2022 New Year Express Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 5763r953

Welcome To DumpsPedia

CAS-003 Sample Questions Answers

Questions 4

A company is transitioning to a new VDI environment, and a system engineer is responsible for developing a sustainable security strategy for the VDIs.

Which of the following is the MOST appropriate order of steps to be taken?

Options:

A.

Firmware update, OS patching, HIDS, antivirus, baseline, monitoring agent

B.

OS patching, baseline, HIDS, antivirus, monitoring agent, firmware update

C.

Firmware update, OS patching, HIDS, antivirus, monitoring agent, baseline

D.

Baseline, antivirus, OS patching, monitoring agent, HIDS, firmware update

Buy Now
Questions 5

An organization is improving its web services to enable better customer engagement and self-service. The organization has a native mobile application and a rewards portal provided by a third party. The business wants to provide customers with the ability to log in once and have SSO between each of the applications. The integrity of the identity is important so it can be propagated through to back-end systems to maintain a consistent audit trail. Which of the following authentication and authorization types BEST meet the requirements? (Choose two.)

Options:

A.

SAML

B.

Social login

C.

OpenID connect

D.

XACML

E.

SPML

F.

OAuth

Buy Now
Questions 6

A security engineer is working with a software development team. The engineer is tasked with ensuring all security requirements are adhered to by the developers. Which of the following BEST describes the contents of the supporting document the engineer is creating?

Options:

A.

A series of ad-hoc tests that each verify security control functionality of the entire system at once.

B.

A series of discrete tasks that, when viewed in total, can be used to verify and document each individual constraint from the SRTM.

C.

A set of formal methods that apply to one or more of the programing languages used on the development project.

D.

A methodology to verify each security control in each unit of developed code prior to committing the code.

Buy Now
Questions 7

Compliance with company policy requires a quarterly review of firewall rules. You are asked to conduct a review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more secure. Given the following information perform the tasks listed below:

Untrusted zone: 0.0.0.0/0

User zone: USR 10.1.1.0/24

User zone: USR2 10.1.2.0/24

DB zone: 10.1.4.0/24

Web application zone: 10.1.5.0/24

Management zone: 10.1.10.0/24

Web server: 10.1.5.50

MS-SQL server: 10.1.4.70

MGMT platform: 10.1.10.250

Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Task 1) A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.

Task 2) The firewall must be configured so that the SQL server can only receive requests from the web server.

Task 3) The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.

Task 4) Ensure the final rule is an explicit deny.

Task 5) Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.

Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Options:

Buy Now
Questions 8

A company's human resources department recently had its own shadow IT department spin up ten VMs that host a mixture of differently labeled data types (confidential and restricted) on the same VMs Which of the following cloud and visualization considerations would BEST address the issue presented in this scenario?

Options:

A.

Vulnerabilities associated with a single platform hosting multiple data types on VMs should have been considered

B.

Vulnerabilities associated with a single server hosting multiple data types should have been considered.

C.

Type 1vs Type 2 hypervisor approaches should have been considered

D.

Vulnerabilities associated with shared hosting services provided by the IT department should have been considered.

Buy Now
Questions 9

An organization based in the United States is planning to expand its operations into the European market later in the year Legal counsel is exploring the additional requirements that must be established as a result of the expansion. The BEST course of action would be to

Options:

A.

revise the employee provisioning and deprovisioning procedures

B.

complete a quantitative risk assessment

C.

draft a memorandum of understanding

D.

complete a security questionnaire focused on data privacy.

Buy Now
Questions 10

A software development firm wants to validate the use of standard libraries as part of the software development process Each developer performs unit testing prior to committing changes to the code repository. Which of the following activities would be BEST to perform after a commit but before the creation of a branch?

Options:

A.

Static analysis

B.

Heuristic analysis

C.

Dynamic analysis

D.

Web application vulnerability scanning

E.

Penetration testing

Buy Now
Questions 11

A Chief Information Security Officer (CISO) has created a survey that will be distributed to managers of mission-critical functions across the organization The survey requires the managers to determine how long their respective units can operate in the event of an extended IT outage before the organization suffers monetary losses from the outage To which of the following is the survey question related? (Select TWO)

Options:

A.

Risk avoidance

B.

Business impact

C.

Risk assessment

D.

Recovery point objective

E.

Recovery time objective

F.

Mean time between failures

Buy Now
Questions 12

An electric car company hires an IT consulting company to improve the cybersecurity of us vehicles. Which of the following should achieve the BEST long-term result for the company?

Options:

A.

Designing Developing add-on security components for fielded vehicles

B.

Reviewing proposed designs and prototypes for cybersecurity vulnerabilities

C.

Performing a cyber-risk assessment on production vehicles

D.

Reviewing and influencing requirements for an early development vehicle

Buy Now
Questions 13

A systems administrator has installed a disk wiping utility on all computers across the organization and configured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. The company has also instituted a policy that requires users to erase files containing sensitive information when they are no longer needed.

