• Home
  • Articles
  • Latest [Sep 02, 2021] CompTIA CAS-003 Exam Practice Test To Gain Brilliante Result [Q123-Q142]

Latest [Sep 02, 2021] CompTIA CAS-003 Exam Practice Test To Gain Brilliante Result [Q123-Q142]

Share

Latest [Sep 02, 2021] CompTIA CAS-003 Exam Practice Test To Gain Brilliante Result

Take a Leap Forward in Your Career by Earning CompTIA CAS-003

NEW QUESTION 123
A recent CRM upgrade at a branch office was completed after the desired deadline. Several technical
issues were found during the upgrade and need to be discussed in depth before the next branch office is
upgraded.
Which of the following should be used to identify weak processes and other vulnerabilities?

  • A. Lessons learned report
  • B. Benchmarks and baseline results
  • C. Gap analysis
  • D. Risk assessment

Answer: A

 

NEW QUESTION 124
A security engineer must establish a method to assess compliance with company security policies as they apply to the unique configuration of individual endpoints, as well as to the shared configuration policies of common devices.

Which of the following tools is the security engineer using to produce the above output?

  • A. SIEM
  • B. Port scanner
  • C. Vulnerability scanner
  • D. SCAP scanner

Answer: D

Explanation:
The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization.

 

NEW QUESTION 125
A security technician is incorporating the following requirements in an RFP for a new SIEM:
New security notifications must be dynamically implemented by the SIEM engine The SIEM must be able to identify traffic baseline anomalies Anonymous attack data from all customers must augment attack detection and risk scoring Based on the above requirements, which of the following should the SIEM support? (Choose two.)

  • A. Cloud-based management
  • B. Multisensor deployment
  • C. Big Data analytics
  • D. Centralized log aggregation
  • E. Machine learning
  • F. Autoscaling search capability

Answer: C,E

 

NEW QUESTION 126
A systems administrator has installed a disk wiping utility on all computers across the organization and
configured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. The
company has also instituted a policy that requires users to erase files containing sensitive information
when they are no longer needed.
To ensure the process provides the intended results, an auditor reviews the following content from a
randomly selected decommissioned hard disk:

Which of the following should be included in the auditor's report based on the above findings?

  • A. The hard disk contains bad sectors
  • B. The disk has been degaussed.
  • C. The data represents part of the disk BIOS.
  • D. Sensitive data might still be present on the hard drives.

Answer: A

 

NEW QUESTION 127
Joe, a penetration tester, is assessing the security of an application binary provided to him by his client. Which of the following methods would be the MOST effective in reaching this objective?

  • A. Manually review the binary in a text editor
  • B. Use a static code analyzer
  • C. Employ a fuzzing utility
  • D. Run the binary in an application sandbox

Answer: D

 

NEW QUESTION 128
A security analyst is reviewing logs and discovers that a company-owned computer issued to an employee is generating many alerts and warnings. The analyst continues to review the log events and discovers that a non-company-owned device from a different, unknown IP address is generating the same events. The analyst informs the manager of these findings, and the manager explains that these activities are already known and part of an ongoing events. Given this scenario, which of the following roles are the analyst, the employee, and the manager filling?

  • A. The analyst is blue team
    The employee is red team
    The manager is white team
  • B. The analyst is red team
    The employee is white team
    The manager is blue team
  • C. The analyst is white team
    The employee is red team
    The manager is blue team
  • D. The analyst is red team
    The employee is blue team
    The manager is white team

Answer: A

 

NEW QUESTION 129
An analyst is investigating behavior on a corporate-owned, corporate-managed mobile device with application whitelisting enabled, based on a name string. The employee to whom the device is assigned reports the approved email client is displaying warning messages that can launch browser windows and is adding unrecognized email addresses to the "compose" window.
Which of the following would provide the analyst the BEST chance of understanding and characterizing the malicious behavior?

  • A. Analyze the device firmware via the JTAG interface.
  • B. Perform static code analysis on the source code.
  • C. Penetration test the mobile application.
  • D. Change to a whitelist that uses cryptographic hashing.
  • E. Reverse engineer the application binary.

Answer: E

Explanation:
The best thing to do would be analyzing the application running on the mobile, to verify if it is really malicious. This would be done by reverse engineering the .apk (option A), since you don't have this malicious app source code.

 

NEW QUESTION 130
During a security assessment, an organization is advised of inadequate control over network segmentation.
The assessor explains that the organization's reliance on VLANs to segment traffic is insufficient to provide segmentation based on regulatory standards.
Which of the following should the organization consider implementing along with VLANs to provide a greater level of segmentation?

  • A. Access control lists
  • B. Elastic load balancing
  • C. Spanning tree protocol
  • D. Network virtualization
  • E. Air gaps

Answer: D

 

NEW QUESTION 131
Ann, a user' brings her laptop to an analyst after noticing it has been operating very slowly. The security analyst examines the laptop and obtains the following output.

