Updated CompTIA CASP+ Certified CAS-003 Exam Questions – Real Guide For Passing

1. A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior.

The company must deploy a host solution to meet the following requirements:

✑ Detect administrative actions

✑ Block unwanted MD5 hashes

✑ Provide alerts

✑ Stop exfiltration of cardholder data

Which of the following solutions would BEST meet these requirements? (Choose two.)

2. The Chief Information Officer (CISO) is concerned that certain systems administrators will privileged access may be reading other users’ emails. Review of a tool’s output shows the administrators have used web mail to log into other users’ inboxes.

Which of the following tools would show this type of output?

3. A security assessor is working with an organization to review the policies and procedures associated with managing the organization’s virtual infrastructure. During a review of the virtual environment, the assessor determines the organization is using servers to provide more than one primary function, which violates a regulatory requirement. The assessor reviews hardening guides and determines policy allows for this configuration.

It would be MOST appropriate for the assessor to advise the organization to:

4. A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs.

The program has highlighted the following requirements:

✑ Long-lived sessions are required, as users do not log in very often.

✑ The solution has multiple SPs, which include mobile and web applications.

✑ A centralized IdP is utilized for all customer digital channels.

✑ The applications provide different functionality types such as forums and customer portals.

✑ The user experience needs to be the same across both mobile and web-based applications.

Which of the following would BEST improve security while meeting these requirements?

5. At a meeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company’s web servers can be obtained publicly and is not proprietary in any way. The next day the company’s website is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website.

Which of the following is the FIRST action the company should take?

6. Click on the exhibit buttons to view the four messages.





















A security architect is working with a project team to deliver an important service that stores and processes customer banking details. The project, internally known as ProjectX, is due to launch its first set of features publicly within a week, but the team has not been able to implement encryption-at-rest of the customer records. The security architect is drafting an escalation email to senior leadership.

Which of the following BEST conveys the business impact for senior leadership?

7. A forensics analyst suspects that a breach has occurred. Security logs show the company’s OS patch system may be compromised, and it is serving patches that contain a zero-day exploit and backdoor. The analyst extracts an executable file from a packet capture of communication between a client computer and the patch server.

Which of the following should the analyst use to confirm this suspicion?

8. Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatment strategies. As part of the CISO’s evaluation, a judgment of potential impact based on the identified risk is performed. To prioritize response actions, the CISO uses past experience to take into account the exposure factor as well as the external accessibility of the weakness identified.

Which of the following is the CISO performing?

9. A consulting firm was hired to conduct assessment for a company.

During the first stage, a penetration tester used a tool that provided the following output:

TCP 80 open

TCP 443 open

TCP 1434 filtered

The penetration tester then used a different tool to make the following requests:

GET / script/login.php?token=45$MHT000MND876

GET / script/login.php?token=@#984DCSPQ%091DF

Which of the following tools did the penetration tester use?

10. A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities.

The analyst inspects the following portions of different configuration files:

Configuration file 1:

Operator ALL=/sbin/reboot

Configuration file 2:

Command=”/sbin/shutdown now”, no-x11-forwarding, no-pty, ssh-dss

Configuration file 3:

Operator:x:1000:1000::/home/operator:/bin/bash

Which of the following explains why an intended operator cannot perform the intended action?

11. A security engineer is assisting a developer with input validation, and they are studying the following code block:





The security engineer wants to ensure strong input validation is in place for customer-provided account identifiers. These identifiers are ten-digit numbers. The developer wants to ensure input validation is fast because a large number of people use the system.

Which of the following would be the BEST advice for the security engineer to give to the developer?

12. An agency has implemented a data retention policy that requires tagging data according to type before storing it in the data repository. The policy requires all business emails be automatically deleted after two years. During an open records investigation, information was found on an employee’s work computer concerning a conversation that occurred three years prior and proved damaging to the agency’s reputation .

Which of the following MOST likely caused the data leak?

13. An engineer wants to assess the OS security configurations on a company's servers. The engineer has downloaded some files to orchestrate configuration checks.

When the engineer opens a file in a text editor, the following excerpt appears:





Which of the following capabilities would a configuration compliance checker need to support to interpret this file?

14. A security engineer has implemented an internal user access review tool so service teams can baseline user accounts and group memberships. The tool is functional and popular among its initial set of onboarded teams. However, the tool has not been built to cater to a broader set of internal teams yet.

The engineer has sought feedback from internal stakeholders, and a list of summarized requirements is as follows:

✑ The tool needs to be responsive so service teams can query it, and then perform an automated response action.

✑ The tool needs to be resilient to outages so service teams can perform the user access review at any point in time and meet their own SLAs.

✑ The tool will become the system-of-record for approval, reapproval, and removal life cycles of group memberships and must allow for data retrieval after failure.

Which of the following need specific attention to meet the requirements listed above? (Choose three.)

15. A security engineer is working with a software development team. The engineer is tasked with ensuring all security requirements are adhered to by the developers .

Which of the following BEST describes the contents of the supporting document the engineer is creating?

16. To prepare for an upcoming audit, the Chief Information Security Officer (CISO) asks for all 1200 vulnerabilities on production servers to be remediated. The security engineer must determine which vulnerabilities represent real threats that can be exploited so resources can be prioritized to migrate the most dangerous risks. The CISO wants the security engineer to act in the same manner as would an external threat, while using vulnerability scan results to prioritize any actions.

Which of the following approaches is described?

17. A DevOps team wants to move production data into the QA environment for testing. This data contains credit card numbers and expiration dates that are not tied to any individuals. The security analyst wants to reduce risk .

