• Home
  • Articles
  • Latest CAS-003 Exam Real Tests Free Updated Today [Q179-Q198]

Latest CAS-003 Exam Real Tests Free Updated Today [Q179-Q198]

Share

Latest CAS-003 Exam Real Tests Free Updated Today

CAS-003 Real Exam Question Answers Updated [Feb 11, 2022]


Career Prospects for CASP+ Certified Professionals

Since CASP+ is an advanced-level certificate, it allows one to apply for top-tier roles in the cybersecurity field. One can opt for positions of a security architect, security engineer, application security engineer, or technical lead analyst, to name just a few. According to the recent research held by PayScale, the average pay for CASP+ accredited professionals is about $90k annually, and this is not the limit. As stated at the same source, the companies like Leidos, Lockheed Martin Corp, and General Dynamics Information Technology Inc are in search of such specialists. Note that due to the vendor-neutral nature of the certification, you can work with a wide variety of products and solutions, which broadens the list of the available jobs and organizations.


CAS-003 Exam topics

Candidates must know the exam topics before they start of preparation. Because it will really help them in hitting the core. Our CAS-003 exam dumps will include the following topics:

  • Enterprise Security Architecture: 25%
  • Risk Management: 19%
  • Technical Integration of Enterprise Security: 23%
  • Research, Development, and Collaboration: 13%
  • Enterprise Security Operations: 20%

 

NEW QUESTION 179
First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss in a rush to isolate the three hosts that were calling out to the NAS to encrypt whole directories, the hosts were shut down immediately without investigation and then isolated.
Which of the following were missed? (Choose two.)

  • A. Chain of custody information needed for investigation
  • B. CPU, process state tables, and main memory dumps
  • C. Essential information needed to perform data restoration to a known clean state
  • D. Temporary file system and swap space
  • E. Indicators of compromise to determine ransomware encryption

Answer: B,D

 

NEW QUESTION 180
SIMULATION


Answer:

Explanation:
Step 1: Verify that the certificate is valid or not. In case of any warning message, cancel the download.
Step 2: If certificate issue is not there then, download the file in your system.
Step 3: Calculate the hash value of the downloaded file.
Step 4: Match the hash value of the downloaded file with the one which you selected on the website.
Step 5: Install the file if the hash value matches.

 

NEW QUESTION 181
A security consultant is considering authentication options for a financial institution. The following authentication options are available security mechanism to the appropriate use case. Options may be used once.

Answer:

Explanation:

Explanation

 

NEW QUESTION 182
A company that must comply with regulations is searching for a laptop encryption product to use for its 40,000 end points. The product must meet regulations but also be flexible enough to minimize overhead and support in regards to password resets and lockouts.
Which of the following implementations would BEST meet the needs?

  • A. A container-based encryption product that allows the end users to select which files to encrypt
  • B. A partition-based software encryption product with a low-level boot protection and authentication
  • C. A file-based encryption product using profiles to target areas on the file system to encrypt
  • D. A full-disk hardware-based encryption product with a low-level boot protection and authentication

Answer: C

Explanation:
The question is asking for a solution that will minimize overhead and support in regards to password resets and lockouts.
File based encryption products operate under the context of the computer user's user account. This means that the user does not need to remember a separate password for the encryption software. If the user forgets his user account password or is locked out due to failed login attempts, the support department can reset his password from a central database of user accounts (such as Active Directory) without the need to visit the user's computer.
Profiles can be used to determine areas on the file system to encrypt such as Document folders.

 

NEW QUESTION 183
A company's IT department currently performs traditional patching, and the servers have a significant longevity that may span over five years. A security architect is moving the company toward an immune server architecture in which servers are replaced rather than patched. Instead of having static servers for development, test, and production, the severs will move from environment to environment dynamically. Which of the following are required to move to this type of architecture? (Select Two.)

  • A. Network segmentation
  • B. Forward proxy
  • C. Load balancers
  • D. Netflow
  • E. Automated deployments

Answer: B,C

 

NEW QUESTION 184
A company uses AD and RADIUS to authenticate VPN and WiFi connections The Chief Information Security Officer (CISO) initiates a project to extend a third-party MFA solution to VPN. During the pilot phase, VPN users successfully get an MFA challenge, however they also get the challenge when connecting to WiFi.
which is not desirable Which of the following BEST explains why users are getting the MFA challenge when using WiFi?

