CompTIA CAS-003 Online Practice
Questions and Exam Preparation
CAS-003 Exam Details
Exam Code
:CAS-003
Exam Name
:CompTIA Advanced Security Practitioner (CASP+)
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:791 Q&As
Last Updated
:Jan 22, 2024
CompTIA CAS-003 Online Questions &
Answers
Question 751:
A security engineer is making certain URLs from an internal application available on the Internet The development team requires the following
1.
The URLs are accessible only from internal IP addresses
2.
Certain countries are restricted
3.
TLS is implemented.
4.
System users transparently access internal application services in a round robin to maximize performance
Which of the following should the security engineer deploy7
A. DNS to direct traffic and a WAF with only the specific external URLs configured B. A load balancer with GeolP restrictions and least-load-sensing traffic distribution C. An application-aware firewall with geofencing and certificate services using DNS for traffic direction D. A load balancer with IP ACL restrictions and a commercially available PKI certificate
B. A load balancer with GeolP restrictions and least-load-sensing traffic distribution
Question 752:
A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. Where would the consultant find this information and why would it be valuable?
A. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection. B. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network. C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections. D. This information can be found by querying the network's DNS servers, and is valuable because backup DNS servers typically allow recursive queries from Internet hosts.
A. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection.
A routing table is a set of rules, often viewed in table format that is used to determine where data packets traveling over an Internet Protocol (IP) network will be directed. All IP-enabled devices, including routers and switches, use routing tables. Each packet contains information about its origin and destination. When a packet is received, a network device examines the packet and matches it to the routing table entry providing the best match for its destination. The table then provides the device with instructions for sending the packet to the next hop on its route across the network. Thus the security consultant can use the global routing table to get the appropriate information.
Question 753:
An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data leakage. Given that the ARO is twice per year, the ALE resulting from a data leak is $25,000 and the ALE after implementing the web filter is $15,000. The web filtering solution will cost the organization $10,000 per year. Which of the following values is the single loss expectancy of a data leakage event after implementing the web filtering solution?
A. $0 B. $7,500 C. $10,000 D. $12,500 E. $15,000
B. $7,500
The annualized loss expectancy (ALE) is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as: ALE = ARO x SLE Single Loss Expectancy (SLE) is mathematically expressed as: Asset value (AV) x Exposure Factor (EF) SLE = AV x EF - Thus the Single Loss Expectancy (SLE) = ALE/ARO = $15,000 / 2 = $ 7,500 References: http://www.financeformulas.net/Return_on_Investment.html
https://en.wikipedia.org/wiki/Risk_assessment
Question 754:
Ann is testing the robustness of a marketing website through an intercepting proxy. She has intercepted the following HTTP request: POST /login.aspx HTTP/1.1 Host: comptia.org Content-type: text/html txtUsername=annandtxtPassword=annandalreadyLoggedIn=falseandsubmit=true Which of the following should Ann perform to test whether the website is susceptible to a simple authentication bypass?
A. Remove all of the post data and change the request to /login.aspx from POST to GET B. Attempt to brute force all usernames and passwords using a password cracker C. Remove the txtPassword post data and change alreadyLoggedIn from false to true D. Remove the txtUsername and txtPassword post data and toggle submit from true to false
C. Remove the txtPassword post data and change alreadyLoggedIn from false to true
The text "txtUsername=annandtxtPassword=ann" is an attempted login using a username of `ann' and also a password of `ann'.
The text "alreadyLoggedIn=false" is saying that Ann is not already logged in.
To test whether we can bypass the authentication, we can attempt the login without the password and we can see if we can bypass the `alreadyloggedin' check by changing alreadyLoggedIn from false to true. If we are able to log in, then we
have bypassed the authentication check.
Question 755:
A security analyst receives an email from a peer that includes a sample of code from a piece of malware found in an application running in the organization's staging environment. During the incident response process, it is determined the code was introduced into the environment as a result of a compromised laptop being used to harvest credentials and access the organization's code repository. While the laptop itself was not used to access the code repository, an attacker was able to leverage the harvested credentials from another system in the development environment to bypass the ACLs limiting access to the repositories. Which of the following controls MOST likely would have interrupted the kill chain in this attack?
