[Jan 22, 2022] Pass CAS-003 Review Guide, Reliable CAS-003 Test Engine [Q240-Q256]

[Jan 22, 2022] Pass CAS-003 Review Guide, Reliable CAS-003 Test Engine

CAS-003 Test Engine Practice Test Questions, Exam Dumps

Target Audience and Prerequisites

The target candidates for the CompTIA CAS-003 exam are the cybersecurity professionals with competence in the enterprise security domain and risk analysis. They have expertise in interpreting data trends and anticipating cyber-defense requirements to fulfill the business objectives. They also have the knowledge and practical experience in implementing cryptographic methods, including cryptocurrency, blockchain, and mobile device encryption.

There is no prior certification that is required to obtain CompTIA CASP+. However, it is recommended that the individuals have the extensive skills in the cybersecurity field. It is advised that the applicants possess at least ten years of practical experience in the IT administration, which should include a minimum of five years of practical experience in technical security. Additionally, the students must understand the exam content before taking the actual test.

CAS-003 Exam Audience and Requirements

This test is specifically designed for IT practitioners working in the cybersecurity industry and interested in gaining technical knowledge and skills, like conceptualizing, engineering, and integrating a secure solution in the organizations' environment. They should possess real-life experience in the field of at least ten years in an administration role, from which five years or more should be related to security tasks.

 

NEW QUESTION 240
A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

• A. Segmentation
• B. Containment
• C. Firewall whitelisting
• D. Isolation

Answer: A

 

NEW QUESTION 241
An organization enables BYOD but wants to allow users to access the corporate email, calendar, and contacts from their devices. The data associated with the user's accounts is sensitive, and therefore, the organization wants to comply with the following requirements:
* Active full-device encryption
* Enabled remote-device wipe
* Blocking unsigned applications
* Containerization of email, calendar, and contacts
Which of the following technical controls would BEST protect the data from attack or loss and meet the above requirements?

• A. Require frequent password changes and disable NFC.
• B. Install a mobile antivirus application.
• C. Enforce device encryption and activate MAM.
• D. Configure and monitor devices with an MDM.

Answer: C

 

NEW QUESTION 242
A new database application was added to a company's hosted VM environment. Firewall ACLs were modified to allow database users to access the server remotely. The company's cloud security broker then identified abnormal from a database user on-site. Upon further investigation, the security team noticed the user ran code on a VM that provided access to the hypervisor directly and access to other sensitive data.
Which of the following should the security do to help mitigate future attacks within the VM environment? (Choose two.)

• A. Deprovision database VM.
• B. Install perimeter NGFW.
• C. Change the user's access privileges.
• D. Configure VM isolation.
• E. Install the appropriate patches.
• F. Update virus definitions on all endpoints.

Answer: C,D

 

NEW QUESTION 243
A company has adopted and established a continuous-monitoring capability, which has proven to be effective in vulnerability management, diagnostics, and mitigation. The company wants to increase the likelihood that it is able to discover and therefore respond to emerging threats earlier in the life cycle.
Which of the following methodologies would BEST help the company to meet this objective? (Choose two.)

• A. Enforce routine GPO reviews.
• B. Institute heuristic anomaly detection.
• C. Form and deploy a hunt team.
• D. Use a protocol analyzer with appropriate connectors.
• E. Install and configure an IPS.

Answer: B,E

Explanation:
Explanation/Reference:

 

NEW QUESTION 244
Given the following code snippet:

Which of the following failure modes would the code exhibit?

• A. Exception
• B. Halt
• C. Open
• D. Secure

Answer: A

Explanation:
Explanation/Reference:

 

NEW QUESTION 245
A security engineer is assessing a new IoT product. The product interfaces with the ODBII port of a vehicle and uses a Bluetooth connection to relay data to an onboard data logger located in the vehicle. The data logger can only transfer data over a custom USB cable. The engineer suspects a relay attack is possible against the cryptographic implementation used to secure messages between segments of the system. Which of the following tools should the engineer use to confirm the analysis?

• A. Log analysis and reduction tools
• B. Binary decompiler
• C. Network-based fuzzer
• D. Wireless protocol analyzer

Answer: D

Explanation:
Explanation

 

NEW QUESTION 246
An agency has implemented a data retention policy that requires tagging data according to type before
storing it in the data repository. The policy requires all business emails be automatically deleted after two
years. During an open records investigation, information was found on an employee's work computer
concerning a conversation that occurred three years prior and proved damaging to the agency's
reputation. Which of the following MOST likely caused the data leak?