Which of the following will lower the risk before moving the data''

18. A systems administrator receives an advisory email that a recently discovered exploit is being used in another country and the financial institutions have ceased operations while they find a way to respond to the attack .

Which of the following BEST describes where the administrator should look to find information on the attack to determine if a response must be prepared for the systems? (Choose two.)

19. A Chief Information Security Officer (CISO is reviewing and revising system configuration and hardening guides that were developed internally and have been used several years to secure the organization’s systems. The CISO knows improvements can be made to the guides.

Which of the following would be the BEST source of reference during the revision process?

20. The code snippet below controls all electronic door locks to a secure facility in which the doors should only fail open in an emergency.

In the code, “criticalValue” indicates if an emergency is underway:





Which of the following is the BEST course of action for a security analyst to recommend to the software developer?

21. A software development team is conducting functional and user acceptance testing of internally developed web applications using a COTS solution. For automated testing, the solution uses valid user credentials from the enterprise directory to authenticate to each application. The solution stores the username in plain text and the corresponding password as an encoded string in a script within a file, located on a globally accessible network share. The account credentials used belong to the development team lead.

To reduce the risks associated with this scenario while minimizing disruption to ongoing testing, which of the following are the BEST actions to take? (Choose two.)

22. Security policies that are in place at an organization prohibit USB drives from being utilized across the entire enterprise, with adequate technical controls in place to block them. As a way to still be able to work from various locations on different computing resources, several sales staff members have signed up for a web-based storage solution without the consent of the IT department. However, the operations department is required to use the same service to transmit certain business partner documents.

Which of the following would BEST allow the IT department to monitor and control this behavior?

23. An organization is in the process of integrating its operational technology and information technology areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents.

The following observations have been identified:

✑ The ICS supplier has specified that any software installed will result in lack of support.

✑ There is no documented trust boundary defined between the SCADA and corporate networks.

✑ Operational technology staff have to manage the SCADA equipment via the engineering workstation.

✑ There is a lack of understanding of what is within the SCADA network.

Which of the following capabilities would BEST improve the security position?

24. 1.A security engineer must establish a method to assess compliance with company security policies as they apply to the unique configuration of individual endpoints, as well as to the shared configuration policies of common devices.





Which of the following tools is the security engineer using to produce the above output?

25. A security analyst is reviewing the corporate MDM settings and notices some disabled settings, which consequently permit users to download programs from untrusted developers and manually install them. After some conversations, it is confirmed that these settings were disabled to support the internal development of mobile applications. The security analyst is now recommending that developers and testers have a separate device profile allowing this, and that the rest of the organization’s users do not have the ability to manually download and install untrusted applications .

Which of the following settings should be toggled to achieve the goal? (Choose two.)

26. The Chief Executive Officer (CEO) of a small company decides to use cloud computing to host critical corporate data for protection from natural disasters. The recommended solution is to adopt the public cloud for its cost savings If the CEO insists on adopting the public cloud model, which of the following would be the BEST advice?

27. A newly hired security analyst has joined an established SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concerned about it.

Which of the following is the MOST likely reason for the team lead’s position?

28. An engineer is assisting with the design of a new virtualized environment that will house critical company services and reduce the datacenter’s physical footprint. The company has expressed concern about the integrity of operating systems and wants to ensure a vulnerability exploited in one datacenter segment would not lead to the compromise of all others.

Which of the following design objectives should the engineer complete to BEST mitigate the company’s concerns? (Choose two.)

29. A security analyst, who is working in a Windows environment, has noticed a significant amount of IPv6 traffic originating from a client, even though IPv6 is not currently in use. The client is a stand-alone device, not connected to the AD that manages a series of SCADA devices used for manufacturing .

Which of the following is the appropriate command to disable the client’s IPv6 stack?

A)





B)





C)





D)

30. A Chief Information Security Officer (CISO) is reviewing the results of a gap analysis with an outside cybersecurity consultant.

The gap analysis reviewed all procedural and technical controls and found the following:

✑ High-impact controls implemented: 6 out of 10

✑ Medium-impact controls implemented: 409 out of 472

✑ Low-impact controls implemented: 97 out of 1000

The report includes a cost-benefit analysis for each control gap.

The analysis yielded the following information:

✑ Average high-impact control implementation cost: $15,000; Probable ALE for each high-impact control gap: $95,000

✑ Average medium-impact control implementation cost: $6,250; Probable ALE for each medium-impact control gap: $11,000

Due to the technical construction and configuration of the corporate enterprise, slightly more than 50% of the medium-impact controls will take two years to fully implement .

Which of the following conclusions could the CISO draw from the analysis?

31. CORRECT TEXT

32. A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security. The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises .

Which of the following should the consultant recommend be performed to evaluate potential risks?

33. While conducting online research about a company to prepare for an upcoming penetration test, a security analyst discovers detailed financial information on an investor website the company did not make public. The analyst shares this information with the Chief Financial Officer (CFO), who confirms the information is accurate, as it was recently discussed at a board of directors meeting. Many of the details are verbatim discussion comments captured by the board secretary for purposes of transcription on a mobile device .

Which of the following would MOST likely prevent a similar breach in the future?

34. A systems administrator at a medical imaging company discovers protected health information (PHI) on a general purpose file server .

Which of the following steps should the administrator take NEXT?

35. A medical facility wants to purchase mobile devices for doctors and nurses. To ensure accountability, each individual will be assigned a separate mobile device.

Additionally, to protect patients’ health information, management has identified the following requirements:

✑ Data must be encrypted at rest.

✑ The device must be disabled if it leaves the facility.

✑ The device must be disabled when tampered with.

Which of the following technologies would BEST support these requirements? (Select two.)