CompTIA CAS-003 Exam Dumps 2019

We provide in two formats. Download PDF & Practice Tests. Pass CompTIA CAS-003 Exam quickly & easily. The CAS-003 PDF type is available for reading and printing. You can print more and practice many times. With the help of our product and material, you can easily pass the CAS-003 exam.

Online CompTIA CAS-003 free dumps demo Below:

Company XYZ finds itself using more cloud-based business tools, and password management is becoming onerous. Security is important to the company; as a result, password replication and shared accounts are not acceptable. Which of the following implementations addresses the distributed login with centralized authentication and has wide compatibility among SaaS vendors?

  • A. Establish a cloud-based authentication service that supports SAML.
  • B. Implement a new Diameter authentication server with read-only attestation.
  • C. Install a read-only Active Directory server in the corporate DMZ for federation.
  • D. Allow external connections to the existing corporate RADIUS serve

Answer: A

Explanation: There is widespread adoption of SAML standards by SaaS vendors for single sign-on identity management, in response to customer demands for fast, simple and secure employee, customer and partner access to applications in their environments.
By eliminating all passwords and instead using digital signatures for authentication and authorization
of data access, SAML has become the Gold Standard for single sign-on into cloud applications. SAMLenabled SaaS applications are easier and quicker to user provision in complex enterprise
environments, are more secure and help simplify identity management across large and diverse user communities.
Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.
The SAML specification defines three roles: the principal (typically a user), the Identity provider (IdP), and the service provider (SP). In the use case addressed by SAML, the principal requests a service from the service provider. The service provider requests and obtains an identity assertion from the identity provider. On the basis of this assertion, the service provider can make an access control decision – in other words it can decide whether to perform some service for the connected principal. Incorrect Answers:
B: Diameter authentication server with read-only attestation is not a solution that has wide compatibility among SaaS vendors.
C: The question states that password replication is not acceptable. A read-only Active Directory server in the corporate DMZ would involve password replication.
D: Allowing external connections to the existing corporate RADIUS server is not a secure solution. It is also not a solution that has wide compatibility among SaaS vendors.
References: based-single-sign-on ""guage

The legal department has required that all traffic to and from a company’s cloud-based word processing and email system is logged. To meet this requirement, the Chief Information Security Officer (CISO) has implemented a next-generation firewall to perform inspection of the secure traffic and has decided to use a cloud-based log aggregation solution for all traffic that is logged. Which of the following presents a long-term risk to user privacy in this scenario?

  • A. Confidential or sensitive documents are inspected by the firewall before being logged.
  • B. Latency when viewing videos and other online content may increase.
  • C. Reports generated from the firewall will take longer to produce due to more information from inspected traffic.
  • D. Stored logs may contain non-encrypted usernames and passwords for personal website

Answer: A

A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable.
Which of the following solutions BEST meets all of the architect’s objectives?

  • A. An internal key infrastructure that allows users to digitally sign transaction logs
  • B. An agreement with an entropy-as-a-service provider to increase the amount of randomness in generated keys.
  • C. A publicly verified hashing algorithm that allows revalidation of message integrity at a future date.
  • D. An open distributed transaction ledger that requires proof of work to append entrie

Answer: A

The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the Chief Security Officer’s (CSO) request to harden the corporate network’s perimeter. The CEO argues that the company cannot protect its employees at home, so the risk at work is no different. Which of the following BEST explains why this company should proceed with protecting its corporate network boundary?

  • A. The corporate network is the only network that is audited by regulators and customers.
  • B. The aggregation of employees on a corporate network makes it a more valuable target for attackers.
  • C. Home networks are unknown to attackers and less likely to be targeted directly.
  • D. Employees are more likely to be using personal computers for general web browsing when they are at home.

Answer: B

Explanation: Data aggregation is any process in which information is gathered and expressed in a summary form, for purposes such as statistical analysis. Data aggregation increases the impact and scale of a security breach. The amount of data aggregation on the corporate network is much more that on an employee’s home network, and is therefore more valuable.
Incorrect Answers:
A: Protecting its corporate network boundary is the only network that is audited by regulators and customers is not a good enough reason. Protecting its corporate network boundary because the amount of data aggregation on the corporate network is much more that on an employee’s home network is.
C: Home networks are not less likely to be targeted directly because they are unknown to attackers, but because the amount of data aggregation available on the corporate network is much more.
D: Whether employees are browsing from their personal computers or logged into the corporate network, they could still be attacked. However, the amount of data aggregation on the corporate network is much more that on an employee’s home network, and is therefore more valuable. References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, p. 101

An accountant at a small business is trying to understand the value of a server to determine if the business can afford to buy another server for DR. The risk manager only provided the accountant with the SLE of $24,000, ARO of 20% and the exposure factor of 25%. Which of the following is the correct asset value calculated by the accountant?