• A. The file that contained the damaging information was mistagged and retained on the server for longer
  than it should have been
• B. The email was encrypted and an exception was put in place via the data classification application
• C. The employee manually changed the email client retention settings to prevent deletion of emails
• D. The employee saved a file on the computer's hard drive that contained archives of emails, which were
  more than two years old

Answer: D

 

NEW QUESTION 247
CORRECT TEXT
Company A has noticed abnormal behavior targeting their SQL server on the network from a rogue IP address.
The company uses the following internal IP address ranges:
192.10.1.0/24 for the corporate site and 192.10.2.0/24 for the remote site.
The Telco router interface uses the 192.10.5.0/30 IP range.
Instructions: Click on the simulation button to refer to the Network Diagram for Company A.
Click on Router 1, Router 2, and the Firewall to evaluate and configure each device.
Task 1: Display and examine the logs and status of Router 1, Router 2, and Firewall interfaces.
Task 2: Reconfigure the appropriate devices to prevent the attacks from continuing to target the SQL server and other servers on the corporate network.

Answer:

Explanation:
Check the solution below.
We have traffic coming from two rogue IP addresses: 192.10.3.204 and 192.10.3.254 (both in the 192.10.30.0/24 subnet) going to IPs in the corporate site subnet (192.10.1.0/24) and the remote site subnet (192.10.2.0/24). We need to Deny (block) this traffic at the firewall by ticking the following two checkboxes:

 

NEW QUESTION 248
A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs. The program has highlighted the following requirements:
1. Long-lived sessions are required, as users do not log in very often.
2. The solution has multiple SPs, which include mobile and web applications.
3. A centralized IdP is utilized for all customer digital channels.
4. The applications provide different functionality types such as forums and customer portals.
5. The user experience needs to be the same across both mobile and web-based applications.
Which of the following would BEST improve security while meeting these requirements?

• A. Social login to IdP, securely store the session cookies, and implement one-time passwords sent to the mobile device
• B. Username and password authentication to SP, securely store Java web tokens, and implement SMS OTPs.
• C. Create-based authentication to IdP, securely store access tokens, and implement secure push notifications.
• D. Username and password authentication to IdP, securely store refresh tokens, and implement context- aware authentication.

Answer: C

 

NEW QUESTION 249
A medical device company is implementing a new COTS antivirus solution in its manufacturing plant.
Allvalidated machines and instruments must be retested for interoperability with the new software. Which of the following would BEST ensure the software and instruments are working as designed?

• A. Peer review
• B. Change control documentation
• C. System design documentation
• D. User acceptance testing
• E. Static code analysis testing

Answer: C

 

NEW QUESTION 250
Compliance with company policy requires a quarterly review of firewall rules. You are asked to conduct a review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more secure. Given the following information perform the tasks listed below:
Untrusted zone: 0.0.0.0/0
User zone: USR 10.1.1.0/24
User zone: USR2 10.1.2.0/24
DB zone: 10.1.4.0/24
Web application zone: 10.1.5.0/24
Management zone: 10.1.10.0/24
Web server: 10.1.5.50
MS-SQL server: 10.1.4.70
MGMT platform: 10.1.10.250
Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Task 1) A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.
Task 2) The firewall must be configured so that the SQL server can only receive requests from the web server.
Task 3) The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.
Task 4) Ensure the final rule is an explicit deny.
Task 5) Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.
Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

• A. Task 1: A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.
  In Rule no. 1 edit the Action to Deny to block internet access from the management platform.
  SRC Zone
  SRC
  SRC Port
  DST Zone
  DST
  DST Port
  Protocol
  Action
  UNTRUST
  10.1.10.250
  ANY
  MGMT
  ANY
  ANY
  ANY
  DENY
  Task 2: The firewall must be configured so that the SQL server can only receive requests from the web server.
  In Rule no. 6 from top, edit the Action to be Permit.
  SRC Zone
  Action
  DB
  10.1.4.70
  ANY
  WEBAPP
  10.1.5.50
  ANY
  ANY
  PERMIT
  Task 3: The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.
  In rule no. 5 from top, change the DST port to Any from 80 to allow all unencrypted traffic.
  SRC Zone
  SRC
  SRC Port
  DST Zone
  DST
  DST Port
  Protocol
  Action
  UNTRUST
  ANY
  ANY
  WEBAPP
  10.1.5.50
  ANY
  TCP
  PERMIT
  Task 4: Ensure the final rule is an explicit deny
  Enter this at the bottom of the access list i.e. the line at the bottom of the rule:
  ANY
  ANY
  ANY
  ANY
  ANY
  TCP
  DENY
  Task 5: Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.
  In Rule number 4 from top, edit the DST port to 443 from 80
  SRC Zone
  SRC
  SRC Port
  DST Zone
  DST
  DST Port
  Protocol
  Action
  USER
  10.1.1.0/24 10.1.2.0/24
  ANY
  UNTRUST
  ANY
  443
  TCP
  PERMIT
• B. Task 1: A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.
  In Rule no. 1 edit the Action to Deny to block internet access from the management platform.
  SRC Zone
  SRC
  SRC Port
  DST Zone
  DST
  DST Port
  Protocol
  Action
  UNTRUST
  10.1.10.250
  ANY
  MGMT
  ANY
  ANY
  ANY
  DENY
  Task 2: The firewall must be configured so that the SQL server can only receive requests from the web server.
  In Rule no. 6 from top, edit the Action to be Permit.
  SRC Zone
  SRC
  SRC Port
  DST Zone
  DST
  DST Port
  Protocol
  Action
  DB
  10.1.4.70
  ANY
  WEBAPP
  10.1.5.50
  ANY
  ANY
  PERMIT
  Task 3: The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.
  In rule no. 5 from top, change the DST port to Any from 80 to allow all unencrypted traffic.
  SRC Zone
  SRC
  SRC Port
  DST Zone
  DST
  DST Port
  Protocol
  Action
  UNTRUST
  ANY
  ANY
  WEBAPP
  10.1.5.50
  ANY
  TCP
  PERMIT
  Task 4: Ensure the final rule is an explicit deny
  Enter this at the bottom of the access list i.e. the line at the bottom of the rule:
  SRC Zone
  SRC
  SRC Port
  DST Zone
  DST
  DST Port
  Protocol
  Action
  ANY
  ANY
  ANY
  ANY
  ANY
  ANY
  TCP
  DENY
  Task 5: Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.
  In Rule number 4 from top, edit the DST port to 443 from 80
  SRC Zone
  SRC
  SRC Port
  DST Zone
  DST
  DST Port
  Protocol
  Action
  USER
  10.1.1.0/24 10.1.2.0/24
  ANY
  UNTRUST
  ANY
  443
  TCP
  PERMIT

