This page was exported from Exam for engine [ http://blog.test4engine.com ] Export date:Mon Nov 18 2:29:48 2024 / +0000 GMT ___________________________________________________ Title: [Aug 28, 2022] CAS-003 Exam Brain Dumps - Study Notes and Theory [Q344-Q368] --------------------------------------------------- [Aug 28, 2022] CAS-003 Exam Brain Dumps - Study Notes and Theory Pass CompTIA CAS-003 Test Practice Test Questions Exam Dumps 4 Books to Consider When Preparing for CAS-003 Exam Although there are different ways of studying for certification tests, books remain some of the most helpful resources. CompTIA itself provides its own guide for CAS-003 exam that can be bought on the official website. Also, you can first download the free sample and check if this material meets your needs. CompTIA CAS-003 is a qualifying exam for the CASP+ certification. This test is designed for the advanced-level cybersecurity practitioners who want to validate their skills and knowledge of risk management, research and collaboration, integration of enterprise security, and enterprise security architecture and operations. The associated certificate is approved by the U.S. DoD to fulfill directive 81.40/8570.01-M prerequisites and complaint with the ISO 17024 standards.   NEW QUESTION 344A cloud architect needs to isolate the most sensitive portion of the network while maintaining hosting in a public cloud Which of the following configurations can be employed to support this effort?  Create a single-tenancy security group in the public cloud that hosts only similar types of servers  Privatize the cloud by implementing an on-premises instance.  Create a hybrid cloud with an on-premises instance for the most sensitive server types.  Sandbox the servers with the public cloud by server type NEW QUESTION 345A multi-national company has a highly mobile workforce and minimal IT infrastructure. The company utilizes a BYOD and social media policy to integrate presence technology into global collaboration tools by individuals and teams. As a result of the dispersed employees and frequent international travel, thecompany is concerned about the safety of employees and their families when moving in and out of certain countries.Which of the following could the company view as a downside of using presence technology?  Insider threat  Network reconnaissance  Physical security  Industrial espionage ExplanationIf all company users worked in the same office with one corporate network and using company supplied laptops, then it is easy to implement all sorts of physical security controls. Examples ofphysical security include intrusion detection systems, fire protection systems, surveillance cameras or simply a lock on the office door.However, in this question we have dispersed employees using their own devices and frequently traveling internationally. This makes it extremely difficult to implement any kind of physical security.Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to anenterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism.NEW QUESTION 346An information security manager conducted a gap analysis, which revealed a 75% implementation of security controls for high-risk vulnerabilities, 90% for medium vulnerabilities, and 10% for low-risk vulnerabilities. To create a road map to close the identified gaps, the assurance team reviewed the likelihood of exploitation of each vulnerability and the business impact of each associated control. To determine which controls to implement, which of the following is the MOST important to consider?  KPI  KRI  GRC  BIA NEW QUESTION 347Which of the following is the BEST way for a company to begin understanding product-based solutions to mitigate a known risk?  RFQ  RFI  OLA  MSA  RFP NEW QUESTION 348The security administrator of a small firm wants to stay current on the latest security vulnerabilities and attack vectors being used by crime syndicates and nation-states. The information must be actionable and reliable. Which of the following would BEST meet the needs of the security administrator?  Software vendor threat reports  White papers  Security blogs  Threat data subscription NEW QUESTION 349Which of the following represents important technical controls for securing a SAN storage infrastructure? (Select TWO).  Synchronous copy of data  RAID configuration  Data de-duplication  Storage pool space allocation  Port scanning  LUN masking/mapping  Port mapping A logical unit number (LUN) is a unique identifier that designates individual hard disk devices or grouped devices for address by a protocol associated with a SCSI, iSCSI, Fibre Channel (FC) or similar interface. LUNs are central to the management of block storage arrays shared over a storage area network (SAN).LUN masking subdivides access to a given port. Then, even if several LUNs are accessed through the same port, the server masks can be set to limit each server’s access to the appropriate LUNs. LUN masking is typically conducted at the host bus adapter (HBA) or switch level.Port mapping is used in `Zoning’. In storage networking, Fibre Channel zoning is the partitioning of a Fibre Channel fabric into smaller subsets to restrict interference, add security, and to simplify management. While a SAN makes available several devices and/or ports to a single device, each system connected to the SAN should only be allowed access to a controlled subset of these devices/ports. Zoning can