To ensure the process provides the intended results, an auditor reviews the following content from a randomly selected decommissioned hard disk:

Which of the following should be included in the auditor’s report based on the above findings?

Options:

A.

The hard disk contains bad sectors

B.

The disk has been degaussed.

C.

The data represents part of the disk BIOS.

D.

Sensitive data might still be present on the hard drives.

Buy Now
Questions 14

A company wants to extend its help desk availability beyond business hours. The Chief Information Officer (CIO) decides to augment the help desk with a third-party service that will answer calls and provide Tier 1 problem resolution, such as password resets and remote assistance. The security administrator implements the following firewall change:

The administrator provides the appropriate path and credentials to the third-party company. Which of the following technologies is MOST likely being used to provide access to the third company?

Options:

A.

LDAP

B.

WAYF

C.

OpenID

D.

RADIUS

E.

SAML

Buy Now
Questions 15

A Chief Information Securiy Officer (CISO) is reviewing technical documentation from various regional offices and notices some key differences between these groups. The CISO has not discovered any governance documentation. The CISO creates the following chart to visualize the differences among the networking used.

Which of the following would be the CISO’s MOST immediate concern?

Options:

A.

There are open standards in use on the network.

B.

Network engineers have ignored defacto standards.

C.

Network engineers are not following SOPs.

D.

The network has competing standards in use.

Buy Now
Questions 16

A company has deployed MFA Some employees, however, report they ate not gelling a notification on their mobile device Other employees report they downloaded a common authenticates application but when they tap the code in the application it just copies the code to memory instead of confirming the authentication attempt Which of the following are the MOST likely explanations for these scenarios? (Select TWO)

Options:

A.

The company is using a claims-based authentication system for MFA

B.

These are symptoms of known compatibility issues with OAuth 1 0

C.

OpenID Connect requires at least one factor to be a biometric

D.

The company does not allow an SMS authentication method

E.

The WAYF method requires a third factor before the authentication process can complete

F.

A vendor-specific authenticator application is needed for push notifications

Buy Now
Questions 17

An attacker exploited an unpatched vulnerability in a web framework, and then used an application service account that had an insecure configuration to download a rootkit The attacker was unable to obtain root privileges Instead the attacker then downloaded a crypto-currency mining program and subsequently was discovered The server was taken offline, rebuilt, and patched. Which of the following should the security engineer suggest to help prevent a similar scenario in the future?

Options:

A.

Remove root privileges from the application service account

B.

Implement separation of duties.

C.

Properly configure SELinux and set it to enforce.

D.

Use cron to schedule regular restarts of the service to terminate sessions.

E.

Perform regular uncredentialed vulnerability scans

Buy Now
Questions 18

An organization is in the process of evaluating service providers for an upcoming migration to cloud-based services for the organization’s ERP system. As part of the requirements defined by the project team, regulatory requirements specify segmentation and isolation of the organization’s data. Which of the following should the vendor management team identify as a requirement during the procurement process?

Options:

A.

Public cloud services with single-tenancy IaaS architectures

B.

Private cloud services with single-tenancy PaaS services

C.

Private cloud services with multitenancy in place for private SaaS environments

D.

Public cloud services with private SaaS environments supported by private IaaS backbones

Buy Now
Questions 19

A security analyst is attempting to identify code that is vulnerable to butler and integer overflow attacks. Which of the following code snippets is safe from these types of attacks?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 20

A researcher is working to identify what appears to be a new variant of an existing piece of malware commonly used in ransomware attacks While it is not identical to the malware previously evaluated. it has a number of similarities including language, payload. and algorithms. Which of the following would help the researcher safely compare the code base of the two variants?

Options:

A.

Virtualized sandbox

B.

Vulnerability scanner

C.

Software-defined network

D.

HTTP interceptor

Buy Now
Questions 21

A security analyst receives an email from a peer that includes a sample of code from a piece of malware found

in an application running in the organization’s staging environment. During the incident response process, it is

determined the code was introduced into the environment as a result of a compromised laptop being used to

harvest credentials and access the organization’s code repository. While the laptop itself was not used to

access the code repository, an attacker was able to leverage the harvested credentials from another system in

the development environment to bypass the ACLs limiting access to the repositories. Which of the following

controls MOST likely would have interrupted the kill chain in this attack?

Options:

A.

IP whitelisting on the perimeter firewall

B.

MFA for developer access

C.

Dynamic analysis scans in the production environment

D.

Blue team engagement in peer-review activities

E.

Time-based restrictions on developer access to code repositories

Buy Now
Questions 22

A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online. Which of the following be the FIRST step taken by the team?

Options:

A.

Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.

B.

Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

C.

Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.

D.

Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.

Buy Now
Questions 23

A security engineer reviews the table below:

The engineer realizes there is an active attack occurring on the network. Which of the following would BEST reduce the risk of this attack reoccurring m the future?

Options:

A.

Upgrading device firmware

B.

Enabling port security

C.

Increasing DHCP pool size

D.

Disabling dynamic trucking

E.

