• Home
  • Articles
  • Download CompTIA CAS-003 Exam Dumps to Pass Exam Easily in 2022 [Q342-Q366]

Download CompTIA CAS-003 Exam Dumps to Pass Exam Easily in 2022 [Q342-Q366]

Share

Download CompTIA CAS-003 Exam Dumps to Pass Exam Easily in 2022

Get 100% Real Free CASP Recertification CAS-003 Sample Questions


Topics Covered and Exam Domains

The CompTIA CAS-003 certification exam will cover 19 topics:

  • Security activities across the technology life cycle
  • Security, privacy policies, and procedures
  • Software vulnerability, proper security controls
  • Defining industry trends and their impact on the enterprise
  • Risk mitigation strategies and controls
  • Security controls for host devices
  • Business unit integration
  • Network and security components, concepts, and architectures
  • Analyzing risk metric scenarios to secure the enterprise
  • Secure communication and collaboration
  • Cloud and virtualization technology integration

 

NEW QUESTION 342
A vulnerability was recently announced that allows a malicious user to gain root privileges on other virtual machines running within the same hardware cluster. Customers of which of the following cloud-based solutions should be MOST concerned about this vulnerability?

  • A. Multitenant PaaS cloud
  • B. Single-tenant public cloud
  • C. Multitenant SaaS cloud
  • D. Single-tenant private cloud
  • E. Single-tenant hybrid cloud
  • F. Multitenant IaaS cloud

Answer: F

 

NEW QUESTION 343
A large company with a very complex IT environment is considering a move from an on-premises, internally managed proxy to a cloud-based proxy solution managed by an external vendor. The current proxy provides caching, content filtering, malware analysis, and URL categorization for all staff connected behind the proxy.
Staff members connect directly to the Internet outside of the corporate network. The cloud-based version of the solution would provide content filtering, TLS decryption, malware analysis, and URL categorization. After migrating to the cloud solution, all internal proxies would be decommissioned. Which of the following would MOST likely change the company's risk profile?

  • A. 1. Outages would be likely to occur for systems or applications with hard-coded proxy information.2.
    The service would provide some level of protection for staff members working from home.3. Malware detection times would decrease due to third-party management of the service.
  • B. 1. There would be a loss of internal intellectual knowledge regarding proxy configurations and application data flows.2. There would be a greater likelihood of Internet access outages due to lower resilience of cloud gateways.3. There would be data sovereignty concerns due to changes required in routing and proxy PAC files.
  • C. 1. The external vendor would have access to inbound and outbound gateway traffic.2. The service would provide some level of protection for staff working from home.3. Outages would be likely to occur for systems or applications with hard-coded proxy information.
  • D. 1. The loss of local caching would dramatically increase ISP changes and impact existing bandwidth.2.
    There would be a greater likelihood of Internet access outages due to lower resilience of cloud gateways.3. There would be a loss of internal intellectual knowledge regarding proxy configurations and application data flows.

Answer: A

 

NEW QUESTION 344
A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer's company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?

  • A. DLP
  • B. Data flow enforcement
  • C. UTM
  • D. Mail gateway

Answer: A

 

NEW QUESTION 345
Which of the following describes a risk and mitigation associated with cloud data storage?

  • A. Risk: Combined data archiving
    Mitigation: Two-factor administrator authentication
  • B. Risk: Offsite replication
    Mitigation: Multi-site backups
  • C. Risk: Shared hardware caused data leakage
    Mitigation: Strong encryption at rest
  • D. Risk: Data loss from de-duplication
    Mitigation: Dynamic host bus addressing

Answer: C

Explanation:
With cloud data storage, the storage provider will have large enterprise SANs providing large pools of storage capacity. Portions of the storage pools are assigned to customers. The risk is that multiple customers are storing their data on the same physical hardware storage devices.
This presents a risk (usually a very small risk, but a risk all the same) of other customers using the same cloud storage hardware being able to view your data. The mitigation of the risk is to encrypt your data stored on the SAN. Then the data would be unreadable even if another customer was able to access it.