A. IP whitelisting on the perimeter firewall B. MFA for developer access C. Dynamic analysis scans in the production environment D. Blue team engagement in peer-review activities E. Time-based restrictions on developer access to code repositories
B. MFA for developer access
Question 756:
A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO).
A. Demonstration of IPS system B. Review vendor selection process C. Calculate the ALE for the event D. Discussion of event timeline E. Assigning of follow up items
D. Discussion of event timeline E. Assigning of follow up items
Lessons learned process is the sixth step in the Incident Response process. Everybody that was involved in the process reviews what happened and why it happened. It is during this step that they determine what changes should be introduced to prevent future problems.
Question 757:
An organization uses IP address block 203.0.113.0/24 on its internal network. At the border router, the network administrator sets up rules to deny packets with a source address in this subnet from entering the network, and to deny packets with a destination address in this subnet from leaving the network. Which of the following is the administrator attempting to prevent?
A. BGP route hijacking attacks B. Bogon IP network traffic C. IP spoofing attacks D. Man-in-the-middle attacks E. Amplified DDoS attacks
C. IP spoofing attacks
The IP address block 203.0.113.0/24 is used on the internal network. Therefore, there should be no traffic coming into the network claiming to be from an address in the 203.0.113.0/24 range. Similarly, there should be no outbound traffic destined for an address in the 203.0.113.0/24 range. So this has been blocked at the firewall. This is to protect against IP spoofing attacks where an attacker external to the network sends data claiming to be from an internal computer with an address in the 203.0.113.0/24 range.
IP spoofing, also known as IP address forgery or a host file hijack, is a hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a Web site, hijack browsers, or gain access to a network. Here's how it works: The hijacker obtains the IP address of a legitimate host and alters packet headers so that the legitimate host appears to be the source.
When IP spoofing is used to hijack a browser, a visitor who types in the URL (Uniform Resource Locator) of a legitimate site is taken to a fraudulent Web page created by the hijacker. For example, if the hijacker spoofed the Library of Congress Web site, then any Internet user who typed in the URL www.loc.gov would see spoofed content created by the hijacker.
If a user interacts with dynamic content on a spoofed page, the hijacker can gain access to sensitive information or computer or network resources. He could steal or alter sensitive data, such as a credit card number or password, or install malware. The hijacker would also be able to take control of a compromised computer to use it as part of a zombie army in order to send out spam.
Question 758:
The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank's risk committee is to ensure:
A. Budgeting for cybersecurity increases year over year. B. The committee knows how much work is being done. C. Business units are responsible for their own mitigation. D. The bank is aware of the status of cybersecurity risks
A. Budgeting for cybersecurity increases year over year.
Question 759:
A system engineer is reviewing output from a web application vulnerability scan. The engineer has determined data is entering the application from an untrusted source and is being used to construct a query dynamically. Which of the following code snippets would BEST protect the application against an SQL injection attack?
A. String input = request.getParameter ("SegNo"); String characterPattern = "[0-9a-zA-Z]" If (! Input. Matches (characterPattern)) out.println ("Invalid Input"); C. catch (Exception e) if (log.isDebugEnabled ()) log.debug (context, EVENTS.ADHOC, "CaughtInvalidGSMException Exception --" + e.tostring ()); E. Option A F. Option B G. Option C H. Option D
A. String input = request.getParameter ("SegNo"); String characterPattern = "[0-9a-zA-Z]" If (! Input. Matches (characterPattern)) out.println ("Invalid Input");
Question 760:
A security analyst for a bank received an anonymous tip on the external banking website showing the following:
Protocols supported
-TLS 1.0
-
SSL 3
-
SSL 2 Cipher suites supported
-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA-ECDH p256r1
-TLS_DHE_RSA_WITH_AES_256_CBC_SHA-DH 1024bit
-TLS_RSA_WITH_RC4_128_SHA TLS_FALLBACK_SCSV non supported POODLE Weak PFS OCSP stapling supported
Which of the following should the analyst use to reproduce these findings comprehensively?
A. Query the OCSP responder and review revocation information for the user certificates. B. Review CA-supported ciphers and inspect the connection through an HTTP proxy. C. Perform a POODLE (SSLv3) attack using an exploitations framework and inspect the output. D. Inspect the server certificate and simulate SSL/TLS handshakes for enumeration.
B. Review CA-supported ciphers and inspect the connection through an HTTP proxy.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your CAS-003 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.