• Home
  • Articles
  • PDF (New 2022) Actual CompTIA CAS-003 Exam Questions [Q57-Q78]

PDF (New 2022) Actual CompTIA CAS-003 Exam Questions [Q57-Q78]

Share

PDF (New 2022) Actual CompTIA CAS-003 Exam Questions

Dumps Moneyack Guarantee - CAS-003 Dumps UpTo 90% Off


Exam Overview

CAS-003 test consists of 90 questions. The time limit given to answer them is 165 minutes. Note that there will be no marks for evaluating the candidate’s performance, only a pass or a fail status will be shown as a result. The exam is provided in English and Japanese and is administered by Pearson VUE. The enrolment fee one has to pay is $466.


Who should take the CAS-003 exam

The CompTIA Advanced Security Practitioner (CASP) CAS-003 Exam certification is an internationally-recognized validation that identifies persons who earn it as possessing skilled as a technical professional. If a candidate wants significant improvement in career growth needs enhanced knowledge, skills, and talents. The CompTIA Advanced Security Practitioner (CASP) CAS-003 Exam certification provides proof of this advanced knowledge and skill. If a candidate has knowledge of associated technologies and skills that are required to pass CompTIA Advanced Security Practitioner (CASP) CAS-003 Exam then he should take this exam.

 

NEW QUESTION 57
A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

  • A. Segmentation
  • B. Containment
  • C. Firewall whitelisting
  • D. Isolation

Answer: A

 

NEW QUESTION 58
A breach was caused by an insider threat in which customer PII was compromised. Following the breach, a lead security analyst is asked to determine which vulnerabilities the attacker used to access company resources. Which of the following should the analyst use to remediate the vulnerabilities?

  • A. Data leak prevention
  • B. Root cause analysis
  • C. Protocol analyzer
  • D. Behavioral analytics

Answer: A

 

NEW QUESTION 59
Ann, a systems engineer, is working to identify an unknown node on the corporate network.
To begin her investigative work, she runs the following nmap command string:
user@hostname:~$ sudo nmap -O 192.168.1.54
Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on the device:
TCP/22
TCP/111
TCP/512-514
TCP/2049
TCP/32778
Based on this information, which of the following operating systems is MOST likely running on the unknown node?

  • A. OSX
  • B. Solaris
  • C. Linux
  • D. Windows

Answer: B

Explanation:
TCP/22 is used for SSH; TCP/111 is used for Sun RPC; TCP/512-514 is used by CMD like exec, but automatic authentication is performed as with a login server, etc. These are all ports that are used when making use of the Sun Solaris operating system.

 

NEW QUESTION 60
A security administrator wants to allow external organizations to cryptographically validate the company's domain name in email messages sent by employees. Which of the following should the security administrator implement?

  • A. TLS
  • B. S/MIME
  • C. DKIM
  • D. SPF

Answer: C

 

NEW QUESTION 61
Which of the following represents important technical controls for securing a SAN storage infrastructure? (Select TWO).

  • A. Port mapping
  • B. Data de-duplication
  • C. Port scanning
  • D. Storage pool space allocation
  • E. LUN masking/mapping
  • F. Synchronous copy of data
  • G. RAID configuration

Answer: A,E

Explanation:
A logical unit number (LUN) is a unique identifier that designates individual hard disk devices or grouped devices for address by a protocol associated with a SCSI, iSCSI, Fibre Channel (FC) or similar interface. LUNs are central to the management of block storage arrays shared over a storage area network (SAN).
LUN masking subdivides access to a given port. Then, even if several LUNs are accessed through the same port, the server masks can be set to limit each server's access to the appropriate LUNs. LUN masking is typically conducted at the host bus adapter (HBA) or switch level.
Port mapping is used in `Zoning'. In storage networking, Fibre Channel zoning is the partitioning of a Fibre Channel fabric into smaller subsets to restrict interference, add security, and to simplify management. While a SAN makes available several devices and/or ports to a single device, each system connected to the SAN should only be allowed access to a controlled subset of these devices/ports. Zoning can be applied to either the switch port a device is connected to OR the WWN World Wide Name on the host being connected. As port based zoning restricts traffic flow based on the specific switch port a device is connected to, if the device is moved, it will lose access. Furthermore, if a different device is connected to the port in question, it will gain access to any resources the previous host had access to.