  • A. In the firewall, in the AAA configuration the IP address of the third-party MFA solution needs to be set as a secondary RADIUS server
  • B. In the third-party MFA solution authentication properties need to be configured to recognize WiFi authentication requests
  • C. In the WiFi configuration authentication needs to be changed to WPA2 Enterprise using EAP-TLS to support the configuration
  • D. In the RADIUS server, the proxy rule has not specified the NAS-Port-Type attribute that should be matched

Answer: D

 

NEW QUESTION 185
During a security assessment, activities were divided into two phases; internal and external exploitation. The security assessment team set a hard time limit on external activities before moving to a compromised box within the enterprise perimeter.
Which of the following methods is the assessment team most likely to employ NEXT?

  • A. Exfiltrating network scans from the compromised box as a precursor to social media reconnaissance
  • B. Open-source intelligence gathering to identify the network perimeter and scope to enable further system compromises.
  • C. Pivoting from the compromised, moving laterally through the enterprise, and trying to exfiltrate data and compromise devices.
  • D. Conducting a social engineering attack attempt with the goal of accessing the compromised box physically.

Answer: C

 

NEW QUESTION 186
Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser crashes the browser and then allows him to gain remote code execution in the context of the victim's privilege level. The browser crashes due to an exception error when a heap memory that is unused is accessed. Which of the following BEST describes the application issue?

  • A. Click-jacking
  • B. SQL injection
  • C. Use after free
  • D. Input validation
  • E. Race condition
  • F. Integer overflow

Answer: C

Explanation:
Use-After-Free vulnerabilities are a type of memory corruption flaw that can be leveraged by hackers to execute arbitrary code.
Use After Free specifically refers to the attempt to access memory after it has been freed, which can cause a program to crash or, in the case of a Use-After-Free flaw, can potentially result in the execution of arbitrary code or even enable full remote code execution capabilities.
According to the Use After Free definition on the Common Weakness Enumeration (CWE) website, a Use After Free scenario can occur when "the memory in question is allocated to another pointer validly at some point after it has been freed. The original pointer to the freed memory is used again and points to somewhere within the new allocation. As the data is changed, it corrupts the validly used memory; this induces undefined behavior in the process."
Incorrect Answers:
A: Integer overflow is the result of an attempt by a CPU to arithmetically generate a number larger than what can fit in the devoted memory storage space. Arithmetic operations always have the potential of returning unexpected values, which may cause an error that forces the whole program to shut down. This is not what is described in this question.
B: Clickjacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. This is not what is described in this question.
C: A race condition is an undesirable situation that occurs when a device or system attempts to perform two or more operations at the same time, but because of the nature of the device or system, the operations must be done in the proper sequence to be done correctly. This is not what is described in this question.
D: SQL injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data. This is not what is described in this question.
F: Input validation is used to ensure that the correct data is entered into a field. For example, input validation would prevent letters typed into a field that expects number from being accepted. This is not what is described in this question.
References:
http://www.webopedia.com/TERM/U/use-after-free.html
https://en.wikipedia.org/wiki/Clickjacking
http://searchstorage.techtarget.com/definition/race-condition

 

NEW QUESTION 187
A hospital uses a legacy electronic medical record system that requires multicast for traffic between the application servers and databases on virtual hosts that support segments of the application. Following a switch upgrade, the electronic medical record is unavailable despite physical connectivity between the hypervisor and the storage being in place. The network team must enable multicast traffic to restore access to the electronic medical record. The ISM states that the network team must reduce the footprint of multicast traffic on the network.

Using the above information, on which VLANs should multicast be enabled?

  • A. VLAN201, VLAN202, VLAN400, VLAN680, VLAN700
  • B. VLAN201, VLAN202, VLAN700
  • C. VLAN400, VLAN680, VLAN700
  • D. VLAN201, VLAN202, VLAN400

Answer: C

 

NEW QUESTION 188
A company is acquiring incident response and forensic assistance from a managed security service provider in the event of a data breach. The company has selected a partner and must now provide required documents to be reviewed and evaluated. Which of the following documents would BEST protect the company and ensure timely assistance? (Choose two.)

  • A. RFQ
  • B. RA
  • C. MSA
  • D. NDA
  • E. BIA
  • F. RFI

Answer: C,D

Explanation:
Section: (none)

 

NEW QUESTION 189
A Chief Information Security Officer (CISO) requests the following external hosted services be scanned for malware, unsecured PII, and healthcare data:
Corporate intranet site

Online storage application

Email and collaboration suite

Security policy also is updated to allow the security team to scan and detect any bulk downloads of corporate data from the company's intranet and online storage site. Which of the following is needed to comply with the corporate security policy and the CISO's request?