  • A. $4,800
  • B. $24,000
  • C. $96,000
  • D. $120,000

Answer: C

Explanation: The annualized loss expectancy (ALE) is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as: ALE = ARO x SLE
Single Loss Expectancy (SLE) is mathematically expressed as: Asset value (AV) x Exposure Factor (EF) Thus if SLE = $ 24,000 and EF = 25% then the Asset value is SLE/EF = $ 96,000
References: ""nt

The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the company’s wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the exception form? (Select THREE).

  • A. Business or technical justification for not implementing the requirements.
  • B. Risks associated with the inability to implement the requirements.
  • C. Industry best practices with respect to the technical implementation of the current controls.
  • D. All sections of the policy that may justify non-implementation of the requirements.
  • E. A revised DRP and COOP plan to the exception form.
  • F. Internal procedures that may justify a budget submission to implement the new requirement.
  • G. Current and planned controls to mitigate the risk

Answer: ABG

Explanation: The Exception Request must include: A description of the non-compliance.
The anticipated length of non-compliance (2-year maximum). The proposed assessment of risk associated with non-compliance.
The proposed plan for managing the risk associated with non-compliance.
The proposed metrics for evaluating the success of risk management (if risk is significant). The proposed review date to evaluate progress toward compliance.
An endorsement of the request by the appropriate Information Trustee (VP or Dean). Incorrect Answers:
C: The policy exception form is not for implementation, but for non-implementation.
D: All sections of the policy that may justify non-implementation of the requirements is not required, a description of the non-compliance is.
E: A Disaster recovery plan (DRP) and a Continuity of Operations (COOP) plan is not required, a proposed plan for managing the risk associated with non-compliance is.
F: The policy exception form requires justification for not implementing the requirements, not the other way around.

While attending a meeting with the human resources department, an organization’s information security officer sees an employee using a username and password written on a memo pad to log into a specific service. When the information security officer inquires further as to why passwords are being written down, the response is that there are too many passwords to remember for all the different services the human resources department is required to use.
Additionally, each password has specific complexity requirements and different expiration time frames. Which of the following would be the BEST solution for the information security officer to recommend?

  • A. Utilizing MFA
  • B. Implementing SSO
  • C. Deploying 802.1X
  • D. Pushing SAML adoption
  • E. Implementing TACACS

Answer: B

A company is acquiring incident response and forensic assistance from a managed security service provider in the event of a data breach. The company has selected a partner and must now provide required documents to be reviewed and evaluated. Which of the following documents would BEST protect the company and ensure timely assistance? (Choose two.)

  • A. RA
  • B. BIA
  • C. NDA
  • D. RFI
  • E. RFQ
  • F. MSA

Answer: CF

Given the following information about a company’s internal network:
User IP space:
Server IP space:
A security engineer has been told that there are rogue websites hosted outside of the proper server space, and those websites need to be identified. Which of the following should the engineer do?

  • A. Use a protocol analyzer on
  • B. Use a port scanner on
  • C. Use an HTTP interceptor on
  • D. Use a port scanner on
  • E. Use a protocol analyzer on
  • F. Use an HTTP interceptor on

Answer: B

Company ABC’s SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to buying a new SAN?

  • A. Enable multipath to increase availability
  • B. Enable deduplication on the storage pools
  • C. Implement snapshots to reduce virtual disk size
  • D. Implement replication to offsite datacenter

Answer: B

Explanation: Storage-based data deduplication reduces the amount of storage needed for a given set of files. It is most effective in applications where many copies of very similar or even identical data are stored on a single disk.
It is common for multiple copies of files to exist on a SAN. By eliminating (deduplicating) repeated copies of the files, we can reduce the disk space used on the existing SAN. This solution is a cost effective alternative to buying a new SAN.
Incorrect Answers:
A: Multipathing enables multiple links to transfer the data to and from the SAN. This improves performance and link redundancy. However, it has no effect on the amount of data on the SAN. C: Snapshots would not reduce the amount of data stored on the SAN.
D: Replicating the data on the SAN to an offsite datacenter will not reduce the amount of data stored on the SAN. It would just create another copy of the data on the SAN in the offsite datacenter. References:

Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatment strategies. As part of the CISO’s
evaluation, a judgment of potential impact based on the identified risk is performed. To prioritize response actions, the CISO uses past experience to take into account the exposure factor as well as the external accessibility of the weakness identified. Which of the following is the CISO performing?

  • A. Documentation of lessons learned
  • B. Quantitative risk assessment
  • C. Qualitative assessment of risk
  • D. Business impact scoring
  • E. Threat modeling

Answer: B

A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares. Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two.)