 

NEW QUESTION 346
A new database application was added to a company's hosted VM environment. Firewall ACLs were modified to allow database users to access the server remotely. The company's cloud security broker then identified abnormal from a database user on-site. Upon further investigation, the security team noticed the user ran code on a VM that provided access to the hypervisor directly and access to other sensitive data.
Which of the following should the security do to help mitigate future attacks within the VM environment? (Choose two.)

  • A. Update virus definitions on all endpoints.
  • B. Deprovision database VM.
  • C. Configure VM isolation.
  • D. Install perimeter NGFW.
  • E. Install the appropriate patches.
  • F. Change the user's access privileges.

Answer: C,E

 

NEW QUESTION 347
A company recently migrated to a SaaS-based email solution. The solution is configured as follows.
* Passwords are synced to the cloud to allow for SSO
* Cloud-based antivirus is enabled
* Cloud-based anti-spam is enabled
* Subscription-based blacklist is enabled
Although the above controls are enabled, the company's security administrator is unable to detect an account compromise caused by phishing attacks in a timely fashion because email logs are not immediately available to review. Which of the following would allow the company to gam additional visibility and reduce additional costs? (Select TWO)

  • A. Install a virtual SIEM within the email cloud provider
  • B. Implement a third-party CASB solution.
  • C. Add email servers to NOC monitoring
  • D. Migrate the email antivirus and anti-spam on-premises
  • E. Disable the current SSO model and enable federation
  • F. Feed the attacker IPs from the company IDS into the email blacklist

Answer: A,B

 

NEW QUESTION 348
A developer emails the following output to a security administrator for review:

Which of the following tools might the security administrator use to perform further security assessment of this issue?

  • A. Fuzzer
  • B. Vulnerability scanner
  • C. Port scanner
  • D. HTTP interceptor

Answer: D

 

NEW QUESTION 349
An organization is reviewing endpoint security solutions. In evaluating products, the organization has the following requirements:
Support server, laptop, and desktop infrastructure
Due to limited security resources, implement active protection capabilities Provide users with the ability to self-service classify information and apply policies Protect data-at-rest and data-in-use Which of the following endpoint capabilities would BEST meet the above requirements? (Select two.)

  • A. Data loss prevention
  • B. Application whitelisting
  • C. Endpoint detect and respond
  • D. Log monitoring
  • E. Antivirus
  • F. Rights management

Answer: C,E

 

NEW QUESTION 350
A cybersecurity analyst is hired to review the security the posture of a company. The cybersecurity analyst notice a very high network bandwidth consumption due to SYN floods from a small number of IP addresses. Which of the following would be the BEST action to take to support incident response?

  • A. Apply ingress filters at the routers.
  • B. Install a packet capturing tool.
  • C. Block all SYN packets.
  • D. Increase the company's bandwidth.

Answer: A

 

NEW QUESTION 351
The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance department. The following information is compiled:
Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0
Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0
Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0
All callers are connected to the same switch and are routed by a router with five built-in interfaces. The upstream router interface's MAC is 00-01-42-32-ab-1a A packet capture shows the following:
09:05:15.934840 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a
(00:01:42:32:ab:1a)
09:06:16.124850 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a
(00:01:42:32:ab:1a)
09:07:25.439811 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a
(00:01:42:32:ab:1a)
09:08:10.937590 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id
2305, seq 1, length 65534
09:08:10.937591 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id
2306, seq 2, length 65534
09:08:10.937592 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id
2307, seq 3, length 65534
Which of the following is occurring on the network?

  • A. A man-in-the-middle attack is underway on the network.
  • B. A denial of service attack is targeting at the router.
  • C. An ARP flood attack is targeting at the router.
  • D. The default gateway is being spoofed on the network.

Answer: B

Explanation:
The above packet capture shows an attack where the attacker is busy consuming your resources (in this case the router) and preventing normal use. This is thus a Denial Of Service Attack.