  • A. SCAPscanner
  • B. Applicationsandbox
  • C. Portscanner
  • D. DLPagent
  • E. CASB

Answer: E

 

NEW QUESTION 190
The DLP solution has been showing some unidentified encrypted data being sent using FTP to a remote server. A vulnerability scan found a collection of Linux servers that are missing OS level patches. Upon further investigation, a technician notices that there are a few unidentified processes running on a number of the servers. What would be a key FIRST step for the data security team to undertake at this point?

  • A. Remove a single Linux server from production and place in quarantine.
  • B. Capture process ID data and submit to anti-virus vendor for review.
  • C. Notify upper management of a security breach.
  • D. Conduct a bit level image, including RAM, of one or more of the Linux servers.
  • E. Reboot the Linux servers, check running processes, and install needed patches.

Answer: D

Explanation:
Incident management (IM) is a necessary part of a security program. When effective, it mitigates business impact, identifies weaknesses in controls, and helps fine-tune response processes.
In this question, an attack has been identified and confirmed. When a server is compromised or used to commit a crime, it is often necessary to seize it for forensics analysis. Security teams often face two challenges when trying to remove a physical server from service: retention of potential evidence in volatile storage or removal of a device from a critical business process.
Evidence retention is a problem when the investigator wants to retain RAM content. For example, removing power from a server starts the process of mitigating business impact, but it also denies forensic analysis of data, processes, keys, and possible footprints left by an attacker.
A full a bit level image, including RAM should be taken of one or more of the Linux servers.
In many cases, if your environment has been deliberately attacked, you may want to take legal action against the perpetrators. In order to preserve this option, you should gather evidence that can be used against them, even if a decision is ultimately made not to pursue such action. It is extremely important to back up the compromised systems as soon as possible. Back up the systems prior to performing any actions that could affect data integrity on the original media.

 

NEW QUESTION 191
A security engineer is responsible for monitoring company applications for known vulnerabilities. Which of the following is a way to stay current on exploits and information security news?

  • A. Implement security awareness training
  • B. Subscribe to security mailing lists
  • C. Ensure that the organization vulnerability management plan is up-to-date
  • D. Update company policies and procedures

Answer: B

Explanation:
Subscribing to bug and vulnerability, security mailing lists is a good way of staying abreast and keeping up to date with the latest in those fields.
Incorrect Answers:
A: Updating company policies and procedures are not staying current on the topic since attacks are generated from outside sources and the best way to stay current on what is happening in that particular topic is to subscribe to a mailing list on the topic.
C: Security awareness training serves best as an operational control insofar as mitigating risk is concerned and not to stay current on the topic.
D: Making sure the company vulnerability plan is up to date is essential but will not keep you up to date on the topic as a subscription to a security mailing list.
References:
Conklin, Wm. Arthur, Gregory White and Dwayne Williams, CASP CompTIA Advanced Security Practitioner Certification Study Guide (Exam CAS-001), McGraw-Hill, Columbus, 2012, p. 139
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, p. 219

 

NEW QUESTION 192
An insurance company is looking to purchase a smaller company in another country. Which of the following tasks would the security administrator perform as part of the security due diligence?

  • A. Review switch and router configurations
  • B. Perform a network penetration test
  • C. Review the firewall rule set and IPS logs
  • D. Review the security policies and standards

Answer: D

Explanation:
IT security professionals should have a chance to review the security controls and practices of a company targeted for acquisition. Any irregularities that are found should be reported to management so that expenses and concerns are properly identified.

 

NEW QUESTION 193
The Chief Information Security Officer (CISO) at a large organization has been reviewing some security-related incidents at the organization and comparing them to current industry trends. The desktop security engineer feels that the use of USB storage devices on office computers has contributed to the frequency of security incidents. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Every user receives a popup warning about this policy upon login. The SIEM system produces a report of USB violations on a monthly basis; yet violations continue to occur.
Which of the following preventative controls would MOST effectively mitigate the logical risks associated with the use of USB storage devices?

