Updated CompTIA CASP+ Certified CAS-003 Exam Questions - Real Guide For Passing

Updated CompTIA CASP+ Certified CAS-003 Exam Questions – Real Guide For Passing

Regina2021-11-17T02:40:04+00:00

CAS-003, as the old exam for CompTIA Advanced Security Practitioner (CASP+) certification, is still available. Updated CompTIA CASP+ CAS-003 exam questions provided by ITExamShop are great, which could be the real guide for passing CompTIA Advanced Security Practitioner (CASP+) certification exam. Use ITExamShop updated CAS-003 real exam questions as the preparation materials to study the CompTIA CASP+ certification now, the actual and real Q&As which based on the exam descriptions ensure that you can pass CAS-003 exam in the first attempt and achieve CompTIA CASP+ certification exam smoothly.

CAS-003 Free Questions Are Below For Checking The Updated CAS-003 Exam Questions

Page 1 of 4

1. A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior.

The company must deploy a host solution to meet the following requirements:

✑ Detect administrative actions

✑ Block unwanted MD5 hashes

✑ Provide alerts

✑ Stop exfiltration of cardholder data

Which of the following solutions would BEST meet these requirements? (Choose two.)

EDR

HIDS

DLP

HIPS

EFS

2. The Chief Information Officer (CISO) is concerned that certain systems administrators will privileged access may be reading other users’ emails. Review of a tool’s output shows the administrators have used web mail to log into other users’ inboxes.

Which of the following tools would show this type of output?

Log analysis tool

Password cracker

Command-line tool

File integrity monitoring tool

3. A security assessor is working with an organization to review the policies and procedures associated with managing the organization’s virtual infrastructure. During a review of the virtual environment, the assessor determines the organization is using servers to provide more than one primary function, which violates a regulatory requirement. The assessor reviews hardening guides and determines policy allows for this configuration.

It would be MOST appropriate for the assessor to advise the organization to:

segment dual-purpose systems on a hardened network segment with no external access

assess the risks associated with accepting non-compliance with regulatory requirements

update system implementation procedures to comply with regulations

review regulatory requirements and implement new policies on any newly provisioned servers

4. A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs.

The program has highlighted the following requirements:

✑ Long-lived sessions are required, as users do not log in very often.

✑ The solution has multiple SPs, which include mobile and web applications.

✑ A centralized IdP is utilized for all customer digital channels.

✑ The applications provide different functionality types such as forums and customer portals.

✑ The user experience needs to be the same across both mobile and web-based applications.

Which of the following would BEST improve security while meeting these requirements?

Social login to IdP, securely store the session cookies, and implement one-time passwords sent to the mobile device

Create-based authentication to IdP, securely store access tokens, and implement secure push notifications.

Username and password authentication to IdP, securely store refresh tokens, and implement context-aware authentication.

Username and password authentication to SP, securely store Java web tokens, and implement SMS OTPs.

5. At a meeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company’s web servers can be obtained publicly and is not proprietary in any way. The next day the company’s website is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website.

Which of the following is the FIRST action the company should take?

Refer to and follow procedures from the company’s incident response plan.

Call a press conference to explain that the company has been hacked.

Establish chain of custody for all systems to which the systems administrator has access.

Conduct a detailed forensic analysis of the compromised system.

Inform the communications and marketing department of the attack details.

6. Click on the exhibit buttons to view the four messages.

A security architect is working with a project team to deliver an important service that stores and processes customer banking details. The project, internally known as ProjectX, is due to launch its first set of features publicly within a week, but the team has not been able to implement encryption-at-rest of the customer records. The security architect is drafting an escalation email to senior leadership.

Which of the following BEST conveys the business impact for senior leadership?

Message 1

Message 2

Message 3

Message 4

7. A forensics analyst suspects that a breach has occurred. Security logs show the company’s OS patch system may be compromised, and it is serving patches that contain a zero-day exploit and backdoor. The analyst extracts an executable file from a packet capture of communication between a client computer and the patch server.

Which of the following should the analyst use to confirm this suspicion?

File size

Digital signature

Checksums

Anti-malware software

Sandboxing

8. Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatment strategies. As part of the CISO’s evaluation, a judgment of potential impact based on the identified risk is performed. To prioritize response actions, the CISO uses past experience to take into account the exposure factor as well as the external accessibility of the weakness identified.

Which of the following is the CISO performing?

