CAS-003 Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-003 Online Questions & Answers

  • Question 781:

    A financial institution's information security officer is working with the risk management officer to determine what to do with the institution's residual risk after all security controls have been implemented. Considering the institution's very low risk tolerance, which of the following strategies would be BEST?

    A. Transfer the risk.
    B. Avoid the risk
    C. Mitigate the risk.
    D. Accept the risk.

  • Question 782:

    The security administrator finds unauthorized tables and records, which were not present before, on a Linux database server. The database server communicates only with one web server, which connects to the database server via an account with SELECT only privileges. Web server logs show the following:

    90.76.165.40 -- [08/Mar/2014:10:54:04] "GET calendar.php?create%20table%20hidden HTTP/1.1" 200 5724

    90.76.165.40 -- [08/Mar/2014:10:54:05] "GET ../../../root/.bash_history HTTP/1.1" 200 5724

    90.76.165.40 -- [08/Mar/2014:10:54:04] "GET index.php?user<;scrip>;Creat<;/scrip>; HTTP/1.1" 200 5724 The security administrator also inspects the following file system locations on the database server using the command `ls -al /root' drwxrwxrwx 11 root root 4096 Sep 28 22:45 . drwxr-xr-x 25 root root 4096 Mar 8 09:30 .. -rws------ 25 root root 4096 Mar 8 09:30 .bash_history -rw------- 25 root root 4096 Mar 8 09:30 .bash_history -rw------- 25 root root 4096 Mar 8 09:30 .profile -rw------- 25 root root 4096 Mar 8 09:30 .ssh Which of the following attacks was used to compromise the database server and what can the security administrator implement to detect such attacks in the future? (Select TWO).

    A. Privilege escalation
    B. Brute force attack
    C. SQL injection
    D. Cross-site scripting
    E. Using input validation, ensure the following characters are sanitized:
    F. Update crontab with: find / \( -perm -4000 \) -type f -print0 | xargs -0 ls -l | email.sh
    G. Implement the following PHP directive: $clean_user_input = addslashes($user_input)
    H. Set an account lockout policy

  • Question 783:

    A large company with a very complex IT environment is considering a move from an on-premises, internally managed proxy to a cloud-based proxy solution managed by an external vendor. The current proxy provides caching, content filtering, malware analysis, and URL categorization for all staff connected behind the proxy. Staff members connect directly to the Internet outside of the corporate network. The cloud-based version of the solution would provide content filtering, TLS decryption, malware analysis, and URL categorization. After migrating to the cloud solution, all internal proxies would be decommissioned. Which of the following would MOST likely change the company's risk profile?

    A. 1. There would be a loss of internal intellectual knowledge regarding proxy configurations and application data flows. 2. There would be a greater likelihood of Internet access outages due to lower resilience of cloud gateways. 3. There would be data sovereignty concerns due to changes required in routing and proxy PAC files.
    B. 1. The external vendor would have access to inbound and outbound gateway traffic. 2. The service would provide some level of protection for staff working from home. 3. Outages would be likely to occur for systems or applications with hard-coded proxy information.
    C. 1. The loss of local caching would dramatically increase ISP charges and impact existing bandwidth. 2. There would be a greater likelihood of Internet access outages due to lower resilience of cloud gateways. 3. There would be a loss of internal intellectual knowledge regarding proxy configurations and application data flows.
    D. 1. Outages would be likely to occur for systems or applications with hard-coded proxy information. 2. The service would provide some level of protection for staff members working from home. 3. Malware detection times would decrease due to third-party management of the service.

  • Question 784:

    A company wants to perform analysis of a tool that is suspected to contain a malicious payload. A forensic analyst is given the following snippet:

    ^32^[34fda19(fd^43gfd/home/user/lib/module.so.343jk^rfw(342fds43g

    Which of the following did the analyst use to determine the location of the malicious payload?

    A. Code deduplicators
    B. Binary reverse-engineering
    C. Fuzz testing
    D. Security containers

  • Question 785:

    A systems security engineer is assisting an organization's market survey team in reviewing requirements for an upcoming acquisition of mobile devices. The engineer expresses concerns to the survey team about a particular class of devices that uses a separate SoC for baseband radio I/O. For which of the following reasons is the engineer concerned?

    A. These devices can communicate over networks older than HSPA+ and LTE standards, exposing device communications to poor encryptions routines
    B. The organization will be unable to restrict the use of NFC, electromagnetic induction, and Bluetooth technologies
    C. The associated firmware is more likely to remain out of date and potentially vulnerable
    D. The manufacturers of the baseband radios are unable to enforce mandatory access controls within their driver set

  • Question 786:

    An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions.

    Which of the following types of information could be drawn from such participation?

    A. Threat modeling
    B. Risk assessment
    C. Vulnerability data
    D. Threat intelligence
    E. Risk metrics
    F. Exploit frameworks

  • Question 787:

    A company is purchasing an application that will be used to manage all IT assets as well as provide an incident and problem management solution for IT activity The company narrows the search to two products. Application A and Application B; which meet all of its requirements. Application A is the most cost-effective product, but it is also the riskiest so the company purchases Application B. Which of the following types of strategies did the company use when determining risk appetite?

    A. Mitigation
    B. Acceptance
    C. Avoidance
    D. Transfer

  • Question 788:

    Which of the following system would be at the GREATEST risk of compromise if found to have an open vulnerability associated with perfect ... secrecy?

    A. Endpoints
    B. VPN concentrators
    C. Virtual hosts
    D. SIEM
    E. Layer 2 switches

  • Question 789:

    Following a recent data breach, a company has hired a new Chief Information Security Officer (CISO). The CISO is very concerned about the response time to the previous breach and wishes to know how the security team expects to react to a future attack. Which of the following is the BEST method to achieve this goal while minimizing disruption?

    A. Perform a black box assessment
    B. Hire an external red team audit
    C. Conduct a tabletop exercise.
    D. Recreate the previous breach.
    E. Conduct an external vulnerability assessment.

  • Question 790:

    A security engineer is looking at a DNS server following a known incident. The engineer sees the following command as the most recent entry in the server's shell history:

    id ^f=iev/sda of=/dev/sdb

    Which of the following MOST likely occurred?

    A. A tape backup of the server was performed.
    B. The drive was cloned for forensic analysis.
    C. The hard drive was formatted after the incident.
    D. The DNS log files were rolled daily as expected

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.