Reducing DHCP lease length

Buy Now
Questions 24

A security analyst has been assigned incident response duties and must instigate the response on a Windows device that appears to be compromised. Which of the following commands should be executed on the client FIRST?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 25

A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:

Which of the following meets the budget needs of the business?

Options:

A.

Filter ABC

B.

Filter XYZ

C.

Filter GHI

D.

Filter TUV

Buy Now
Questions 26

A legal services company wants to ensure emails to clients maintain integrity in transit Which of the following would BEST meet this requirement? (Select TWO)

Options:

A.

Signing emails to clients with the organization's public key

B.

Using the organization's private key to encrypt all communication

C.

Implementing a public key infrastructure

D.

Signing emails to clients with the organization's private key

E.

Using shared secret keys

F.

Hashing all outgoing emails

Buy Now
Questions 27

A security is testing a server finds the following in the output of a vulnerability scan:

Which of the following will the security analyst most likely use NEXT to explore this further?

Options:

A.

Exploitation framework

B.

Reverse engineering tools

C.

Vulnerability scanner

D.

Visualization tool

Buy Now
Questions 28

A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee’ PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the following is MOST likely the problem?

Options:

A.

The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.

B.

The DHCP server has a reservation for the PC’s MAC address for the wired interface.

C.

The WiFi network is using WPA2 Enterprise, and the computer certificate has the wrong IP address in the SAN field.

D.

The DHCP server is unavailable, so no IP address is being sent back to the PC.

Buy Now
Questions 29

Two major aircraft manufacturers are in the process of merging their assets and forming a single enterprise network. One of the manufacturers maintains its ICS systems on the same network segment as its enterprise IT assets, whereas the other manufacturer has physically isolated its factory-floor ICS systems from the rest of its enterprise. Which of the following BEST describes an architectural weakness associated with merging the two companies' assets in their current state?

Options:

A.

The ICS components are unsupported and vulnerable, and they cannot be patched.

B.

The employed network segmentation does not use cryptographic isolation.

C.

The IT systems across the two organizations run different security architectures.

D.

Some factory-floor systems are incompatible with legacy protocols

Buy Now
Questions 30

An organization wishes to implement cloud computing, but it is not sure which service to choose. The organization wants to be able to share Tiles, collaborate, and use applications that are fully managed on a private network. Which of the following types of cloud computing services should the organization implement based on its needs?

Options:

A.

laaS

B.

SaaS

C.

PaaS

D.

CaaS

Buy Now
Questions 31

You are a security analyst tasked with interpreting an Nmap scan output from Company A's privileged network.

The company's hardening guidelines indicate the following:

• There should be one primary server or service per device.

• Only default ports should be used.

• Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed. For each device found, add a device entry to the Devices Discovered list, with the following information:

• The IP address of the device

• The primary server or service of the device

• The protocol(s) that should be disabled based on the hardening guidelines

Options:

Buy Now
Questions 32

A PaaS provider deployed a new product using a DevOps methodology Because DevOps is used to support both development and production assets inherent separation of duties is limited To ensure compliance with security frameworks that require a specific set of controls relating to separation of duties the organization must design and implement an appropriate compensating control Which of the following would be MOST suitable in this scenario?

Options:

A.

Configuration of increased levels of logging, monitoring and alerting on production access

B.

Configuration of MFA and context-based login restrictions for all DevOps personnel

C.

Development of standard code libraries and usage of the WS-security module on all web servers

D.

Implementation of peer review, static code analysis and web application penetration testing against the staging environment

Buy Now
Questions 33

The Chief Financial Officer (CFO) of an organization wants the IT department to add the CFO's account to the domain administrator group The IT department thinks this is risky and wants support from the security manager before proceeding. Which of the following BEST supports the argument against providing the CFO with domain administrator access?

Options:

A.

Discretionary access control

B.

Separation of duties

C.

Data classification

D.

Mandatory access control

Buy Now
Questions 34

A new security policy slates all wireless and wired authentication must include the use of certificates when connecting to internal resources within the enterprise LAN by all employees Which of the following should be configured to comply with the new security policy? (Select TWO).

Options:

A.

SSO

B.

New pre-shared key

C.

8021X

D.

OAuth

E.

Push-based authentication

F.

PKI

Buy Now
Questions 35

A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch?

Options:

A.

Set up an air gap for the switch.

B.

Change the default password for the switch.

C.

Place the switch in a Faraday cage.

D.

Install a cable lock on the switch.

Buy Now
Questions 36

Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company’s final software releases? (Choose two.)

Options:

A.

Unsecure protocols

B.

Use of penetration-testing utilities

C.

Weak passwords

D.

Included third-party libraries

E.

Vendors/supply chain

F.

Outdated anti-malware software

Buy Now
Questions 37

A corporation with a BYOD policy is very concerned about issues that may arise from data ownership. The corporation is investigating a new MDM solution and has gathered the following requirements as part of the requirements-gathering phase.

