Students Passed
Average Marks
Questions from this dumps
Total Questions
CompTIA CAS-003 Dumps
Dumps4download providing 100% reliable Exam dumps that are verified by experts panel. Our Dumps4download CAS-003 study material are totally unique and exam questions are valid all over the world. By using our CAS-003 dumps we assure you that you will pass your exam on first attempt. You can easily score more than 97%.
100% exam passing Guarantee on your purchased exams.
100% money back guarantee if you will not clear your exam.
CompTIA CAS-003 Practice Test Helps You Turn Dreams To Reality!
IT Professionals from every sector are looking up certifications to boost their careers. CompTIA being the leader certification provider earns the most demand in the industry.
The CompTIA Certification is your short-cut to an ever-growing success. In the process, Dumps4download is your strongest coordinator, providing you with the best CAS-003 Dumps PDF as well as Online Test Engine. Let’s steer your career to a more stable future with interactive and effective CAS-003 Practice Exam Dumps.
Many of our customers are already excelling in their careers after achieving their goals with our help. You can too be a part of that specialized bunch with a little push in the right direction. Let us help you tread the heights of success.
Apply for the CAS-003 Exam right away so you can get certified by using our CompTIA Dumps.
Bulk Exams Package
2 Exams Files
10% off
- 2 Different Exams
- Latest and Most Up-todate Dumps
- Free 3 Months Updates
- Exam Passing Guarantee
- Secure Payment
- Privacy Protection
3 Exams Files
15% off
- 3 Different Exams
- Latest and Most Up-todate Dumps
- Free 3 Months Updates
- Exam Passing Guarantee
- Secure Payment
- Privacy Protection
5 Exams Files
20% off
- 5 Different Exams
- Latest and Most Up-todate Dumps
- Free 3 Months Updates
- Exam Passing Guarantee
- Secure Payment
- Privacy Protection
10 Exams Files
25% off
- 10 Different Exams
- Latest and Most Up-todate Dumps
- Free 3 Months Updates
- Exam Passing Guarantee
- Secure Payment
- Privacy Protection
Dumps4download Leads You To A 100% Success in First Attempt!
Our CAS-003 Dumps PDF is intended to meet the requirements of the most suitable method for exam preparation. We especially hired a team of experts to make sure you get the latest and compliant CAS-003 Practice Test Questions Answers. These questions are been selected according to the most relevance as well as the highest possibility of appearing in the exam. So, you can be sure of your success in the first attempt.
Interactive & Effective CAS-003 Dumps PDF + Online Test Engine
Aside from our CompTIA CAS-003 Dumps PDF, we invest in your best practice through Online Test Engine. They are designed to reflect the actual exam format covering each topic of your exam. Also, with our interactive interface focusing on the exam preparation is easier than ever. With an easy-to-understand, interactive and effective study material assisting you there is nothing that could go wrong. We are 100% sure that our CAS-003 Questions Answers Practice Exam is the best choice you can make to pass the exam with top score.
How Dumps4download Creates Better Opportunities for You!
Dumps4download knows how hard it is for you to beat this tough CompTIA Exam terms and concepts. That is why to ease your preparation we offer the best possible training tactics we know best. Online Test Engine provides you an exam-like environment and PDF helps you take your study guide wherever you are. Best of all, you can download CAS-003 Dumps PDF easily or better print it. For the purpose of getting concepts across as easily as possible, we have used simple language. Adding explanations at the end of the CAS-003 Questions and Answers Practice Test we ensure nothing slips your grasp.
The exam stimulation is 100 times better than any other test material you would encounter. Besides, if you are troubled with anything concerning CompTIA Advanced Security Practitioner (CASP) Exam or the CAS-003 Dumps PDF, our 24/7 active team is quick to respond. So, leave us a message and your problem will be solved in a few minutes.
Get an Absolutely Free Demo Today!
Dumps4download offers an absolutely free demo version to test the product with sample features before actually buying it. This shows our concern for your best experience. Once you are thoroughly satisfied with the demo you can get the CompTIA Advanced Security Practitioner (CASP) Practice Test Questions instantly.
24/7 Online Support – Anytime, Anywhere
Have a question? You can contact us anytime, anywhere. Our 24/7 Online Support makes sure you have absolutely no problem accessing or using CompTIA Advanced Security Practitioner (CASP) Practice Exam Dumps. What’s more, Dumps4download is mobile compatible so you can access the site without having to log in to your Laptop or PC.
Features to use Dumps4download CAS-003 Dumps:
- Thousands of satisfied customers.
- Good grades are 100% guaranteed.
- 100% verified by Experts panel.
- Up to date exam data.
- Dumps4download data is 100% trustworthy.
- Passing ratio more than 99%
- 100% money back guarantee.
CompTIA CAS-003 Frequently Asked Questions
CompTIA CAS-003 Sample Questions
Question # 1
A security consultant is improving the physical security of a sensitive site and takespictures of the unbranded building to include in the report. Two weeks later, the securityconsultant misplaces the phone, which only has one hour of charge left on it. The personwho finds the phone removes the MicroSD card in an attempt to discover the owner to return it.The person extracts the following data from the phone and EXIF data from some files:DCIM Images folderAudio books folderTorrentzMy TAX.xlsConsultancy HR Manual.docCamera: SM-G950FExposure time: 1/60sLocation: 3500 Lacey Road USAWhich of the following BEST describes the security problem?
A. MicroSD in not encrypted and also contains personal data.
B. MicroSD contains a mixture of personal and work data.
C. MicroSD in not encrypted and contains geotagging information.
D. MicroSD contains pirated software and is not encrypted.
Question # 2
A large, public university has recently been experiencing an increase in ransomwareattacks against computers connected to its network. Security engineers have discoveredvarious staff members receiving seemingly innocuous files in their email that are being run.Which of the following would BEST mitigate this attack method?