 

NEW QUESTION 62
A security administrator is advocating for enforcement of a new policy that would require employers with privileged access accounts to undergo periodic inspections and review of certain job performance data. To which of the following policies is the security administrator MOST likely referring?

  • A. Mandatoryvacation
  • B. Backgroundinvestigation
  • C. Leastprivilege
  • D. Separationofduties

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 63
A company recently implemented a new cloud storage solution and installed the required synchronization client on all company devices. A few months later, a breach of sensitive data was discovered. Root cause analysis shows the data breach happened from a lost personal mobile device.
Which of the following controls can the organization implement to reduce the risk of similar breaches?

  • A. Cloud storage encryption
  • B. Application containerization
  • C. Biometric authentication
  • D. Hardware anti-tamper

Answer: C

 

NEW QUESTION 64
A security manager for a service provider has approved two vendors for connections to the service provider backbone. One vendor will be providing authentication services for its payment card service, and the other vendor will be providing maintenance to the service provider infrastructure sites. Which of the following business agreements is MOST relevant to the vendors and service provider's relationship?

  • A. Interconnection Security Agreement
  • B. Non-Disclosure Agreement
  • C. Operating Level Agreement
  • D. Memorandum of Agreement

Answer: A

Explanation:
The Interconnection Security Agreement (ISA) is a document that identifies the requirements for connecting systems and networks and details what security controls are to be used to protect the systems and sensitive data.
Incorrect Answers:
A: A memorandum of agreement (MOA) is a document composed between parties to cooperate on an agreed upon project or meet an agreed objective.
C: A nondisclosure agreement (NDA) is designed to protect confidential information.
D: An operating level agreement (OLA) defines the responsibilities of each partner's internal support group.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 237, 238

 

NEW QUESTION 65
A security architect is reviewing the code for a company's financial website. The architect suggests adding the following HTML element, along with a server-side function, to generate a random number on the page used to initiate a funds transfer:
<input type="hidden" name="token" value=generateRandomNumber()>
Which of the following attacks is the security architect attempting to prevent?

  • A. SQL injection
  • B. XSS
  • C. Clickjacking
  • D. XSRF

Answer: D

 

NEW QUESTION 66
CORRECT TEXT

Compliance with company policy requires a quarterly review of firewall rules. You are asked to conduct a review on the internal firewall sitting between several internal networks.
The intent of this firewall is to make traffic more secure. Given the following information perform the tasks listed below:
Untrusted zone: 0.0.0.0/0
User zone: USR 10.1.1.0/24
User zone: USR2 10.1.2.0/24
DB zone: 10.1.0/24
Web application zone: 10.1.5.0/24
Management zone: 10.1.10.0/24
Web server: 10.1.5.50
MS-SQL server: 10.1.4.70
MGMT platform: 10.1.10.250
Task 1) A rule was added to prevent the management platform from accessing the internet.
This rule is not working. Identify the rule and correct this issue.
Task 2) The firewall must be configured so that the SQL server can only receive requests from the web server.
Task 3) The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.
Task 4) Ensure the final rule is an explicit deny.
Task 5) Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.
Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save.
When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Answer:

Explanation:
Please see the explanation below
Task 1: A rule was added to prevent the management platform from accessing the internet.
This rule is not working. Identify the rule and correct this issue.
In Rule no. 1 edit the Action to Deny to block internet access from the management platform.
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
UNTRUST
10.1.10.250
ANY
MGMT
ANY
ANY
ANY
DENY
Task 2: The firewall must be configured so that the SQL server can only receive requests from the web server.
In Rule no. 6 from top, edit the Action to be Permit.
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
DB
10.1.4.70
ANY
WEBAPP
10.1.5.50
ANY
ANY
PERMIT
Task 3: The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.
In rule no. 5 from top, change the DST port to Any from 80 to allow all unencrypted traffic.
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
UNTRUST
ANY
ANY
WEBAPP
10.1.5.50
ANY
TCP
PERMIT
Task 4: Ensure the final rule is an explicit deny
Enter this at the bottom of the access list i.e. the line at the bottom of the rule:
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
ANY
ANY
ANY
ANY
ANY
ANY
TCP
DENY
Task 5: Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.
In Rule number 4 from top, edit the DST port to 443 from 80
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
USER
10.1.1.0/24 10.1.2.0/24
ANY
UNTRUST
ANY
443
TCP
PERMIT

 

NEW QUESTION 67
A software development firm wants to validate the use of standard libraries as part of the software development process Each developer performs unit testing prior to committing changes to the code repository.
Which of the following activities would be BEST to perform after a commit but before the creation of a branch?