Which of the following will the analyst most likely use NEXT?

  • A. Network enumerator
  • B. Antivirus
  • C. Process explorer
  • D. Vulnerability scanner

Answer: D

 

NEW QUESTION 132
An investigator wants to collect the most volatile data first in an incident to preserve the data that runs the highest risk of being lost. After memory, which of the following BEST represents the remaining order of volatility that the investigator should follow?

  • A. File system information, swap files, network processes, system processes and raw disk blocks.
  • B. Raw disk blocks, swap files, network processes, system processes, and file system information.
  • C. System processes, network processes, file system information, swap files and raw disk blocks.
  • D. Raw disk blocks, network processes, system processes, swap files and file system information.

Answer: C

Explanation:
Explanation
The order in which you should collect evidence is referred to as the Order of volatility. Generally, evidence should be collected from the most volatile to the least volatile. The order of volatility from most volatile to least volatile is as follows:
Data in RAM, including CPU cache and recently used data and applications Data in RAM, including system and network processes Swap files (also known as paging files) stored on local disk drives Data stored on local disk drives Logs stored on remote systems Archive media

 

NEW QUESTION 133
A business is growing and starting to branch out into other locations. In anticipation of opening an office in a different country, the Chief Information Security Officer (CISO) and legal team agree they need to meet the following criteria regarding data to open the new office:
* Store taxation-related documents for five years
* Store customer addresses in an encrypted format
* Destroy customer information after one year
* Keep data only in the customer's home country
Which of the following should the CISO implement to BEST meet these requirements? (Choose three.)

  • A. Capacity planning policy
  • B. Data retention policy
  • C. Legal compliance policy
  • D. Data sovereignty policy
  • E. Acceptable use policy
  • F. Backup policy
  • G. Encryption standard
  • H. Data classification standard

Answer: B,G,H

 

NEW QUESTION 134
The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review.
Which of the following BEST meets the needs of the board?

  • A. KRI:
    - EDR coverage across the fleet
    - Backlog of unresolved security investigations
    - Time to patch critical issues on a monthly basis
    - Threat landscape rating
    KPI:
    - Time to resolve open security items
    - Compliance with regulations
    - % of suppliers with approved security control frameworks
    - Severity of threats and vulnerabilities reported by sensors
  • B. KRI:
    - Compliance with regulations
    - Backlog of unresolved security investigations
    - Severity of threats and vulnerabilities reported by sensors
    - Time to patch critical issues on a monthly basis
    KPI:
    - Time to resolve open security items
    - % of suppliers with approved security control frameworks
    - EDR coverage across the fleet
    - Threat landscape rating
  • C. KPI:
    - Compliance with regulations
    - % of suppliers with approved security control frameworks
    - Severity of threats and vulnerabilities reported by sensors
    - Threat landscape rating
    KRI:
    - Time to resolve open security items
    - Backlog of unresolved security investigations
    - EDR coverage across the fleet
    - Time to patch critical issues on a monthly basis
  • D. KRI:
    - EDR coverage across the fleet
    - % of suppliers with approved security control framework
    - Backlog of unresolved security investigations
    - Threat landscape rating
    KPI:
    - Time to resolve open security items
    - Compliance with regulations
    - Time to patch critical issues on a monthly basis
    - Severity of threats and vulnerabilities reported by sensors

Answer: D

 

NEW QUESTION 135
An online bank has contracted with a consultant to perform a security assessment of the bank's web portal.
The consultant notices the login page is linked from the main page with HTTPS, but when the URL is changed to HTTP, the browser is automatically redirected back to the HTTPS site. Which of the following is a concern for the consultant, and how can it be mitigated?

  • A. The HTTP traffic is vulnerable to network sniffing, which could disclose usernames and passwords to an attacker. The consultant should recommend disabling HTTP on the web server.
  • B. The consultant is concerned the site is using an older version of the SSL 3.0 protocol that is vulnerable to a variety of attacks. Upgrading the site to TLS 1.0 would mitigate this issue.
  • C. A successful MITM attack Could intercept the redirect and use sslstrip to decrypt further HTTPS traffic. Implementing HSTS on the web server would prevent this.
  • D. XSS could be used to inject code into the login page during the redirect to the HTTPS site. The consultant should implement a WAF to prevent this.

Answer: C

 

NEW QUESTION 136
A company has received the contract to begin developing a new suite of software tools to replace an aging collaboration solution. The original collaboration solution has been in place for nine years, contains over a million lines of code, and took over two years to develop originally. The SDLC has been broken up into eight primary stages, with each stage requiring an in-depth risk analysis before moving on to the next phase. Which of the following software development methods is MOST applicable?

  • A. Spiral model
  • B. Incremental model
  • C. Agile model
  • D. Waterfall model

Answer: D

Explanation:
The waterfall model is a sequential software development processes, in which progress is seen as flowing steadily downwards through identified phases.