be applied to either the switch port a device is connected to OR the WWN World Wide Name on the host being connected. As port based zoning restricts traffic flow based on the specific switch port a device is connected to, if the device is moved, it will lose access. Furthermore, if a different device is connected to the port in question, it will gain access to any resources the previous host had access to.NEW QUESTION 350A well-known retailer has experienced a massive credit card breach. The retailer had gone through an audit and had been presented with a potential problem on their network. Vendors were authenticating directly to the retailer’s AD servers, and an improper firewall rule allowed pivoting from the AD server to the DMZ where credit card servers were kept. The firewall rule was needed for an internal application that was developed, which presents risk. The retailer determined that because the vendors were required to have site to site VPN’s no other security action was taken.To prove to the retailer the monetary value of this risk, which of the following type of calculations is needed?  Residual Risk calculation  A cost/benefit analysis  Quantitative Risk Analysis  Qualitative Risk Analysis Performing quantitative risk analysis focuses on assessing the probability of risk with a metric measurement which is usually a numerical value based on money or time.Incorrect Answers:A: A residual risk is one that still remains once the risk responses are applied. Thus a Residual risk calculation is not required.B: Cost Benefit Analysis is used for Quality Planning. This is not what is required.D: A qualitative risk analysis entails a subjective assessment of the probability of risks. The scenario warrants a quantitative risk.References:Project Management Institute, A Guide to the Project Management Body of Knowledge (PMBOK Guide), 5th Edition, Project Management Institute, Inc., Newtown Square, 2013, pp. 373, 585, 589 Schwalbe, Kathy, Managing Information Technology Projects, Revised 6th Edition, Course Technology, Andover, 2011, pp. 421-447 Whitaker, Sean, PMP Training Kit, O’Reilly Media, Sebastopol, 2013, pp. 335-375NEW QUESTION 351A security engineer is helping the web developers assess a new corporate web application The application will be Internet facing so the engineer makes the following recommendation:In an htaccess file or the site config add:or add to the location block:Which of the following is the security engineer trying to accomplish via cookies? (Select TWO)  Ensure session IDs are generated dynamically with each cookie request  Prevent cookies from being transmitted to other domain names  Create a temporary space on the user’s drive root for ephemeral cookie storage  Enforce the use of plain text HTTP transmission with secure local cookie storage  Add a sequence ID to the cookie session ID while in transit to prevent CSRF.  Allow cookie creation or updates only over TLS connections NEW QUESTION 352A developer implements the following code snippet:Which of the following vulnerabilities does this code snippet resolve?  SQL injection  Buffer overflow  Missing session brat  Information leakage NEW QUESTION 353A company relies on an ICS to perform equipment monitoring functions that are federally mandated for operation of the facility. Fines for non-compliance could be costly. The ICS has known vulnerabilities and can no longer be patched or updated. Cyber-liability insurance cannot be obtained because insurance companies will not insure this equipment.Which of the following would be the BEST option to manage this risk to the company’s production environment?  Avoid the risk by removing the ICS from production  Transfer the risk associated with the ICS vulnerabilities  Mitigate the risk by restricting access to the ICS  Accept the risk and upgrade the ICS when possible NEW QUESTION 354An incident response analyst is investigating a compromise on a application server within an organization. The analyst identifies an anomalous process that is executing and maintaining a persistent TCP connection to an external IP Which of the following actions should the analyst take NEXT?  Capture running memory  Create a BitCopy of the hard disk  Use no to conduct banner grabbing on the remote IP  Review /var/log/* for anomalous entries NEW QUESTION 355Drag and drop the cloud deployment model to the associated use-case scenario. Options may be used only once or not at all. NEW QUESTION 356An organization is concerned with potential data loss in the event of a disaster, and created a backup datacenter as a mitigation strategy. The current storage method is a single NAS used by all servers in both datacenters. Which of the following options increases data availability in the event of a datacenter failure?  Replicate NAS changes to the tape backups at the other datacenter.  Ensure each server has two HBAs connected through two routes to the NAS.  Establish deduplication across diverse storage paths.  