Answer: A

 

NEW QUESTION 251
A security is testing a server finds the following in the output of a vulnerability scan:

Which of the following will the security analyst most likely use NEXT to explore this further?

• A. Exploitation framework
• B. Reverse engineering tools
• C. Visualization tool
• D. Vulnerability scanner

Answer: A

 

NEW QUESTION 252
Given the code snippet below:

Which of the following vulnerability types in the MOST concerning?

• A. Format string vulnerability is present for admin users but not for standard users.
• B. Only short usernames are supported, which could result in brute forcing of credentials.
• C. Buffer overflow in the username parameter could lead to a memory corruption vulnerability.
• D. Hardcoded usernames with different code paths taken depend on which user is entered.

Answer: C

 

NEW QUESTION 253
While investigating suspicious activity on a server, a security administrator runs the following report:

In addition, the administrator notices changes to the /etc/shadow file that were not listed in the report.
Which of the following BEST describe this scenario? (Choose two.)

• A. Anattackercompromisedthe serverandmayhavealso compromised the file integritydatabaseto hide the changes to the /etc/shadow file
• B. Anattackercompromisedthe serverandmayhaveused MD5 collision hashestogeneratevalid passwords, allowing further access to administrator accounts on the server
• C. Anattackercompromisedthe serverandmayhaveinstalled a rootkittoalwaysgeneratevalidMD5 hashes to hide the changes to the /etc/shadow file
• D. Anattackercompromisedthe serverandmayhaveused SELinuxmandatory access controls tohide the changes to the /etc/shadow file
• E. Anattackercompromisedthe serverandmayhaveused a collision hash in the MD5 algorithmtohide the changes to the /etc/shadow file

Answer: B

 

NEW QUESTION 254
During the decommissioning phase of a hardware project, a security administrator is tasked with ensuring no sensitive data is released inadvertently. All paper records are scheduled to be shredded in a crosscut shredded, and the waste will be burned. The system drives and removable media have been removed prior to e-cycling the hardware.
Which of the following would ensure no data is recovered from the system droves once they are disposed of?

• A. Demagnetizingthe hard drive using adegausser.
• B. Overwritingall HDD blockswithan alternating seriesofdata.
• C. Deletingthe UEFIboot loadersfrom eachHDD.
• D. Physicallydisablingthe HDDsby removingthe divehead.

Answer: A

 

NEW QUESTION 255
An organization is engaged in international business operations and is required to comply with various legal frameworks. In addition to changes in legal frameworks, which of the following is a primary purpose of a compliance management program?

• A. Answering requests from auditors that relate to e-discovery
• B. Following new requirements that result from contractual obligations
• C. Developing organizational policies that relate to hiring and termination procedures
• D. Responding to changes in regulatory requirements

Answer: D

 

NEW QUESTION 256
......

CompTIA CAS-003 is a qualifying exam for the CASP+ certification. This test is designed for the advanced-level cybersecurity practitioners who want to validate their skills and knowledge of risk management, research and collaboration, integration of enterprise security, and enterprise security architecture and operations. The associated certificate is approved by the U.S. DoD to fulfill directive 81.40/8570.01-M prerequisites and complaint with the ISO 17024 standards.

 

100% Free CAS-003 Daily Practice Exam With 574 Questions: https://exampasspdf.testkingit.com/CompTIA/latest-CAS-003-exam-dumps.html