CompTIA CASP CAS-003 Exam Questions Updated v16.02

From the feedback from our candidates, we new updated CompTIA CASP CAS-003 Exam Questions v16.02 with 509 questions and answers to help you best prepare for your CompTIA Advanced Security Practitioner (CASP) exam. PassQuestion new CAS-003 Exam Questions contain real exam topics to help you master all the exam objectives, then you can practice real CAS-003 questions to pass your CompTIA CASP CAS-003 exam easily.

Test Online CompTIA CASP CAS-003 Free Questions

1. A video-game developer has received reports of players who are cheating. All game players each have five capabilities that are ranked on a scale of 1 to 10 points, with 10 total points available for balance. Players can move these points between capabilities at any time.

The programming logic is as follows:

• A player asks to move points from one capability to another

•. The source capability must have enough points to allow the move

•. The destination capability must not exceed 10 after the move

•. The move from source capability to destination capability is then completed

The time stamps of the game logs show each step of the transfer process takes about 900ms However, the time stamps of the cheating players show capability transfers at the exact same time. The cheating players have 10 points in multiple capabilities.

Which of the following is MOST likely being exploited to allow these capability transfers?

TOC/TOU

CSRF

Memory leak

XSS

SQL injection

Integer overflow

2. An organization has established the following controls matrix:

The following control sets have been defined by the organization and are applied in aggregate fashion:

✑ Systems containing PII are protected with the minimum control set.

✑ Systems containing medical data are protected at the moderate level.

✑ Systems containing cardholder data are protected at the high level.

The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients.

Based on the controls classification, which of the following controls would BEST meet these requirements?

Proximity card access to the server room, context-based authentication, UPS, and full-disk encryption for the database server.

Cipher lock on the server room door, FDE, surge protector, and static analysis of all application code.

Peer review of all application changes, static analysis of application code, UPS, and penetration testing of the complete system.

Intrusion detection capabilities, network-based IPS, generator, and context-based authentication.

3. A new cluster of virtual servers has been set up in a lab environment and must be audited before being allowed on the production network. The security manager needs to ensure unnecessary services are disabled and all system accounts are using strong credentials.

Which of the following tools should be used? (Choose two.)

Fuzzer

SCAP scanner

Packet analyzer

Password cracker

Network enumerator

SIEM

4. A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares.

Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two.)

Conduct role-based training for privileged users that highlights common threats against them and covers best practices to thwart attacks

Increase the frequency at which host operating systems are scanned for vulnerabilities, and decrease the amount of time permitted between vulnerability identification and the application of corresponding patches

Enforce command shell restrictions via group policies for all workstations by default to limit which native operating system tools are available for use

Modify the existing rules of behavior to include an explicit statement prohibiting users from enumerating user and file directories using available tools and/or accessing visible resources that do not directly pertain to their job functions

For all workstations, implement full-disk encryption and configure UEFI instances to require complex passwords for authentication

Implement application blacklisting enforced by the operating systems of all machines in the enterprise

5. A recent assessment identified that several users’ mobile devices are running outdated versions of endpoint security software that do not meet the company’s security policy.

Which of the following should be performed to ensure the users can access the network and meet the company’s security requirements?

Vulnerability assessment

Risk assessment

Patch management

Device quarantine

Incident management

6. A business is growing and starting to branch out into other locations.

In anticipation of opening an office in a different country, the Chief Information Security Officer (CISO) and legal team agree they need to meet the following criteria regarding data to open the new office:

✑ Store taxation-related documents for five years

✑ Store customer addresses in an encrypted format

✑ Destroy customer information after one year

✑ Keep data only in the customer’s home country

Which of the following should the CISO implement to BEST meet these requirements? (Choose three.)

Capacity planning policy

Data retention policy

Data classification standard

Legal compliance policy

Data sovereignty policy

Backup policy

Acceptable use policy

Encryption standard

7. Following a recent security incident on a web server the security analyst takes HTTP traffic captures for further investigation. The analyst suspects certain jpg files have important data hidden within them.

Which of the following tools will help get all the pictures from within the HTTP traffic captured to a specified folder?

tshark

memdump

nbtstat

8. The government is concerned with remote military missions being negatively being impacted by the use of technology that may fail to protect operational security.

To remediate this concern, a number of solutions have been implemented, including the following:

✑ End-to-end encryption of all inbound and outbound communication, including personal email and chat sessions that allow soldiers to securely communicate with families.

✑ Layer 7 inspection and TCP/UDP port restriction, including firewall rules to only allow TCP port 80 and 443 and approved applications

✑ A host-based whitelist of approved websites and applications that only allow mission-related tools and sites

✑ The use of satellite communication to include multiple proxy servers to scramble the source IP address

Which of the following is of MOST concern in this scenario?

Malicious actors intercepting inbound and outbound communication to determine the scope of the mission

Family members posting geotagged images on social media that were received via email from soldiers

The effect of communication latency that may negatively impact real-time communication with mission control

The use of centrally managed military network and computers by soldiers when communicating with external parties

9. A user workstation was infected with a new malware variant as a result of a drive-by download.

The security administrator reviews key controls on the infected workstation and discovers the following:

Which of the following would BEST prevent the problem from reoccurring in the future? (Choose two.)