Establish a SAN that replicates between datacenters. A SAN is a Storage Area Network. It is an alternative to NAS storage. SAN replication is a technology that replicates the data on one SAN to another SAN; in this case, it would replicate the data to a SAN in the backup datacenter. In the event of a disaster, the SAN in the backup datacenter would contain all the data on the original SAN.Array-based replication is an approach to data backup in which compatible storage arrays use built-in software to automatically copy data from one storage array to another. Array- based replication software runs on one or more storage controllers resident in disk storage systems, synchronously or asynchronously replicating data between similar storage array models at the logical unit number (LUN) or volume block level. The term can refer to the creation of local copies of data within the same array as the source data, as well as the creation of remote copies in an array situated off site.NEW QUESTION 357A security administrator is concerned about employees connecting their personal devices to the company network. Doing so is against company policy. The network does not have a NAC solution. The company uses a GPO that disables the firewall on all company-owned devices while they are connected to the internal network Additionally, all company-owned devices implement a standard naming convention that uses the device’s serial number. The security administrator wants to identify active personal devices and write a custom script to disconnect them from the network Which of the following should the script use to BEST accomplish this task?  Recursive DNS logs  DHCP logs  AD authentication logs  RADIUS logs  Switch and router ARP tables NEW QUESTION 358A cybersecurity analyst is conducting packet analysis on the following:Which of the following is occurring in the given packet capture?  ARP spoofing  Broadcast storm  Smurf attack  Network enurneration  Zero-day exploit NEW QUESTION 359A security researches is gathering information about a recent spoke in the number of targeted attacks against multinational banks. The spike is on top of already sustained attacks against the banks. Some of the previous attacks have resulted in the loss of sensitive data, but as of yet the attackers have not successfully stolen any funds.Based on the information available to the researcher, which of the following is the MOST likely threat profile?  Nation-state-sponsored attackers conducting espionage for strategic gain.  Insiders seeking to gain access to funds for illicit purposes.  Opportunists seeking notoriety and fame for personal gain.  Hackvisits seeking to make a political statement because of socio-economic factors. NEW QUESTION 360An organization designs and develops safety-critical embedded firmware (inclusive of embedded OS and services) for the automotive industry. The organization has taken great care to exercise secure software development practices for the firmware Of paramount importance is the ability to defeat attacks aimed at replacing or corrupting running firmware once the vehicle leaves production and is in the field Integrating, which of the following host and OS controls would BEST protect against this threat?  Configure the host to require measured boot with attestation using platform configuration registers extended through the OS and into application space.  Implement out-of-band monitoring to analyze the state of running memory and persistent storage and, in a failure mode, signal a check-engine light condition for the operator.  Perform reverse engineering of the hardware to assess for any implanted logic or other supply chain integrity violations  Ensure the firmware includes anti-malware services that will monitor and respond to any introduction of malicious logic.  Require software engineers to adhere to a coding standard, leverage static and dynamic analysis within the development environment, and perform exhaustive state space analysis before deployment NEW QUESTION 361A university’s help desk is receiving reports that Internet access on campus is not functioning. The network administrator looks at the management tools and sees the 1Gbps Internet is completely saturated with ingress traffic. The administrator sees the following output on the Internet router:The administrator calls the university’s ISP for assistance, but it takes more than four hours to speak to a network engineer who can resolve the problem. Based on the information above, which of the following should the ISP engineer do to resolve the issue?  The ISP engineer should null route traffic to the web server immediately to restore Internet connectivity.The university should implement a remotely triggered black hole with the ISP to resolve this more quickly in the future.  A university web server is under increased load during enrollment. The ISP engineer should immediately increase bandwidth to 2Gbps to restore Internet connectivity. In the future, the university should pay for more bandwidth to handle spikes in web server traffic.  The ISP engineer should immediately begin blocking IP addresses that are attacking the web server to restore Internet connectivity. In the future, the university should install a WAF to prevent this attack from happening again.  The ISP engineer should begin refusing network connections to the web server immediately to restore Internet connectivity on campus. The university should purchase an IPS device to stop DDoS attacks in the future. NEW QUESTION 362Following a complete outage of the electronic medical record system for more than 18 hours, the hospital’s Chief Executive Officer (CEO) has requested that the Chief Information Security Officer (CISO) perform an investigation into the possibility of a disgruntled employee causing the outage maliciously. To begin the investigation, the CISO pulls all event logs and device configurations from the time of the outage. The CISO immediately notices the configuration of a top-of-rack switch from one day prior to the outage does not match the configuration that was in place at the time of the outage. However, none of the event logs show who changed the switch configuration, and seven people have the ability to change it. Because of this, the investigation is inconclusive.Which of the following processes should be implemented to ensure this information is available for future investigations?  Asset inventory management  Incident response plan  Test and evaluation  Configuration and change management NEW QUESTION 363An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the final negotiations, there are a number of outstanding issues, including:1. Indemnity clauses have identified the maximum liability2. The data will be hosted and managed outside of the company’s geographical location The number of users accessing the system will be small, and no sensitive data will be hosted in the solution. As the security consultant on the project, which of the following should the project’s security consultant recommend as the NEXT step?  Develop a security exemption, as it does not meet the security policies  Mitigate the risk by asking the vendor to accept the in-country privacy principles  Require the solution owner to accept the identified risks and consequences  Review the entire procurement process to determine the lessons learned NEW QUESTION 364A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:Which of the following is an appropriate security control the company should implement?  Restrict directory permission to read-only access.  Use server-side processing to avoid XSS vulnerabilities in path input.  Separate the items in the system call to prevent command injection.  Parameterize a query in the path variable to prevent SQL injection. NEW QUESTION 365A company recently experienced a period of rapid growth, and it now needs to move to a more scalable cloud-based solution Historically. salespeople have maintained separate systems for information on competing customers to prevent the inadvertent disclosure of one customer’s information to another customer Which of the following would be the BEST method to provide secure data separation?  Use a CRM tool to separate data stores  Migrate to a single-tenancy cloud infrastructure  Employ network segmentation to provide isolation among salespeople  Implement an open-source public cloud CRM NEW QUESTION 366A group of security consultants is conducting an assessment of a customer’s network across multiple physical locations. To save time, the customer has allowed the consultants to install a single server inside the network perimeter. In addition to open-source intelligence gathering and social engineering, which of the following BEST describes the technique the consultants are employing?  Using persuasion and deception to gain access to systems  Conducting physical attacks by a red team  Moving laterally through a network from compromised hosts  Performing black-box penetration testing NEW QUESTION 367While attending a meeting with the human resources department, an organization’s information security officer sees an employee using a username and password written on a memo pad to log into a specific service. When the information security officer inquires further as to why passwords are being written down, the response is that there are too many passwords to remember for all the different services the human resources department is required to use.Additionally, each password has specific complexity requirements and different expiration time frames. Which of the following would be the BEST solution for the information security officer to recommend?  Utilizing MFA  Implementing SSO  Deploying 802.1X  Pushing SAML adoption  Implementing TACACS NEW QUESTION 368An external red team is brought into an organization to perform a penetration test of a new network-based application. The organization deploying the network application wants the red team to act like remote, external attackers, and instructs the team to use a black-box approach. Which of the following is the BEST methodology for the red team to follow?  Runa protocolanalyzertodetermine whattrafficis flowingin and outof theserver,andlookforways to alter the data stream that will result in information leakage or a system failure.  Sendoutspear-phishingemailsagainstuserswhoare known to have accesstothenetwork-based application, so the red team can go on-site with valid credentials and use the software.  Examinethe application using a portscanner, thenrun a vulnerabilityscanner againstopenports looking for known, exploitable weaknesses the application and related services may have.  Askfor moredetailsregardingthe engagementusingsocial engineering tacticsinan attempttogetthe organization to disclose more information about the network application to make attacks easier.  Loading … Verified CAS-003 dumps Q&As - CAS-003 dumps with Correct Answers: https://www.test4engine.com/CAS-003_exam-latest-braindumps.html --------------------------------------------------- Images: https://blog.test4engine.com/wp-content/plugins/watu/loading.gif https://blog.test4engine.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-08-28 16:23:05 Post date GMT: 2022-08-28 16:23:05 Post modified date: 2022-08-28 16:23:05 Post modified date GMT: 2022-08-28 16:23:05