Documentation of lessons learned

Quantitative risk assessment

Qualitative assessment of risk

Business impact scoring

Threat modeling

9. A consulting firm was hired to conduct assessment for a company.

During the first stage, a penetration tester used a tool that provided the following output:

TCP 80 open

TCP 443 open

TCP 1434 filtered

The penetration tester then used a different tool to make the following requests:

GET / script/login.php?token=45$MHT000MND876

GET / script/login.php?token=@#984DCSPQ%091DF

Which of the following tools did the penetration tester use?

Protocol analyzer

Port scanner

Fuzzer

Brute forcer

Log analyzer

HTTP interceptor

10. A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities.

The analyst inspects the following portions of different configuration files:

Configuration file 1:

Operator ALL=/sbin/reboot

Configuration file 2:

Command=”/sbin/shutdown now”, no-x11-forwarding, no-pty, ssh-dss

Configuration file 3:

Operator:x:1000:1000::/home/operator:/bin/bash

Which of the following explains why an intended operator cannot perform the intended action?

The sudoers file is locked down to an incorrect command

SSH command shell restrictions are misconfigured

The passwd file is misconfigured

The SSH command is not allowing a pty session

Page 2 of 4

11. A security engineer is assisting a developer with input validation, and they are studying the following code block:

The security engineer wants to ensure strong input validation is in place for customer-provided account identifiers. These identifiers are ten-digit numbers. The developer wants to ensure input validation is fast because a large number of people use the system.

Which of the following would be the BEST advice for the security engineer to give to the developer?

Replace code with Java-based type checks

Parse input into an array

Use regular expressions

Canonicalize input into string objects before validation

12. An agency has implemented a data retention policy that requires tagging data according to type before storing it in the data repository. The policy requires all business emails be automatically deleted after two years. During an open records investigation, information was found on an employee’s work computer concerning a conversation that occurred three years prior and proved damaging to the agency’s reputation .

Which of the following MOST likely caused the data leak?

The employee manually changed the email client retention settings to prevent deletion of emails

The file that contained the damaging information was mistagged and retained on the server for longer than it should have been

The email was encrypted and an exception was put in place via the data classification application

The employee saved a file on the computer’s hard drive that contained archives of emails, which were more than two years old

13. An engineer wants to assess the OS security configurations on a company's servers. The engineer has downloaded some files to orchestrate configuration checks.

When the engineer opens a file in a text editor, the following excerpt appears:

Which of the following capabilities would a configuration compliance checker need to support to interpret this file?

Nessus

Swagger file

SCAP

Netcat

WSDL

14. A security engineer has implemented an internal user access review tool so service teams can baseline user accounts and group memberships. The tool is functional and popular among its initial set of onboarded teams. However, the tool has not been built to cater to a broader set of internal teams yet.

The engineer has sought feedback from internal stakeholders, and a list of summarized requirements is as follows:

✑ The tool needs to be responsive so service teams can query it, and then perform an automated response action.

✑ The tool needs to be resilient to outages so service teams can perform the user access review at any point in time and meet their own SLAs.

✑ The tool will become the system-of-record for approval, reapproval, and removal life cycles of group memberships and must allow for data retrieval after failure.

Which of the following need specific attention to meet the requirements listed above? (Choose three.)

Scalability

Latency

Availability

Usability

Recoverability

Maintainability

15. A security engineer is working with a software development team. The engineer is tasked with ensuring all security requirements are adhered to by the developers .

Which of the following BEST describes the contents of the supporting document the engineer is creating?

A series of ad-hoc tests that each verify security control functionality of the entire system at once.

A series of discrete tasks that, when viewed in total, can be used to verify and document each individual constraint from the SRT

A set of formal methods that apply to one or more of the programing languages used on the development project.

A methodology to verify each security control in each unit of developed code prior to committing the code.

16. To prepare for an upcoming audit, the Chief Information Security Officer (CISO) asks for all 1200 vulnerabilities on production servers to be remediated. The security engineer must determine which vulnerabilities represent real threats that can be exploited so resources can be prioritized to migrate the most dangerous risks. The CISO wants the security engineer to act in the same manner as would an external threat, while using vulnerability scan results to prioritize any actions.

Which of the following approaches is described?

Blue team

Red team

Black box

White team

17. A DevOps team wants to move production data into the QA environment for testing. This data contains credit card numbers and expiration dates that are not tied to any individuals. The security analyst wants to reduce risk .

Which of the following will lower the risk before moving the data''

Redacting all but the last four numbers of the cards

Hashing the card numbers

Scrambling card and expiration data

Encrypting card and expiration numbers

18. A systems administrator receives an advisory email that a recently discovered exploit is being used in another country and the financial institutions have ceased operations while they find a way to respond to the attack .

