Updated CAS-003 Exam Questions For CompTIA Advanced Security Practitioner (CASP) Certification

Regina2021-09-08T02:59:24+00:00

CAS-004, as a new exam for CompTIA Advanced Security Practitioner (CASP) certification will be launched in October of 2021. So currently, we still recommend you to pass CAS-003 exam to complete the CompTIA CASP+ certification. To help you learn CAS-003 exam well, we have updated CAS-003 exam questions with 554 practice Q&As online. The latest and most updated CAS-003 practice exam will be shared in PDF format and Software version, which are the great formats to help you learn the accurate CAS-003 exam questions and answers. We ensure that you can pass CAS-003 CompTIA CASP+ exam with 100% passing guarantee.

You will find CAS-003 free questions below to check CompTIA CASP+ Updated exam questions.

Page 1 of 6

1. A new database application was added to a company’s hosted VM environment. Firewall ACLs were modified to allow database users to access the server remotely. The company’s cloud security broker then identified abnormal from a database user on-site. Upon further investigation, the security team noticed the user ran code on a VM that provided access to the hypervisor directly and access to other sensitive data.

Which of the following should the security do to help mitigate future attacks within the VM environment? (Choose two.)

Install the appropriate patches.

Install perimeter NGF

Configure VM isolation.

Deprovision database V

Change the user’s access privileges.

Update virus definitions on all endpoints.

2. A developer needs to provide feedback on a peer’s work during the SDLC. While reviewing the code changes, the developers session ID tokens for a web application will be transmitted over an unsecure connection .

Which of the following code snippets should the developer recommend implement to correct the vulnerability?

A)

Option A

Option B

Option C

Option D

3. Ann, a terminated employee, left personal photos on a company-issued laptop and no longer has access to them. Ann emails her previous manager and asks to get her personal photos back .

Which of the following BEST describes how the manager should respond?

Determine if the data still exists by inspecting to ascertain if the laptop has already been wiped and if the storage team has recent backups.

Inform Ann that the laptop was for company data only and she should not have stored personal photos on a company asset.

Report the email because it may have been a spoofed request coming from an attacker who is trying to exfiltrate data from the company laptop.

Consult with the legal and/or human resources department and check company policies around employment and termination procedures.

4. A penetration test is being scoped for a set of web services with API endpoints. The APIs will be hosted on existing web application servers. Some of the new APIs will be available

to unauthenticated users, but some will only be available to authenticated users .

Which of the following tools or activities would the penetration tester MOST likely use or do during the engagement? (Select TWO.)

Static code analyzer

Intercepting proxy

Port scanner

Reverse engineering

Reconnaissance gathering

User acceptance testing

5. A systems administrator receives an advisory email that a recently discovered exploit is being used in another country and the financial institutions have ceased operations while they find a way to respond to the attack .

Which of the following BEST describes where the administrator should look to find information on the attack to determine if a response must be prepared for the systems? (Choose two.)

Bug bounty websites

Hacker forums

Antivirus vendor websites

Trade industry association websites

CVE database

Company’s legal department

6. Which of the following is the GREATEST security concern with respect to BYOD?

The filtering of sensitive data out of data flows at geographic boundaries.

Removing potential bottlenecks in data transmission paths.

The transfer of corporate data onto mobile corporate devices.

The migration of data into and out of the network in an uncontrolled manner.

7. A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline.

Which of the following tools should be implemented to detect similar attacks?

Vulnerability scanner

TPM

Host-based firewall

File integrity monitor

NIPS

8. A system administrator recently conducted a vulnerability scan of the internet. Subsequently, the organization was successfully attacked by an adversary .

Which of the following in the MOST likely explanation for why the organization network was compromised?

There was a false positive since the network was fully patched.

The system administrator did not perform a full system sun.

The systems administrator performed a credentialed scan.

The vulnerability database was not updated.

9. A network printer needs Internet access to function. Corporate policy states all devices allowed on the network must be authenticated .