  • A. Deploy PKI to add non-repudiation to login sessions so offenders cannot deny the offense
  • B. Revise the corporate policy to include possible termination as a result of violations
  • C. Implement group policy objects
  • D. Increase the frequency and distribution of the USB violations report

Answer: C

Explanation:
A Group Policy Object (GPO) can apply a common group of settings to all computers in Windows domain.
One GPO setting under the Removable Storage Access node is: All removable storage classes:
Deny all access.
This setting can be applied to all computers in the network and will disable all USB storage devices on the computers.

 

NEW QUESTION 194
An insurance company is looking to purchase a smaller company in another country. Which of the following tasks would the security administrator perform as part of the security due diligence?

  • A. Review switch and router configurations
  • B. Perform a network penetration test
  • C. Review the firewall rule set and IPS logs
  • D. Review the security policies and standards

Answer: D

Explanation:
IT security professionals should have a chance to review the security controls and practices of a company targeted for acquisition. Any irregularities that are found should be reported to management so that expenses and concerns are properly identified.
Incorrect Answers:
A: Due diligence entails ensuring controls implemented by an organization continues to provide the required level of protection. Reviewing switch and router configurations are not part of this process.
C: Due diligence entails ensuring controls implemented by an organization continues to provide the required level of protection. Performing a network penetration test is not part of this process.
D: Due diligence entails ensuring controls implemented by an organization continues to provide the required level of protection. Reviewing the firewall rule set and IPS logs are not part of this process.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 270, 332

 

NEW QUESTION 195
A human resources manager at a software development company has been tasked with recruiting personnel for a new cyber defense division in the company. This division will require personnel to have high technology skills and industry certifications. Which of the following is the BEST method for this manager to gain insight into this industry to execute the task?

  • A. Interview employees and managers to discover the industry hot topics and trends
  • B. Interview candidates, attend training, and hire a staffing company that specializes in technology jobs
  • C. Attend conferences, webinars, and training to remain current with the industry and job requirements
  • D. Attend meetings with staff, internal training, and become certified in software management

Answer: C

Explanation:
Conferences represent an important method of exchanging information between researchers who are usually experts in their respective fields. Together with webinars and training to remain current on the subject the manager will be able to gain valuable insight into the cyber defense industry and be able to recruit personnel.

 

NEW QUESTION 196
A systems administrator at a medical imaging company discovers protected health information (PHI) on a general purpose file server. Which of the following steps should the administrator take NEXT?

  • A. Immediately encrypt all PHI with AES 256
  • B. Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2
  • C. Consult the legal department to determine legal requirements
  • D. Delete all PHI from the network until the legal department is consulted

Answer: A

 

NEW QUESTION 197
A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The core of the POS is an extranet site, accessible only from retail stores and the corporate office over a split-tunnel VPN. An additional split-tunnel VPN provides bi-directional connectivity back to the main office, which provides voice connectivity for store VoIP phones. Each store offers guest wireless functionality, as well as employee wireless. Only the staff wireless network has access to the POS VPN. Recently, stores are reporting poor response times when accessing the POS application from store computers as well as degraded voice quality when making phone calls. Upon investigation, it is determined that three store PCs are hosting malware, which is generating excessive network traffic. After malware removal, the information security department is asked to review the configuration and suggest changes to prevent this from happening again. Which of the following denotes the BEST way to mitigate future malware risk?

  • A. Move to a VDI solution that runs offsite from the same data center that hosts the new POS solution.
  • B. Deploy a proxy server with content filtering at the corporate office and route all traffic through it.
  • C. Deploy new perimeter firewalls at all stores with UTM functionality.
  • D. Change antivirus vendors at the store and the corporate office.

Answer: C

Explanation:
A perimeter firewall is located between the local network and the Internet where it can screen network traffic flowing in and out of the organization. A firewall with unified threat management (UTM) functionalities includes anti-malware capabilities.
Incorrect Answers:
B: Antivirus applications prevent viruses, worms and Trojans but not other types of malware, such as spyware.
C: A virtual desktop infrastructure (VDI) solution refers to computer virtualization. It uses servers to provide desktop operating systems to a host machines. This reduces on-site support and improves centralized management. It does not mitigate against malware attacks.
D: Content filtering is used to control the types of email messages that flow in and out of an organization, and the types of web pages a user may access. It does not mitigate against malware attacks.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 92, 124-127, 135-138

 

NEW QUESTION 198
......

Latest CAS-003 Study Guides 2022 - With Test Engine PDF: https://pass4sure.actualpdf.com/CAS-003-real-questions.html

Related Articles

more
CompTIA CAS-003 Certification Practice Exam