 

NEW QUESTION 352
Compliance with company policy requires a quarterly review of firewall rules. You are asked to conduct a review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more secure. Given the following information perform the tasks listed below:
Untrusted zone: 0.0.0.0/0
User zone: USR 10.1.1.0/24
User zone: USR2 10.1.2.0/24
DB zone: 10.1.4.0/24
Web application zone: 10.1.5.0/24
Management zone: 10.1.10.0/24
Web server: 10.1.5.50
MS-SQL server: 10.1.4.70
MGMT platform: 10.1.10.250
Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Task 1) A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.
Task 2) The firewall must be configured so that the SQL server can only receive requests from the web server.
Task 3) The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.
Task 4) Ensure the final rule is an explicit deny.
Task 5) Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.
Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

  • A. Task 1: A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.
    In Rule no. 1 edit the Action to Deny to block internet access from the management platform.
    SRC Zone
    SRC
    SRC Port
    Action
    UNTRUST
    10.1.10.250
    ANY
    MGMT
    ANY
    ANY
    ANY
    DENY
    Task 2: The firewall must be configured so that the SQL server can only receive requests from the web server.
    In Rule no. 6 from top, edit the Action to be Permit.
    SRC Zone
    Action
    DB
    10.1.4.70
    ANY
    WEBAPP
    10.1.5.50
    ANY
    ANY
    PERMIT
    Task 3: The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.
    In rule no. 5 from top, change the DST port to Any from 80 to allow all unencrypted traffic.
    SRC Zone
    SRC
    SRC Port
    UNTRUST
    ANY
    ANY
    WEBAPP
    10.1.5.50
    ANY
    TCP
    PERMIT
    Task 4: Ensure the final rule is an explicit deny
    Enter this at the bottom of the access list i.e. the line at the bottom of the rule:
    SRC Zone
    SRC
    SRC Port
    ANY
    ANY
    ANY
    TCP
    DENY
    Task 5: Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.
    In Rule number 4 from top, edit the DST port to 443 from 80
    SRC Zone
    SRC
    SRC Port
    DST Zone
    DST
    DST Port
    Protocol
    Action
    USER
    10.1.1.0/24 10.1.2.0/24
    ANY
    UNTRUST
    ANY
    443
    TCP
    PERMIT
  • B. Task 1: A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.
    In Rule no. 1 edit the Action to Deny to block internet access from the management platform.
    SRC Zone
    SRC
    SRC Port
    DST Zone
    DST
    DST Port
    Protocol
    Action
    UNTRUST
    10.1.10.250
    ANY
    MGMT
    ANY
    ANY
    ANY
    DENY
    Task 2: The firewall must be configured so that the SQL server can only receive requests from the web server.
    In Rule no. 6 from top, edit the Action to be Permit.
    SRC Zone
    SRC
    SRC Port
    DST Zone
    DST
    DST Port
    Protocol
    Action
    DB
    10.1.4.70
    ANY
    WEBAPP
    10.1.5.50
    ANY
    ANY
    PERMIT
    Task 3: The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.
    In rule no. 5 from top, change the DST port to Any from 80 to allow all unencrypted traffic.
    SRC Zone
    SRC
    SRC Port
    DST Zone
    DST
    DST Port
    Protocol
    Action
    UNTRUST
    ANY
    ANY
    WEBAPP
    10.1.5.50
    ANY
    TCP
    PERMIT
    Task 4: Ensure the final rule is an explicit deny
    Enter this at the bottom of the access list i.e. the line at the bottom of the rule:
    SRC Zone
    SRC
    SRC Port
    DST Zone
    DST
    DST Port
    Protocol
    Action
    ANY
    ANY
    ANY
    ANY
    ANY
    ANY
    TCP
    DENY
    Task 5: Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.
    In Rule number 4 from top, edit the DST port to 443 from 80
    SRC Zone
    SRC
    SRC Port
    DST Zone
    DST
    DST Port
    Protocol
    Action
    USER
    10.1.1.0/24 10.1.2.0/24
    ANY
    UNTRUST
    ANY
    443
    TCP
    PERMIT

Answer: B

 

NEW QUESTION 353
A threat analyst notices the following URL while going through the HTTP logs.

Which of the following attack types is the threat analyst seeing?

  • A. XSS
  • B. CSRF
  • C. Session hijacking
  • D. SQL injection

Answer: A

 

NEW QUESTION 354
An analyst is investigating behavior on a corporate-owned, corporate-managed mobile device with application whitelisting enabled, based on a name string. The employee to whom the device is assigned reports the approved email client is displaying warning messages that can launch browser windows and is adding unrecognized email addresses to the "compose" window.
Which of the following would provide the analyst the BEST chance of understanding and characterizing the malicious behavior?

  • A. Reverse engineer the application binary.
  • B. Perform static code analysis on the source code.
  • C. Penetration test the mobile application.
  • D. Change to a whitelist that uses cryptographic hashing.
  • E. Analyze the device firmware via the JTAG interface.

Answer: D

 

NEW QUESTION 355
A managed service provider is designing a log aggregation service for customers who no longer want tomanage an internal SIEM infrastructure. The provider expects that customers will send all types of logs to them, and that log files could contain very sensitive entries. Customers have indicated they want on-premises and cloud-based infrastructure logs tobe stored in this new service. An engineer, who is designing the new service, is deciding how to segment customers. Which of the following is the BEST statement for the engineer to take into consideration?

  • A. Due to the likelihood of large log volumes, the service provider should use a multi-tenancy model for the data storage tier, enable data deduplication for storage cost efficiencies, and encrypt data at rest.
  • B. The most secure design approach would be to give customers on-premises appliances, install agents on endpoints, and then remotely manage the service via a VPN.
  • C. The managed service provider should outsource security of the platform to an existing cloud company.
    This willallow the new log service to be launched faster and with well-tested security controls.
  • D. Single-tenancy is often more expensive and has less efficient resource utilization. Multi-tenancy may increase the risk of cross-customer exposure in the event of service vulnerabilities.

Answer: D

 

NEW QUESTION 356
A security engineer is helping the web developers assess a new corporate web application The application will be Internet facing so the engineer makes the following recommendation:
In an htaccess file or the site config add:
or add to the location block:

Which of the following is the security engineer trying to accomplish via cookies? (Select TWO)

  • A. Ensure session IDs are generated dynamically with each cookie request
  • B. Allow cookie creation or updates only over TLS connections
  • C. Create a temporary space on the user's drive root for ephemeral cookie storage
  • D. Add a sequence ID to the cookie session ID while in transit to prevent CSRF.
  • E. Enforce the use of plain text HTTP transmission with secure local cookie storage
  • F. Prevent cookies from being transmitted to other domain names

Answer: A,E

 

NEW QUESTION 357
A database administrator is required to adhere to and implement privacy principles when executing daily tasks.
A manager directs the administrator to reduce the number of unique instances of PII stored within an organization's systems to the greatest extent possible.
Which of the following principles is being demonstrated?

  • A. Data minimization
  • B. Record transparency
  • C. PII security
  • D. Administrator accountability

Answer: A

 

NEW QUESTION 358
A security engineer is analyzing an application during a security assessment to ensure it is configured to protect against common threats. Given the output below:

Which of the following tools did the security engineer MOST likely use to generate this output?

  • A. Fuzzer
  • B. Vulnerability scanner
  • C. Application fingerprinter
  • D. HTTP interceptor

Answer: D

 

NEW QUESTION 359
CORRECT TEXT
Company A has noticed abnormal behavior targeting their SQL server on the network from a rogue IP address. The company uses the following internal IP address ranges:
192.10.1.0/24 for the corporate site and 192.10.2.0/24 for the remote site. The Telco router interface uses the 192.10.5.0/30 IP range.
Instructions: Click on the simulation button to refer to the Network Diagram for Company A.
Click on Router 1, Router 2, and the Firewall to evaluate and configure each device.
Task 1: Display and examine the logs and status of Router 1, Router 2, and Firewall interfaces.
Task 2: Reconfigure the appropriate devices to prevent the attacks from continuing to target the SQL server and other servers on the corporate network.



Answer:

Explanation:
Check the solution below.
Explanation:
Check the answer below

Screen Shot 2015-04-09 at 10
We have traffic coming from two rogue IP addresses: 192.10.3.204 and 192.10.3.254 (both in the 192.10.30.0/24 subnet) going to IPs in the corporate site subnet (192.10.1.0/24) and the remote site subnet (192.10.2.0/24). We need to Deny (block) this traffic at the firewall by ticking the following two checkboxes:

 

NEW QUESTION 360
An organization is in the process of integrating its operational technology and information technology areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents. The following observations have been identified:
* The ICS supplier has specified that any software installed will result in lack of support.
* There is no documented trust boundary defined between the SCADA and
corporate networks.
* Operational technology staff have to manage the SCADA equipment via
the engineering workstation.
* There is a lack of understanding of what is within the SCADA network.
Which of the following capabilities would BEST improve the security position?

  • A. VNC, router, and HIPS
  • B. IDS, NAC, and log monitoring
  • C. Proxy, VPN, and WAF
  • D. SIEM, VPN, and firewall

Answer: D

Explanation:
SIEM should provide us with all the info we are missing. a VPN will allow the OT team to connect to the engineering workstation and the firewall will provide a trust boundary between the two networks along with added protection for the unsupported software.

 

NEW QUESTION 361
A legacy web application, which is being used by a hospital, cannot be upgraded for 12 months. A new vulnerability is found in the legacy application, and the networking team is tasked with mitigation. Middleware for mitigation will cost $100,000 per year. Which of the following must be calculated to determine ROI?
(Choose two.)

  • A. RTO
  • B. MTBF
  • C. ALE
  • D. RPO
  • E. ARO

Answer: C,E

 

NEW QUESTION 362
A security analyst, who is working in a Windows environment, has noticed a significant amount of IPv6 traffic originating from a client, even though IPv6 is not currently in use. The client is a stand-alone device, not connected to the AD that manages a series of SCADA devices used for manufacturing. Which of the following is the appropriate command to disable the client's IPv6 stack?

  • A. Social login
  • B. SPML
  • C. XACML
  • D. SAML
  • E. OAuth
  • F. OpenID connect

Answer: F

 

NEW QUESTION 363
A company monitors the performance of all web servers using WMI. A network administrator informs the security engineer that web servers hosting the company's client-facing portal are running slowly today. After some investigation, the security engineer notices a large number of attempts at enumerating host information via SNMP from multiple IP addresses.
Which of the following would be the BEST technique for the security engineer to employ in an attempt to prevent reconnaissance activity?

  • A. Disable SNMP on the web servers
  • B. Install a HIPS on the web servers
  • C. Disable inbound traffic from offending sources
  • D. Install anti-DDoS protection in the DMZ

Answer: B

 

NEW QUESTION 364
A corporate forensic investigator has been asked to acquire five forensic images of an employee database application. There are three images to capture in the United States, one in the United Kingdom, and one in Germany. Upon completing the work, the forensics investigator saves the images to a local workstation. Which of the following types of concerns should the forensic investigator have about this work assignment?

  • A. Privacy
  • B. Ethical
  • C. Criminal
  • D. Environmental

Answer: A

 

NEW QUESTION 365
A security analyst has been assigned incident response duties and must instigate the response on a Windows device that appears to be compromised. Which of the following commands should be executed on the client FIRST?
A)

B)

C)

D)

  • A. Option A
  • B. Option C
  • C. Option B
  • D. Option D

Answer: A

 

NEW QUESTION 366
......

CAS-003 Study Guide Realistic Verified Dumps: https://exams4sure.pass4sures.top/CASP-Recertification/CAS-003-testking-braindumps.html

Related Articles

more
CompTIA CAS-003 Certification Practice Exam