CompTIA CAS-003 Exam Questions 2019

Cause all that matters here is passing exam with . Cause all that you need is a high score of . The only one thing you need to do is downloading free now. We will not let you down with our money-back guarantee.

Check CAS-003 free dumps before getting the full version:

A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security. The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises. Which of the following should the consultant recommend be performed to evaluate potential risks?

  • A. The consultant should attempt to gain access to physical offices through social engineering and then attempt data exfiltration
  • B. The consultant should be granted access to all physical access control systems to review logs and evaluate the likelihood of the threat
  • C. The company should conduct internal audits of access logs and employee social media feeds to identify potential insider threats
  • D. The company should install a temporary CCTV system to detect unauthorized access to physical offices

Answer: A

A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One system will be upgraded in six months, and two are not expected to be upgraded or removed from the network. Which of the following processes should be followed?

  • A. Establish a risk matrix
  • B. Inherit the risk for six months
  • C. Provide a business justification to avoid the risk
  • D. Provide a business justification for a risk exception

Answer: D

Explanation: The Exception Request must include: A description of the non-compliance.
The anticipated length of non-compliance (2-year maximum). The proposed assessment of risk associated with non-compliance.
The proposed plan for managing the risk associated with non-compliance.
The proposed metrics for evaluating the success of risk management (if risk is significant). The proposed review date to evaluate progress toward compliance.
An endorsement of the request by the appropriate Information Trustee (VP or Dean). Incorrect Answers:
A: A risk matrix can be used to determine an overall risk ranking before determining how the risk will be dealt with.
B: Inheriting the risk for six months means that it has been decided the benefits of moving forward outweighs the risk.
C: Avoiding the risk is not recommended as the applications are still being used. References: " process.pdf"ites/ " process.pdf"%20process.pdf
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, p. 218

Due to a recent breach, the Chief Executive Officer (CEO) has requested the following activities be conducted during incident response planning:
Involve business owners and stakeholders Create an applicable scenario
Conduct a biannual verbal review of the incident response plan Report on the lessons learned and gaps identified
Which of the following exercises has the CEO requested?

  • A. Parallel operations
  • B. Full transition
  • C. Internal review
  • D. Tabletop
  • E. Partial simulation

Answer: C

A security researches is gathering information about a recent spoke in the number of targeted attacks against multinational banks. The spike is on top of already sustained attacks against the banks. Some of the previous attacks have resulted in the loss of sensitive data, but as of yet the attackers have not successfully stolen any funds.
Based on the information available to the researcher, which of the following is the MOST likely threat profile?

  • A. Nation-state-sponsored attackers conducting espionage for strategic gain.
  • B. Insiders seeking to gain access to funds for illicit purposes.
  • C. Opportunists seeking notoriety and fame for personal gain.
  • D. Hackvisits seeking to make a political statement because of socio-economic factor

Answer: D

Users have been reporting unusual automated phone calls, including names and phone numbers, that appear to come from devices internal to the company. Which of the following should the systems administrator do to BEST address this problem?

  • A. Add an ACL to the firewall to block VoIP.
  • B. Change the settings on the phone system to use SIP-TLS.
  • C. Have the phones download new configurations over TFTP.
  • D. Enable QoS configuration on the phone VLA

Answer: B

A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. In addition to the normal complement of security controls (e.g. antivirus, host hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on the VMs. Which of the following will meet this goal without requiring any hardware pass-through implementations?

  • A. vTPM
  • B. HSM
  • C. TPM
  • D. INE

Answer: A

Explanation: A Trusted Platform Module (TPM) is a microchip designed to provide basic security-related functions, primarily involving encryption keys. The TPM is usually installed on the motherboard of a computer, and it communicates with the remainder of the system by using a hardware bus.
A vTPM is a virtual Trusted Platform Module.
IBM extended the current TPM V1.2 command set with virtual TPM management commands that allow us to create and delete instances of TPMs. Each created instance of a TPM holds an association with a virtual machine (VM) throughout its lifetime on the platform.
Incorrect Answers:
B: A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. This solution would require hardware pass-through.
C: A Trusted Platform Module (TPM) is a microchip designed to provide basic security-related functions, primarily involving encryption keys. The TPM is usually installed on the motherboard of a computer, and it communicates with the remainder of the system by using a hardware bus. Virtual machines cannot access a hardware TPM.
D: INE (intelligent network element) is not used for storing cryptographic keys. References: http://HYPERLINK
"" m/researcher/HYPERLINK ""view_group.php?id=2850

IT staff within a company often conduct remote desktop sharing sessions with vendors to troubleshoot vendor product-related issues. Drag and drop the following security controls to match the associated security concern. Options may be used once or not at all.
CAS-003 dumps exhibit


    Explanation: Vendor may accidentally or maliciously make changes to the IT system – Allow view-only access. With view-only access, the third party can view the desktop but cannot interact with it. In other words, they cannot control the keyboard or mouse to make any changes.
    Desktop sharing traffic may be intercepted by network attackers – Use SSL for remote sessions. SSL (Secure Sockets Layer) encrypts data in transit between computers. If an attacker intercepted the traffic, the data would be encrypted and therefore unreadable to the attacker.
    No guarantees that shoulder surfing attacks are not occurring at the vendor – Identified control gap. Shoulder surfing is where someone else gains information by looking at your computer screen. This should be identified as a risk. A control gap occurs when there are either insufficient or no actions taken to avoid or mitigate a significant risk.
    Vendor may inadvertently see confidential material from the company such as email and IMs – Limit desktop session to certain windows.
    The easiest way to prevent a third party from viewing your emails and IMs is to close the email and IM application windows for the duration of the desktop sharing session.

    The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review.
    Which of the following BEST meets the needs of the board?

    • A. KRI:- Compliance with regulations- Backlog of unresolved security investigations- Severity ofthreats and vulnerabilities reported by sensors- Time to patch critical issues on a monthly basisKPI:- Time to resolve open security items- % of suppliers with approved security control frameworks- EDR coverage across the fileet- Threat landscape rating
    • B. KRI:- EDR coverage across the fileet- Backlog of unresolved security investigations- Time to patch critical issues on a monthly basis- Threat landscape ratingKPI:- Time to resolve open security items- Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors
    • C. KRI:- EDR coverage across the fileet- % of suppliers with approved security control framework- Backlog of unresolved security investigations- Threat landscape ratingKPI:- Time to resolve open security items- Compliance with regulations- Time to patch critical issues on a monthly basis- Severity of threats and vulnerabilities reported by sensors
    • D. KPI:- Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors- Threat landscape ratingKRI:- Time to resolve open security items- Backlog of unresolved security investigations- EDR coverage across the fileet- Time to patch critical issues on a monthly basis

    Answer: A

    A company has decided to lower costs by conducting an internal assessment on specific devices and various internal and external subnets. The assessment will be done during regular office hours, but it must not affect any production servers. Which of the following would MOST likely be used to complete the assessment? (Select two.)

    • A. Agent-based vulnerability scan
    • B. Black-box penetration testing
    • C. Configuration review
    • D. Social engineering
    • E. Malware sandboxing
    • F. Tabletop exercise

    Answer: AC

    A security engineer has implemented an internal user access review tool so service teams can baseline user accounts and group memberships. The tool is functional and popular among its initial set of onboarded teams. However, the tool has not been built to cater to a broader set of internal teams yet. The engineer has sought feedback from internal stakeholders, and a list of summarized requirements is as follows:
    The tool needs to be responsive so service teams can query it, and then perform an automated response action.
    The tool needs to be resilient to outages so service teams can perform the user access review at any point in time and meet their own SLAs.
    The tool will become the system-of-record for approval, reapproval, and removal life cycles of group memberships and must allow for data retrieval after failure.
    Which of the following need specific attention to meet the requirements listed above? (Choose three.)

    • A. Scalability
    • B. Latency
    • C. Availability
    • D. Usability
    • E. Recoverability
    • F. Maintainability

    Answer: BCE

    A security tester is testing a website and performs the following manual query:
    The following response is received in the payload: “ORA-000001: SQL command not properly ended” Which of the following is the response an example of?

    • A. Fingerprinting
    • B. Cross-site scripting
    • C. SQL injection
    • D. Privilege escalation

    Answer: A

    Explanation: This is an example of Fingerprinting. The response to the code entered includes “ORA-000001” which tells the attacker that the database software being used is Oracle.
    Fingerprinting can be used as a means of ascertaining the operating system of a remote computer on a network. Fingerprinting is more generally used to detect specific versions of applications or protocols that are run on network servers. Fingerprinting can be accomplished “passively” by sniffing network packets passing between hosts, or it can be accomplished “actively” by transmitting specially created packets to the target machine and analyzing the response.
    Incorrect Answers:
    B: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. The code in the question is not an example of XSS.
    C: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). The code entered in the question is similar to a SQL injection attack but as the SQL command was not completed, the purpose of the code was just to return the database software being used.
    D: Privilege escalation is the act of explogting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The code in the question is not an example of privilege escalation.

    NEW QUESTION 12 has requested a black-box security assessment be performed on key cyber terrain. On area of concern is the company’s SMTP services. The security assessor wants to run reconnaissance before taking any additional action and wishes to determine which SMTP server is Internet-facing. Which of the following commands should the assessor use to determine this information?

    • A. dnsrecon –d –t SOA
    • B. dig mx
    • C. nc –v
    • D. whois

    Answer: A

    A completely new class of web-based vulnerabilities has been discovered. Claims have been made that all common web-based development frameworks are susceptible to attack. Proof-of-concept details have emerged on the Internet. A security advisor within a company has been asked to provide recommendations on how to respond quickly to these vulnerabilities. Which of the following BEST describes how the security advisor should respond?

    • A. Assess the reliability of the information source, likelihood of explogtability, and impact to hosted dat
    • B. Attempt to explogt via the proof-of-concept cod
    • C. Consider remediation options.
    • D. Hire an independent security consulting agency to perform a penetration test of the web server
    • E. Advise management of any ‘high’ or ‘critical’ penetration test findings and put forward recommendations for mitigation.
    • F. Review vulnerability write-ups posted on the Interne
    • G. Respond to management with a recommendation to wait until the news has been independently verified by software vendors providing the web application software.
    • H. Notify all customers about the threat to their hosted dat
    • I. Bring the web servers down into“maintenance mode” until the vulnerability can be reliably mitigated through a vendor patc

    Answer: A

    Explanation: The first thing you should do is verify the reliability of the claims. From there you can assess the likelihood of the vulnerability affecting your systems. If it is determined that your systems are likely to be affected by the explogt, you need to determine what impact an attack will have on your hosted dat
    A. Now that you know what the impact will be, you can test the explogt by using the proof-ofconcept code. That should help you determine your options for dealing with the threat
    (remediation). Incorrect Answers:
    B: While penetration testing your system is a good idea, it is unnecessary to hire an independent security consulting agency to perform a penetration test of the web servers. You know what the vulnerability is so you can test it yourself with the proof-of-concept code.
    C: Security response should be proactive. Waiting for the threat to be verified by the software vendor will leave the company vulnerable if the vulnerability is real.
    D: Bringing down the web servers would prevent the vulnerability but would also render the system useless. Furthermore, customers would expect a certain level of service and may even have a service level agreement in place with guarantees of uptime.
    Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 375-376

    A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence. The firm’s systems are running modern operating systems and feature UEFI and TPMs. Which of the following technical options would provide the MOST preventive value?

    • A. Update and deploy GPOs
    • B. Configure and use measured boot
    • C. Strengthen the password complexity requirements
    • D. Update the antivirus software and definitions

    Answer: D

    Joe is a security architect who is tasked with choosing a new NIPS platform that has the ability to perform SSL inspection, analyze up to 10Gbps of traffic, can be centrally managed and only reveals inspected application payload data to specified internal security employees. Which of the following
    steps should Joe take to reach the desired outcome?

    • A. Research new technology vendors to look for potential product
    • B. Contribute to an RFP and then evaluate RFP responses to ensure that the vendor product meets all mandatory requirement
    • C. Test the product and make a product recommendation.
    • D. Evaluate relevant RFC and ISO standards to choose an appropriate vendor produc
    • E. Research industry surveys, interview existing customers of the product and then recommend that the product be purchased.
    • F. Consider outsourcing the product evaluation and ongoing management to an outsourced provider on the basis that each of the requirements are met and a lower total cost of ownership (TCO) is achieved.
    • G. Choose a popular NIPS product and then consider outsourcing the ongoing device management to a cloud provide
    • H. Give access to internal security employees so that they can inspect the application payload data.
    • I. Ensure that the NIPS platform can also deal with recent technological advancements, such as threats emerging from social media, BYOD and cloud storage prior to purchasing the product.

    Answer: A

    Explanation: A request for a Proposal (RFP) is in essence an invitation that you present to vendors asking them to submit proposals on a specific commodity or service. This should be evaluated, then the product should be tested and then a product recommendation can be made to achieve the desired outcome. Incorrect Answers:
    B: A RFC is a request for comments and this is not what is required since you need to evaluate the new technology.
    C: Issues involved that has to be taken into account when outsourcing will not help Joe make a decision as to which new NIPS platform to choose.
    D: Making a choice of using the most popular NIPS is not going to ensure that all the conditions will be met.
    E: One of the conditions that must be met by the new NIPS platform is central management and his options do not satisfy that condition.
    Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 197-198, 297

    A security engineer on a large enterprise network needs to schedule maintenance within a fixed window of time. A total outage period of four hours is permitted for servers. Workstations can undergo maintenance from 8:00 pm to 6:00 am daily. Which of the following can specify parameters for the maintenance work? (Select TWO).

    • A. Managed security service
    • B. Memorandum of understanding
    • C. Quality of service
    • D. Network service provider
    • E. Operating level agreement

    Answer: BE

    Explanation: B: A memorandum of understanding (MOU) documents conditions and applied terms for outsourcing partner organizations that must share data and information resources. It must be signed by a re presentative from each organization that has the legal authority to sign and are typically secured, as they are considered confidential.
    E: An operating level agreement (O LA) defines the responsibilities of each partner's internal support group and what group and resources are used to meet the specified goal. It is used in conjunction with service level agreements (SLAs).
    Incorrect Answers:
    A: A managed security service (MSS) is a network security service that has been outsourced to a service provider, such as an Internet Service Provider (ISP). In the earlier days of the Internet, ISPs would sell customers a firewall appliance, as customer premises equipment (CPE), and for an additional fee would manage the customer-owned firewall over a dial-up connection.
    C: Quality of service (QoS) is a mechanism that is designed to give priority to different applications, users, or data to provide a specific level of performance. It is often used in networks to prioritize certain types of network traffic.
    D: A network service provider (NSP) provides bandwidth or network access via direct Internet backbone access to the Internet and usually access to its network access points (NAPs). They are sometimes referred to as backbone providers or internet providers.
    Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 237, 362
    httHYPERLINK ""ps://en.wikipedHYPERLINK "" ""rity_service
    https://en.wikipeHYPERLINK ""

    Recommend!! Get the Full CAS-003 dumps in VCE and PDF From Certshared, Welcome to Download: (New 434 Q&As Version)