CompTIA CASP+ Certification CAS-003 Study Guide Will Be Instant Downloaded In PDF

CompTIA CASP+ Certification CAS-003 Study Guide Will Be Instant Downloaded In PDF

CompTIA Advanced Security Practitioner (CASP+) certification is popular, which is the only hands-on, performance-based certification for practitioners – not managers – at the advanced skill level of cybersecurity. The candidates are required to pass CAS-003 exam to complete CompTIA CASP+ certification. In order to learn and prepare for CAS-003 CASP+ exam well, you can choose CAS-003 study guide at ITExamShop. Add the CAS-003 exam questions full version to cart and complete the payment, then you can get the CompTIA CASP+ Certification CAS-003 Study Guide, which will be instant downloaded in pdf file. Also, we will share the CAS-003 free software later. By the way, the retirement of CASP+ CAS-003 exam is in February of 2022, the new CompTIA CASP+ CAS-004 will be launched in October of 2021.

Choose To Take CompTIA CASP+ CAS-003 Exam Now & Check CAS-003 Free Questions Online

Page 1 of 10

1. A video-game developer has received reports of players who are cheating. All game players each have five capabilities that are ranked on a scale of 1 to 10 points, with 10 total points available for balance. Players can move these points between capabilities at any time.

The programming logic is as follows:

• A player asks to move points from one capability to another

•. The source capability must have enough points to allow the move

•. The destination capability must not exceed 10 after the move

•. The move from source capability to destination capability is then completed

The time stamps of the game logs show each step of the transfer process takes about 900ms However, the time stamps of the cheating players show capability transfers at the exact same time. The cheating players have 10 points in multiple capabilities.

Which of the following is MOST likely being exploited to allow these capability transfers?

2. An organization has established the following controls matrix:





The following control sets have been defined by the organization and are applied in aggregate fashion:

✑ Systems containing PII are protected with the minimum control set.

✑ Systems containing medical data are protected at the moderate level.

✑ Systems containing cardholder data are protected at the high level.

The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients.

Based on the controls classification, which of the following controls would BEST meet these requirements?

3. A new cluster of virtual servers has been set up in a lab environment and must be audited before being allowed on the production network. The security manager needs to ensure unnecessary services are disabled and all system accounts are using strong credentials.

Which of the following tools should be used? (Choose two.)

4. A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares.

Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two.)

5. A recent assessment identified that several users’ mobile devices are running outdated versions of endpoint security software that do not meet the company’s security policy.

Which of the following should be performed to ensure the users can access the network and meet the company’s security requirements?

6. A business is growing and starting to branch out into other locations.

In anticipation of opening an office in a different country, the Chief Information Security Officer (CISO) and legal team agree they need to meet the following criteria regarding data to open the new office:

✑ Store taxation-related documents for five years

✑ Store customer addresses in an encrypted format

✑ Destroy customer information after one year

✑ Keep data only in the customer’s home country

Which of the following should the CISO implement to BEST meet these requirements? (Choose three.)

7. Following a recent security incident on a web server the security analyst takes HTTP traffic captures for further investigation. The analyst suspects certain jpg files have important data hidden within them.

Which of the following tools will help get all the pictures from within the HTTP traffic captured to a specified folder?

8. The government is concerned with remote military missions being negatively being impacted by the use of technology that may fail to protect operational security.

To remediate this concern, a number of solutions have been implemented, including the following:

✑ End-to-end encryption of all inbound and outbound communication, including personal email and chat sessions that allow soldiers to securely communicate with families.

✑ Layer 7 inspection and TCP/UDP port restriction, including firewall rules to only allow TCP port 80 and 443 and approved applications

✑ A host-based whitelist of approved websites and applications that only allow mission-related tools and sites

✑ The use of satellite communication to include multiple proxy servers to scramble the source IP address

Which of the following is of MOST concern in this scenario?

9. A user workstation was infected with a new malware variant as a result of a drive-by download.

The security administrator reviews key controls on the infected workstation and discovers the following:





Which of the following would BEST prevent the problem from reoccurring in the future? (Choose two.)

10. A university’s help desk is receiving reports that Internet access on campus is not functioning. The network administrator looks at the management tools and sees the 1Gbps Internet is completely saturated with ingress traffic.

The administrator sees the following output on the Internet router:





The administrator calls the university’s ISP for assistance, but it takes more than four hours to speak to a network engineer who can resolve the problem.

Based on the information above, which of the following should the ISP engineer do to resolve the issue?