1. Home
  2. CompTIA
  3. CAS-003

CompTIA Advanced Security Practitioner (CASP+)

Exam Details

  • Exam Code
    :CAS-003
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :791 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CompTIA Certifications CAS-003 Questions & Answers

  • Question 71:

    A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company's website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?

    A. Community cloud service model

    B. Multinency SaaS

    C. Single-tenancy SaaS

    D. On-premises cloud service model

  • Question 72:

    A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relations employee who has access to several of the compromised accounts. Subsequent antivirus scans of the device do not return an findings, but the CIRT finds undocumented services running on the device. Which of the following controls would reduce the discovery time for similar in the future.

    A. Implementing application blacklisting

    B. Configuring the mall to quarantine incoming attachment automatically

    C. Deploying host-based firewalls and shipping the logs to the SIEM

    D. Increasing the cadence for antivirus DAT updates to twice daily

  • Question 73:

    A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee' PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the following is MOST likely the problem?

    A. The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.

    B. The DHCP server has a reservation for the PC's MAC address for the wired interface.

    C. The WiFi network is using WPA2 Enterprise, and the computer certificate has the wrong IP address in the SAN field.

    D. The DHCP server is unavailable, so no IP address is being sent back to the PC.

  • Question 74:

    A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP. Block is an except of output from the troubleshooting session:

    Which of the following BEST explains why secure LDAP is not working? (Select TWO.)

    A. The clients may not trust idapt by default.

    B. The secure LDAP service is not started, so no connections can be made.

    C. Danvills.com is under a DDoS-inator attack and cannot respond to OCSP requests.

    D. Secure LDAP should be running on UDP rather than TCP.

    E. The company is using the wrong port. It should be using port 389 for secure LDAP.

    F. Secure LDAP does not support wildcard certificates.

    G. The clients may not trust Chicago by default.

  • Question 75:

    A penetration tester is trying to gain access to a building after hours as part of a physical assessment of an office complex. The tester notes that each employee touches a badge near a small black box outside the side door, and the door unlocks. The tester uses a software-defined radio tool to determine a 125kHz signal is used during this process. Which of the following technical solutions would be BEST to help the penetration tester gain access to the building?

    A. Generate a 125kHz tone.

    B. Compromise the ICS/SCADA system.

    C. Utilize an RFID duplicator.

    D. Obtain a lock pick set.

  • Question 76:

    An organization that develops military technology is considering expansion into a foreign country. The organization's owners want to understand the risks associated with such an expansion, and the organization does not want to fund an intensive assessment. Which of the following approaches should be taken?

    A. Penetration test

    B. Tabletop assessment

    C. Compliance assessment

    D. Configuration security test

  • Question 77:

    A security manager wants to standardize security settings, firmware, and software across a heterogeneous environment. Which of the following can be used in combination to meet these goals? (Choose three).

    A. Attestation services

    B. TPM

    C. HIPS software

    D. OOB management software

    E. Group Policy

    F. EDR software

    G. MDM software

  • Question 78:

    A penetration tester is on an active engagement and has access to a remote system. The penetration tester wants to bypass the DLP, which is blocking emails that are encrypted or contain sensitive company information. Which of the following cryptographic techniques should the penetration tester use?

    A. GNU Privacy Guard

    B. UUencoding

    C. DNSCrypt

    D. Steganography

  • Question 79:

    A server was compromised recently, and two unauthorized daemons were set up to listen for incoming connections. In addition, CPU cycles were being used by an additional unauthorized cron job. Which of the following would have prevented the breach if it was properly configured?

    A. Set up log forwarding and utilize a SIEM for centralized management and alerting.

    B. Use a patch management system to close the vulnerabilities in a shorter time frame.

    C. Implement a NIDS/NIPS.

    D. Deploy SELinux using the system baseline as the starting point.

    E. Configure the host firewall to block unauthorized inbound connections.

  • Question 80:

    A security researcher at an organization is reviewing potential threats to the VoIP phone system infrastructure, which uses a gigabit Internet connection. The researcher finds a vulnerability and knows placing an IPS in front of the phone

    system will mitigate the risk. The researcher gathers the following information about various IPS systems:

    The organization is concerned about cost, but call quality is critical to its operations. Which of the following vendors would be BEST for the organization to choose?

    A. Vendor 1

    B. Vendor 2

    C. Vendor 3

    D. Vendor 4

    E. Vendor 5

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.