 

NEW QUESTION 137
In a situation where data is to be recovered from an attacker's location, which of the following are the FIRST things to capture? (Select TWO).

  • A. Documents on the printer
  • B. Snapshots of data on the monitor
  • C. Passwords written on scrap paper
  • D. System hard drive
  • E. Removable media
  • F. Volatile system memory

Answer: B,F

Explanation:
Explanation
An exact copy of the attacker's system must be captured for further investigation so that the original data can remain unchanged. An analyst will then start the process of capturing data from the most volatile to the least volatile.
The order of volatility from most volatile to least volatile is as follows:
Data in RAM, including CPU cache and recently used data and applications Data in RAM, including system and network processes Swap files (also known as paging files) stored on local disk drives Data stored on local disk drives Logs stored on remote systems Archive media

 

NEW QUESTION 138
An organization has implemented an Agile development process for front end web application development. A new security architect has just joined the company and wants to integrate security activities into the SDLC.
Which of the following activities MUST be mandated to ensure code quality from a security perspective? (Select TWO).

  • A. For each major iteration penetration testing is performed
  • B. Static and dynamic analysis is run as part of integration
  • C. Daily stand-up meetings are held to ensure security requirements are understood
  • D. Security standards and training is performed as part of the project
  • E. Security requirements are story boarded and make it into the build
  • F. A security design is performed at the end of the requirements phase

Answer: A,B

Explanation:
SDLC stands for systems development life cycle. An agile project is completed in small sections called iterations. Each iteration is reviewed and critiqued by the project team. Insights gained from the critique of an iteration are used to determine what the next step should be in the project. Each project iteration is typically scheduled to be completed within two weeks.
Static and dynamic security analysis should be performed throughout the project. Static program analysis is the analysis of computer software that is performed without actually executing programs (analysis performed on executing programs is known as dynamic analysis). In most cases the analysis is performed on some version of the source code, and in the other cases, some form of the object code.
For each major iteration penetration testing is performed. The output of a major iteration will be a functioning part of the application. This should be penetration tested to ensure security of the application.
Incorrect Answers:
B: Security standards and training does not ensure code quality from a security perspective. The only way to ensure code quality is to test the code itself.
C: Ensuring security requirements are understood does not ensure code quality from a security perspective. The only way to ensure code quality is to test the code itself.
E: Storyboarding security requirements does not ensure code quality from a security perspective. The only way to ensure code quality is to test the code itself.
F: A security design does not ensure code quality from a security perspective. The only way to ensure code quality is to test the code itself.
References:
https://en.wikipedia.org/wiki/Static_program_analysis
http://searchcio.techtarget.com/definition/Agile-project-management

 

NEW QUESTION 139
There have been some failures of the company's internal facing website. A security engineer has found the WAF to be the root cause of the failures. System logs show that the WAF has been unavailable for 14 hours over the past month, in four separate situations.
One of these situations was a two hour scheduled maintenance time, aimed at improving the stability of the WAF. Using the MTTR based on the last month's performance figures, which of the following calculations is the percentage of uptime assuming there were 722 hours in the month?

  • A. 98.34 percent
  • B. 98.06 percent
  • C. 99.72 percent
  • D. 92.24 percent

Answer: B

Explanation:
A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked.
14h of down time in a period of 772 supposed uptime = 14/772 x 100 = 1.939 % Thus the % of uptime = 100% - 1.939% = 98.06% References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 43, 116

 

NEW QUESTION 140
An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management (CRM) application. Which of the following ensures the organization mitigates the risk of managing separate user credentials?

  • A. Ensure the SaaS provider supports dual factor authentication.
  • B. Ensure the SaaS provider supports encrypted password transmission and storage.
  • C. Ensure the SaaS provider supports role-based access control.
  • D. Ensure the SaaS provider supports directory services federation.
  • E. Ensure the SaaS provider supports secure hash file exchange.

Answer: D

Explanation:
A SaaS application that has a federation server within the customer's network that interfaces with the customer's own enterprise user-directory service can provide single sign-on authentication. This federation server has a trust relationship with a corresponding federation server located within the SaaS provider's network.
Single sign-on will mitigate the risk of managing separate user credentials.

 

NEW QUESTION 141
An organization is in the process of evaluating service providers for an upcoming migration to cloud-based services for the organization's ERP system. As part of the requirements defined by the project team, regulatory requirements specify segmentation and isolation of the organization's data. Which of the following should the vendor management team identify as a requirement during the procurement process?

  • A. Public cloud services with single-tenancy IaaS architectures
  • B. Private cloud services with single-tenancy PaaS services
  • C. Public cloud services with private SaaS environments supported by private IaaS backbones
  • D. Private cloud services with multitenancy in place for private SaaS environments

Answer: B

 

NEW QUESTION 142
......

Authentic Best resources for CAS-003 Online Practice Exam: https://www.validdumps.top/CAS-003-exam-torrent.html

Related Articles

more
CompTIA CAS-003 Certification Practice Exam