  • A. Static analysis
  • B. Penetration testing
  • C. Heuristic analysis
  • D. Dynamic analysis
  • E. Web application vulnerability scanning

Answer: A

 

NEW QUESTION 68
Ann is testing the robustness of a marketing website through an intercepting proxy. She has intercepted the following HTTP request:
POST /login.aspx HTTP/1.1
Host: comptia.org
Content-type: text/html
txtUsername=ann&txtPassword=ann&alreadyLoggedIn=false&submit=true
Which of the following should Ann perform to test whether the website is susceptible to a simple authentication bypass?

  • A. Remove the txtPassword post data and change alreadyLoggedIn from false to true
  • B. Remove all of the post data and change the request to /login.aspx from POST to GET
  • C. Attempt to brute force all usernames and passwords using a password cracker
  • D. Remove the txtUsername and txtPassword post data and toggle submit from true to false

Answer: A

Explanation:
The text "txtUsername=ann&txtPassword=ann" is an attempted login using a username of 'ann' and also a password of 'ann'.
The text "alreadyLoggedIn=false" is saying that Ann is not already logged in.
To test whether we can bypass the authentication, we can attempt the login without the password and we can see if we can bypass the 'alreadyloggedin' check by changing alreadyLoggedIn from false to true. If we are able to log in, then we have bypassed the authentication check.
Incorrect Answers:
A: GET /login.aspx would just return the login form. This does not test whether the website is susceptible to a simple authentication bypass.
B: We do not want to guess the usernames and passwords. We want to see if we can get into the site without authentication.
D: We need to submit the data so we cannot toggle submit from true to false.

 

NEW QUESTION 69
Developers are working on anew feature to add to a social media platform. Thew new feature involves
users uploading pictures of what they are currently doing. The data privacy officer (DPO) is concerned
about various types of abuse that might occur due to this new feature. The DPO state the new feature
cannot be released without addressing the physical safety concerns of the platform's users. Which of the
following controls would BEST address the DPO's concerns?

  • A. Increasing blocking options available to the uploader
  • B. Removing all metadata in the uploaded photo file
  • C. Not displaying to the public who uploaded the photo
  • D. Forcing TLS for all connections on the platform
  • E. Adding a one-hour delay of all uploaded photos

Answer: B

 

NEW QUESTION 70
A security engineer has implemented an internal user access review tool so service teams can baseline user accounts and group memberships. The tool is functional and popular among its initial set of onboarded teams.
However, the tool has not been built to cater to a broader set of internal teams yet. The engineer has sought feedback from internal stakeholders, and a list of summarized requirements is as follows:
* The tool needs to be responsive so service teams can query it, and then perform an automated response
* action.
* The tool needs to be resilient to outages so service teams can perform the user access review at any point in time and meet their own SLAs.
* The tool will become the system-of-record for approval, reapproval, and removal life cycles of group memberships and must allow for data retrieval after failure.
Which of the following need specific attention to meet the requirements listed above? (Choose three.)

  • A. Latency
  • B. Availability
  • C. Usability
  • D. Recoverability
  • E. Maintainability
  • F. Scalability

Answer: A,B,D

 

NEW QUESTION 71
Joe, a penetration tester, is tasked with testing the security robustness of the protocol between a mobile web application and a RESTful application server. Which of the following security tools would be required to assess the security between the mobile web application and the RESTful application server? (Select TWO).

  • A. Password cracker
  • B. Vulnerability scanner
  • C. HTTP interceptor
  • D. Jailbroken mobile device
  • E. Network enumerator
  • F. Reconnaissance tools

Answer: B,C

Explanation:
Explanation
Communications between a mobile web application and a RESTful application server will use the HTTP protocol. To capture the HTTP communications for analysis, you should use an HTTP Interceptor.
To assess the security of the application server itself, you should use a vulnerability scanner.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security.
Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise.

 

NEW QUESTION 72
A security analyst who is concerned about sensitive data exfiltration reviews the following:

Which of the following tools would allow the analyst to confirm if data exfiltration is occuring?