* Each device must be issued a secure token of trust from the corporate PKI.

* All corporate application and local data must be able to deleted from a central console.

* Cloud storage and backup applications must be restricted from the device.

* Devices must be on the latest OS version within three weeks of an OS release.

Which of the following should be feature in the new MDM solution to meet these requirement? (Select TWO.)

Options:

A.

Application-based containerization

B.

Enforced full-device encryption

C.

Mandatory acceptance of SCEP system

D.

Side-loaded application prevention

E.

Biometric requirement to unlock device

F.

Over-the-air restriction

Buy Now
Questions 38

An organization is struggling to differentiate threats from normal traffic and access to systems. A security

engineer has been asked to recommend a system that will aggregate data and provide metrics that will assist in identifying malicious actors or other anomalous activity throughout the environment. Which of the following solutions should the engineer recommend?

Options:

A.

Web application firewall

B.

SIEM

C.

IPS

D.

UTM

E.

File integrity monitor

Buy Now
Questions 39

A human resources employee receives a call from an individual who is representing a background verification firm that is conducting a background check on a prospective candidate. The employee verifies the employment dates and title of the candidate. The caller then requests the employee's email address to complete the verification process. The employee receives an email containing a URL for completing the process. After clicking the link, the employee's workstation is infected with ransomware. Which of the following BEST describes the initial phone call made by the threat actor?

Options:

A.

Pretexting

B.

Phishing

C.

Pivoting

D.

Reconnaissance

Buy Now
Questions 40

A company recently experienced a period of rapid growth, and it now needs to move to a more scalable cloud-based solution Historically. salespeople have maintained separate systems for information on competing customers to prevent the inadvertent disclosure of one customer's information to another customer Which of the following would be the BEST method to provide secure data separation?

Options:

A.

Use a CRM tool to separate data stores

B.

Migrate to a single-tenancy cloud infrastructure

C.

Employ network segmentation to provide isolation among salespeople

D.

Implement an open-source public cloud CRM

Buy Now
Questions 41

Ann, a security manager, is reviewing a threat feed that provides information about attacks that allow a

malicious user to gain access to private contact lists. Ann receives a notification that the vulnerability can be exploited within her environment. Given this information, Ann can anticipate an increase in:

Options:

A.

vishing attacks

B.

SQL injections attacks

C.

web application attacks

D.

brute-force attacks

Buy Now
Questions 42

The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:

* Transaction being requested by unauthorized individuals.

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attackers using email to malware and ransomeware.

* Exfiltration of sensitive company information.

The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the boar’s concerns for this email migration?

Options:

A.

Data loss prevention

B.

Endpoint detection response

C.

SSL VPN

D.

Application whitelisting

Buy Now
Questions 43

A security analyst is validating the MAC policy on a set of Android devices. The policy was written to ensure non-critical applications are unable to access certain resources. When reviewing dmesg, the analyst notes many entries such as:

Despite the deny message, this action was still permit following is the MOST likely fix for this issue?

Options:

A.

Add the objects of concern to the default context.

B.

Set the devices to enforcing

C.

Create separate domain and context files for irc.

D.

Rebuild the policy, reinstall, and test.

Buy Now
Questions 44

A security administrator is performing an audit of a local network used by company guests and executes a series of commands that generates the following output:

Which of the following actions should the security administrator take to BEST mitigate the issue that transpires from the above information?

Options:

A.

Implement switchport security

B.

Implement 802 1X

C.

Enforce static ARP mappings using GPO

D.

Enable unicast RPF

Buy Now
Questions 45

A new corporate policy requires that all employees have access to corporate resources on personal mobile devices The information assurance manager is concerned about the potential for inadvertent and malicious data disclosure if a device is lost, while users are concerned about corporate overreach. Which of the following controls would address these concerns and should be reflected in the company's mobile device policy?

Options:

A.

Place corporate applications in a container

B.

Enable geolocation on all devices

C.

install remote wiping capabilities

D.

Ensure all company communications use a VPN

Buy Now
Questions 46

An administrator wants to ensure hard drives cannot be removed from hosts and men installed into and read by unauthorized hosts Which of the following techniques would BEST support this?

Options:

A.

Access control lists

B.

TACACS+ server for AAA

C.

File-level encryption

D.

TPM with sealed storage

Buy Now
Questions 47

A security analyst works for a defense contractor that produces classified research on drones. The contractor faces nearly constant attacks from sophisticated nation-state actors and other APIs.

Which of the following would help protect the confidentiality of the research data?

Options:

A.

Use diverse components in layers throughout the architecture

B.

Implement non-heterogeneous components at the network perimeter

C.

Purge all data remnants from client devices' volatile memory at regularly scheduled intervals

D.

Use only in-house developed applications that adhere to strict SDLC security requirements

Buy Now
Questions 48

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should the analyst use NEXT?

Options:

A.

Software Decomplier

B.

Network enurrerator

C.

Log reduction and analysis tool

D.