A. Improving organizations email filtering
B. Conducting user awareness training
C. Upgrading endpoint anti-malware software
D. Enabling application whitelisting
Question # 3
To prepare for an upcoming audit, the Chief Information Security Officer (CISO) asks for all1200 vulnerabilities on production servers to be remediated. The security engineer mustdetermine which vulnerabilities represent real threats that can be exploited so resourcescan be prioritized to migrate the most dangerous risks. The CISO wants the securityengineer to act in the same manner as would an external threat, while using vulnerabilityscan results to prioritize any actions.Which of the following approaches is described?
A. Blue team
B. Red team
C. Black box
D. White team
Question # 4
Company.org has requested a black-box security assessment be performed on key cyberterrain. On area of concern is the company’s SMTP services. The security assessor wantsto run reconnaissance before taking any additional action and wishes to determine whichSMTP server is Internet-facing.Which of the following commands should the assessor use to determine this information?
A. dnsrecon –d company.org –t SOA
B. dig company.org mx
C. nc –v company.org
D. whois company.org
Question # 5
A recent penetration test identified that a web server has a major vulnerability. The webserver hosts a critical shipping application for the company and requires 99.99%availability. Attempts to fix the vulnerability would likely break the application. The shippingapplication is due to be replaced in the next three months. Which of the following wouldBEST secure the web server until the replacement web server is ready?
A. Patch management
B. Antivirus
C. Application firewall
D. Spam filters
E. HIDS
Question # 6
A company that has been breached multiple times is looking to protect cardholder data.The previous undetected attacks all mimicked normal administrative-type behavior. Thecompany must deploy a host solution to meet the following requirements:Detect administrative actionsBlock unwanted MD5 hashesProvide alertsStop exfiltration of cardholder dataWhich of the following solutions would BEST meet these requirements? (Choose two.)
A. AV
B. EDR
C. HIDS
D. DLP
E. HIPS
F. EFS
Question # 7
A company relies on an ICS to perform equipment monitoring functions that are federallymandated for operation of the facility. Fines for non-compliance could be costly. The ICShas known vulnerabilities and can no longer be patched or updated. Cyber-liabilityinsurance cannot be obtained because insurance companies will not insure this equipment.Which of the following would be the BEST option to manage this risk to the company'sproduction environment?
A. Avoid the risk by removing the ICS from production
B. Transfer the risk associated with the ICS vulnerabilities
C. Mitigate the risk by restricting access to the ICS
D. Accept the risk and upgrade the ICS when possible
Question # 8
A Chief Information Security Officer (CISO) requests the following external hosted servicesbe scanned for malware, unsecured PII, and healthcare data:Corporate intranet siteOnline storage applicationEmail and collaboration suiteSecurity policy also is updated to allow the security team to scan and detect any bulkdownloads of corporate data from the company’s intranet and online storage site. Which ofthe following is needed to comply with the corporate security policy and the CISO’s request?
A. Port scanner
B. CASB
C. DLP agent
D. Application sandbox
E. SCAP scanner
Question # 9
The director of sales asked the development team for some small changes to increase theusability of an application used by the sales team. Prior security reviews of the codeshowed no significant vulnerabilities, and since the changes were small, they were given apeer review and then pushed to the live environment. Subsequent vulnerability scans nowshow numerous flaws that were not present in the previous versions of the code. Which ofthe following is an SDLC best practice that should have been followed?
A. Versioning
B. Regression testing
C. Continuous integration
D. Integration testing
Question # 10
A regional business is expecting a severe winter storm next week. The IT staff has beenreviewing corporate policies on how to handle various situations and found some aremissing or incomplete. After reporting this gap in documentation to the information securitymanager, a document is immediately drafted to move various personnel to other locationsto avoid downtime in operations. This is an example of:
A. a disaster recovery plan
B. an incident response plan
C. a business continuity plan
D. a risk avoidance plan
Question # 11
An organization is in the process of integrating its operational technology and informationtechnology areas. As part of the integration, some of the cultural aspects it would like tosee include more efficient use of resources during change windows, better protection ofcritical infrastructure, and the ability to respond to incidents. The following observationshave been identified:The ICS supplier has specified that any software installed will result in lack of support.There is no documented trust boundary defined between the SCADA andcorporate networks.Operational technology staff have to manage the SCADA equipment via theengineering workstation.There is a lack of understanding of what is within the SCADA network.Which of the following capabilities would BEST improve the security position?
A. VNC, router, and HIPS
B. SIEM, VPN, and firewall
C. Proxy, VPN, and WAF
D. IDS, NAC, and log monitoring
Question # 12
A security engineer is working to secure an organization’s VMs. While reviewing theworkflow for creating VMs on demand, the engineer raises a concern about the integrity ofthe secure boot process of the VM guest.Which of the following would BEST address this concern?
A. Configure file integrity monitoring of the guest OS.
B. Enable the vTPM on a Type 2 hypervisor.
C. Only deploy servers that are based on a hardened image.
D. Protect the memory allocation of a Type 1 hypervisor.
Question # 13
The audit team was only provided the physical and logical addresses of the networkwithout any type of access credentials.Which of the following methods should the audit team use to gain initial access during thesecurity assessment? (Choose two.)
A. Tabletop exercise
B. Social engineering
C. Runtime debugging
D. Reconnaissance
E. Code review
F. Remote access tool
Question # 14
A security analyst is inspecting pseudocode of the following multithreaded application:1. perform daily ETL of data1.1 validate that yesterday’s data model file exists1.2 validate that today’s data model file does not exist1.2 extract yesterday’s data model1.3 transform the format1.4 load the transformed data into today’s data model file1.5 exitWhich of the following security concerns is evident in the above pseudocode?
