CAS-003 Exam Questions Dumps, Selling CompTIA Products
CAS-003 Cert Guide PDF 100% Cover Real Exam Questions
Exam Details
The CompTIA CAS-003 exam covers technical skills and knowledge needed to conceptualize, integrate, implement, and engineer secure solutions across different multifaceted environments in the support of a resilient enterprise. The test is made up of a maximum of 90 questions and the learners will have 165 minutes to complete all of them. There is no scaled score for the exam and the test takers will only be awarded a pass or fail status at the end of the session. The applicants have to register for the exam with Pearson VUE and schedule it as an online proctored test or sit for it at a center. The exam is available in English and Japanese and costs $466.
NEW QUESTION 330
A DevOps team wants to move production data into the QA environment for testing. This data contains credit card numbers and expiration dates that are not tied to any individuals The security analyst wants to reduce risk.
Which of the following will lower the risk before moving the data''
- A. Encrypting card and expiration numbers
- B. Redacting all but the last four numbers of the cards
- C. Hashing the card numbers
- D. Scrambling card and expiration data
Answer: C
NEW QUESTION 331
A company has completed the implementation of technical and management controls as required by its adopted security, ponies and standards. The implementation took two years and consumed s the budget approved to security projects. The board has denied any further requests for additional budget. Which of the following should the company do to address the residual risk?
- A. Remove the risk
- B. Accept the risk
- C. Baseline the risk.
- D. Transfer the risk
Answer: D
NEW QUESTION 332
A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three changes to deploy a new application onto the network before it is operational. Security now has a significant effect on overall availability. Which of the following would be the FIRST process to perform as a result of these findings?
- A. Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Reuse the firewall infrastructure on other projects.
- B. Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Decrease the current SLA expectations to match the new solution.
- C. Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution.
- D. Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. As part of the review ask them to review the control effectiveness.
Answer: C
Explanation:
Checking whether control effectiveness complies with the complexity of the solution and then determining if there is not an alternative simpler solution would be the first procedure to follow in the light of the findings.
Incorrect Answers:
A: The SLA is in essence a contracted level of guaranteed service between thee cloud provider and the customer, of a certain level of protection, SLA's also define targets for hardware and software, thus lowering the SLA is not an option.
B: A cost benefit analysis focus on calculating the costs, the benefits and then compare the results in order to see if the proposed solution is viable and whether the benefits outweigh the risks/costs. However, it is not good practice to lower the SLA.
C: Performing reviews are only done after implementation.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 199, 297-299
NEW QUESTION 333
Given the following output from a local PC:
Which of the following ACLs on a stateful host-based firewall would allow the PC to serve an intranet website?
- A. Allow 172.30.0.28:80 -> 172.30.0.28:443
- B. Allow 172.30.0.28:80 -> ANY
- C. Allow 172.30.0.28:80 -> 172.30.0.0/16
- D. Allow 172.30.0.28:80 -> 172.30.0.28:53
Answer: C
NEW QUESTION 334
An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes. The machine is running a very recent release of the Linux OS.
Which of the following technical approaches would be the MOST feasible way to accomplish this capture?
- A. Run dd on/dev/mem.
- B. Use a loadable kernel module capture utility, such as LiME.
- C. Employ a stand-alone utility, such as FTK Imager.
- D. Run the memdump utility with the -k flag.
Answer: B
NEW QUESTION 335
After analyzing code, two developers al a company bring these samples to the security operations manager.
Which of the following would BEST solve these coding problems?
- A. Increase the complexity and length of the password
- B. Use a privileged access management system
- C. Prompt the administrator for the password .
- D. Use salted hashes with PBKDF2.
Answer: B
NEW QUESTION 336
You are a security analyst tasked with interpreting an Nmap scan output from Company A's privileged network.
The company's hardening guidelines indicate the following:
* There should be one primary server or service per device.
* Only default ports should be used.
* Non-secure protocols should be disabled.
INSTRUCTIONS
Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed. For each device found, add a device entry to the Devices Discovered list, with the following information:
* The IP address of the device
* The primary server or service of the device
* The protocol(s) that should be disabled based on the hardening guidelines
Answer:
Explanation:
Add device for 10.1.45.66 as below:
NEW QUESTION 337
A system worth $100,000 has an exposure factor of eight percent and an ARO of four.