Static code analysis

Buy Now
Questions 49

A manufacturing company's security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently proposed some techniques to reduce the attack surface of the ICS to the Chief Information Security Officer (CISO). Which of the following would BEST track the reductions to show the CISO the engineer's plan is successful during each phase?

Options:

A.

Conducting tabletop exercises to evaluate system risk

B.

Contracting a third-party auditor after the project is finished

C.

Performing pre- and post-implementation penetration tests

D.

Running frequent vulnerability scans during the project

Buy Now
Questions 50

A remote user reports the inability to authenticate to the VPN concentrator. During troubleshooting, a security administrate captures an attempted authentication and discovers the following being presented by the user's VPN client:

Which of the following BEST describes the reason the user is unable to connect to the VPN service?

Options:

A.

The user's certificate is not signed by the VPN service provider

B.

The user's certificate has been compromised and should be revoked.

C.

The user's certificate was not created for VPN use

D.

The user's certificate was created using insecure encryption algorithms

Buy Now
Questions 51

First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss in a rush to isolate the three hosts that were calling out to the NAS to encrypt whole directories, the hosts were shut down immediately without investigation and then isolated. Which of the following were missed? (Choose two.)

Options:

A.

CPU, process state tables, and main memory dumps

B.

Essential information needed to perform data restoration to a known clean state

C.

Temporary file system and swap space

D.

Indicators of compromise to determine ransomware encryption

E.

Chain of custody information needed for investigation

Buy Now
Questions 52

As part of incident response, a technician is taking an image of a compromised system and copying the image to a remote image server (192.168.45.82). The system drive is very large but does not contain the sensitive data. The technician has limited time to complete this task. Which of the following is the BEST command for the technician to run?

Options:

A.

tar cvf - / | ssh 192.168.45.82 “cat - > /images/image.tar”

B.

dd if=/dev/mem | scp - 192.168.45.82:/images/image.dd

C.

memdump /dev/sda1 | nc 192.168.45.82 3000

D.

dd if=/dev/sda | nc 192.168.45.82 3000

Buy Now
Questions 53

While the code is still in the development environment, a security architect is testing the code stored in the code repository to ensure the top ten OWASP secure coding practices are being followed. Which of the following code analyzers will produce the desired results?

Options:

A.

Static

B.

Dynamic

C.

Fuzzer

D.

Peer review

Buy Now
Questions 54

A security administrator wants to stand up a NIPS that is multilayered and can incorporate many security technologies into a single platform The product should have diverse capabilities, such as antivirus, VPN, and firewall services, and be able to be updated in a timely manner to meet evolving threats. Which of the following network prevention system types can be used to satisfy the requirements?

Options:

A.

Application firewall

B.

Unified threat management

C.

Enterprise firewall

D.

Content-based IPS

Buy Now
Questions 55

A security administrator is updating corporate policies to respond to an incident involving collusion between two systems administrators that went undetected for more than six months.

Which of the following policies would have MOST likely uncovered the collusion sooner? (Choose two.)

Options:

A.

Mandatory vacation

B.

Separation of duties

C.

Continuous monitoring

D.

Incident response

E.

Time-of-day restrictions

F.

Job rotation

Buy Now
Questions 56

A company is migrating systems from an on-premises facility to a third-party managed datacenter. For continuity of operations and business agility, remote access to all hardware platforms must be available at all times. Access controls need to be very robust and provide an audit trail. Which of the following security controls will meet the company’s objectives? (Select two.)

Options:

A.

Integrated platform management interfaces are configured to allow access only via SSH

B.

Access to hardware platforms is restricted to the systems administrator’s IP address

C.

Access is captured in event logs that include source address, time stamp, and outcome

D.

The IP addresses of server management interfaces are located within the company’s extranet

E.

Access is limited to interactive logins on the VDi

F.

Application logs are hashed cryptographically and sent to the SIEM

Buy Now
Questions 57

Due to a recent acquisition, the security team must find a way to secure several legacy applications. During a review of the applications, the following issues are documented:

The applications are considered mission-critical.

The applications are written in code languages not currently supported by the development staff.

Security updates and patches will not be made available for the applications.

Username and passwords do not meet corporate standards.

The data contained within the applications includes both PII and PHI.

The applications communicate using TLS 1.0.

Only internal users access the applications.

Which of the following should be utilized to reduce the risk associated with these applications and their current architecture?

Options:

A.

Update the company policies to reflect the current state of the applications so they are not out of compliance.

B.

Create a group policy to enforce password complexity and username requirements.

C.

Use network segmentation to isolate the applications and control access.

D.

Move the applications to virtual servers that meet the password and account standards.

Buy Now
Questions 58

Following a recent outage a systems administrator is conducting a study to determine a suitable bench stock of server hard drives. Which of the following metrics is MOST valuable to the administrator in determining how many hard drives to keep on hand?

Options:

A.

TTR

B.

ALE

C.

MTBF

D.

SLE

E.

PRO

Buy Now
Questions 59

A technician receives the following security alert from the firewall’s automated system:

After reviewing the alert, which of the following is the BEST analysis?