  • A. Conduct role-based training for privileged users that highlights common threats against them and covers best practices to thwart attacks
  • B. Increase the frequency at which host operating systems are scanned for vulnerabilities, and decrease the amount of time permitted between vulnerability identification and the application of corresponding patches
  • C. Enforce command shell restrictions via group policies for all workstations by default to limit which native operating system tools are available for use
  • D. Modify the existing rules of behavior to include an explicit statement prohibiting users from enumerating user and file directories using available tools and/or accessing visible resources that do not directly pertain to their job functions
  • E. For all workstations, implement full-disk encryption and configure UEFI instances to require complex passwords for authentication
  • F. Implement application blacklisting enforced by the operating systems of all machines in the enterprise

Answer: CD

An enterprise with global sites processes and exchanges highly sensitive information that is protected under several countries’ arms trafficking laws. There is new information that malicious nation-state-sponsored activities are targeting the use of encryption between the geographically
disparate sites. The organization currently employs ECDSA and ECDH with P-384, SHA-384, and AES- 256-GCM on VPNs between sites. Which of the following techniques would MOST likely improve the resilience of the enterprise to attack on cryptographic implementation?

  • A. Add a second-layer VPN from a different vendor between sites.
  • B. Upgrade the cipher suite to use an authenticated AES mode of operation.
  • C. Use a stronger elliptic curve cryptography algorithm.
  • D. Implement an IDS with sensors inside (clear-text) and outside (cipher-text) of each tunnel between sites.
  • E. Ensure cryptography modules are kept up to date from vendor supplying the

Answer: C

Which of the following would be used in forensic analysis of a compromised Linux system? (Select THREE).

  • A. Check log files for logins from unauthorized IPs.
  • B. Check /proc/kmem for fragmented memory segments.
  • C. Check for unencrypted passwords in /etc/shadow.
  • D. Check timestamps for files modified around time of compromise.
  • E. Use lsof to determine files with future timestamps.
  • F. Use gpg to encrypt compromised data files.
  • G. Verify the MD5 checksum of system binaries.
  • H. Use vmstat to look for excessive disk I/

Answer: ADG

Explanation: The MD5 checksum of the system binaries will allow you to carry out a forensic analysis of the compromised Linux system. Together with the log files of logins into the compromised system from unauthorized IPs and the timestamps for those files that were modified around the time that the compromise occurred will serve as useful forensic tools.
Incorrect Answers:
B: Checking for fragmented memory segments’ is not a forensic analysis tool to be used in this case. C: The ``/etc/shadow'', contains encrypted password as well as other information such as account or password expiration values, etc. The /etc/shadow file is readable only by the root account. This is a useful tool for Linux passwords and shadow file formats and is in essence used to keep user account information.
E: Isof is used on Linux as a future timestamp tool and not a forensic analysis tool. F: Gpg is an encryption tool that works on Mac OS X.
H: vmstat reports information about processes, memory, paging, block IO, traps, and cpu activity. The first report produced gives averages since the last reboot. Additional reports give information on a sampling period of length delay. The process and memory reports are instantaneous in either case. This is more of an administrator tool.
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, p. 387
httpsHYPERLINK "":// al_forensics_tools

Security policies that are in place at an organization prohibit USB drives from being utilized across the entire enterprise, with adequate technical controls in place to block them. As a way to still be able to work from various locations on different computing resources, several sales staff members have signed up for a web-based storage solution without the consent of the IT department. However, the operations department is required to use the same service to transmit certain business partner documents.
Which of the following would BEST allow the IT department to monitor and control this behavior?

  • A. Enabling AAA
  • B. Deploying a CASB
  • C. Configuring an NGFW
  • D. Installing a WAF
  • E. Utilizing a vTPM

Answer: B

A mature organization with legacy information systems has incorporated numerous new processes and dependencies to manage security as its networks and infrastructure are modernized. The Chief Information Office has become increasingly frustrated with frequent releases, stating that the organization needs everything to work completely, and the vendor should already have those desires built into the software product. The vendor has been in constant communication with personnel and groups within the organization to understand its business process and capture new software requirements from users. Which of the following methods of software development is this organization’s configuration management process using?

  • A. Agile
  • B. SDL
  • C. Waterfall
  • D. Joint application development

Answer: A

Explanation: In agile software development, teams of programmers and business experts work closely together, using an iterative approach.
Incorrect Answers:
B: The Microsoft developed security development life cycle (SDL) is designed to minimize the security-related design and coding bugs in software. An organization that implements SDL has a central security team that performs security functions.
C: The waterfall model is a sequential software development processes, in which progress is seen as flowing steadily downwards through the phases of conception, initiation, analysis, design, construction, testing, production/implementation and maintenance.
D: The vendor is still responsible for developing the solution, Therefore this is not an example of joint application development.
BOOK pp. 371, 374

Thanks for reading the newest CAS-003 exam dumps! We recommend you to try the PREMIUM Certstest CAS-003 dumps in VCE and PDF here: (434 Q&As Dumps)