Which of the following is the MOST secure method to allow the printer on the network without violating policy?

Request an exception to the corporate policy from the risk management committee

Require anyone trying to use the printer to enter their username and password

Have a help desk employee sign in to the printer every morning

Issue a certificate to the printer and use certificate-based authentication

10. Several days after deploying an MDM for smartphone control, an organization began noticing anomalous behavior across the enterprise Security analysts observed the following:

• Unauthorized certificate issuance

• Access to mutually authenticated resources utilizing valid but unauthorized certificates

• Granted access to internal resources via the SSL VPN

To address the immediate problem security analysts revoked the erroneous certificates .

Which of the following describes the MOST likely root cause of the problem and offers a solution?

The VPN and web resources are configured with too weak a cipher suite and should be rekeyed to support AES 256 in GCM and ECC for digital signatures and key exchange

A managed mobile device is rooted, exposing its keystore and the MDM should be reconfigured to wipe these devices and disallow access to corporate resources

SCEP is configured insecurely which should be enabled for device onboarding against a PKI for mobile-exclusive use

The CA is configured to sign any received CSR from mobile users and should be reconfigured to permit CSR signings only from domain administrators.

Page 2 of 6

11. A Chief Information Security Officer (CISO) has created a survey that will be distributed to managers of mission-critical functions across the organization. The survey requires the managers to determine how long their respective units can operate in the event of an extended IT outage before the organization suffers monetary losses from the outage To which of the following is the survey question related? (Select TWO)

Risk avoidance

Business impact

Risk assessment

Recovery point objective

Recovery time objective

Mean time between failures

12. A manufacturing company's security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently proposed some techniques to reduce the attack surface of the ICS to the Chief Information Security Officer (CISO) .

Which of the following would BEST track the reductions to show the CISO the engineer's plan is successful during each phase?

Conducting tabletop exercises to evaluate system risk

Contracting a third-party auditor after the project is finished

Performing pre- and post-implementation penetration tests

Running frequent vulnerability scans during the project

13. A project manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor’s cloud-based infrastructure. The organization will maintain responsibility for the software but will not manage the underlying server applications .

Which of the following does the organization plan to leverage?

SaaS

PaaS

IaaS

Hybrid cloud

Network virtualization

14. During a security event investigation, a junior analyst fails to create an image of a server’s hard drive before removing the drive and sending it to the forensics analyst. Later, the evidence from the analysis is not usable in the prosecution of the attackers due to the uncertainty of tampering .

Which of the following should the junior analyst have followed?

Continuity of operations

Chain of custody

Order of volatility

Data recovery

15. A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing .

Which of the following should the CISO read and understand before writing the policies?

PCI DSS

GDPR

NIST

ISO 31000

16. A security is testing a server finds the following in the output of a vulnerability scan:

Which of the following will the security analyst most likely use NEXT to explore this further?

Exploitation framework

Reverse engineering tools

Vulnerability scanner

Visualization tool

17. The Chief Information Security Officer (CISO) of a company that has highly sensitive corporate locations wants its security engineers to find a solution to growing concerns regarding mobile devices.

The CISO mandates the following requirements:

• The devices must be owned by the company for legal purposes.

• The device must be as fully functional as possible when off site.

• Corporate email must be maintained separately from personal email

• Employees must be able to install their own applications.

Which of the following will BEST meet the CISO's mandate? (Select TWO).

Disable the device's camera

Allow only corporate resources in a container.

Use an MDM to wipe the devices remotely

Block all sideloading of applications on devices

Use geofencmg on certain applications

Deploy phones in a BYOD model

18. Following a complete outage of the electronic medical record system for more than 18 hours, the hospital’s Chief Executive Officer (CEO) has requested that the Chief Information Security Officer (CISO) perform an investigation into the possibility of a disgruntled employee causing the outage maliciously. To begin the investigation, the CISO pulls all event logs and device configurations from the time of the outage. The CISO immediately notices the configuration of a top-of-rack switch from one day prior to the outage does not match the configuration that was in place at the time of the outage. However, none of the event logs show who changed the switch configuration, and seven people have the ability to change it. Because of this, the investigation is inconclusive.