A. Time of check/time of use
B. Resource exhaustion
C. Improper storage of sensitive data
D. Privilege escalation
Question # 15
An organization is attempting to harden its web servers and reduce the information thatmight be disclosed by potential attackers. A security anal... reviewing vulnerability scanresult from a recent web server scan.Portions of the scan results are shown below:Finding# 5144322First time detected 10 nov 2015 09:00 GMT_0600Last time detected 10 nov 2015 09:00 GMT_0600CVSS base: 5Access path: http://myorg.com/mailinglist.htmRequest: GET http://mailinglist.aspx?content=volunteerResponse: C:\Docments\MarySmith\malinglist.pdfWhich of the following lines indicates information disclosure about the host that needs to beremediated?
A. Response: C:\Docments\marysmith\malinglist.pdf
B. Finding#5144322
C. First Time detected 10 nov 2015 09:00 GMT_0600
D. Access path: http//myorg.com/mailinglist.htm
E. Request: GET http://myorg.come/mailinglist.aspx?content=volunteer
Question # 16
A security engineer is assessing a new IoT product. The product interfaces with the ODBII port of a vehicle and uses a Bluetooth connection to relay data to an onboard data logger located in the vehicle. The data logger can only transfer data over a custom USB cable. The engineer suspects a relay attack is possible against the cryptographic implementation used to secure messages between segments of the system. Which of the following tools should the engineer use to confirm the analysis?
A. Binary decompiler
B. Wireless protocol analyzer
C. Log analysis and reduction tools
D. Network-based fuzzer
Question # 17
A product manager is concerned about the unintentional sharing of the company’s intellectual property through employees’ use of social media. Which of the following would BEST mitigate this risk?
A. Virtual desktop environment
B. Network segmentation
C. Web application firewall
D. Web content filter
Question # 18
A security administrator is updating a company’s SCADA authentication system with a new application. To ensure interoperability between the legacy system and the new application, which of the following stakeholders should be involved in the configuration process before deployment? (Choose two.)
A. Network engineer
B. Service desk personnel
C. Human resources administrator
D. Incident response coordinator
E. Facilities manager
F. Compliance manager
Question # 19
The Chief Information Security Officer (CISO) suspects that a database administrator has been tampering with financial data to the administrator’s advantage. Which of the following would allow a third-party consultant to conduct an on-site review of the administrator’s activity?
A. Separation of duties
B. Job rotation
C. Continuous monitoring
D. Mandatory vacation
Question # 20
During a recent incident, sensitive data was disclosed and subsequently destroyed through a properly secured, cloud-based storage platform. An incident response technician is working with management to develop an after action report that conveys critical metrics regarding the incident. Which of the following would be MOST important to senior leadership to determine the impact of the breach?
A. The likely per-record cost of the breach to the organization
B. The legal or regulatory exposure that exists due to the breach
C. The amount of downtime required to restore the data
D. The number of records compromised
Question # 21
Which of the following is the GREATEST security concern with respect to BYOD?
A. The filtering of sensitive data out of data flows at geographic boundaries.
B. Removing potential bottlenecks in data transmission paths.
C. The transfer of corporate data onto mobile corporate devices.
D. The migration of data into and out of the network in an uncontrolled manner.
Question # 22
A Chief Information Security Officer (CISO) is creating a security committee involvingmultiple business units of the corporation.Which of the following is the BEST justification to ensure collaboration across business units?
A. A risk to one business unit is a risk avoided by all business units, and liberal BYODpolicies create new and unexpected avenues for attackers to exploit enterprises.
B. A single point of coordination is required to ensure cybersecurity issues are addressedin protected, compartmentalized groups.
C. Without business unit collaboration, risks introduced by one unit that affect another unitmay go without compensating controls.
D. The CISO is uniquely positioned to control the flow of vulnerability information betweenbusiness units.
Question # 23
An insurance company has two million customers and is researching the top transactions on its customer portal. It identifies that the top transaction is currently password reset. Due to users not remembering their secret questions, a large number of calls are consequently routed to the contact center for manual password resets. The business wants to develop a mobile application to improve customer engagement in the future, continue with a single factor of authentication, minimize management overhead of the solution, remove passwords, and eliminate to the contact center.Which of the following techniques would BEST meet the requirements? (Choose two.)
A. Magic link sent to an email address
B. Customer ID sent via push notification
C. SMS with OTP sent to a mobile number
D. Third-party social login
E. Certificate sent to be installed on a device
F. Hardware tokens sent to customers
Question # 24
A recent security assessment revealed a web application may be vulnerable to clickjacking. According to the application developers, a fix may be months away. Which of the following should a security engineer configure on the web server to help mitigate the issue?
A. File upload size limits
B. HttpOnly cookie field
C. X-Frame-Options header
D. Input validation
Question # 25
A Chief Information Officer (CIO) publicly announces the implementation of a new financialsystem. As part of a security assessment that includes a social engineering task, which ofthe following tasks should be conducted to demonstrate the BEST means to gaininformation to use for a report on social vulnerability details about the financial system?
A. Call the CIO and ask for an interview, posing as a job seeker interested in an open position
B. Compromise the email server to obtain a list of attendees who responded to theinvitation who is on the IT staff
C. Notify the CIO that, through observation at events, malicious actors can identifyindividuals to befriend
D. Understand the CIO is a social drinker, and find the means to befriend the CIO atestablishments the CIO frequents
Question # 26
A technician is validating compliance with organizational policies. The user and machine accounts in the AD are not set to expire, which is non-compliant. Which of the following network tools would provide this type of information?