Which of the following figures is the system's SLE?
- A. $2,000
- B. $12,000
- C. $8,000
- D. $32,000
Answer: C
Explanation:
Single Loss Expectancy (SLE) is mathematically expressed as: Asset value (AV) x Exposure Factor (EF) SLE = AV x EF = $100 000 x 8% = $ 8 000 References:
http://www.financeformulas.net/Return_on_Investment.html
https://en.wikipedia.org/wiki/Risk_assessment
NEW QUESTION 338
Joe, a penetration tester, is tasked with testing the security robustness of the protocol between a mobile web application and a RESTful application server. Which of the following security tools would be required to assess the security between the mobile web application and the RESTful application server? (Select TWO).
- A. HTTP interceptor
- B. Jailbroken mobile device
- C. Network enumerator
- D. Password cracker
- E. Reconnaissance tools
- F. Vulnerability scanner
Answer: A,F
Explanation:
Communications between a mobile web application and a RESTful application server will use the HTTP protocol. To capture the HTTP communications for analysis, you should use an HTTP Interceptor.
To assess the security of the application server itself, you should use a vulnerability scanner.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security.
Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise.
Incorrect Answers:
A: A jailbroken mobile device is a mobile device with an operating system that has any built-in security restrictions removed. This enables you to install software and perform actions that the manufacturer did not intend. However, a jailbroken mobile device is not a suitable security tool to assess the security between the mobile web application and the RESTful application server.
B: Reconnaissance in terms of IT security is the process of learning as much as possible about a target business usually over a long period of time with a view to discovering security flaws. It is not used by security administrators for security assessment of client-server applications.
C: Network enumeration is a computing activity in which usernames and info on groups, shares, and services of networked computers are retrieved. It is not used to assess the security between the mobile web application and the RESTful application server.
F: A password cracker is used to guess passwords. It is not a suitable security tool to assess the security between the mobile web application and the RESTful application server.
References:
http://www.webopedia.com/TERM/V/vulnerability_scanning.html
NEW QUESTION 339
A security administrator is updating a company's SCADA authentication system with a new application. To ensure interoperability between the legacy system and the new application, which of the following stakeholders should be involved in the configuration process before deployment? (Choose two.)
- A. Compliance manager
- B. Human resources administrator
- C. Network engineer
- D. Incident response coordinator
- E. Facilities manager
- F. Service desk personnel
Answer: C,E
Explanation:
Explanation
NEW QUESTION 340
The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance department. The following information is compiled:
Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0
Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0
Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0
All callers are connected to the same switch and are routed by a router with five built-in interfaces. The upstream router interface's MAC is 00-01-42-32-ab-1a A packet capture shows the following:
09:05:15.934840 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)
09:06:16.124850 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)
09:07:25.439811 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)
09:08:10.937590 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2305, seq 1, length 65534
09:08:10.937591 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2306, seq 2, length 65534
09:08:10.937592 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2307, seq 3, length 65534 Which of the following is occurring on the network?
- A. The default gateway is being spoofed on the network.
- B. A denial of service attack is targeting at the router.
- C. A man-in-the-middle attack is underway on the network.
- D. An ARP flood attack is targeting at the router.
Answer: B
Explanation:
Explanation
The above packet capture shows an attack where the attacker is busy consuming your resources (in this case the router) and preventing normal use. This is thus a Denial Of Service Attack.
NEW QUESTION 341
An organization is currently performing a market scan for managed security services and EDR capability. Which of the following business documents should be released to the prospective vendors in the first step of the process? (Select TWO).
- A. MOU
- B. RFP
- C. MSA
- D. NDA
- E. RFQ
- F. RFI
Answer: B,F
Explanation:
RFI (request for information)
The first phase in the contract requirement process, in which a company sends out notices to prospective vendors or contractors asking them for their experience and qualification in filling the business's need for services or equipment.
RFP (request for proposal)
The second phase in the contract requirement process, in which a company asks prospective vendors or contractors for their proposed solutions to the business's needs.