Which of the following BEST describes where the administrator should look to find information on the attack to determine if a response must be prepared for the systems? (Choose two.)

Bug bounty websites

Hacker forums

Antivirus vendor websites

Trade industry association websites

CVE database

Company’s legal department

19. A Chief Information Security Officer (CISO is reviewing and revising system configuration and hardening guides that were developed internally and have been used several years to secure the organization’s systems. The CISO knows improvements can be made to the guides.

Which of the following would be the BEST source of reference during the revision process?

CVE database

Internal security assessment reports

Industry-accepted standards

External vulnerability scan reports

Vendor-specific implementation guides

20. The code snippet below controls all electronic door locks to a secure facility in which the doors should only fail open in an emergency.

In the code, “criticalValue” indicates if an emergency is underway:

Which of the following is the BEST course of action for a security analyst to recommend to the software developer?

Rewrite the software to implement fine-grained, conditions-based testing

Add additional exception handling logic to the main program to prevent doors from being opened

Apply for a life-safety-based risk exception allowing secure doors to fail open

Rewrite the software’s exception handling routine to fail in a secure state

Page 3 of 4

21. A software development team is conducting functional and user acceptance testing of internally developed web applications using a COTS solution. For automated testing, the solution uses valid user credentials from the enterprise directory to authenticate to each application. The solution stores the username in plain text and the corresponding password as an encoded string in a script within a file, located on a globally accessible network share. The account credentials used belong to the development team lead.

To reduce the risks associated with this scenario while minimizing disruption to ongoing testing, which of the following are the BEST actions to take? (Choose two.)

Restrict access to the network share by adding a group only for developers to the share’s ACL

Implement a new COTS solution that does not use hard-coded credentials and integrates with directory services

Obfuscate the username within the script file with encoding to prevent easy identification and the account used

Provision a new user account within the enterprise directory and enable its use for authentication to the target applications. Share the username and password with all developers for use in their individual scripts

Redesign the web applications to accept single-use, local account credentials for authentication

22. Security policies that are in place at an organization prohibit USB drives from being utilized across the entire enterprise, with adequate technical controls in place to block them. As a way to still be able to work from various locations on different computing resources, several sales staff members have signed up for a web-based storage solution without the consent of the IT department. However, the operations department is required to use the same service to transmit certain business partner documents.

Which of the following would BEST allow the IT department to monitor and control this behavior?

Enabling AAA

Deploying a CASB

Configuring an NGFW

Installing a WAF

Utilizing a vTPM

23. An organization is in the process of integrating its operational technology and information technology areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents.

The following observations have been identified:

✑ The ICS supplier has specified that any software installed will result in lack of support.

✑ There is no documented trust boundary defined between the SCADA and corporate networks.

✑ Operational technology staff have to manage the SCADA equipment via the engineering workstation.

✑ There is a lack of understanding of what is within the SCADA network.

Which of the following capabilities would BEST improve the security position?

VNC, router, and HIPS

SIEM, VPN, and firewall

Proxy, VPN, and WAF

IDS, NAC, and log monitoring

24. 1.A security engineer must establish a method to assess compliance with company security policies as they apply to the unique configuration of individual endpoints, as well as to the shared configuration policies of common devices.

Which of the following tools is the security engineer using to produce the above output?

Vulnerability scanner

SIEM

Port scanner

SCAP scanner

25. A security analyst is reviewing the corporate MDM settings and notices some disabled settings, which consequently permit users to download programs from untrusted developers and manually install them. After some conversations, it is confirmed that these settings were disabled to support the internal development of mobile applications. The security analyst is now recommending that developers and testers have a separate device profile allowing this, and that the rest of the organization’s users do not have the ability to manually download and install untrusted applications .

Which of the following settings should be toggled to achieve the goal? (Choose two.)

OTA updates

Remote wiping

Side loading

Sandboxing

Containerization

Signed applications

26. The Chief Executive Officer (CEO) of a small company decides to use cloud computing to host critical corporate data for protection from natural disasters. The recommended solution is to adopt the public cloud for its cost savings If the CEO insists on adopting the public cloud model, which of the following would be the BEST advice?

Ensure the cloud provider supports a secure virtual desktop infrastructure

Ensure the colocation facility implements a robust DRP to help with business continuity planning.

Ensure the on-premises datacenter employs fault tolerance and load balancing capabilities.