A. SIEM server
B. IDS appliance
C. SCAP scanner
D. HTTP interceptor
Question # 27
A network printer needs Internet access to function. Corporate policy states all devices allowed on the network must be authenticated. Which of the following is the MOST secure method to allow the printer on the network without violating policy?
A. Request an exception to the corporate policy from the risk management committee
B. Require anyone trying to use the printer to enter their username and password
C. Have a help desk employee sign in to the printer every morning
D. Issue a certificate to the printer and use certificate-based authentication
Question # 28
An organization has employed the services of an auditing firm to perform a gapassessment in preparation for an upcoming audit. As part of the gap assessment, theauditor supporting the assessment recommends the organization engage with otherindustry partners to share information about emerging attacks to organizations in theindustry in which the organization functions.Which of the following types of information could be drawn from such participation?
A. Threat modeling
B. Risk assessment
C. Vulnerability data
D. Threat intelligence
E. Risk metrics
F. Exploit frameworks
Question # 29
The Chief Executive Officers (CEOs) from two different companies are discussing thehighly sensitive prospect of merging their respective companies together. Both have invitedtheir Chief Information Officers (CIOs) to discern how they can securely and digitalycommunicate, and the following criteria are collectively determined:Must be encrypted on the email servers and clientsMust be OK to transmit over unsecure Internet connectionsWhich of the following communication methods would be BEST to recommend?
A. Force TLS between domains.
B. Enable STARTTLS on both domains.
C. Use PGP-encrypted emails.
D. Switch both domains to utilize DNSSEC.
Question # 30
A security analyst has been asked to create a list of external IT security concerns, whichare applicable to the organization. The intent is to show the different types of externalactors, their attack vectors, and the types of vulnerabilities that would cause businessimpact. The Chief Information Security Officer (CISO) will then present this list to the boardto request funding for controls in areas that have insufficient coverage.Which of the following exercise types should the analyst perform?
A. Summarize the most recently disclosed vulnerabilities.
B. Research industry best practices and latest RFCs.
C. Undertake an external vulnerability scan and penetration test.
D. Conduct a threat modeling exercise.
Question # 31
An organization is currently performing a market scan for managed security services and EDR capability. Which of the following business documents should be released to the prospective vendors in the first step of the process? (Select TWO).
A. MSA
B. RFP
C. NDA
D. RFI
E. MOU
F. RFQ
Question # 32
During a security event investigation, a junior analyst fails to create an image of a server’s hard drive before removing the drive and sending it to the forensics analyst. Later, the evidence from the analysis is not usable in the prosecution of the attackers due to the uncertainty of tampering. Which of the following should the junior analyst have followed?
A. Continuity of operations
B. Chain of custody
C. Order of volatility
D. Data recovery
Question # 33
Which of the following BEST represents a risk associated with merging two enterprisesduring an acquisition?
A. The consolidation of two different IT enterprises increases the likelihood of the data lossbecause there are now two backup systems
B. Integrating two different IT systems might result in a successful data breach if threatintelligence is not shared between the two enterprises
C. Merging two enterprise networks could result in an expanded attack surface and couldcause outages if trust and permission issues are not handled carefully
D. Expanding the set of data owners requires an in-depth review of all data classificationdecisions, impacting availability during the review
Question # 34
An organization is evaluating options related to moving organizational assets to a cloudbased environment using an IaaS provider. One engineer has suggested connecting a second cloud environment within the organization’s existing facilities to capitalize on available datacenter space and resources. Other project team members are concerned about such a commitment of organizational assets, and ask the Chief Security Officer (CSO) for input. The CSO explains that the project team should work with the engineer to evaluate the risks associated with using the datacenter to implement:
A. a hybrid cloud.
B. an on-premises private cloud.
C. a hosted hybrid cloud.
D. a private cloud.
Question # 35
Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in secure environment?
A. NDA
B. MOU
C. BIA
D. SLA
Question # 36
A security analyst works for a defense contractor that produces classified research on drones. The contractor faces nearly constant attacks from sophisticated nation-state actors and other APIs. Which of the following would help protect the confidentiality of the research data?
A. Use diverse components in layers throughout the architecture
B. Implement non-heterogeneous components at the network perimeter
C. Purge all data remnants from client devices' volatile memory at regularly scheduled intervals
D. Use only in-house developed applications that adhere to strict SDLC security requirements
Question # 37
A security engineer is investigating a compromise that occurred between two internal computers. The engineer has determined during the investigation that one computer infected another. While reviewing the IDS logs, the engineer can view the outbound callback traffic, but sees no traffic between the two computers. Which of the following would BEST address the IDS visibility gap?
A. Install network taps at the edge of the network.
B. Send syslog from the IDS into the SIEM.
C. Install HIDS on each computer.
D. SPAN traffic form the network core into the IDS.
Question # 38
The legal department has required that all traffic to and from a company’s cloud-based word processing and email system is logged. To meet this requirement, the Chief Information Security Officer (CISO) has implemented a next-generation firewall to perform inspection of the secure traffic and has decided to use a cloud-based log aggregation solution for all traffic that is logged. Which of the following presents a long-term risk to user privacy in this scenario?
A. Confidential or sensitive documents are inspected by the firewall before being logged.
B. Latency when viewing videos and other online content may increase.
C. Reports generated from the firewall will take longer to produce due to more information from inspected traffic.
D. Stored logs may contain non-encrypted usernames and passwords for personal websites.
Question # 39
A company has decided to lower costs by conducting an internal assessment on specific devices and various internal and external subnets. The assessment will be done during regular office hours, but it must not affect any production servers. Which of the following would MOST likely be used to complete the assessment? (Select two.)