RFQ (request for quote)
The third phase in the contract requirement process, in which a company negotiates the financial details of their relationship with prospective vendors or contractors.
NEW QUESTION 342
An assessor identifies automated methods for identifying security control compliance through validating sensors at the endpoint and at Tier 2. Which of the following practices satisfy continuous monitoring of authorized information systems?
- A. Independent verification and validation
- B. Ongoing authorization
- C. Security test and evaluation
- D. Risk assessment
Answer: B
Explanation:
Ongoing assessment and authorization is often referred to as continuous monitoring. It is a process that determines whether the set of deployed security controls in an information system continue to be effective with regards to planned and unplanned changes that occur in the system and its environment over time.
Continuous monitoring allows organizations to evaluate the operating effectiveness of controls on or near a real-time basis. Continuous monitoring enables the enterprise to detect control failures quickly because it transpires immediately or closely after events in which the key controls are utilized.
NEW QUESTION 343
A security administrator was informed that a server unexpectedly rebooted. The administrator received an export of syslog entries for analysis:
Which of the following does the log sample indicate? (Choose two.)
- A. Encrypted payroll data was successfully decrypted by the attacker
- B. Syslog entries were lost due to the host being rebooted
- C. Buffer overflow in memory paging caused a kernel panic
- D. A root user performed an injection attack via kernel module
- E. Jsmith successfully used a privilege escalation attack
- F. Payroll data was exfiltrated to an attacker-controlled host
Answer: C,E
NEW QUESTION 344 
Answer:
Explanation:
Please see the explanation below
Explanation
Step 1: Verify that the certificate is valid or not. In case of any warning message, cancel the download.
Step 2: If certificate issue is not there then, download the file in your system.
Step 3: Calculate the hash value of the downloaded file.
Step 4: Match the hash value of the downloaded file with the one which you selected on the website.
Step 5: Install the file if the hash value matches.
NEW QUESTION 345
The director of sales asked the development team for some small changes to increase the usability of an application used by the sales team. Prior security reviews of the code showed no significant vulnerabilities, and since the changes were small, they were given a peer review and then pushed to the live environment. Subsequent vulnerability scans now show numerous flaws that were not present in the previous versions of the code. Which of the following is an SDLC best practice that should have been followed?
- A. Integration testing
- B. Versioning
- C. Continuous integration
- D. Regression testing
Answer: D
NEW QUESTION 346
A consultant is hired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessment will be considered successful if the consultant can discover the name of one of the IT administrators.
Which of the following is MOST likely to produce the needed information?
- A. Fingerprinting
- B. DNS enumeration
- C. Whois
- D. Vulnerability scanner
Answer: C
NEW QUESTION 347
......
Enterprise Security Architecture: 25%
- Analyzing scenarios to incorporate security controls for small form factor and mobile devices to fulfill security prerequisites: this domain will measure competence in enterprise mobility management; security implication and privacy concerns; wearable technology.
- Selecting relevant security control according to given software vulnerability scenarios: this subject area requires the students’ understanding of application security design considerations; specific application problems; allocation sandboxing; client-side processing versus server-side processing; web application firewalls; database activity monitoring; secure encrypted enclaves; operating system vulnerability; firmware vulnerabilities.
- Analyzing scenarios and incorporating security and network components, architectures, and concepts to fulfill security prerequisites: the skills that will be measured in this topic include virtual and physical security and network devices; protocol-aware and application technologies; advanced network design; multifaceted network security solutions for the data flow; securing baselining and configuration of security and networking components; software-defined networking; network management & monitoring tools; advanced configuration of network devices, including routers and switches; security zones; network access control; network-enabled devices; critical infrastructure.
- Analyzing scenarios to incorporate security controls or the host devices to fulfill security prerequisites: the test takers will be required to demonstrate competence in Endpoint security software; host hardening; trusted OS; boot loader protections; terminal services and application delivery services; vulnerabilities connected with hardware.
Pass CAS-003 Exam - Real Questions & Answers: https://www.dumpstillvalid.com/CAS-003-prep4sure-review.html