Options:

A.

This alert is false positive because DNS is a normal network function.

B.

This alert indicates a user was attempting to bypass security measures using dynamic DNS.

C.

This alert was generated by the SIEM because the user attempted too many invalid login attempts.

D.

This alert indicates an endpoint may be infected and is potentially contacting a suspect host.

Buy Now
Questions 60

A security engineer is assessing a new IoT product. The product interfaces with the ODBII port of a vehicle and uses a Bluetooth connection to relay data to an onboard data logger located in the vehicle. The data logger can only transfer data over a custom USB cable. The engineer suspects a relay attack is possible against the cryptographic implementation used to secure messages between segments of the system. Which of the following tools should the engineer use to confirm the analysis?

Options:

A.

Binary decompiler

B.

Wireless protocol analyzer

C.

Log analysis and reduction tools

D.

Network-based fuzzer

Buy Now
Questions 61

A company is purchasing an application that will be used to manage all IT assets as well as provide an incident and problem management solution for IT activity The company narrows the search to two products. Application A and Application B; which meet all of its requirements. Application A is the most cost-effective product, but it is also the riskiest so the company purchases Application B. Which of the following types of strategies did the company use when determining risk appetite?

Options:

A.

Mitigation

B.

Acceptance

C.

Avoidance

D.

Transfer

Buy Now
Questions 62

A Chief Information Security Officer (CISO) is working with a consultant to perform a gap assessment prior to an upcoming audit. It is determined during the assessment that the organization lacks controls to effectively assess regulatory compliance by third-party service providers. Which of the following should be revised to address this gap?

Options:

A.

Privacy policy

B.

Work breakdown structure

C.

Interconnection security agreement

D.

Vendor management plan

E.

Audit report

Buy Now
Questions 63

An internal application has been developed to increase the efficiency of an operational process of a global manufacturer. New code was implemented to fix a security bug, but it has caused operations to halt. The executive team has decided fixing the security bug is less important than continuing operations.

Which of the following would BEST support immediate rollback of the failed fix? (Choose two.)

Options:

A.

Version control

B.

Agile development

C.

Waterfall development

D.

Change management

E.

Continuous integration

Buy Now
Questions 64

A network administrator is concerned about a particular server that is attacked occasionally from hosts on the Internet. The server is not critical; however, the attacks impact the rest of the network. While the company’s current ISP is cost effective, the ISP is slow to respond to reported issues. The administrator needs to be able to mitigate the effects of an attack immediately without opening a trouble ticket with the ISP. The ISP is willing to accept a very small network route advertised with a particular BGP community string. Which of the following is the BESRT way for the administrator to mitigate the effects of these attacks?

Options:

A.

Use the route protection offered by the ISP to accept only BGP routes from trusted hosts on the Internet, which will discard traffic from attacking hosts.

B.

Work with the ISP and subscribe to an IPS filter that can recognize the attack patterns of the attacking hosts, and block those hosts at the local IPS device.

C.

Advertise a /32 route to the ISP to initiate a remotely triggered black hole, which will discard traffic destined to the problem server at the upstream provider.

D.

Add a redundant connection to a second local ISP, so a redundant connection is available for use if the server is being attacked on one connection.

Buy Now
Questions 65

An analyst is investigating behavior on a corporate-owned, corporate-managed mobile device with application whitelisting enabled, based on a name string. The employee to whom the device is assigned reports the approved email client is displaying warning messages that can launch browser windows and is adding unrecognized email addresses to the “compose” window.

Which of the following would provide the analyst the BEST chance of understanding and characterizing the malicious behavior?

Options:

A.

Reverse engineer the application binary.

B.

Perform static code analysis on the source code.

C.

Analyze the device firmware via the JTAG interface.

D.

Change to a whitelist that uses cryptographic hashing.

E.

Penetration test the mobile application.

Buy Now
Questions 66

Ann, a corporate executive, has been the recent target of increasing attempts to obtain corporate secrets by competitors through advanced, well-funded means. Ann frequently leaves her laptop unattended and physically unsecure in hotel rooms during travel. A security engineer must find a practical solution for Ann that minimizes the need for user training. Which of the following is the BEST solution in this scenario?

Options:

A.

Full disk encryption

B.

Biometric authentication

C.

An eFuse-based solution

D.

Two-factor authentication

Buy Now
Questions 67

A security administrator is updating a company’s SCADA authentication system with a new application. To ensure interoperability between the legacy system and the new application, which of the following stakeholders should be involved in the configuration process before deployment? (Choose two.)

Options:

A.

Network engineer

B.

Service desk personnel

C.

Human resources administrator

D.

Incident response coordinator

E.

Facilities manager

F.

Compliance manager

Buy Now
Questions 68

During a recent incident, sensitive data was disclosed and subsequently destroyed through a properly secured, cloud-based storage platform. An incident response technician is working with management to develop an after action report that conveys critical metrics regarding the incident.

Which of the following would be MOST important to senior leadership to determine the impact of the breach?

Options:

A.

The likely per-record cost of the breach to the organization

B.

The legal or regulatory exposure that exists due to the breach

C.

The amount of downtime required to restore the data

D.

The number of records compromised

Buy Now
Questions 69

The audit team was only provided the physical and logical addresses of the network without any type of access credentials.

Which of the following methods should the audit team use to gain initial access during the security assessment? (Choose two.)

Options:

A.

Tabletop exercise

B.

Social engineering

C.

Runtime debugging

D.

Reconnaissance

E.

Code review

F.

Remote access tool

Buy Now
Questions 70

A manufacturing company recently recovered from an attack on its ICS devices. It has since reduced the attack surface by isolating the affected components. The company now wants to implement detection capabilities. It is considering a system that is based on machine learning. Which of the following features would BEST describe the driver to adopt such nascent technology over mainstream commercial IDSs?

Options:

A.

Trains on normal behavior and identifies deviations therefrom

B.

Identifies and triggers upon known bad signatures and behaviors

C.

Classifies traffic based on logical protocols and messaging formats

D.

Automatically reconfigures ICS devices based on observed behavior

Buy Now
Questions 71

An engineer is reviewing the security architecture for an enterprise network. During the review, the engineer notices an undocumented node on the network. Which of the following approaches can be utilized to determine how this node operates? (Choose two.)

Options:

A.

Use reverse engineering and techniques

B.

Assess the node within a continuous integration environment

C.

Employ a static code analyzer

D.

Review network and traffic logs

E.

Use a penetration testing framework to analyze the node

F.

Analyze the output of a ping sweep

Buy Now
Questions 72

A new security policy states all wireless and wired authentication must include the use of certificates when connecting to internal resources within the enterprise LAN by all employees.

Which of the following should be configured to comply with the new security policy? (Choose two.)

Options:

A.

SSO

B.

New pre-shared key

C.

802.1X

D.

OAuth

E.

Push-based authentication

F.

PKI

Buy Now
Questions 73

As part of the asset management life cycle, a company engages a certified equipment disposal vendor to appropriately recycle and destroy company assets that are no longer in use. As part of the company’s vendor due diligence, which of the following would be MOST important to obtain from the vendor?

Options:

A.

A copy of the vendor’s information security policies.

B.

A copy of the current audit reports and certifications held by the vendor.

C.

A signed NDA that covers all the data contained on the corporate systems.

D.

A copy of the procedures used to demonstrate compliance with certification requirements.

Buy Now
Questions 74

An organization is currently working with a client to migrate data between a legacy ERP system and a cloud-based ERP tool using a global PaaS provider. As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements. Which of the following is the MOST likely reason for the need to sanitize the client data? (Choose two.)

Options:

A.

Data aggregation

B.

Data sovereignty

C.

Data isolation

D.

Data volume

E.

Data analytics

F.

Data precision

Buy Now
Questions 75

A security engineer successfully exploits an application during a penetration test. As proof of the exploit, the security engineer takes screenshots of how data was compromised in the application. Given the information below from the screenshot.

Which of the following tools was MOST likely used to exploit the application?

Options:

A.

The engineer captured the data with a protocol analyzer, and then utilized Python to edit the data

B.

The engineer queried the server and edited the data using an HTTP proxy interceptor

C.

The engineer used a cross-site script sent via curl to edit the data

D.

The engineer captured the HTTP headers, and then replaced the JSON data with a banner-grabbing tool

Buy Now
Questions 76

An enterprise is configuring an SSL client-based VPN for certificate authentication. The trusted root certificate from the CA is imported into the firewall, and the VPN configuration in the firewall is configured for certificate authentication. Signed certificates from the trusted CA are distributed to user devices. The CA certificate is set as trusted on the end-user devices, and the VPN client is configured on the end-user devices When the end users attempt to connect however, the firewall rejects the connection after a brief period Which of the following is the MOST likely reason the firewall rejects the connection?

Options:

A.

In the firewall, compatible cipher suites must be enabled

B.

In the VPN client, the CA CRL address needs to be specified manually

C.

In the router, IPSec traffic needs to be allowed in bridged mode

D.

In the CA. the SAN field must be set for the root CA certificate and then reissued

Buy Now
Questions 77

A company recently implemented a new cloud storage solution and installed the required synchronization client on all company devices. A few months later, a breach of sensitive data was discovered. Root cause analysis shows the data breach happened from a lost personal mobile device.

Which of the following controls can the organization implement to reduce the risk of similar breaches?

Options:

A.

Biometric authentication

B.

Cloud storage encryption

C.

Application containerization

D.

Hardware anti-tamper

Buy Now
Questions 78

A systems administrator recently joined an organization and has been asked to perform a security assessment of controls on the organization’s file servers, which contain client data from a number of sensitive systems. The administrator needs to compare documented access requirements to the access implemented within the file system.

Which of the following is MOST likely to be reviewed during the assessment? (Select two.)

Options:

A.

Access control list

B.

Security requirements traceability matrix

C.

Data owner matrix

D.

Roles matrix

E.

Data design document

F.

Data access policies

Buy Now
Questions 79

A developer emails the following output to a security administrator for review:

Which of the following tools might the security administrator use to perform further security assessment of this issue?

Options:

A.

Port scanner

B.

Vulnerability scanner

C.

Fuzzer

D.

HTTP interceptor

Buy Now
Questions 80

A security analyst who is concerned about sensitive data exfiltration reviews the following:

Which of the following tools would allow the analyst to confirm if data exfiltration is occuring?

Options:

A.

Port scanner

B.

SCAP tool

C.

File integrity monitor

D.

Protocol analyzer

Buy Now
Questions 81

The Chief Information Security Officer (CISO) suspects that a database administrator has been tampering with financial data to the administrator’s advantage. Which of the following would allow a third-party consultant to conduct an on-site review of the administrator’s activity?

Options:

A.

Separation of duties

B.

Job rotation

C.

Continuous monitoring

D.

Mandatory vacation

Buy Now
Questions 82

During a security assessment, an organization is advised of inadequate control over network segmentation. The assessor explains that the organization’s reliance on VLANs to segment traffic is insufficient to provide segmentation based on regulatory standards.

Which of the following should the organization consider implementing along with VLANs to provide a greater level of segmentation?

Options:

A.

Air gaps

B.

Access control lists

C.

Spanning tree protocol

D.

Network virtualization

E.

Elastic load balancing

Buy Now
Questions 83

A security controls assessor intends to perform a holistic configuration compliance test of networked assets. The assessor has been handed a package of definitions provided in XML format, and many of the files have two common tags within them: “” and “”. Which of the following tools BEST supports the use of these definitions?

Options:

A.

HTTP interceptor

B.

Static code analyzer

C.

SCAP scanner

D.

XML fuzzer

Buy Now
Questions 84

A database administrator is required to adhere to and implement privacy principles when executing daily tasks. A manager directs the administrator to reduce the number of unique instances of PII stored within an organization’s systems to the greatest extent possible. Which of the following principles is being demonstrated?

Options:

A.

Administrator accountability

B.

PII security

C.

Record transparency

D.

Data minimization

Buy Now
Questions 85

As a result of an acquisition, a new development team is being integrated into the company. The development team has BYOD laptops with IDEs installed, build servers, and code repositories that utilize SaaS. To have the team up and running effectively, a separate Internet connection has been procured. A stand up has identified the following additional requirements:

1. Reuse of the existing network infrastructure

2. Acceptable use policies to be enforced

3. Protection of sensitive files

4. Access to the corporate applications

Which of the following solution components should be deployed to BEST meet the requirements? (Select three.)

Options:

A.

IPSec VPN

B.

HIDS

C.

Wireless controller

D.

Rights management

E.

SSL VPN

F.

NAC

G.

WAF

Buy Now
Questions 86

A security consultant is attempting to discover if the company is utilizing databases on client machines to store the customer data. The consultant reviews the following information:

Which of the following commands would have provided this output?

Options:

A.

arp -s

B.

netstat -a

C.

ifconfig -arp

D.

sqlmap -w

Buy Now
Questions 87

A security consultant is improving the physical security of a sensitive site and takes pictures of the unbranded building to include in the report. Two weeks later, the security consultant misplaces the phone, which only has one hour of charge left on it. The person who finds the phone removes the MicroSD card in an attempt to discover the owner to return it.

The person extracts the following data from the phone and EXIF data from some files:

DCIM Images folder

Audio books folder

Torrentz

My TAX.xls

Consultancy HR Manual.doc

Camera: SM-G950F

Exposure time: 1/60s

Location: 3500 Lacey Road USA

Which of the following BEST describes the security problem?

Options:

A.

MicroSD in not encrypted and also contains personal data.

B.

MicroSD contains a mixture of personal and work data.

C.

MicroSD in not encrypted and contains geotagging information.

D.

MicroSD contains pirated software and is not encrypted.

Buy Now
Questions 88

A security engineer is embedded with a development team to ensure security is built into products being developed. The security engineer wants to ensure developers are not blocked by a large number of security requirements applied at specific schedule points. Which of the following solutions BEST meets the engineer’s goal?

Options:

A.

Schedule weekly reviews of al unit test results with the entire development team and follow up between meetings with surprise code inspections.

B.

Develop and implement a set of automated security tests to be installed on each development team leader’s workstation.

C.

Enforce code quality and reuse standards into the requirements definition phase of the waterfall development process.

D.

Deploy an integrated software tool that builds and tests each portion of code committed by developers and provides feedback.

Buy Now
Exam Code: CAS-003
Exam Name: CompTIA Advanced Security Practitioner (CASP) Exam
Last Update: Jan 17, 2022
Questions: 587
$72  $159.99
$54  $119.99
$45  $99.99
buy now CAS-003