Ensure the ISP is using a standard help-desk ticketing system to respond to any system outages

27. A newly hired security analyst has joined an established SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concerned about it.

Which of the following is the MOST likely reason for the team lead’s position?

The organization has accepted the risks associated with web-based threats.

The attack type does not meet the organization’s threat model.

Web-based applications are on isolated network segments.

Corporate policy states that NIPS signatures must be updated every hour.

28. An engineer is assisting with the design of a new virtualized environment that will house critical company services and reduce the datacenter’s physical footprint. The company has expressed concern about the integrity of operating systems and wants to ensure a vulnerability exploited in one datacenter segment would not lead to the compromise of all others.

Which of the following design objectives should the engineer complete to BEST mitigate the company’s concerns? (Choose two.)

Deploy virtual desktop infrastructure with an OOB management network

Employ the use of vT PM with boot attestation

Leverage separate physical hardware for sensitive services and data

Use a community CSP with independently managed security services

Deploy to a private cloud with hosted hypervisors on each physical machine

29. A security analyst, who is working in a Windows environment, has noticed a significant amount of IPv6 traffic originating from a client, even though IPv6 is not currently in use. The client is a stand-alone device, not connected to the AD that manages a series of SCADA devices used for manufacturing .

Which of the following is the appropriate command to disable the client’s IPv6 stack?

A)

Option A

Option B

Option C

Option D

30. A Chief Information Security Officer (CISO) is reviewing the results of a gap analysis with an outside cybersecurity consultant.

The gap analysis reviewed all procedural and technical controls and found the following:

✑ High-impact controls implemented: 6 out of 10

✑ Medium-impact controls implemented: 409 out of 472

✑ Low-impact controls implemented: 97 out of 1000

The report includes a cost-benefit analysis for each control gap.

The analysis yielded the following information:

✑ Average high-impact control implementation cost: $15,000; Probable ALE for each high-impact control gap: $95,000

✑ Average medium-impact control implementation cost: $6,250; Probable ALE for each medium-impact control gap: $11,000

Due to the technical construction and configuration of the corporate enterprise, slightly more than 50% of the medium-impact controls will take two years to fully implement .

Which of the following conclusions could the CISO draw from the analysis?

Too much emphasis has been placed on eliminating low-risk vulnerabilities in the past

The enterprise security team has focused exclusively on mitigating high-level risks

Because of the significant ALE for each high-risk vulnerability, efforts should be focused on those controls

The cybersecurity team has balanced residual risk for both high and medium controls

Page 4 of 4

31. CORRECT TEXT

32. A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security. The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises .

Which of the following should the consultant recommend be performed to evaluate potential risks?

The consultant should attempt to gain access to physical offices through social engineering and then attempt data exfiltration

The consultant should be granted access to all physical access control systems to review logs and evaluate the likelihood of the threat

The company should conduct internal audits of access logs and employee social media feeds to identify potential insider threats

The company should install a temporary CCTV system to detect unauthorized access to physical offices

33. While conducting online research about a company to prepare for an upcoming penetration test, a security analyst discovers detailed financial information on an investor website the company did not make public. The analyst shares this information with the Chief Financial Officer (CFO), who confirms the information is accurate, as it was recently discussed at a board of directors meeting. Many of the details are verbatim discussion comments captured by the board secretary for purposes of transcription on a mobile device .

Which of the following would MOST likely prevent a similar breach in the future?

Remote wipe

FDE

Geolocation

eFuse

VPN

34. A systems administrator at a medical imaging company discovers protected health information (PHI) on a general purpose file server .

Which of the following steps should the administrator take NEXT?

Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2

Immediately encrypt all PHI with AES 256

Delete all PHI from the network until the legal department is consulted

Consult the legal department to determine legal requirements

35. A medical facility wants to purchase mobile devices for doctors and nurses. To ensure accountability, each individual will be assigned a separate mobile device.

Additionally, to protect patients’ health information, management has identified the following requirements:

✑ Data must be encrypted at rest.

✑ The device must be disabled if it leaves the facility.

✑ The device must be disabled when tampered with.

Which of the following technologies would BEST support these requirements? (Select two.)

eFuse

NFC

GPS

Biometric

USB 4.1

MicroSD

Welcome To Choose Required IT Certification Exams Online

Updated CompTIA CASP+ Certified CAS-003 Exam Questions – Real Guide For Passing

CAS-003 Free Questions Are Below For Checking The Updated CAS-003 Exam Questions

Author

Leave a Reply Cancel reply