Which of the following processes should be implemented to ensure this information is available for future investigations?

Asset inventory management

Incident response plan

Test and evaluation

Configuration and change management

19. A security administrator wants to implement two-factor authentication for network switches and routers. The solution should integrate with the company’s RADIUS server, which is used for authentication to the network infrastructure devices.

The security administrator implements the following:

✑ An HOTP service is installed on the RADIUS server.

✑ . The RADIUS server is configured to require the HOTP service for authentication.

The configuration is successfully tested using a software supplicant and enforced across all network devices. Network administrators report they are unable to log onto the network devices because they are not being prompted for the second factor.

Which of the following should be implemented to BEST resolve the issue?

Replace the password requirement with the second factor. Network administrators will enter their username and then enter the token in place of their password in the password field.

Configure the RADIUS server to accept the second factor appended to the password. Network administrators will enter a password followed by their token in the password field.

Reconfigure network devices to prompt for username, password, and a token. Network administrators will enter their username and password, and then they will enter the token.

Install a TOTP service on the RADIUS server in addition to the HOTP service. Use the HOTP on older devices that do not support two-factor authentication. Network administrators will use a web portal to log onto these devices.

20. A new corporate policy requires that all employees have access to corporate resources on personal mobile devices. The information assurance manager is concerned about the potential for inadvertent and malicious data disclosure if a device is lost, while users are concerned about corporate overreach .

Which of the following controls would address these concerns and should be reflected in the company's mobile device policy?

Place corporate applications in a container

Enable geolocation on all devices

install remote wiping capabilities

Ensure all company communications use a VPN

Page 3 of 6

21. A company’s security policy states any remote connections must be validated using two forms of network-based authentication. It also states local administrative accounts should not be used for any remote access. PKI currently is not configured within the network. RSA tokens have been provided to all employees, as well as a mobile application that can be used for 2FA authentication. A new NGFW has been installed within the network to provide security for external connections, and the company has decided to use it for VPN connections as well .

Which of the following should be configured? (Choose two.)

Certificate-based authentication

TACACS+

802.1X

RADIUS

LDAP

Local user database

22. Staff members are reporting an unusual number of device thefts associated with time out of the office. Thefts increased soon after the company deployed a new social networking app .

Which of the following should the Chief Information Security Officer (CISO) recommend implementing?

Automatic location check-ins

Geolocated presence privacy

Integrity controls

NAC checks to quarantine devices

23. After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees’ devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees’ devices into the network securely?

Distribute a NAC client and use the client to push the company’s private key to all the new devices.

Distribute the device connection policy and a unique public/private key pair to each new employee’s device.

Install a self-signed SSL certificate on the company’s RADIUS server and distribute the certificate’s public key to all new client devices.

Install an 802.1X supplicant on all new devices and let each device generate a self-signed certificate to use for network access.

24. Following the most recent patch deployment, a security engineer receives reports that the ERP application is no longer accessible. The security engineer reviews the situation and determines a critical security patch that was applied to the ERP server is the cause. The patch is subsequently backed out.

Which of the following security controls would be BEST to implement to mitigate the threat caused by the missing patch?

Anti-malware

Patch testing

HIPS

Vulnerability scanner

25. An information security officer reviews a report and notices a steady increase in outbound network traffic over the past ten months. There is no clear explanation for the increase. The security officer interviews several business units and discovers an unsanctioned cloud storage provider was used to share marketing materials with potential customers .

Which of the following services would be BEST for the security officer to recommend to the company?

NIDS

HIPS

CASB

SFTP

26. A security administrator is concerned about employees connecting their personal devices to the company network. Doing so is against company policy. The network does not have a NAC solution. The company uses a GPO that disables the firewall on all company-owned devices while they are connected to the internal network Additionally, all company-owned devices implement a standard naming convention that uses the device's serial number. The security administrator wants to identify active personal devices and write a custom script to disconnect them from the network.