A. Agent-based vulnerability scan
B. Black-box penetration testing
C. Configuration review
D. Social engineering
E. Malware sandboxing
F. Tabletop exercise
Question # 40
A company contracts a security engineer to perform a penetration test of its client-facingweb portal. Which of the following activities would be MOST appropriate?
A. Use a protocol analyzer against the site to see if data input can be replayed from the browser
B. Scan the website through an interception proxy and identify areas for the code injection
C. Scan the site with a port scanner to identify vulnerable services running on the web server
D. Use network enumeration tools to identify if the server is running behind a load balancer
Question # 41
A company uses an application in its warehouse that works with several commercially available tablets and can only be accessed inside the warehouse. The support department would like the selection of tablets to be limited to three models to provide better support and ensure spares are on hand. Users often keep the tablets after they leave the department, as many of them store personal media items. Which of the following should the security engineer recommend to meet these requirements?
A. COPE with geofencing
B. BYOD with containerization
C. MDM with remote wipe
D. CYOD with VPN
Question # 42
Due to a recent breach, the Chief Executive Officer (CEO) has requested the followingactivities be conducted during incident response planning:Involve business owners and stakeholdersCreate an applicable scenarioConduct a biannual verbal review of the incident response planReport on the lessons learned and gaps identifiedWhich of the following exercises has the CEO requested?
A. Parallel operations
B. Full transition
C. Internal review
D. Tabletop
E. Partial simulation
Question # 43
When implementing a penetration testing program, the Chief Information Security Officer(CISO) designates different organizational groups within the organization as havingdifferent responsibilities, attack vectors, and rules of engagement. First, the CISOdesignates a team to operate from within the corporate environment. This team iscommonly referred to as:
A. the blue team.
B. the white team.
C. the operations team.
D. the read team.
E. the development team.
Question # 44
A forensic analyst suspects that a buffer overflow exists in a kernel module. The analystexecutes the following command:dd if=/dev/ram of=/tmp/mem/dmpThe analyst then reviews the associated output:^34^#AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/bin/bash^21^03#45However, the analyst is unable to find any evidence of the running shell. Which of thefollowing of the MOST likely reason the analyst cannot find a process ID for the shell?
A. The NX bit is enabled
B. The system uses ASLR
C. The shell is obfuscated
D. The code uses dynamic libraries
Question # 45
A newly hired security analyst has joined an established SOC team. Not long after goingthrough corporate orientation, a new attack method on web-based applications was publiclyrevealed. The security analyst immediately brings this new information to the team lead,but the team lead is not concerned about it.Which of the following is the MOST likely reason for the team lead’s position?
A. The organization has accepted the risks associated with web-based threats.
B. The attack type does not meet the organization’s threat model.
C. Web-based applications are on isolated network segments.
D. Corporate policy states that NIPS signatures must be updated every hour.
Question # 46
A systems administrator at a medical imaging company discovers protected health information (PHI) on a general purpose file server. Which of the following steps should the administrator take NEXT?
A. Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2
B. Immediately encrypt all PHI with AES 256
C. Delete all PHI from the network until the legal department is consulted
D. Consult the legal department to determine legal requirements
Question # 47
A security consultant was hired to audit a company’s password are account policy. Thecompany implements the following controls:Minimum password length: 16Maximum password age: 0Minimum password age: 0Password complexity: disabledStore passwords in plain text: disabledFailed attempts lockout: 3Lockout timeout: 1 hourThe password database uses salted hashes and PBKDF2. Which of the following is MOSTlikely to yield the greatest number of plain text passwords in the shortest amount of time?
A. Offline hybrid dictionary attack
B. Offline brute-force attack
C. Online hybrid dictionary password spraying attack
D. Rainbow table attack
E. Online brute-force attack
F. Pass-the-hash attack
Question # 48
An online bank has contracted with a consultant to perform a security assessment of thebank’s web portal. The consultant notices the login page is linked from the main page withHTTPS, but when the URL is changed to HTTP, the browser is automatically redirectedback to the HTTPS site. Which of the following is a concern for the consultant, and how canit be mitigated?
A. XSS could be used to inject code into the login page during the redirect to the HTTPSsite. The consultant should implement a WAF to prevent this.
B. The consultant is concerned the site is using an older version of the SSL 3.0 protocolthat is vulnerable to a variety of attacks. Upgrading the site to TLS 1.0 would mitigate this issue.
C. The HTTP traffic is vulnerable to network sniffing, which could disclose usernames andpasswords to an attacker. The consultant should recommend disabling HTTP on the web server.
D. A successful MITM attack Could intercept the redirect and use sslstrip to decrypt furtherHTTPS traffic. Implementing HSTS on the web server would prevent this.
Question # 49
Which of the following is an external pressure that causes companies to hire security assessors and penetration testers?
A. Lack of adequate in-house testing skills.
B. Requirements for geographically based assessments
C. Cost reduction measures
D. Regulatory insistence on independent reviews.
Question # 50
At a meeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company’s web servers can be obtained publicly and is not proprietary in any way. The next day the company’s website is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website. Which of the following is the FIRST action the company should take?
A. Refer to and follow procedures from the company’s incident response plan.
B. Call a press conference to explain that the company has been hacked.
C. Establish chain of custody for all systems to which the systems administrator has access.
D. Conduct a detailed forensic analysis of the compromised system.
E. Inform the communications and marketing department of the attack details.
Question # 51
Security policies that are in place at an organization prohibit USB drives from being utilized across the entire enterprise, with adequate technical controls in place to block them. As a way to still be able to work from various locations on different computing resources, several sales staff members have signed up for a web-based storage solution without the consent of the IT department. However, the operations department is required to use the same service to transmit certain business partner documents.Which of the following would BEST allow the IT department to monitor and control this behavior?