Install HIPS

Enable DLP

Install EDR

Install HIDS

Enable application blacklisting

Improve patch management processes

10. A university’s help desk is receiving reports that Internet access on campus is not functioning. The network administrator looks at the management tools and sees the 1Gbps Internet is completely saturated with ingress traffic.

The administrator sees the following output on the Internet router:

The administrator calls the university’s ISP for assistance, but it takes more than four hours to speak to a network engineer who can resolve the problem.

Based on the information above, which of the following should the ISP engineer do to resolve the issue?

The ISP engineer should null route traffic to the web server immediately to restore Internet connectivity. The university should implement a remotely triggered black hole with the ISP to resolve this more quickly in the future.

A university web server is under increased load during enrollment. The ISP engineer should immediately increase bandwidth to 2Gbps to restore Internet connectivity. In the future, the university should pay for more bandwidth to handle spikes in web server traffic.

The ISP engineer should immediately begin blocking IP addresses that are attacking the web server to restore Internet connectivity. In the future, the university should install a WAF to prevent this attack from happening again.

The ISP engineer should begin refusing network connections to the web server immediately to restore Internet connectivity on campus. The university should purchase an IPS device to stop DDoS attacks in the future.

11. An internal penetration tester was assessing a recruiting page for potential issues before it was pushed to the production website. The penetration tester discovers an issue that must be corrected before the page goes live. The web host administrator collects the log files below and gives them to the development team so improvements can be made to the security design of the website.

Which of the following types of attack vector did the penetration tester use?

SQL injection

CSRF

Brute force

XSS

TOC/TOU

12. A government entity is developing requirements for an RFP to acquire a biometric authentication system.

When developing these requirements, which of the following considerations is MOST critical to the verification and validation of the SRTM?

Local and national laws and regulations

Secure software development requirements

Environmental constraint requirements

Testability of requirements

13. An organization is currently working with a client to migrate data between a legacy ERP system and a cloud-based ERP tool using a global PaaS provider. As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements.

Which of the following is the MOST likely reason for the need to sanitize the client data?

Data aggregation

Data sovereignty

Data isolation

Data volume

Data analytics

14. A developer emails the following output to a security administrator for review:

Which of the following tools might the security administrator use to perform further security assessment of this issue?

Port scanner

Vulnerability scanner

Fuzzer

HTTP interceptor

15. A security administrator wants to implement two-factor authentication for network switches and routers. The solution should integrate with the company’s RADIUS server, which is used for authentication to the network infrastructure devices.

The security administrator implements the following:

✑ An HOTP service is installed on the RADIUS server.

✑ The RADIUS server is configured to require the HOTP service for authentication.

The configuration is successfully tested using a software supplicant and enforced across all network devices. Network administrators report they are unable to log onto the network devices because they are not being prompted for the second factor.

Which of the following should be implemented to BEST resolve the issue?

Replace the password requirement with the second factor. Network administrators will enter their username and then enter the token in place of their password in the password field.

Configure the RADIUS server to accept the second factor appended to the password. Network administrators will enter a password followed by their token in the password field.

Reconfigure network devices to prompt for username, password, and a token. Network administrators will enter their username and password, and then they will enter the token.

Install a TOTP service on the RADIUS server in addition to the HOTP service. Use the HOTP on older devices that do not support two-factor authentication. Network administrators will use a web portal to log onto these devices.

16. After investigating virus outbreaks that have cost the company $1000 per incident, the company’s Chief Information Security Officer (CISO) has been researching new antivirus software solutions to use and be fully supported for the next two years.

The CISO has narrowed down the potential solutions to four candidates that meet all the company’s performance and capability requirements:

Using the table above, which of the following would be the BEST business-driven choice among five possible solutions?

Product A

Product B

Product C

Product D

Product E

17. A company is transitioning to a new VDI environment, and a system engineer is responsible for developing a sustainable security strategy for the VDIs.

Which of the following is the MOST appropriate order of steps to be taken?

Firmware update, OS patching, HIDS, antivirus, baseline, monitoring agent

OS patching, baseline, HIDS, antivirus, monitoring agent, firmware update

Firmware update, OS patching, HIDS, antivirus, monitoring agent, baseline

Baseline, antivirus, OS patching, monitoring agent, HIDS, firmware update

18. A security engineer is employed by a hospital that was recently purchased by a

corporation. Throughout the acquisition process, all data on the virtualized file servers must be shared by departments within both organizations.

The security engineer considers data ownership to determine:

the amount of data to be moved.

the frequency of data backups.

which users will have access to which data

when the file server will be decommissioned

19. A project manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor’s cloud-based infrastructure. The organization will maintain responsibility for the software but will not manage the underlying server applications.

Which of the following does the organization plan to leverage?

SaaS

PaaS

IaaS

Hybrid cloud

Network virtualization

20. A company enlists a trusted agent to implement a way to authenticate email senders positively.

Which of the following is the BEST method for the company to prove Vie authenticity of the message?

issue PlN-enabled hardware tokens

Create a CA win all users

Configure the server to encrypt all messages in transit

include a hash in the body of the message

21. A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production code on the project.

Which of the following methods could be used in addition to an integrated development environment to reduce the severity of the issue?

Conduct a penetration test on each function as it is developed

Develop a set of basic checks for common coding errors

Adopt a waterfall method of software development

Implement unit tests that incorporate static code analyzers

22. A security engineer has implemented an internal user access review tool so service teams can baseline user accounts and group memberships. The tool is functional and popular among its initial set of onboarded teams. However, the tool has not been built to cater to a broader set of internal teams yet.

The engineer has sought feedback from internal stakeholders, and a list of summarized requirements is as follows:

✑ The tool needs to be responsive so service teams can query it, and then perform an automated response action.

✑ The tool needs to be resilient to outages so service teams can perform the user access review at any point in time and meet their own SLAs.

✑ The tool will become the system-of-record for approval, reapproval, and removal life cycles of group memberships and must allow for data retrieval after failure.

Which of the following need specific attention to meet the requirements listed above? (Choose three.)

Scalability

Latency

Availability

Usability

Recoverability

Maintainability

23. A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place, as well as allow for the upload of commands from a centralized command and control answer. The total cost of the device must be kept to a minimum in case the device is discovered during an assessment.

Which of the following tools should the engineer load onto the device being designed?

Custom firmware with rotating key generation

Automatic MITM proxy

TCP beacon broadcast software

Reverse shell endpoint listener

24. A software development firm wants to validate the use of standard libraries as part of the software development process Each developer performs unit testing prior to committing changes to the code repository.

Which of the following activities would be BEST to perform after a commit but before the creation of a branch?

Static analysis

Heuristic analysis

Dynamic analysis

Web application vulnerability scanning

Penetration testing

25. A company recently implemented a new cloud storage solution and installed the required synchronization client on all company devices. A few months later, a breach of sensitive data was discovered. Root cause analysis shows the data breach happened from a lost personal mobile device.

Which of the following controls can the organization implement to reduce the risk of similar breaches?

Biometric authentication

Cloud storage encryption

Application containerization

Hardware anti-tamper

26. DRAG DROP

A vulnerability scan with the latest definitions was performed across Sites A and B.

Match each relevant finding to the affected host-After associating the finding with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

27. A secure facility has a server room that currently is controlled by a simple lock and key. and several administrators have copies of the key. To maintain regulatory compliance, a second lock, which is controlled by an application on the administrators’ smartphones, is purchased and installed. The application has various authentication methods that can be used.

The criteria for choosing the most appropriate method are:

• It cannot be invasive to the end user

• It must be utilized as a second factor.

• Information sharing must be avoided

• It must have a low false acceptance rate.

Which of the following BEST meets the criteria?

Facial recognition

Swipe pattern

Fingerprint scanning

Complex passcode

Token card

28. A security analyst is reviewing the corporate MDM settings and notices some disabled settings, which consequently permit users to download programs from untrusted developers and manually install them. After some conversations, it is confirmed that these settings were disabled to support the internal development of mobile applications. The security analyst is now recommending that developers and testers have a separate device profile allowing this, and that the rest of the organization’s users do not have the ability to manually download and install untrusted applications.

Which of the following settings should be toggled to achieve the goal? (Choose two.)

OTA updates

Remote wiping

Side loading

Sandboxing

Containerization

Signed applications

29. An application development company implements object reuse to reduce life-cycle costs for the company and its clients Despite the overall cost savings, which of the following BEST describes a security risk to customers inherent within this model?

Configurations of applications will affect multiple products.

Reverse engineering of applications will lead to intellectual property loss

Software patch deployment will occur less often

Homogeneous vulnerabilities will occur across multiple products

30. A Chief Information Securiy Officer (CISO) is reviewing technical documentation from various regional offices and notices some key differences between these groups. The CISO has not discovered any governance documentation.

The CISO creates the following chart to visualize the differences among the networking used.

Which of the following would be the CISO’s MOST immediate concern?

There are open standards in use on the network.

Network engineers have ignored defacto standards.

Network engineers are not following SOPs.

The network has competing standards in use.

31. An online bank has contracted with a consultant to perform a security assessment of the bank’s web portal. The consultant notices the login page is linked from the main page with HTTPS, but when the URL is changed to HTTP, the browser is automatically redirected back to the HTTPS site.

Which of the following is a concern for the consultant, and how can it be mitigated?

XSS could be used to inject code into the login page during the redirect to the HTTPS site. The consultant should implement a WAF to prevent this.

The consultant is concerned the site is using an older version of the SSL 3.0 protocol that is vulnerable to a variety of attacks. Upgrading the site to TLS 1.0 would mitigate this issue.

The HTTP traffic is vulnerable to network sniffing, which could disclose usernames and passwords to an attacker. The consultant should recommend disabling HTTP on the web server.

A successful MITM attack Could intercept the redirect and use sslstrip to decrypt further HTTPS traffic. Implementing HSTS on the web server would prevent this.

32. A security engineer is attempting to convey the importance of including job rotation in a company’s standard security policies.

Which of the following would be the BEST justification?

Making employees rotate through jobs ensures succession plans can be implemented and prevents single point of failure.

Forcing different people to perform the same job minimizes the amount of time malicious actions go undetected by forcing malicious actors to attempt collusion between two or more people.

Administrators and engineers who perform multiple job functions throughout the day benefit from being cross-trained in new job areas.

It eliminates the need to share administrative account passwords because employees gain administrative rights as they rotate into a new job area.

33. The Chief Information Officer (CIO) wants to increase security and accessibility among the organization’s cloud SaaS applications. The applications are configured to use passwords, and two-factor authentication is not provided natively.

Which of the following would BEST address the CIO’s concerns?

Procure a password manager for the employees to use with the cloud applications.

Create a VPN tunnel between the on-premises environment and the cloud providers.

Deploy applications internally and migrate away from SaaS applications.

Implement an IdP that supports SAML and time-based, one-time passwords.

34. A global company has decided to implement a cross-platform baseline of security settings for all company laptops. A security engineer is planning and executing the project.

Which of the following should the security engineer recommend?

Replace each laptop in the company’s environment with a standardized laptop that is preconfigured to match the baseline settings

Create batch script files that will enable the baseline security settings and distribute
them to global employees for execution

Send each laptop to a regional IT office to be reimaged with the new baseline security settings enabled and then redeployed

Establish GPO configurations for each baseline setting, test that each works as expected, and have each setting deployed to the laptops.

Leverage an MDM solution to apply the baseline settings and deploy continuous monitoring of security configurations.

35. A network service on a production system keeps crashing at random times. The systems administrator suspects a bug in the listener is causing the service to crash, resuming in the a DoS.

Which the service crashes, a core dump is left in the /tmp directory.

Which of the following tools can the systems administrator use to reproduction these symptoms?

Fuzzer

Vulnerability scanner

Core dump analyzer

Debugger

36. A company recently deployed an agent-based DLP solution to all laptop in the environment.

The DLP solution is configured to restrict the following:

• USB ports

• FTP connections

• Access to cloud-based storage sites

• Outgoing email attachments

• Saving data on the local C: drive

Despite these restrictions, highly confidential data was from a secure fileshare in the research department.

Which of the following should the security team implement FIRST?

Application whitelisting for all company-owned devices

A secure VDI environment for research department employees

NIDS/NIPS on the network segment used by the research department

Bluetooth restriction on all laptops

37. An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions.

Which of the following types of information could be drawn from such participation?

Threat modeling

Risk assessment

Vulnerability data

Threat intelligence

Risk metrics

Exploit frameworks

38. A financial institution’s information security officer is working with the risk management officer to determine what to do with the institution’s residual risk after all security controls have been implemented.

Considering the institution’s very low risk tolerance, which of the following strategies would be BEST?

Transfer the risk.

Avoid the risk

Mitigate the risk.

Accept the risk.

39. A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable.

Which of the following solutions BEST meets all of the architect’s objectives?

An internal key infrastructure that allows users to digitally sign transaction logs

An agreement with an entropy-as-a-service provider to increase the amount of randomness in generated keys.

A publicly verified hashing algorithm that allows revalidation of message integrity at a future date.

An open distributed transaction ledger that requires proof of work to append entries.

40. An organization’s Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer (CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO’s inbox from a familiar name with an attachment.

Which of the following should the CISO task a security analyst with to determine whether or not the attachment is safe?

Place it in a malware sandbox.

Perform a code review of the attachment.

Conduct a memory dump of the CFO’s P

Run a vulnerability scan on the email server.

41. A technician receives the following security alert from the firewall’s automated system:

After reviewing the alert, which of the following is the BEST analysis?

This alert is false positive because DNS is a normal network function.

This alert indicates a user was attempting to bypass security measures using dynamic DN

This alert was generated by the SIEM because the user attempted too many invalid login attempts.

This alert indicates an endpoint may be infected and is potentially contacting a suspect host.

42. The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained.

Which of the following would BEST to improve the incident response process?

Updating the playbook with better decision points

Dividing the network into trusted and untrusted zones

Providing additional end-user training on acceptable use

Implementing manual quarantining of infected hosts

43. A cloud architect needs to isolate the most sensitive portion of the network while maintaining hosting in a public cloud.

Which of the following configurations can be employed to support this effort?

Create a single-tenancy security group in the public cloud that hosts only similar types of servers

Privatize the cloud by implementing an on-premises instance.

Create a hybrid cloud with an on-premises instance for the most sensitive server types.

Sandbox the servers with the public cloud by server type

44. A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes.

Which of the following controls would BEST mitigate the identified vulnerability?

Issue digital certificates to all users, including owners of group mailboxes, and enable S/MIME

Federate with an existing PKI provider, and reject all non-signed emails

Implement two-factor email authentication, and require users to hash all email messages upon receipt

Provide digital certificates to all systems, and eliminate the user group or shared mailboxes

45. A database administrator is required to adhere to and implement privacy principles when executing daily tasks. A manager directs the administrator to reduce the number of unique instances of PII stored within an organization’s systems to the greatest extent possible.

Which of the following principles is being demonstrated?

Administrator accountability

PII security

Record transparency

Data minimization

46. A company is deploying a DIP solution and scanning workstations and network drives for documents that contain potential Pll and payment card data.

The results of the first scan are as follows:

The security learn is unable to identify the data owners for the specific files in a timely manner and does not suspect malicious activity with any of the detected files.

Which of the following would address the inherent risk until the data owners can be formally identified?

Move the files from the marketing share to a secured drive.

Search the metadata for each file to locate the file’s creator and transfer the files to the personal drive of the listed creator.

Configure the DLP tool to delete the files on the shared drives

Remove the access for the internal audit group from the accounts payable and payroll shares

47. A networking administrator was recently promoted to security administrator in an organization that handles highly sensitive data. The Chief Information Security Officer (CISO) has just asked for all IT security personnel to review a zero-day vulnerability and exploit for specific application servers to help mitigate the organization’s exposure to that risk.

Which of the following should the new security administrator review to gain more information? (Choose three.)

CVE database

Recent security industry conferences

Security vendor pages

Known vendor threat models

Secure routing metrics

Server’s vendor documentation

Verified security forums

NetFlow analytics

48. A development team releases updates to an application regularly. The application is compiled with several standard open-source security products that require a minimum version for compatibility.

During the security review portion of the development cycle, which of the following should be done to minimize possible application vulnerabilities?

The developers should require an exact version of the open-source security products, preventing the introduction of new vulnerabilities.

The application development team should move to an Agile development approach to identify security concerns faster

The change logs for the third-party libraries should be reviewed for security patches, which may need to be included in the release.

The application should eliminate the use of open-source libraries and products to prevent known vulnerabilities from being included.

49. A company’s user community is being adversely affected by various types of emails whose authenticity cannot be trusted. The Chief Information Security Officer (CISO) must address the problem.

Which of the following solutions would BEST support trustworthy communication solutions?

Enabling spam filtering and DMAR

Using MFA when logging into email clients and the domain.

Enforcing HTTPS everywhere so web traffic, including email, is secure.

Enabling SPF and DKIM on company servers.

Enforcing data classification labels before an email is sent to an outside party.

50. An insurance company has two million customers and is researching the top transactions on its customer portal. It identifies that the top transaction is currently password reset. Due to users not remembering their secret questions, a large number of calls are consequently routed to the contact center for manual password resets. The business wants to develop a mobile application to improve customer engagement in the future, continue with a single factor of authentication, minimize management overhead of the solution, remove passwords, and eliminate to the contact center.

Which of the following techniques would BEST meet the requirements? (Choose two.)

Magic link sent to an email address

Customer ID sent via push notification

SMS with OTP sent to a mobile number

Third-party social login

Certificate sent to be installed on a device

Hardware tokens sent to customers

51. A network administrator is concerned about a particular server that is attacked occasionally from hosts on the Internet. The server is not critical; however, the attacks impact the rest of the network. While the company’s current ISP is cost effective, the ISP is slow to respond to reported issues. The administrator needs to be able to mitigate the effects of an attack immediately without opening a trouble ticket with the ISP. The ISP is willing to accept a very small network route advertised with a particular BGP community string.

Which of the following is the BESRT way for the administrator to mitigate the effects of these attacks?

Use the route protection offered by the ISP to accept only BGP routes from trusted hosts on the Internet, which will discard traffic from attacking hosts.

Work with the ISP and subscribe to an IPS filter that can recognize the attack patterns of the attacking hosts, and block those hosts at the local IPS device.

Advertise a /32 route to the ISP to initiate a remotely triggered black hole, which will discard traffic destined to the problem server at the upstream provider.

Add a redundant connection to a second local ISP, so a redundant connection is available for use if the server is being attacked on one connection.

52. A Chief Information Security Officer (CISO) has created a survey that will be distributed to managers of mission-critical functions across the organization. The survey requires the managers to determine how long their respective units can operate in the event of an extended IT outage before the organization suffers monetary losses from the outage.

To which of the following is the survey question related? (Select TWO)

Risk avoidance

Business impact

Risk assessment

Recovery point objective

Recovery time objective

Mean time between failures

53. A company wants to configure its wireless network to require username and password authentication.

Which of the following should the system administrator implement?

WPS

PEAP

TKIP

PKI

54. An organization is creating requirements for new laptops that will be issued to staff One of the company’s key security objectives is to ensure the laptops nave hardware-enforced data-at-rest protection tied to permanent hardware identities. The laptops must also provide attestation for secure boot processes.

To meet these demands, which of the following BEST represent the features that should be included in the requirements set? (Select TWO.)

TPM2.0e

Opal support

MicroSD token authenticator

TLS1.3

Shim and GRUB

ARMv7 with TrustZone

55. A security analyst is attempting to identify code that is vulnerable to butler and integer overflow attacks.

Which of the following code snippets is safe from these types of attacks?

A)

Option A

Option B

Option C

Option D

56. After analyzing code, two developers al a company bring these samples to the security operations manager.

Which of the following would BEST solve these coding problems?

Use a privileged access management system

Prompt the administrator for the password .

Use salted hashes with PBKDF2.

Increase the complexity and length of the password

57. A security engineer is looking at a DNS server following a known incident.

The engineer sees the following command as the most recent entry in the server’s shell history:

id ^f=iev/sda of=/dev/sdb

Which of the following MOST likely occurred?

A tape backup of the server was performed.

The drive was cloned for forensic analysis.

The hard drive was formatted after the incident.

The DNS log files were rolled daily as expected

58. A security administrator is reviewing the following output from an offline password audit:

Which of the following should the systems administrator implement to BEST address this audit finding? (Choose two.)

Cryptoprocessor

Bcrypt

SHA-256

PBKDF2

Message authentication

59. A penetration tester noticed special characters in a database table. The penetration tester configured the browser to use an HTTP interceptor to verify that the front-end user registration web form accepts invalid input in the user’s age field. The developer was notified and asked to fix the issue.

Which of the following is the MOST secure solution for the developer to implement?

IF $AGE == “!@#%^&*()_+<>?”:{}[]” THEN ERROR

IF $AGE == [1234567890] {1,3} THEN CONTINUE

IF $AGE != “a-bA-Z!@#$%^&*()_+<>?”{}[]”THEN CONTINUE

IF $AGE == [1-0] {0,2} THEN CONTINUE

60. An electric car company hires an IT consulting company to improve the cybersecurity of us vehicles.

Which of the following should achieve the BEST long-term result for the company?

Designing Developing add-on security components for fielded vehicles

Reviewing proposed designs and prototypes for cybersecurity vulnerabilities

Performing a cyber-risk assessment on production vehicles

Reviewing and influencing requirements for an early development vehicle

61. A technician is configuring security options on the mobile device manager for users who often utilize public Internet connections while travelling.

After ensuring that full disk encryption is enabled, which of the following security measures should the technician take? (Choose two.)

Require all mobile device backups to be encrypted

Ensure all mobile devices back up using USB OTG

Issue a remote wipe of corporate and personal partitions

Restrict devices from making long-distance calls during business hours

Implement an always-on VPN

62. A recent penetration test identified that a web server has a major vulnerability. The web server hosts a critical shipping application for the company and requires 99.99% availability. Attempts to fix the vulnerability would likely break the application. The shipping application is due to be replaced in the next three months.

Which of the following would BEST secure the web server until the replacement web server is ready?

Patch management

Antivirus

Application firewall

Spam filters

HIDS

63. A company wants to implement a cloud-based security solution that will sinkhole malicious DNS requests. The security administrator has implemented technical controls to direct DNS requests to the cloud servers but wants to extend the solution to all managed and unmanaged endpoints that may have user-defined DNS manual settings.

Which of the following should the security administrator implement to ensure the solution will protect all connected devices?

A) Implement firewall ACLs as follows:

B) Implement NAT as follows:

C) Implement DHCP options as follows:

D) Implement policy routing as follows:

Option A

Option B

Option C

Option D

64. DRAG DROP

Drag and drop the cloud deployment model to the associated use-case scenario. Options may be used only once or not at all.

65. A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline.

Which of the following tools should be implemented to detect similar attacks?

Vulnerability scanner

TPM

Host-based firewall

File integrity monitor

NIPS

66. An application has been through a peer review and regression testing and is prepared for release. A security engineer is asked to analyze an application binary to look for potential vulnerabilities prior to wide release. After thoroughly analyzing the application, the engineer informs the developer it should include additional input sanitation in the application to prevent overflows.

Which of the following tools did the security engineer MOST likely use to determine this recommendation?

Fuzzer

HTTP interceptor

Vulnerability scanner

SCAP scanner

67. The director of sales asked the development team for some small changes to increase the usability of an application used by the sales team. Prior security reviews of the code showed no significant vulnerabilities, and since the changes were small, they were given a peer review and then pushed to the live environment. Subsequent vulnerability scans now show numerous flaws that were not present in the previous versions of the code.

Which of the following is an SDLC best practice that should have been followed?

Versioning

Regression testing

Continuous integration

Integration testing

68. The Chief Executive Officers (CEOs) from two different companies are discussing the highly sensitive prospect of merging their respective companies together.

Both have invited their Chief Information Officers (CIOs) to discern how they can securely and digitally communicate, and the following criteria are collectively determined:

✑ Must be encrypted on the email servers and clients

✑ Must be OK to transmit over unsecure Internet connections

Which of the following communication methods would be BEST to recommend?

Force TLS between domains.

Enable STARTTLS on both domains.

Use PGP-encrypted emails.

Switch both domains to utilize DNSSE

69. A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization’s vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to the organization. The CISO determines systems administrators need to participate in industry security events.

Which of the following is the CISO looking to improve?

Vendor diversification

System hardening standards

Bounty programs

Threat awareness

Vulnerability signatures

70. An investigation showed a worm was introduced from an engineer’s laptop. It was determined the company does not provide engineers with company-owned laptops, which would be subject to a company policy and technical controls.

Which of the following would be the MOST secure control implement?

Deploy HIDS on all engineer-provided laptops, and put a new router in the management network.

Implement role-based group policies on the management network for client access.

Utilize a jump box that is only allowed to connect to client from the management network.

Deploy a company-wide approved engineering workstation for management access.

71. While traveling to another state, the Chief Financial (CFO) forgot to submit payroll for the company. The CFO quickly gained to the corporate through the high-speed wireless network provided by the hotel and completed the desk. Upon returning from the business trip, the CFO was told no one received their weekly pay due to a malware on attack on the system.

Which of the following is the MOST likely of the security breach?

The security manager did not enforce automate VPN connection.

The company’s server did not have endpoint security enabled.

The hotel and did require a wireless password to authenticate.

The laptop did not have the host-based firewall properly configured.

72. Within the past six months, a company has experienced a series of attacks directed at various collaboration tools. Additionally, sensitive information was compromised during a recent security breach of a remote access session from an unsecure site.

As a result, the company is requiring all collaboration tools to comply with the following:

✑ Secure messaging between internal users using digital signatures

✑ Secure sites for video-conferencing sessions

✑ Presence information for all office employees

✑ Restriction of certain types of messages to be allowed into the network.

Which of the following applications must be configured to meet the new requirements? (Select TWO.)

Remote desktop

VoIP

Remote assistance

Instant messaging

Social media websites

73. Following a recent outage a systems administrator is conducting a study to determine a suitable bench stock of server hard drives.

Which of the following metrics is MOST valuable to the administrator in determining how many hard drives to keep on hand?

TTR

ALE

MTBF

SLE

PRO

74. A security engineer is performing an assessment again for a company.

The security engineer examines the following output from the review:

Which of the following tools is the engineer utilizing to perform this assessment?

Vulnerability scanner

SCAP scanner

Port scanner

Interception proxy

75. A company relies on an ICS to perform equipment monitoring functions that are federally mandated for operation of the facility. Fines for non-compliance could be costly. The ICS has known vulnerabilities and can no longer be patched or updated. Cyber-liability insurance cannot be obtained because insurance companies will not insure this equipment.

Which of the following would be the BEST option to manage this risk to the company’s production environment?

Avoid the risk by removing the ICS from production

Transfer the risk associated with the ICS vulnerabilities

Mitigate the risk by restricting access to the ICS

Accept the risk and upgrade the ICS when possible

76. An organization is engaged in international business operations and is required to comply with various legal frameworks.

In addition to changes in legal frameworks, which of the following is a primary purpose of a compliance management program?

Following new requirements that result from contractual obligations

Answering requests from auditors that relate to e-discovery

Responding to changes in regulatory requirements

Developing organizational policies that relate to hiring and termination procedures

77. A network engineer is upgrading the network perimeter and installing a new firewall, IDS, and external edge router. The IDS is reporting elevated UDP traffic, and the internal routers are reporting high utilization.

Which of the following is the BEST solution?

Reconfigure the firewall to block external UDP traffic.

Establish a security baseline on the ID

Block echo reply traffic at the firewall.

Modify the edge router to not forward broadcast traffic.

78. During the decommissioning phase of a hardware project, a security administrator is tasked with ensuring no sensitive data is released inadvertently. All paper records are scheduled to be shredded in a crosscut shredded, and the waste will be burned. The system drives and removable media have been removed prior to e-cycling the hardware.

Which of the following would ensure no data is recovered from the system droves once they are disposed of?

Overwriting all HDD blocks with an alternating series of data.

Physically disabling the HDDs by removing the dive head.

Demagnetizing the hard drive using a degausser.

Deleting the UEFI boot loaders from each HD

79. As part of the asset management life cycle, a company engages a certified equipment disposal vendor to appropriately recycle and destroy company assets that are no longer in use.

As part of the company’s vendor due diligence, which of the following would be MOST important to obtain from the vendor?

A copy of the vendor’s information security policies.

A copy of the current audit reports and certifications held by the vendor.

A signed NDA that covers all the data contained on the corporate systems.

A copy of the procedures used to demonstrate compliance with certification requirements.

80. A vendor develops a mobile application for global customers. The mobile application supports advanced encryption of data between the source (the mobile device) and the destination (the organization’s ERP system).

As part of the vendor’s compliance program, which of the following would be important to take into account?

Mobile tokenization

Export controls

Device containerization

Privacy policies

81. A system owner has requested support from data owners to evaluate options for the disposal of equipment containing sensitive data. Regulatory requirements state the data must be rendered unrecoverable via logical means or physically destroyed.

Which of the following factors is the regulation intended to address?

Sovereignty

E-waste

Remanence

Deduplication

82. A company’s existing forward proxies support software-based TLS decryption, but are currently at 60% load just dealing with AV scanning and content analysis for HTTP traffic. More than 70% outbound web traffic is currently encrypted. The switching and routing network infrastructure precludes adding capacity, preventing the installation of a dedicated TLS decryption system. The network firewall infrastructure is currently at 30% load and has software decryption modules that can be activated by purchasing additional license keys. An existing project is rolling out agent updates to end-user desktops as part of an endpoint security refresh.

Which of the following is the BEST way to address these issues and mitigate risks to the organization?

Purchase the SSL, decryption license for the firewalls and route traffic back to the proxies for end-user categorization and malware analysis.

Roll out application whitelisting to end-user desktops and decommission the existing proxies, freeing up network ports.

Use an EDP solution to address the malware issue and accept the diminishing role of the proxy for URL categorization in the short team.

Accept the current risk and seek possible funding approval in the next budget cycle to replace the existing proxies with ones with more capacity.

83. A company has completed the implementation of technical and management controls as required by its adopted security, ponies and standards. The implementation took two years and consumed s the budget approved to security projects. The board has denied any further requests for additional budget.

Which of the following should the company do to address the residual risk?

Transfer the risk

Baseline the risk.

Accept the risk

Remove the risk

84. The risk subcommittee of a corporate board typically maintains a master register of the most prominent risks to the company.

A centralized holistic view of risk is particularly important to the corporate Chief Information Security Officer (CISO) because:

IT systems are maintained in silos to minimize interconnected risks and provide clear
risk boundaries used to implement compensating controls

risks introduced by a system in one business unit can affect other business units in ways in which the individual business units have no awareness

corporate general counsel requires a single system boundary to determine overall corporate risk exposure

major risks identified by the subcommittee merit the prioritized allocation of scare funding to address cybersecurity concerns

85. A security analyst is reviewing the following company requirements prior to selecting the appropriate technical control configuration and parameter:

RTO:2 days

RPO:36 hours

MTTR:24 hours

MTBF:60 days

Which of the following solutions will address the RPO requirements?

Remote Syslog facility collecting real-time events

Server farm behind a load balancer delivering five-nines uptime

Backup solution that implements daily snapshots

Cloud environment distributed across geographic regions

86. A technician is validating compliance with organizational policies. The user and machine accounts in the AD are not set to expire, which is non-compliant.

Which of the following network tools would provide this type of information?

SIEM server

IDS appliance

SCAP scanner

HTTP interceptor

87. First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss in a rush to isolate the three hosts that were calling out to the NAS to encrypt whole directories, the hosts were shut down immediately without investigation and then isolated.

Which of the following were missed? (Choose two.)

CPU, process state tables, and main memory dumps

Essential information needed to perform data restoration to a known clean state

Temporary file system and swap space

Indicators of compromise to determine ransomware encryption

Chain of custody information needed for investigation

88. A company has deployed MFA Some employees, however, report they ate not gelling a notification on their mobile device Other employees report they downloaded a common authenticates application but when they tap the code in the application it just copies the code to memory instead of confirming the authentication attempt.

Which of the following are the MOST likely explanations for these scenarios? (Select TWO)

The company is using a claims-based authentication system for MFA

These are symptoms of known compatibility issues with OAuth 1 0

OpenID Connect requires at least one factor to be a biometric

The company does not allow an SMS authentication method

The WAYF method requires a third factor before the authentication process can complete

A vendor-specific authenticator application is needed for push notifications

89. The Chief Information Security Officer (CISO) of an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local authorities, and when they arrive on-site, the authorities ask a security engineer to create a point-in-time copy of the running database in their presence.

This is an example of:

creating a forensic image

deploying fraud monitoring

following a chain of custody

analyzing the order of volatility

90. A company runs a well Cattended, on-premises fitness club for its employees, about 200 of them each day. Employees want to sync center’s login and attendance program with their smartphones. Human resources, which manages the contract for the fitness center, has asked the security architecture to help draft security and privacy requirements.

Which of the following would BEST address these privacy concerns?

Use biometric authentication.

Utilize geolocation/geofencing.

Block unauthorized domain bridging.

Implement containerization

91. Given the following output from a security tool in Kali:

Log reduction

Network enumerator

Fuzzer

SCAP scanner

92. An organization has recently deployed an EDR solution across its laptops, desktops, and server infrastructure. The organization’s server infrastructure is deployed in an IaaS environment. A database within the non-production environment has been misconfigured with a routable IP and is communicating with a command and control server.

Which of the following procedures should the security responder apply to the situation? (Choose two.)

Contain the server.

Initiate a legal hold.

Perform a risk assessment.

Determine the data handling standard.

Disclose the breach to customers.

Perform an IOC sweep to determine the impact.

93. A vulnerability was recently announced that allows a malicious user to gain root privileges on other virtual machines running within the same hardware cluster.

Customers of which of the following cloud-based solutions should be MOST concerned about this vulnerability?

Single-tenant private cloud

Multitenant SaaS cloud

Single-tenant hybrid cloud

Multitenant IaaS cloud

Multitenant PaaS cloud

Single-tenant public cloud

94. A system administrator recently conducted a vulnerability scan of the internet. Subsequently, the organization was successfully attacked by an adversary.

Which of the following in the MOST likely explanation for why the organization network was compromised?

There was a false positive since the network was fully patched.

The system administrator did not perform a full system sun.

The systems administrator performed a credentialed scan.

The vulnerability database was not updated.

95. A systems administrator at a medical imaging company discovers protected health information (PHI) on a general purpose file server.

Which of the following steps should the administrator take NEXT?

Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2

Immediately encrypt all PHI with AES 256

Delete all PHI from the network until the legal department is consulted

Consult the legal department to determine legal requirements

96. Which of the following is the MOST likely reason an organization would decide to use a BYOD policy?

It enables employees to use the devices they are already own, thus reducing costs.

It should reduce the number of help desk and tickets significantly.

It is most secure, as the company owns and completely controls the devices.

It is the least complex method for systems administrator to maintain over time.

97. A Chief Information Security Officer (CISO) is running a test to evaluate the security of the corporate network and attached devices.

Which of the following components should be executed by an outside vendor?

Penetration tests

Vulnerability assessment

Tabletop exercises

Blue-team operations

98. A security manager needed to protect a high-security data center, so the manager installed a mantrap that can detect an employee’s heartbeat, weight, and badge.

Which of the following did the security manager implement?

A physical control

A corrective control

A compensating control

A managerial control

99. A company is implementing a new secure identity application, given the following requirements

•. The cryptographic secrets used in the application must never be exposed to users or the OS

•. The application must work on mobile devices.

•. The application must work with the company’s badge reader system

Which of the following mobile device specifications are required for this design? (Select TWO).

Secure element

Biometrics

UEFI

SEAndroid

NFC

HSM

100. A company’s security policy states any remote connections must be validated using two forms of network-based authentication. It also states local administrative accounts should not be used for any remote access. PKI currently is not configured within the network. RSA tokens have been provided to all employees, as well as a mobile application that can be used for 2FA authentication. A new NGFW has been installed within the network to provide security for external connections, and the company has decided to use it for VPN connections as well.

Which of the following should be configured? (Choose two.)

Certificate-based authentication

TACACS+

802.1X

RADIUS

LDAP

Local user database

Question 1 of 100

CompTIA CASP CAS-003 Exam Questions Updated v16.02

Test Online CompTIA CASP CAS-003 Free Questions

Leave a Reply Cancel reply