Which of the following should the script use to BEST accomplish this task?

Recursive DNS logs

DHCP logs

AD authentication logs

RADIUS logs

Switch and router ARP tables

27. A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs.

The program has highlighted the following requirements:

✑ Long-lived sessions are required, as users do not log in very often.

✑ . The solution has multiple SPs, which include mobile and web applications.

✑ A centralized IdP is utilized for all customer digital channels.

✑ . The applications provide different functionality types such as forums and customer portals.

✑ . The user experience needs to be the same across both mobile and web-based applications.

Which of the following would BEST improve security while meeting these requirements?

Social login to IdP, securely store the session cookies, and implement one-time passwords sent to the mobile device

Create-based authentication to IdP, securely store access tokens, and implement secure push notifications.

Username and password authentication to IdP, securely store refresh tokens, and implement context-aware authentication.

Username and password authentication to SP, securely store Java web tokens, and implement SMS OTPs.

28. A security administrator is confirming specific ports and IP addresses that are monitored by the IPS-IDS system as well as the firewall placement on the perimeter network between the company and a new business partner.

Which of the following business documents defines the parameters the security administrator must confirm?

BIA

ISA

NDA

MOU

29. A software company is releasing a new mobile application to a broad set of external customers. Because the software company is rapidly releasing new features, it has built in an over-the-air software update process that can automatically update the application at launch time .

Which of the following security controls should be recommended by the company’s security architect to protect the integrity of the update process? (Choose two.)

Validate cryptographic signatures applied to software updates

Perform certificate pinning of the associated code signing key

Require HTTPS connections for downloads of software updates

Ensure there are multiple download mirrors for availability

Enforce a click-through process with user opt-in for new features

30. A project manager is working with a software development group to collect and evaluate user stories related to the organization’s internally designed CRM tool. After defining requirements, the project manager would like to validate the developer’s interpretation and understanding of the user’s request .

Which of the following would BEST support this objective?

Peer review

Design review

Scrum

User acceptance testing

Unit testing

Page 4 of 6

31. A newly hired security analyst has joined an established SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concerned about it.

Which of the following is the MOST likely reason for the team lead’s position?

The organization has accepted the risks associated with web-based threats.

The attack type does not meet the organization’s threat model.

Web-based applications are on isolated network segments.

Corporate policy states that NIPS signatures must be updated every hour.

32. The government is concerned with remote military missions being negatively being impacted by the use of technology that may fail to protect operational security.

To remediate this concern, a number of solutions have been implemented, including the following:

✑ End-to-end encryption of all inbound and outbound communication, including personal email and chat sessions that allow soldiers to securely communicate with families.

✑ Layer 7 inspection and TCP/UDP port restriction, including firewall rules to only allow TCP port 80 and 443 and approved applications

✑ A host-based whitelist of approved websites and applications that only allow mission-related tools and sites

✑ . The use of satellite communication to include multiple proxy servers to scramble the source IP address

Which of the following is of MOST concern in this scenario?

Malicious actors intercepting inbound and outbound communication to determine the scope of the mission

Family members posting geotagged images on social media that were received via email from soldiers

The effect of communication latency that may negatively impact real-time communication with mission control

The use of centrally managed military network and computers by soldiers when communicating with external parties

33. Following a merger, the number of remote sites for a company has doubled to 52. The company has decided to secure each remote site with an NGFW to provide web filtering, NIDS/NIPS, and network antivirus. The Chief Information Officer (CIO) has requested that the security engineer provide recommendations on sizing for the firewall with the requirements that it be easy to manage and provide capacity for growth.

The tables below provide information on a subset of remote sites and the firewall options:

Which of the following would be the BEST option to recommend to the CIO?

Vendor C for small remote sites, and Vendor B for large sites.

Vendor B for all remote sites

Vendor C for all remote sites

Vendor A for all remote sites

Vendor D for all remote sites

34. A legacy web application, which is being used by a hospital, cannot be upgraded for 12 months. A new vulnerability is found in the legacy application, and the networking team is tasked with mitigation. Middleware for mitigation will cost $100,000 per year .

Which of the following must be calculated to determine ROI? (Choose two.)

ALE

RTO

MTBF

ARO

RPO

35. A security analyst is comparing two virtual servers that were bum from the same image and patched at the same regular intervals Server A is used to host a public-facing website, and Server B runs accounting software inside the firewalled accounting network.

The analyst runs the same command and obtains the following output from Server A and Server B. respectively:

Which of the following will the analyst most likely use NEXT?

Exploitation tools

Hash cracking tools

Malware analysis tools

Log analysis tools

36. An administrator wants to ensure hard drives cannot be removed from hosts and men installed into and read by unauthorized hosts.

Which of the following techniques would BEST support this?

Access control lists

TACACS+ server for AAA

File-level encryption

TPM with sealed storage

37. A government entity is developing requirements for an RFP to acquire a biometric authentication system.

When developing these requirements, which of the following considerations is MOST critical to the verification and validation of the SRTM?

Local and national laws and regulations

Secure software development requirements

Environmental constraint requirements

Testability of requirements

38. The email administrator must reduce the number of phishing emails by utilizing more appropriate security controls.

The following configurations already are in place

• Keyword Mocking based on word lists

• URL rewriting and protection

• Stopping executable files from messages

Which of the following is the BEST configuration change for the administrator to make?

Configure more robust word lists for blocking suspicious emails

Configure appropriate regular expression rules per suspicious email received

Configure Bayesian filtering to block suspicious inbound email

Configure the mail gateway to strip any attachments

39. An organization wants to allow its employees to receive corporate email on their own smartphones.

A security analyst is reviewing the following information contained within the file system of an employee’s smartphone:

FamilyPix.jpg

Taxreturn.tax

paystub.pdf

employeesinfo.xls

SoccerSchedule.doc

RecruitmentPlan.xls

Based on the above findings, which of the following should the organization implement to prevent further exposure? (Select two).

Remote wiping

Side loading

VPN

Containerization

Rooting

Geofencing

Jailbreaking

40. A security technician is incorporating the following requirements in an RFP for a new SIEM:

✑ New security notifications must be dynamically implemented by the SIEM engine

✑ . The SIEM must be able to identify traffic baseline anomalies

✑ Anonymous attack data from all customers must augment attack detection and risk scoring

Based on the above requirements, which of the following should the SIEM support? (Choose two.)

Autoscaling search capability

Machine learning

Multisensor deployment

Big Data analytics

Cloud-based management

Centralized log aggregation

Page 5 of 6

41. CORRECT TEXT

You are a security analyst tasked with interpreting an Nmap scan output from Company A's privileged network.

The company's hardening guidelines indicate the following:

• There should be one primary server or service per device.

• Only default ports should be used.

• Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

For each device found, add a device entry to the Devices Discovered list, with the following information:

• The IP address of the device

• The primary server or service of the device

• The protocol(s) that should be disabled based on the hardening guidelines

42. The SOC has noticed an unusual volume of traffic coming from an open WiFi guest network that appears correlated with a broader network slowdown.

The network team is unavailable to capture traffic but logs from network services are available

• No users have authenticated recently through the guest network's captive portal

• DDoS mitigation systems are not alerting

• DNS resolver logs show some very long domain names

Which of the following is the BEST step for a security analyst to take next?

Block all outbound traffic from the guest network at the border firewall

Verify the passphrase on the guest network has not been changed.

Search antivirus logs for evidence of a compromised company device

Review access pent fogs to identify potential zombie services

43. A SaaS-based email service provider often receives reports from legitimate customers that their IP netblocks are on blacklists and they cannot send email. The SaaS has confirmed that affected customers typically have IP addresses within broader network ranges and some abusive customers within the same IP ranges may have performed spam campaigns .

Which of the following actions should the SaaS provider perform to minimize legitimate customer impact?

Inform the customer that the service provider does not have any control over third-party blacklist entries. The customer should reach out to the blacklist operator directly

Perform a takedown of any customer accounts that have entries on email blacklists because this is a strong indicator of hostile behavior

Work with the legal department and threaten legal action against the blacklist operator if the netblocks are not removed because this is affecting legitimate traffic

Establish relationship with a blacklist operators so broad entries can be replaced with more granular entries and incorrect entries can be quickly pruned

44. The Chief Information Officer (CIO) wants to increase security and accessibility among the organization’s cloud SaaS applications. The applications are configured to use passwords, and two-factor authentication is not provided natively .

Which of the following would BEST address the CIO’s concerns?

Procure a password manager for the employees to use with the cloud applications.

Create a VPN tunnel between the on-premises environment and the cloud providers.

Deploy applications internally and migrate away from SaaS applications.

Implement an IdP that supports SAML and time-based, one-time passwords.

45. Which of the following system would be at the GREATEST risk of compromise if found to have an open vulnerability associated with perfect ... secrecy?

Endpoints

VPN concentrators

Virtual hosts

SIEM

Layer 2 switches

46. A security engineer is working to secure an organization’s VMs. While reviewing the workflow for creating VMs on demand, the engineer raises a concern about the integrity of the secure boot process of the VM guest.

Which of the following would BEST address this concern?

Configure file integrity monitoring of the guest O

Enable the vTPM on a Type 2 hypervisor.

Only deploy servers that are based on a hardened image.

Protect the memory allocation of a Type 1 hypervisor.

47. During a criminal investigation, the prosecutor submitted the original hard drive from the suspect’s computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected .

Which of the following practices should the prosecutor’s forensics team have used to ensure the suspect’s data would be admissible as evidence? (Select TWO.)

Follow chain of custody best practices

Create an identical image of the original hard drive, store the original securely, and then perform forensics only on the imaged drive.

Use forensics software on the original hard drive and present generated reports as evidence

Create a tape backup of the original hard drive and present the backup as evidence

Create an exact image of the original hard drive for forensics purposes, and then place the original back in service

48. An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions.

Which of the following types of information could be drawn from such participation?

Threat modeling

Risk assessment

Vulnerability data

Threat intelligence

Risk metrics

Exploit frameworks

49. An organization is considering the use of a thin client architecture as it moves to a cloud-hosted environment. A security analyst is asked to provide thoughts on the security advantages of using thin clients and virtual workstations .

Which of the following are security advantages of the use of this combination of thin clients and virtual workstations?

Malicious insiders will not have the opportunity to tamper with data at rest and affect the integrity of the system.

Thin client workstations require much less security because they lack storage and peripherals that can be easily compromised, and the virtual workstations are protected in the cloud where security is outsourced.

All thin clients use TPM for core protection, and virtual workstations use vTPM for core protection with both equally ensuring a greater security advantage for a cloud-hosted environment.

Malicious users will have reduced opportunities for data extractions from their physical thin client workstations, this reducing the effectiveness of local attacks.

50. A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes .

Which of the following controls would BEST mitigate the identified vulnerability?

Issue digital certificates to all users, including owners of group mailboxes, and enable S/MIME

Federate with an existing PKI provider, and reject all non-signed emails

Implement two-factor email authentication, and require users to hash all email messages upon receipt

Provide digital certificates to all systems, and eliminate the user group or shared mailboxes

Page 6 of 6

51. Following a recent and very large corporate merger, the number of log files an SOC needs to review has approximately tripled. The Chief Information Security Officer (CISO) has not been allowed to hire any more staff for the SOC, but is looking for other ways to automate the log review process so the SOC receives less noise .

Which of the following would BEST reduce log noise for the SOC?

SIEM filtering

Machine learning

Outsourcing

Centralized IPS

52. A legal services company wants to ensure emails to clients maintain integrity in transit.

Which of the following would BEST meet this requirement? (Select TWO)

Signing emails to clients with the organization's public key

Using the organization's private key to encrypt all communication

Implementing a public key infrastructure

Signing emails to clients with the organization's private key

Using shared secret keys

Hashing all outgoing emails

53. A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After invest the new vulnerability, it was determined that the web services providing are being impacted by this new threat .

Which of the following data types a MOST likely at risk of exposure based on this new threat? (Select TWO)

Cardholder data

intellectual property

Personal health information

Employee records

Corporate financial data

54. Two new technical SMB security settings have been enforced and have also become policies that increase secure communications.

Network Client: Digitally sign communication

Network Server: Digitally sign communication

A storage administrator in a remote location with a legacy storage array, which contains time-sensitive data, reports employees can no longer connect to their department shares .

Which of the following mitigation strategies should an information security manager recommend to the data owner?

Accept the risk, reverse the settings for the remote location, and have the remote location file a risk exception until the legacy storage device can be upgraded

Accept the risk for the remote location, and reverse the settings indefinitely since the legacy storage device will not be upgraded

Mitigate the risk for the remote location by suggesting a move to a cloud service provider. Have the remote location request an indefinite risk exception for the use of cloud storage

Avoid the risk, leave the settings alone, and decommission the legacy storage device

55. A server (10.0.0.2) on the corporate network is experiencing a DoS from a number of marketing desktops that have been compromised and are connected to a separate network segment.

The security engineer implements the following configuration on the management router:

Which of the following is the engineer implementing?

Remotely triggered black hole

Route protection

Port security

Transport security

Address space layout randomization

56. A software development team has spent the last 18 months developing a new web-based front-end that will allow clients to check the status of their orders as they proceed through manufacturing. The marketing team schedules a launch party to present the new application to the client base in two weeks. Before the launch, the security team discovers numerous flaws that may introduce dangerous vulnerabilities, allowing direct access to a database used by manufacturing. The development team did not plan to remediate these vulnerabilities during development.

Which of the following SDLC best practices should the development team have followed?

Implementing regression testing

Completing user acceptance testing

Verifying system design documentation

Using a SRTM

57. A security analyst receives an email from a peer that includes a sample of code from a piece of malware found in an application running in the organization’s staging environment. During the incident response process, it is determined the code was introduced into the environment as a result of a compromised laptop being used to harvest credentials and access the organization’s code repository. While the laptop itself was not used to access the code repository, an attacker was able to leverage the harvested credentials from another system in the development environment to bypass the ACLs limiting access to the repositories .

Which of the following controls MOST likely would have interrupted the kill chain in this attack?

IP whitelisting on the perimeter firewall

MFA for developer access

Dynamic analysis scans in the production environment

Blue team engagement in peer-review activities

Time-based restrictions on developer access to code repositories

58. A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee’ PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address .

Which of the following is MOST likely the problem?

The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.

The DHCP server has a reservation for the PC’s MAC address for the wired interface.

The WiFi network is using WPA2 Enterprise, and the computer certificate has the wrong IP address in the SAN field.

The DHCP server is unavailable, so no IP address is being sent back to the P

59. A company is implementing a new secure identity application, given the following requirements

• The cryptographic secrets used in the application must never be exposed to users or the OS

• The application must work on mobile devices.

• The application must work with the company's badge reader system

Which of the following mobile device specifications are required for this design? (Select TWO).

Secure element

Biometrics

UEFI

SEAndroid

NFC

HSM

60. A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

Required all laptops to connect to the VPN before accessing email.

Implement cloud-based content filtering with sandboxing capabilities.

Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Welcome To Choose Required IT Certification Exams Online

Updated CAS-003 Exam Questions For CompTIA Advanced Security Practitioner (CASP) Certification

You will find CAS-003 free questions below to check CompTIA CASP+ Updated exam questions.

Author