A. Enabling AAA
B. Deploying a CASB
C. Configuring an NGFW
D. Installing a WAF
E. Utilizing a vTPM
Question # 52
One of the objectives of a bank is to instill a security awareness culture. Which of the following are techniques that could help to achieve this? (Choose two.)
A. Blue teaming
B. Phishing simulations
C. Lunch-and-learn
D. Random audits
E. Continuous monitoring
F. Separation of duties
Question # 53
A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive analysis attacks. Which of the following is the BEST solution?
A. Use an entropy-as-a-service vendor to leverage larger entropy pools.
B. Loop multiple pseudo-random number generators in a series to produce larger numbers.
C. Increase key length by two orders of magnitude to detect brute forcing.
D. Shift key generation algorithms to ECC algorithms.
Question # 54
While conducting a BIA for a proposed acquisition, the IT integration team found that bothcompanies outsource CRM services to competing and incompatible third-party cloudservices. The decision has been made to bring the CRM service in-house, and the IT teamhas chosen a future solution. With which of the following should the Chief InformationSecurity Officer (CISO) be MOST concerned? (Choose two.)
A. Data remnants
B. Sovereignty
C. Compatible services
D. Storage encryption
E. Data migration
F. Chain of custody
Question # 55
A security consultant is performing a penetration test on www.comptia.org and wants todiscover the DNS administrator’s email address to use in a later social engineering attack.The information listed with the DNS registrar is private. Which of the following commandswill also disclose the email address?
A. dig –h comptia.org
B. whois –f comptia.org
C. nslookup –type=SOA comptia.org
D. dnsrecon –i comptia.org –t hostmaster
Question # 56
As a result of an acquisition, a new development team is being integrated into thecompany. The development team has BYOD laptops with IDEs installed, build servers, andcode repositories that utilize SaaS. To have the team up and running effectively, a separateInternet connection has been procured. A stand up has identified the following additional requirements:1. Reuse of the existing network infrastructure2. Acceptable use policies to be enforced3. Protection of sensitive files4. Access to the corporate applicationsWhich of the following solution components should be deployed to BEST meet therequirements? (Select three.)
A. IPSec VPN
B. HIDS
C. Wireless controller
D. Rights management
E. SSL VPN
F. NAC
G. WAF
H. Load balancer
Question # 57
A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After invest the new vulnerability, it was determined that the web services providing are being impacted by this new threat. Which of the following data types a MOST likely at risk of exposure based on this new threat? (Select TWO)
A. Cardholder data
B. intellectual property
C. Personal health information
D. Employee records
E. Corporate financial data
Question # 58
A security engineer is attempting to convey the importance of including job rotation in a company’s standard security policies. Which of the following would be the BEST justification?
A. Making employees rotate through jobs ensures succession plans can be implemented and prevents single point of failure.
B. Forcing different people to perform the same job minimizes the amount of time malicious actions go undetected by forcing malicious actors to attempt collusion between two or more people.
C. Administrators and engineers who perform multiple job functions throughout the day benefit from being cross-trained in new job areas.
D. It eliminates the need to share administrative account passwords because employees gain administrative rights as they rotate into a new job area.
Question # 59
A medical device company is implementing a new COTS antivirus solution in its manufacturing plant. All validated machines and instruments must be retested for interoperability with the new software. Which of the following would BEST ensure the software and instruments are working as designed?
A. System design documentation
B. User acceptance testing
C. Peer review
D. Static code analysis testing
E. Change control documentation
Question # 60
A company is moving all of its web applications to an SSO configuration using SAML. Some employees report that when signing in to an application, they get an error message on the login screen after entering their username and password, and are denied access. When they access another system that has been converted to the new SSO authentication model, they are able to authenticate successfully without being prompted for login. Which of the following is MOST likely the issue?
A. The employees are using an old link that does not use the new SAML authentication.
B. The XACML for the problematic application is not in the proper format or may be using an older schema.
C. The web services methods and properties are missing the required WSDL to complete the request after displaying the login page.
D. A threat actor is implementing an MITM attack to harvest credentials.
Question # 61
A technician is configuring security options on the mobile device manager for users who often utilize public Internet connections while travelling. After ensuring that full disk encryption is enabled, which of the following security measures should the technician take? (Choose two.)
A. Require all mobile device backups to be encrypted
B. Ensure all mobile devices back up using USB OTG
C. Issue a remote wipe of corporate and personal partitions
D. Restrict devices from making long-distance calls during business hours
E. Implement an always-on VPN
Question # 62
A penetration tester has been contracted to conduct a physical assessment of a site. Which of the following is the MOST plausible method of social engineering to be conducted during this engagement?
A. Randomly calling customer employees and posing as a help desk technician requiring user password to resolve issues
B. Posing as a copier service technician and indicating the equipment had “phoned home”
to alert the technician for a service call
C. Simulating an illness while at a client location for a sales call and then recovering once listening devices are installed
D. Obtaining fake government credentials and impersonating law enforcement to gain access to a company facility
Question # 63
A newly hired systems administrator is trying to connect a new and fully updated, but very customized, Android device to access corporate resources. However, the MDM enrollment process continually fails. The administrator asks a security team member to look into the issue. Which of the following is the MOST likely reason the MDM is not allowing enrollment?
A. The OS version is not compatible
B. The OEM is prohibited
C. The device does not support FDE
D. The device is rooted
Question # 64
The Chief Executive Officer (CEO) of a small startup company has an urgent need for a security policy and assessment to address governance, risk management, and compliance. The company has a resource-constrained IT department, but has no information security staff. The CEO has asked for this to be completed in three months. Which of the following would be the MOST cost-effective solution to meet the company’s needs?
A. Select one of the IT personnel to obtain information security training, and then develop all necessary policies and documents in-house.
B. Accept all risks associated with information security, and then bring up the issue again at next year’s annual board meeting.
