CAS-003 Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-003 Online Questions & Answers

  • Question 771:

    Due to a recent acquisition, the security team must find a way to secure several legacy applications. During a review of the applications, the following issues are documented:

    1.

    The applications are considered mission-critical.

    2.

    The applications are written in code languages not currently supported by the development staff.

    3.

    Security updates and patches will not be made available for the applications.

    4.

    Username and passwords do not meet corporate standards.

    5.

    The data contained within the applications includes both PII and PHI.

    6.

    The applications communicate using TLS 1.0.

    7.

    Only internal users access the applications.

    Which of the following should be utilized to reduce the risk associated with these applications and their current architecture?

    A. Update the company policies to reflect the current state of the applications so they are not out of compliance.
    B. Create a group policy to enforce password complexity and username requirements.
    C. Use network segmentation to isolate the applications and control access.
    D. Move the applications to virtual servers that meet the password and account standards.

  • Question 772:

    After an employee was terminated, the company discovered the employee still had access to emails and attached content that should have been destroyed during the off-boarding. The employee's laptop and cell phone were confiscated and accounts were disabled promptly. Forensic investigation suggests the company's DLP was effective, and the content in question was not sent outside of work or transferred to removable media. Personality owned devices are not permitted to access company systems or information.

    Which of the following would be the MOST efficient control to prevent this from occurring in the future?

    A. Install application whitelist on mobile devices.
    B. Disallow side loading of applications on mobile devices.
    C. Restrict access to company systems to expected times of day and geographic locations.
    D. Prevent backup of mobile devices to personally owned computers.
    E. Perform unannounced insider threat testing on high-risk employees.

  • Question 773:

    A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence. The firm's systems are running modern operating systems and feature UEFI and TPMs. Which of the following technical options would provide the MOST preventive value?

    A. Update and deploy GPOs
    B. Configure and use measured boot
    C. Strengthen the password complexity requirements
    D. Update the antivirus software and definitions

  • Question 774:

    Executive management is asking for a new manufacturing control and workflow automation solution. This application will facilitate management of proprietary information and closely guarded corporate trade secrets.

    The information security team has been a part of the department meetings and come away with the following notes:

    Human resources would like complete access to employee data stored in the application. They would like automated data interchange with the employee management application, a cloud-based SaaS application.

    Sales is asking for easy order tracking to facilitate feedback to customers.

    Legal is asking for adequate safeguards to protect trade secrets. They are also concerned with data ownership questions and legal jurisdiction.

    Manufacturing is asking for ease of use. Employees working the assembly line cannot be bothered with additional steps or overhead. System interaction needs to be quick and easy. Quality assurance is concerned about managing the end

    product and tracking overall performance of the product being produced. They would like read-only access to the entire workflow process for monitoring and baselining.

    The favored solution is a user friendly software application that would be hosted onsite. It has extensive ACL functionality, but also has readily available APIs for extensibility. It supports read-only access, kiosk automation, custom fields, and

    data encryption.

    Which of the following departments' request is in contrast to the favored solution?

    A. Manufacturing
    B. Legal
    C. Sales
    D. Quality assurance
    E. Human resources

  • Question 775:

    As part of incident response, a technician is taking an image of a compromised system and copying the image to a remote image server (192.168.45.82). The system drive is very large but does not contain the sensitive data. The technician has limited time to complete this task. Which of the following is the BEST command for the technician to run?

    A. tar cvf - / | ssh 192.168.45.82 "cat - > /images/image.tar"
    B. dd if=/dev/mem | scp - 192.168.45.82:/images/image.dd
    C. memdump /dev/sda1 | nc 192.168.45.82 3000
    D. dd if=/dev/sda | nc 192.168.45.82 3000

  • Question 776:

    A regional business is expecting a severe winter storm next week. The IT staff has been reviewing corporate policies on how to handle various situations and found some are missing or incomplete. After reporting this gap in documentation to the information security manager, a document is immediately drafted to move various personnel to other locations to avoid downtime in operations. This is an example of:

    A. a disaster recovery plan
    B. an incident response plan
    C. a business continuity plan
    D. a risk avoidance plan

  • Question 777:

    A Chief Information Security Officer (CISO) is reviewing technical documentation from various regional offices and notices some key differences between these groups. The CISO has not discovered any governance documentation. The CISO creates the following chart to visualize the differences among the networking used:

    Which of the following would be the CISO's MOST immediate concern?

    A. There are open standards in use on the network.
    B. Network engineers have ignored defacto standards.
    C. Network engineers are not following SOPs.
    D. The network has competing standards in use.

  • Question 778:

    A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The Chief Information Security Officer (CISO) will then present this list to the board to request funding for controls in areas that have insufficient coverage.

    Which of the following exercise types should the analyst perform?

    A. Summarize the most recently disclosed vulnerabilities.
    B. Research industry best practices and latest RFCs.
    C. Undertake an external vulnerability scan and penetration test.
    D. Conduct a threat modeling exercise.

  • Question 779:

    A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation's. Given the following output:

    The penetration testers MOST likely took advantage of:

    A. A TOC/TOU vulnerability
    B. A plain-text password disclosure
    C. An integer overflow vulnerability
    D. A buffer overflow vulnerability

  • Question 780:

    After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees' devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees' devices into the network securely?

    A. Distribute a NAC client and use the client to push the company's private key to all the new devices.
    B. Distribute the device connection policy and a unique public/private key pair to each new employee's device.
    C. Install a self-signed SSL certificate on the company's RADIUS server and distribute the certificate's public key to all new client devices.
    D. Install an 802.1X supplicant on all new devices and let each device generate a self-signed certificate to use for network access.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.