTP request: POST /login.aspx HTTP/1.1 Host: comptia.org Content-type: text/html txtUsername=annandtxtPassword=annandalreadyLoggedIn=falseandsubmit=true Which of the following should Ann perform to test whether the website is susceptible to a simple authentication bypass?

    A. Remove all of the post data and change the request to /login.aspx from POST to GET
    B. Attempt to brute force all usernames and passwords using a password cracker
    C. Remove the txtPassword post data and change alreadyLoggedIn from false to true
    D. Remove the txtUsername and txtPassword post data and toggle submit from true to false

  • Question 755:

    A security analyst receives an email from a peer that includes a sample of code from a piece of malware found in an application running in the organization's staging environment. During the incident response process, it is determined the code was introduced into the environment as a result of a compromised laptop being used to harvest credentials and access the organization's code repository. While the laptop itself was not used to access the code repository, an attacker was able to leverage the harvested credentials from another system in the development environment to bypass the ACLs limiting access to the repositories. Which of the following controls MOST likely would have interrupted the kill chain in this attack?

    A. IP whitelisting on the perimeter firewall
    B. MFA for developer access
    C. Dynamic analysis scans in the production environment
    D. Blue team engagement in peer-review activities
    E. Time-based restrictions on developer access to code repositories

  • Question 756:

    A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO).

    A. Demonstration of IPS system
    B. Review vendor selection process
    C. Calculate the ALE for the event
    D. Discussion of event timeline
    E. Assigning of follow up items

  • Question 757:

    An organization uses IP address block 203.0.113.0/24 on its internal network. At the border router, the network administrator sets up rules to deny packets with a source address in this subnet from entering the network, and to deny packets with a destination address in this subnet from leaving the network. Which of the following is the administrator attempting to prevent?

    A. BGP route hijacking attacks
    B. Bogon IP network traffic
    C. IP spoofing attacks
    D. Man-in-the-middle attacks
    E. Amplified DDoS attacks

  • Question 758:

    The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank's risk committee is to ensure:

    A. Budgeting for cybersecurity increases year over year.
    B. The committee knows how much work is being done.
    C. Business units are responsible for their own mitigation.
    D. The bank is aware of the status of cybersecurity risks

  • Question 759:

    A system engineer is reviewing output from a web application vulnerability scan. The engineer has determined data is entering the application from an untrusted source and is being used to construct a query dynamically. Which of the following code snippets would BEST protect the application against an SQL injection attack?

    A. String input = request.getParameter ("SegNo"); String characterPattern = "[0-9a-zA-Z]" If (! Input. Matches (characterPattern)) out.println ("Invalid Input");
    C. catch (Exception e) if (log.isDebugEnabled ()) log.debug (context, EVENTS.ADHOC, "CaughtInvalidGSMException Exception --" + e.tostring ());
    E. Option A
    F. Option B
    G. Option C
    H. Option D

  • Question 760:

    A security analyst for a bank received an anonymous tip on the external banking website showing the following:

    Protocols supported

    -TLS 1.0

    -

    SSL 3

    -

    SSL 2 Cipher suites supported

    -TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA-ECDH p256r1

    -TLS_DHE_RSA_WITH_AES_256_CBC_SHA-DH 1024bit

    -TLS_RSA_WITH_RC4_128_SHA TLS_FALLBACK_SCSV non supported POODLE Weak PFS OCSP stapling supported

    Which of the following should the analyst use to reproduce these findings comprehensively?

    A. Query the OCSP responder and review revocation information for the user certificates.
    B. Review CA-supported ciphers and inspect the connection through an HTTP proxy.
    C. Perform a POODLE (SSLv3) attack using an exploitations framework and inspect the output.
    D. Inspect the server certificate and simulate SSL/TLS handshakes for enumeration.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.