C. Release an RFP to consultancy firms, and then select the most appropriate consultant who can fulfill the requirements.
D. Hire an experienced, full-time information security team to run the startup company’s information security department.
Question # 65
A security architect is designing a system to satisfy user demand for reduced transactiontime, increased security and message integrity, and improved cryptographic security. Theresultant system will be used in an environment with a broad user base where manyasynchronous transactions occur every minute and must be publicly verifiable.Which of the following solutions BEST meets all of the architect’s objectives?
A. An internal key infrastructure that allows users to digitally sign transaction logs
B. An agreement with an entropy-as-a-service provider to increase the amount ofrandomness in generated keys.
C. A publicly verified hashing algorithm that allows revalidation of message integrity at afuture date.
D. An open distributed transaction ledger that requires proof of work to append entries.
Question # 66
An organization is deploying IoT locks, sensors, and cameras, which operate over 802.11, to replace legacy building access control systems. These devices are capable of triggering physical access changes, including locking and unlocking doors and gates. Unfortunately, the devices have known vulnerabilities for which the vendor has yet to provide firmware updates. Which of the following would BEST mitigate this risk?
A. Direct wire the IoT devices into physical switches and place them on an exclusive VLAN.
B. Require sensors to sign all transmitted unlock control messages digitally.
C. Associate the devices with an isolated wireless network configured for WPA2 and EAPTLS.
D. Implement an out-of-band monitoring solution to detect message injections and attempts.
Question # 67
An SQL database is no longer accessible online due to a recent security breach. An investigation reveals that unauthorized access to the database was possible due to an SQL injection vulnerability. To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two.)
A. Secure storage policies
B. Browser security updates
C. Input validation
D. Web application firewall
E. Secure coding standards
F. Database activity monitoring
Question # 68
A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline. Which of the following tools should be implemented to detect similar attacks?
A. Vulnerability scanner
B. TPM
C. Host-based firewall
D. File integrity monitor
E. NIPS
Question # 69
Following a recent data breach, a company has hired a new Chief Information Security Officer (CISO). The CISO is very concerned about the response time to the previous breach and wishes to know how the security team expects to react to a future attack. Which of the following is the BEST method to achieve this goal while minimizing disruption?
A. Perform a black box assessment
B. Hire an external red team audit
C. Conduct a tabletop exercise.
D. Recreate the previous breach.
E. Conduct an external vulnerability assessment.
Question # 70
An engineer is reviewing the security architecture for an enterprise network. During the review, the engineer notices an undocumented node on the network. Which of the following approaches can be utilized to determine how this node operates? (Choose two.)
A. Use reverse engineering and techniques
B. Assess the node within a continuous integration environment
C. Employ a static code analyzer
D. Review network and traffic logs
E. Use a penetration testing framework to analyze the node
F. Analyze the output of a ping sweep
Question # 71
In the past, the risk committee at Company A has shown an aversion to even minimal amounts of risk acceptance. A security engineer is preparing recommendations regarding the risk of a proposed introducing legacy ICS equipment. The project will introduce a minor vulnerability into the enterprise. This vulnerability does not significantly expose the enterprise to risk and would be expensive against. Which of the following strategies should the engineer recommended be approved FIRST?
A. Avoid
B. Mitigate
C. Transfer
D. Accept
Question # 72
The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review.Which of the following BEST meets the needs of the board?
A. KRI:- Compliance with regulations- Backlog of unresolved security investigationsSeverity of threats and vulnerabilities reported by sensors- Time to patch critical issues on a monthly basisKPI:- Time to resolve open security items- % of suppliers with approved security control frameworks- EDR coverage across the fleet- Threat landscape rating
B. KRI:- EDR coverage across the fleet- Backlog of unresolved security investigationsTime to patch critical issues on a monthly basis- Threat landscape ratingKPI:- Time to resolve open security items- Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors
C. KRI:- EDR coverage across the fleet- % of suppliers with approved security control framework- Backlog of unresolved security investigations- Threat landscape ratingKPI:- Time to resolve open security items- Compliance with regulations- Time to patch critical issues on a monthly basis- Severity of threats and vulnerabilities reported by sensors
D. KPI:- Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors- Threat landscape ratingKRI:- Time to resolve open security items- Backlog of unresolved security investigations- EDR coverage across the fleet- Time to patch critical issues on a monthly basis
Question # 73
An infrastructure team within an energy organization is at the end of a procurement process and has selected a vendor’s SaaS platform to deliver services. As part of the legal negotiation, there are a number of outstanding risks, including: There are clauses that confirm a data retention period in line with what is in the energy organization’s security policy. The data will be hosted and managed outside of the energy organization’s geographical location. The number of users accessing the system will be small, and no sensitive data will be hosted in the SaaS platform. Which of the following should the project’s security consultant recommend as the NEXT step?
A. Develop a security exemption, as the solution does not meet the security policies of the energy organization.
B. Require a solution owner within the energy organization to accept the identified risks and consequences.
C. Mititgate the risks by asking the vendor to accept the in-country privacy principles and modify the retention period.
D. Review the procurement process to determine the lessons learned in relation to discovering risks toward the end of the process.
Question # 74
A company’s chief cybersecurity architect wants to configure mutual authentication to access an internal payroll website. The architect has asked the administration team to determine the configuration that would provide the best defense against MITM attacks. Which of the following implementation approaches would BEST support the architect’s goals?
A. Utilize a challenge-response prompt as required input at username/password entry.
B. Implement TLS and require the client to use its own certificate during handshake.
C. Configure a web application proxy and institute monitoring of HTTPS transactions.
D. Install a reverse proxy in the corporate DMZ configured to decrypt TLS sessions.
Question # 75
A security analyst is classifying data based on input from data owners and other stakeholders. The analyst has identified three data types: Financially sensitive data Project data Sensitive project data The analyst proposes that the data be protected in two major groups, with further access control separating the financially sensitive data from the sensitive project data. The normal project data will be stored in a separate, less secure location. Some stakeholders are concerned about the recommended approach and insist that commingling data from different sensitive projects would leave them vulnerable to industrial espionage. Which of the following is the BEST course of action for the analyst to recommend?
A. Conduct a quantitative evaluation of the risks associated with commingling the data and reject or accept the concerns raised by the stakeholders.
B. Meet with the affected stakeholders and determine which security controls would be sufficient to address the newly raised risks.
C. Use qualitative methods to determine aggregate risk scores for each project and use the derived scores to more finely segregate the data.
D. Increase the number of available data storage devices to provide enough capacity for physical separation of non-sensitive project data.
Question # 76
During the deployment of a new system, the implementation team determines that APIsused to integrate the new system with a legacy system are not functioning properly. Further investigation shows there is a misconfigured encryption algorithm used to secure data transfers between systems. Which of the following should the project manager use to determine the source of the defined algorithm in use?
A. Code repositories
B. Security requirements traceability matrix
C. Software development lifecycle
D. Data design diagram
E. Roles matrix
F. Implementation guide
Question # 77
A company is migrating systems from an on-premises facility to a third-party managed datacenter. For continuity of operations and business agility, remote access to all hardware platforms must be available at all times. Access controls need to be very robust and provide an audit trail. Which of the following security controls will meet the company’s objectives? (Select two.)
A. Integrated platform management interfaces are configured to allow access only via SSH
B. Access to hardware platforms is restricted to the systems administrator’s IP address
C. Access is captured in event logs that include source address, time stamp, and outcome
D. The IP addresses of server management interfaces are located within the company’s extranet
E. Access is limited to interactive logins on the VDi
F. Application logs are hashed cryptographically and sent to the SIEM
Question # 78
An infrastructure team is at the end of a procurement process and has selected a vendor.As part of the final negotiations, there are a number of outstanding issues, including:1. Indemnity clauses have identified the maximum liability2. The data will be hosted and managed outside of the company’s geographical locationThe number of users accessing the system will be small, and no sensitive data will behosted in the solution. As the security consultant on the project, which of the followingshould the project’s security consultant recommend as the NEXT step?
A. Develop a security exemption, as it does not meet the security policies
B. Mitigate the risk by asking the vendor to accept the in-country privacy principles
C. Require the solution owner to accept the identified risks and consequences
D. Review the entire procurement process to determine the lessons learned
Question # 79
The Chief Information Officer (CISO) is concerned that certain systems administrators will privileged access may be reading other users’ emails. Review of a tool’s output shows the administrators have used web mail to log into other users’ inboxes. Which of the following tools would show this type of output?
A. Log analysis tool
B. Password cracker
C. Command-line tool
D. File integrity monitoring tool
Question # 80
A regional transportation and logistics company recently hired its first Chief InformationSecurity Officer (CISO). The CISO’s first project after onboarding involved performing avulnerability assessment against the company’s public facing network. The completed scanfound a legacy collaboration platform application with a critically rated vulnerability. Whilediscussing this issue with the line of business, the CISO learns the vulnerable applicationcannot be updated without the company incurring significant losses due to downtime ornew software purchases.Which of the following BEST addresses these concerns?
A. The company should plan future maintenance windows such legacy application can beupdated as needed.
B. The CISO must accept the risk of the legacy application, as the cost of replacing theapplication greatly exceeds the risk to the company.
C. The company should implement a WAF in front of the vulnerable application to filter outany traffic attempting to exploit the vulnerability.
D. The company should build a parallel system and perform a cutover from the oldapplication to the new application, with less downtime than an upgrade.
Question # 81
A security analyst is reviewing the corporate MDM settings and notices some disabled settings, which consequently permit users to download programs from untrusted developers and manually install them. After some conversations, it is confirmed that these settings were disabled to support the internal development of mobile applications. The security analyst is now recommending that developers and testers have a separate device profile allowing this, and that the rest of the organization’s users do not have the ability to manually download and install untrusted applications. Which of the following settings should be toggled to achieve the goal? (Choose two.)
A. OTA updates
B. Remote wiping
C. Side loading
D. Sandboxing
E. Containerization
F. Signed applications
Question # 82
An organization is engaged in international business operations and is required to complywith various legal frameworks. In addition to changes in legal frameworks, which of thefollowing is a primary purpose of a compliance management program?
A. Following new requirements that result from contractual obligations
B. Answering requests from auditors that relate to e-discovery
C. Responding to changes in regulatory requirements
D. Developing organizational policies that relate to hiring and termination procedures
Testimonials
AnupI would like to share my wonderful experience here with you guys because I think it can let you have the same experience with Dumps4download.com. Their CAS-003 exam pdfs made my way to success so easy that I will suggest and always prefer them for my next certification.
hNNGZaGuUBseXFeI got 85% marks in the CompTIA CAS-003 exam. Thanks to the best PDF exam guide by Dumps4download. Made my concepts about the exam very clear through Online Practice Mode.
VenkatPassed my CAS-003 exam today with 90% marks. Studied using the dumps at Dumps4download. Highly recommended to all.
aYIDWUOuI was clueless about the CAS-003 exam. The Dumps4download exam guide aided me in passing my exam. I scored 88% marks.
MaryPDF for the CAS-003 exam at Dumps4download.com have been a useful resource and now I am happy with my certification result and choosing this platform. Now I have come to know that their name deserves this appreciation because of the work they have done by updating regularly. No need to read from anywhere else because it’s easy and to the point.