  • A. Protocolanalyzer
  • B. SCAPtool
  • C. Fileintegritymonitor
  • D. Portscanner

Answer: D

 

NEW QUESTION 73
An organization has recently deployed an EDR solution across its laptops, desktops, and server infrastructure. The organization's server infrastructure is deployed in an IaaS environment. A database within the non-production environment has been misconfigured with a routable IP and is communicating with a command and control server.
Which of the following procedures should the security responder apply to the situation? (Choose two.)

  • A. Initiatea legalhold.
  • B. Disclosethe breach tocustomers.
  • C. Containtheserver.
  • D. PerformanIOCsweepto determine theimpact.
  • E. Determinethe data handlingstandard.
  • F. Performariskassessment.

Answer: A,D

 

NEW QUESTION 74
A security engineer is assessing the controls that are in place to secure the corporate-Internet-facing DNS server. The engineer notices that security ACLs exist but are not being used properly. The DNS server should respond to any source but only provide information about domains it has authority over. Additionally, the DNS administrator have identified some problematic IP addresses that should not be able to make DNS requests. Given the ACLs below:

Which of the following should the security administrator configure to meet the DNS security needs?

  • A. Option B
  • B. Option C
  • C. Option A
  • D. Option D

Answer: D

 

NEW QUESTION 75
An information security manager conducted a gap analysis, which revealed a 75% implementation of security controls for high-risk vulnerabilities, 90% for medium vulnerabilities, and 10% for low-risk vulnerabilities. To create a road map to close the identified gaps, the assurance team reviewed the likelihood of exploitation of each vulnerability and the business impact of each associated control. To determine which controls to implement, which of the following is the MOST important to consider?

  • A. KPI
  • B. GRC
  • C. KRI
  • D. BIA

Answer: A

 

NEW QUESTION 76
ABC Corporation has introduced token-based authentication to system administrators due to the risk of password compromise. The tokens have a set of HMAC counter-based codes and are valid until they are used. Which of the following types of authentication mechanisms does this statement describe?

  • A. PAP
  • B. HOTP
  • C. TOTP
  • D. CHAP

Answer: B

Explanation:
The question states that the HMAC counter-based codes and are valid until they are used.
These are "one-time" use codes.
HOTP is an HMAC-based one-time password (OTP) algorithm. HOTP can be used to authenticate a user in a system via an authentication server. Also, if some more steps are carried out (the server calculates subsequent OTP value and sends/displays it to the user who checks it against subsequent OTP value calculated by his token), the user can also authenticate the validation server. Both hardware and software tokens are available from various vendors.
Hardware tokens implementing OATH HOTP tend to be significantly cheaper than their competitors based on proprietary algorithms. Some products can be used for strong passwords as well as OATH HOTP.
Software tokens are available for (nearly) all major mobile/smartphone platforms.

 

NEW QUESTION 77
The helpdesk manager wants to find a solution that will enable the helpdesk staff to better serve company employees who call with computer-related problems. The helpdesk staff is currently unable to perform effective troubleshooting and relies on callers to describe their technology problems. Given that the helpdesk staff is located within the company headquarters and 90% of the callers are telecommuters, which of the following tools should the helpdesk manager use to make the staff more effective at troubleshooting while at the same time reducing company costs? (Select TWO).

  • A. Email
  • B. Instant messaging
  • C. Presence
  • D. Desktop sharing
  • E. Web cameras
  • F. BYOD

Answer: B,D

Explanation:
Explanation
C: Instant messaging (IM) allows two-way communication in near real time, allowing users to collaborate, hold informal chat meetings, and share files and information. Some IM platforms have added encryption, central logging, and user access controls. This can be used to replace calls between the end-user and the helpdesk.
E: Desktop sharing allows a remote user access to another user's desktop and has the ability to function as a remote system administration tool. This can allow the helpdesk to determine the cause of the problem on the end-users desktop.

 

NEW QUESTION 78
......


CAS-003 Exam Audience and Requirements

This test is specifically designed for IT practitioners working in the cybersecurity industry and interested in gaining technical knowledge and skills, like conceptualizing, engineering, and integrating a secure solution in the organizations' environment. They should possess real-life experience in the field of at least ten years in an administration role, from which five years or more should be related to security tasks.

 

Updated Feb-2022 Pass CAS-003 Exam - Real Practice Test Questions: https://www.exam4tests.com/CAS-003-valid-braindumps.html

Related Articles

more
CompTIA CAS-003 Certification Practice Exam

Copyright © 2026 Exam4Tests NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy