CompTIA CASP CAS-003 Exam Questions Updated v16.02

From the feedback from our candidates, we new updated CompTIA CASP CAS-003 Exam Questions v16.02 with 509 questions and answers to help you best prepare for your CompTIA Advanced Security Practitioner (CASP) exam. PassQuestion new CAS-003 Exam Questions contain real exam topics to help you master all the exam objectives, then you can practice real CAS-003 questions to pass your CompTIA CASP CAS-003 exam easily.

Test Online CompTIA CASP CAS-003 Free Questions

1. A video-game developer has received reports of players who are cheating. All game players each have five capabilities that are ranked on a scale of 1 to 10 points, with 10 total points available for balance. Players can move these points between capabilities at any time.

The programming logic is as follows:

• A player asks to move points from one capability to another

•. The source capability must have enough points to allow the move

•. The destination capability must not exceed 10 after the move

•. The move from source capability to destination capability is then completed

The time stamps of the game logs show each step of the transfer process takes about 900ms However, the time stamps of the cheating players show capability transfers at the exact same time. The cheating players have 10 points in multiple capabilities.

Which of the following is MOST likely being exploited to allow these capability transfers?


2. An organization has established the following controls matrix:

The following control sets have been defined by the organization and are applied in aggregate fashion:

✑ Systems containing PII are protected with the minimum control set.

✑ Systems containing medical data are protected at the moderate level.

✑ Systems containing cardholder data are protected at the high level.

The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients.

Based on the controls classification, which of the following controls would BEST meet these requirements?


3. A new cluster of virtual servers has been set up in a lab environment and must be audited before being allowed on the production network. The security manager needs to ensure unnecessary services are disabled and all system accounts are using strong credentials.

Which of the following tools should be used? (Choose two.)


4. A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares.

Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two.)


5. A recent assessment identified that several users’ mobile devices are running outdated versions of endpoint security software that do not meet the company’s security policy.

Which of the following should be performed to ensure the users can access the network and meet the company’s security requirements?


6. A business is growing and starting to branch out into other locations.

In anticipation of opening an office in a different country, the Chief Information Security Officer (CISO) and legal team agree they need to meet the following criteria regarding data to open the new office:

✑ Store taxation-related documents for five years

✑ Store customer addresses in an encrypted format

✑ Destroy customer information after one year

✑ Keep data only in the customer’s home country

Which of the following should the CISO implement to BEST meet these requirements? (Choose three.)


7. Following a recent security incident on a web server the security analyst takes HTTP traffic captures for further investigation. The analyst suspects certain jpg files have important data hidden within them.

Which of the following tools will help get all the pictures from within the HTTP traffic captured to a specified folder?


8. The government is concerned with remote military missions being negatively being impacted by the use of technology that may fail to protect operational security.

To remediate this concern, a number of solutions have been implemented, including the following:

✑ End-to-end encryption of all inbound and outbound communication, including personal email and chat sessions that allow soldiers to securely communicate with families.

✑ Layer 7 inspection and TCP/UDP port restriction, including firewall rules to only allow TCP port 80 and 443 and approved applications

✑ A host-based whitelist of approved websites and applications that only allow mission-related tools and sites

✑ The use of satellite communication to include multiple proxy servers to scramble the source IP address

Which of the following is of MOST concern in this scenario?


9. A user workstation was infected with a new malware variant as a result of a drive-by download.

The security administrator reviews key controls on the infected workstation and discovers the following:

Which of the following would BEST prevent the problem from reoccurring in the future? (Choose two.)


10. A university’s help desk is receiving reports that Internet access on campus is not functioning. The network administrator looks at the management tools and sees the 1Gbps Internet is completely saturated with ingress traffic.

The administrator sees the following output on the Internet router:

The administrator calls the university’s ISP for assistance, but it takes more than four hours to speak to a network engineer who can resolve the problem.

Based on the information above, which of the following should the ISP engineer do to resolve the issue?


11. An internal penetration tester was assessing a recruiting page for potential issues before it was pushed to the production website. The penetration tester discovers an issue that must be corrected before the page goes live. The web host administrator collects the log files below and gives them to the development team so improvements can be made to the security design of the website.

Which of the following types of attack vector did the penetration tester use?


12. A government entity is developing requirements for an RFP to acquire a biometric authentication system.

When developing these requirements, which of the following considerations is MOST critical to the verification and validation of the SRTM?


13. An organization is currently working with a client to migrate data between a legacy ERP system and a cloud-based ERP tool using a global PaaS provider. As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements.

Which of the following is the MOST likely reason for the need to sanitize the client data?


14. A developer emails the following output to a security administrator for review:

Which of the following tools might the security administrator use to perform further security assessment of this issue?


15. A security administrator wants to implement two-factor authentication for network switches and routers. The solution should integrate with the company’s RADIUS server, which is used for authentication to the network infrastructure devices.

The security administrator implements the following:

✑ An HOTP service is installed on the RADIUS server.

✑ The RADIUS server is configured to require the HOTP service for authentication.

The configuration is successfully tested using a software supplicant and enforced across all network devices. Network administrators report they are unable to log onto the network devices because they are not being prompted for the second factor.

Which of the following should be implemented to BEST resolve the issue?


16. After investigating virus outbreaks that have cost the company $1000 per incident, the company’s Chief Information Security Officer (CISO) has been researching new antivirus software solutions to use and be fully supported for the next two years.

The CISO has narrowed down the potential solutions to four candidates that meet all the company’s performance and capability requirements:

Using the table above, which of the following would be the BEST business-driven choice among five possible solutions?


17. A company is transitioning to a new VDI environment, and a system engineer is responsible for developing a sustainable security strategy for the VDIs.

Which of the following is the MOST appropriate order of steps to be taken?


18. A security engineer is employed by a hospital that was recently purchased by a

corporation. Throughout the acquisition process, all data on the virtualized file servers must be shared by departments within both organizations.

The security engineer considers data ownership to determine:


19. A project manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor’s cloud-based infrastructure. The organization will maintain responsibility for the software but will not manage the underlying server applications.

Which of the following does the organization plan to leverage?


20. A company enlists a trusted agent to implement a way to authenticate email senders positively.

Which of the following is the BEST method for the company to prove Vie authenticity of the message?


21. A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production code on the project.

Which of the following methods could be used in addition to an integrated development environment to reduce the severity of the issue?


22. A security engineer has implemented an internal user access review tool so service teams can baseline user accounts and group memberships. The tool is functional and popular among its initial set of onboarded teams. However, the tool has not been built to cater to a broader set of internal teams yet.

The engineer has sought feedback from internal stakeholders, and a list of summarized requirements is as follows:

✑ The tool needs to be responsive so service teams can query it, and then perform an automated response action.

✑ The tool needs to be resilient to outages so service teams can perform the user access review at any point in time and meet their own SLAs.

✑ The tool will become the system-of-record for approval, reapproval, and removal life cycles of group memberships and must allow for data retrieval after failure.

Which of the following need specific attention to meet the requirements listed above? (Choose three.)


23. A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place, as well as allow for the upload of commands from a centralized command and control answer. The total cost of the device must be kept to a minimum in case the device is discovered during an assessment.

Which of the following tools should the engineer load onto the device being designed?


24. A software development firm wants to validate the use of standard libraries as part of the software development process Each developer performs unit testing prior to committing changes to the code repository.

Which of the following activities would be BEST to perform after a commit but before the creation of a branch?


25. A company recently implemented a new cloud storage solution and installed the required synchronization client on all company devices. A few months later, a breach of sensitive data was discovered. Root cause analysis shows the data breach happened from a lost personal mobile device.

Which of the following controls can the organization implement to reduce the risk of similar breaches?



A vulnerability scan with the latest definitions was performed across Sites A and B.

Match each relevant finding to the affected host-After associating the finding with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

27. A secure facility has a server room that currently is controlled by a simple lock and key. and several administrators have copies of the key. To maintain regulatory compliance, a second lock, which is controlled by an application on the administrators’ smartphones, is purchased and installed. The application has various authentication methods that can be used.

The criteria for choosing the most appropriate method are:

• It cannot be invasive to the end user

• It must be utilized as a second factor.

• Information sharing must be avoided

• It must have a low false acceptance rate.

Which of the following BEST meets the criteria?


28. A security analyst is reviewing the corporate MDM settings and notices some disabled settings, which consequently permit users to download programs from untrusted developers and manually install them. After some conversations, it is confirmed that these settings were disabled to support the internal development of mobile applications. The security analyst is now recommending that developers and testers have a separate device profile allowing this, and that the rest of the organization’s users do not have the ability to manually download and install untrusted applications.

Which of the following settings should be toggled to achieve the goal? (Choose two.)


29. An application development company implements object reuse to reduce life-cycle costs for the company and its clients Despite the overall cost savings, which of the following BEST describes a security risk to customers inherent within this model?


30. A Chief Information Securiy Officer (CISO) is reviewing technical documentation from various regional offices and notices some key differences between these groups. The CISO has not discovered any governance documentation.

The CISO creates the following chart to visualize the differences among the networking used.

Which of the following would be the CISO’s MOST immediate concern?


31. An online bank has contracted with a consultant to perform a security assessment of the bank’s web portal. The consultant notices the login page is linked from the main page with HTTPS, but when the URL is changed to HTTP, the browser is automatically redirected back to the HTTPS site.

Which of the following is a concern for the consultant, and how can it be mitigated?


32. A security engineer is attempting to convey the importance of including job rotation in a company’s standard security policies.

Which of the following would be the BEST justification?


33. The Chief Information Officer (CIO) wants to increase security and accessibility among the organization’s cloud SaaS applications. The applications are configured to use passwords, and two-factor authentication is not provided natively.

Which of the following would BEST address the CIO’s concerns?


34. A global company has decided to implement a cross-platform baseline of security settings for all company laptops. A security engineer is planning and executing the project.

Which of the following should the security engineer recommend?


35. A network service on a production system keeps crashing at random times. The systems administrator suspects a bug in the listener is causing the service to crash, resuming in the a DoS.

Which the service crashes, a core dump is left in the /tmp directory.

Which of the following tools can the systems administrator use to reproduction these symptoms?


36. A company recently deployed an agent-based DLP solution to all laptop in the environment.

The DLP solution is configured to restrict the following:

• USB ports

• FTP connections

• Access to cloud-based storage sites

• Outgoing email attachments

• Saving data on the local C: drive

Despite these restrictions, highly confidential data was from a secure fileshare in the research department.

Which of the following should the security team implement FIRST?


37. An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions.

Which of the following types of information could be drawn from such participation?


38. A financial institution’s information security officer is working with the risk management officer to determine what to do with the institution’s residual risk after all security controls have been implemented.

Considering the institution’s very low risk tolerance, which of the following strategies would be BEST?


39. A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable.

Which of the following solutions BEST meets all of the architect’s objectives?


40. An organization’s Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer (CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO’s inbox from a familiar name with an attachment.

Which of the following should the CISO task a security analyst with to determine whether or not the attachment is safe?


41. A technician receives the following security alert from the firewall’s automated system:

After reviewing the alert, which of the following is the BEST analysis?


42. The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained.

Which of the following would BEST to improve the incident response process?


43. A cloud architect needs to isolate the most sensitive portion of the network while maintaining hosting in a public cloud.

Which of the following configurations can be employed to support this effort?


44. A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes.

Which of the following controls would BEST mitigate the identified vulnerability?


45. A database administrator is required to adhere to and implement privacy principles when executing daily tasks. A manager directs the administrator to reduce the number of unique instances of PII stored within an organization’s systems to the greatest extent possible.

Which of the following principles is being demonstrated?


46. A company is deploying a DIP solution and scanning workstations and network drives for documents that contain potential Pll and payment card data.

The results of the first scan are as follows:

The security learn is unable to identify the data owners for the specific files in a timely manner and does not suspect malicious activity with any of the detected files.

Which of the following would address the inherent risk until the data owners can be formally identified?


47. A networking administrator was recently promoted to security administrator in an organization that handles highly sensitive data. The Chief Information Security Officer (CISO) has just asked for all IT security personnel to review a zero-day vulnerability and exploit for specific application servers to help mitigate the organization’s exposure to that risk.

Which of the following should the new security administrator review to gain more information? (Choose three.)


48. A development team releases updates to an application regularly. The application is compiled with several standard open-source security products that require a minimum version for compatibility.

During the security review portion of the development cycle, which of the following should be done to minimize possible application vulnerabilities?


49. A company’s user community is being adversely affected by various types of emails whose authenticity cannot be trusted. The Chief Information Security Officer (CISO) must address the problem.

Which of the following solutions would BEST support trustworthy communication solutions?


50. An insurance company has two million customers and is researching the top transactions on its customer portal. It identifies that the top transaction is currently password reset. Due to users not remembering their secret questions, a large number of calls are consequently routed to the contact center for manual password resets. The business wants to develop a mobile application to improve customer engagement in the future, continue with a single factor of authentication, minimize management overhead of the solution, remove passwords, and eliminate to the contact center.

Which of the following techniques would BEST meet the requirements? (Choose two.)


51. A network administrator is concerned about a particular server that is attacked occasionally from hosts on the Internet. The server is not critical; however, the attacks impact the rest of the network. While the company’s current ISP is cost effective, the ISP is slow to respond to reported issues. The administrator needs to be able to mitigate the effects of an attack immediately without opening a trouble ticket with the ISP. The ISP is willing to accept a very small network route advertised with a particular BGP community string.

Which of the following is the BESRT way for the administrator to mitigate the effects of these attacks?


52. A Chief Information Security Officer (CISO) has created a survey that will be distributed to managers of mission-critical functions across the organization. The survey requires the managers to determine how long their respective units can operate in the event of an extended IT outage before the organization suffers monetary losses from the outage.

To which of the following is the survey question related? (Select TWO)


53. A company wants to configure its wireless network to require username and password authentication.

Which of the following should the system administrator implement?


54. An organization is creating requirements for new laptops that will be issued to staff One of the company’s key security objectives is to ensure the laptops nave hardware-enforced data-at-rest protection tied to permanent hardware identities. The laptops must also provide attestation for secure boot processes.

To meet these demands, which of the following BEST represent the features that should be included in the requirements set? (Select TWO.)


55. A security analyst is attempting to identify code that is vulnerable to butler and integer overflow attacks.

Which of the following code snippets is safe from these types of attacks?






56. After analyzing code, two developers al a company bring these samples to the security operations manager.

Which of the following would BEST solve these coding problems?


57. A security engineer is looking at a DNS server following a known incident.

The engineer sees the following command as the most recent entry in the server’s shell history:

id ^f=iev/sda of=/dev/sdb

Which of the following MOST likely occurred?


58. A security administrator is reviewing the following output from an offline password audit:

Which of the following should the systems administrator implement to BEST address this audit finding? (Choose two.)


59. A penetration tester noticed special characters in a database table. The penetration tester configured the browser to use an HTTP interceptor to verify that the front-end user registration web form accepts invalid input in the user’s age field. The developer was notified and asked to fix the issue.

Which of the following is the MOST secure solution for the developer to implement?


60. An electric car company hires an IT consulting company to improve the cybersecurity of us vehicles.

Which of the following should achieve the BEST long-term result for the company?


61. A technician is configuring security options on the mobile device manager for users who often utilize public Internet connections while travelling.

After ensuring that full disk encryption is enabled, which of the following security measures should the technician take? (Choose two.)


62. A recent penetration test identified that a web server has a major vulnerability. The web server hosts a critical shipping application for the company and requires 99.99% availability. Attempts to fix the vulnerability would likely break the application. The shipping application is due to be replaced in the next three months.

Which of the following would BEST secure the web server until the replacement web server is ready?


63. A company wants to implement a cloud-based security solution that will sinkhole malicious DNS requests. The security administrator has implemented technical controls to direct DNS requests to the cloud servers but wants to extend the solution to all managed and unmanaged endpoints that may have user-defined DNS manual settings.

Which of the following should the security administrator implement to ensure the solution will protect all connected devices?

A) Implement firewall ACLs as follows:

B) Implement NAT as follows:

C) Implement DHCP options as follows:

D) Implement policy routing as follows:



Drag and drop the cloud deployment model to the associated use-case scenario. Options may be used only once or not at all.

65. A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline.

Which of the following tools should be implemented to detect similar attacks?


66. An application has been through a peer review and regression testing and is prepared for release. A security engineer is asked to analyze an application binary to look for potential vulnerabilities prior to wide release. After thoroughly analyzing the application, the engineer informs the developer it should include additional input sanitation in the application to prevent overflows.

Which of the following tools did the security engineer MOST likely use to determine this recommendation?


67. The director of sales asked the development team for some small changes to increase the usability of an application used by the sales team. Prior security reviews of the code showed no significant vulnerabilities, and since the changes were small, they were given a peer review and then pushed to the live environment. Subsequent vulnerability scans now show numerous flaws that were not present in the previous versions of the code.

Which of the following is an SDLC best practice that should have been followed?


68. The Chief Executive Officers (CEOs) from two different companies are discussing the highly sensitive prospect of merging their respective companies together.

Both have invited their Chief Information Officers (CIOs) to discern how they can securely and digitally communicate, and the following criteria are collectively determined:

✑ Must be encrypted on the email servers and clients

✑ Must be OK to transmit over unsecure Internet connections

Which of the following communication methods would be BEST to recommend?


69. A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization’s vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to the organization. The CISO determines systems administrators need to participate in industry security events.

Which of the following is the CISO looking to improve?


70. An investigation showed a worm was introduced from an engineer’s laptop. It was determined the company does not provide engineers with company-owned laptops, which would be subject to a company policy and technical controls.

Which of the following would be the MOST secure control implement?


71. While traveling to another state, the Chief Financial (CFO) forgot to submit payroll for the company. The CFO quickly gained to the corporate through the high-speed wireless network provided by the hotel and completed the desk. Upon returning from the business trip, the CFO was told no one received their weekly pay due to a malware on attack on the system.

Which of the following is the MOST likely of the security breach?


72. Within the past six months, a company has experienced a series of attacks directed at various collaboration tools. Additionally, sensitive information was compromised during a recent security breach of a remote access session from an unsecure site.

As a result, the company is requiring all collaboration tools to comply with the following:

✑ Secure messaging between internal users using digital signatures

✑ Secure sites for video-conferencing sessions

✑ Presence information for all office employees

✑ Restriction of certain types of messages to be allowed into the network.

Which of the following applications must be configured to meet the new requirements? (Select TWO.)


73. Following a recent outage a systems administrator is conducting a study to determine a suitable bench stock of server hard drives.

Which of the following metrics is MOST valuable to the administrator in determining how many hard drives to keep on hand?


74. A security engineer is performing an assessment again for a company.

The security engineer examines the following output from the review:

Which of the following tools is the engineer utilizing to perform this assessment?


75. A company relies on an ICS to perform equipment monitoring functions that are federally mandated for operation of the facility. Fines for non-compliance could be costly. The ICS has known vulnerabilities and can no longer be patched or updated. Cyber-liability insurance cannot be obtained because insurance companies will not insure this equipment.

Which of the following would be the BEST option to manage this risk to the company’s production environment?


76. An organization is engaged in international business operations and is required to comply with various legal frameworks.

In addition to changes in legal frameworks, which of the following is a primary purpose of a compliance management program?


77. A network engineer is upgrading the network perimeter and installing a new firewall, IDS, and external edge router. The IDS is reporting elevated UDP traffic, and the internal routers are reporting high utilization.

Which of the following is the BEST solution?


78. During the decommissioning phase of a hardware project, a security administrator is tasked with ensuring no sensitive data is released inadvertently. All paper records are scheduled to be shredded in a crosscut shredded, and the waste will be burned. The system drives and removable media have been removed prior to e-cycling the hardware.

Which of the following would ensure no data is recovered from the system droves once they are disposed of?


79. As part of the asset management life cycle, a company engages a certified equipment disposal vendor to appropriately recycle and destroy company assets that are no longer in use.

As part of the company’s vendor due diligence, which of the following would be MOST important to obtain from the vendor?


80. A vendor develops a mobile application for global customers. The mobile application supports advanced encryption of data between the source (the mobile device) and the destination (the organization’s ERP system).

As part of the vendor’s compliance program, which of the following would be important to take into account?


81. A system owner has requested support from data owners to evaluate options for the disposal of equipment containing sensitive data. Regulatory requirements state the data must be rendered unrecoverable via logical means or physically destroyed.

Which of the following factors is the regulation intended to address?


82. A company’s existing forward proxies support software-based TLS decryption, but are currently at 60% load just dealing with AV scanning and content analysis for HTTP traffic. More than 70% outbound web traffic is currently encrypted. The switching and routing network infrastructure precludes adding capacity, preventing the installation of a dedicated TLS decryption system. The network firewall infrastructure is currently at 30% load and has software decryption modules that can be activated by purchasing additional license keys. An existing project is rolling out agent updates to end-user desktops as part of an endpoint security refresh.

Which of the following is the BEST way to address these issues and mitigate risks to the organization?


83. A company has completed the implementation of technical and management controls as required by its adopted security, ponies and standards. The implementation took two years and consumed s the budget approved to security projects. The board has denied any further requests for additional budget.

Which of the following should the company do to address the residual risk?


84. The risk subcommittee of a corporate board typically maintains a master register of the most prominent risks to the company.

A centralized holistic view of risk is particularly important to the corporate Chief Information Security Officer (CISO) because:


85. A security analyst is reviewing the following company requirements prior to selecting the appropriate technical control configuration and parameter:

RTO:2 days

RPO:36 hours

MTTR:24 hours

MTBF:60 days

Which of the following solutions will address the RPO requirements?


86. A technician is validating compliance with organizational policies. The user and machine accounts in the AD are not set to expire, which is non-compliant.

Which of the following network tools would provide this type of information?


87. First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss in a rush to isolate the three hosts that were calling out to the NAS to encrypt whole directories, the hosts were shut down immediately without investigation and then isolated.

Which of the following were missed? (Choose two.)


88. A company has deployed MFA Some employees, however, report they ate not gelling a notification on their mobile device Other employees report they downloaded a common authenticates application but when they tap the code in the application it just copies the code to memory instead of confirming the authentication attempt.

Which of the following are the MOST likely explanations for these scenarios? (Select TWO)


89. The Chief Information Security Officer (CISO) of an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local authorities, and when they arrive on-site, the authorities ask a security engineer to create a point-in-time copy of the running database in their presence.

This is an example of:


90. A company runs a well Cattended, on-premises fitness club for its employees, about 200 of them each day. Employees want to sync center’s login and attendance program with their smartphones. Human resources, which manages the contract for the fitness center, has asked the security architecture to help draft security and privacy requirements.

Which of the following would BEST address these privacy concerns?


91. Given the following output from a security tool in Kali:


92. An organization has recently deployed an EDR solution across its laptops, desktops, and server infrastructure. The organization’s server infrastructure is deployed in an IaaS environment. A database within the non-production environment has been misconfigured with a routable IP and is communicating with a command and control server.

Which of the following procedures should the security responder apply to the situation? (Choose two.)


93. A vulnerability was recently announced that allows a malicious user to gain root privileges on other virtual machines running within the same hardware cluster.

Customers of which of the following cloud-based solutions should be MOST concerned about this vulnerability?


94. A system administrator recently conducted a vulnerability scan of the internet. Subsequently, the organization was successfully attacked by an adversary.

Which of the following in the MOST likely explanation for why the organization network was compromised?


95. A systems administrator at a medical imaging company discovers protected health information (PHI) on a general purpose file server.

Which of the following steps should the administrator take NEXT?


96. Which of the following is the MOST likely reason an organization would decide to use a BYOD policy?


97. A Chief Information Security Officer (CISO) is running a test to evaluate the security of the corporate network and attached devices.

Which of the following components should be executed by an outside vendor?


98. A security manager needed to protect a high-security data center, so the manager installed a mantrap that can detect an employee’s heartbeat, weight, and badge.

Which of the following did the security manager implement?


99. A company is implementing a new secure identity application, given the following requirements

•. The cryptographic secrets used in the application must never be exposed to users or the OS

•. The application must work on mobile devices.

•. The application must work with the company’s badge reader system

Which of the following mobile device specifications are required for this design? (Select TWO).


100. A company’s security policy states any remote connections must be validated using two forms of network-based authentication. It also states local administrative accounts should not be used for any remote access. PKI currently is not configured within the network. RSA tokens have been provided to all employees, as well as a mobile application that can be used for 2FA authentication. A new NGFW has been installed within the network to provide security for external connections, and the company has decided to use it for VPN connections as well.

Which of the following should be configured? (Choose two.)


Question 1 of 100

Updated CompTIA A+ Certification Exam: Core 2 220-1002 Questions V14.02
2021 Update CompTIA Security+ SY0-501 Exam Questions (449 Q&As)

Leave a Reply

Your email address will not be published. Required fields are marked *