cas-003 exam, casp cas-003 practice test, casp exam questions cas-003, CompTIA, comptia cas-003

Where can I get the real (CASP) CAS-003 exam dumps? We know many of you are short on time and look to pass the CompTIA CASP CAS-003 exam. With Pass4itsure CompTIA CAS-003 dumps – https://www.pass4itsure.com/cas-003.html, you can prepare your CompTIA CASP certification exam in an atmosphere that is well accustomed according to your real exam. You can get free CompTIA CASP CAS-003 exam practice test questions here. Passing CAS-003 exam will be so easy now!

Pass4itsure-Reason-for-selection

CompTIA CAS-003 Dumps PDF Questions – Secret for Your Success

cas-003 dump | cas-003 dump pdf | cas-003 dump free | cas-003 pdf | cas-003 study guide pdf

CompTIA CAS-003 Dumps PDF [drive]

CompTIA CAS-003 Dumps PDF 100% Free
https://drive.google.com/file/d/13NxRiBq0w2-l–VsxUR9cK6r2jYZ9ng6/view?usp=sharing

CompTIA CASP CAS-003 Exam Practice Test Questions 1-13

QUESTION 1
The source workstation image for new accounting PCs has begun blue-screening. A technician notices that the
date/time stamp of the image source appears to have changed. The desktop support director has asked the Information
Security department to determine if any changes were made to the source image. Which of the following methods would
BEST help with this process? (Select TWO).
A. Retrieve source system image from backup and run file comparison analysis on the two images.
B. Parse all images to determine if extra data is hidden using steganography.
C. Calculate a new hash and compare it with the previously captured image hash.
D. Ask desktop support if any changes to the images were made.
E. Check key system files to see if date/time stamp is in the past six months.
Correct Answer: AC
Running a file comparison analysis on the two images will determine whether files have been changed, as well as what
files were changed.
Hashing can be used to meet the goals of integrity and non-repudiation. One of its advantages of hashing is its ability to
verify that information has remained unchanged. If the hash values are the same, then the images are the same. If the
hash values differ, there is a difference between the two images.


QUESTION 2
An application present on the majority of an organization\\’s 1,000 systems is vulnerable to a buffer overflow attack.
Which of the following is the MOST comprehensive way to resolve the issue?
A. Deploy custom HIPS signatures to detect and block the attacks.
B. Validate and deploy the appropriate patch.
C. Run the application in terminal services to reduce the threat landscape.
D. Deploy custom NIPS signatures to detect and block the attacks.
Correct Answer: B
If an application has a known issue (such as susceptibility to buffer overflow attacks) and a patch is released to resolve
the specific issue, then the best solution is always to deploy the patch. A buffer overflow occurs when a program or
process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are
created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into
adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through
programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow
attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the
attacked computer that could, for example, damage the user\\’s files, change data, or disclose confidential information.
Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor
programming practices supplied the vulnerability.

QUESTION 3
Given the following information about a company\\’s internal network:
User IP space: 192.168.1.0/24
Server IP space: 192.168.192.0/25
A security engineer has been told that there are rogue websites hosted outside of the proper server space, and those
websites need to be identified. Which of the following should the engineer do?
A. Use a protocol analyzer on 192.168.1.0/24
B. Use a port scanner on 192.168.1.0/24
C. Use an HTTP interceptor on 192.168.1.0/24
D. Use a port scanner on 192.168.192.0/25
E. Use a protocol analyzer on 192.168.192.0/25
F. Use an HTTP interceptor on 192.168.192.0/25
Correct Answer: B


QUESTION 4
ABC Corporation has introduced token-based authentication to system administrators due to the risk of password
compromise. The tokens have a set of HMAC counter-based codes and are valid until they are used. Which of the
following types of authentication mechanisms does this statement describe?
A. TOTP
B. PAP
C. CHAP
D. HOTP
Correct Answer: D
The question states that the HMAC counter-based codes and are valid until they are used. These are “one-time” use
codes.
HOTP is an HMAC-based one-time password (OTP) algorithm.
HOTP can be used to authenticate a user in a system via an authentication server. Also, if some more steps are carried
out (the server calculates subsequent OTP value and sends/displays it to the user who checks it against subsequent
OTP value calculated by his token), the user can also authenticate the validation server.
Both hardware and software tokens are available from various vendors. Hardware tokens implementing OATH HOTP
tend to be significantly cheaper than their competitors based on proprietary algorithms. Some products can be used for
strong passwords as well as OATH HOTP.
Software tokens are available for (nearly) all major mobile/smartphone platforms.

QUESTION 5
A security administrator must configure the database server shown below the comply with the four requirements listed.
Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement.
Answer options may be used once or not at all.

Pmtrainingprep CAS-003 exam questions-q5

Select and Place:

Pmtrainingprep CAS-003 exam questions-q5-2

QUESTION 6
A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization\\’s vulnerability
management program. The CISO finds patching and vulnerability scanning policies and procedures are in place.
However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to the
organization. The CISO determines systems administrators need to participate in industry security events. Which of the
following is the CISO looking to improve?
A. Vendor diversification
B. System hardening standards
C. Bounty programs
D. Threat awareness
E. Vulnerability signatures
Correct Answer: D


QUESTION 7
A newly hired systems administrator is trying to connect a new and fully updated, but very customized, Android device
to access corporate resources. However, the MDM enrollment process continually fails. The administrator asks a
security team member to look into the issue.
Which of the following is the MOST likely reason the MDM is not allowing enrollment?
A. The OS version is not compatible
B. The OEM is prohibited
C. The device does not support FDE
D. The device is rooted
Correct Answer: D

QUESTION 8
A new database application was added to a company\\’s hosted VM environment. Firewall ACLs were modified to allow
database users to access the server remotely. The company\\’s cloud security broker then identified abnormal from a
database user on-site. Upon further investigation, the security team noticed the user ran code on a VM that provided
access to the hypervisor directly and access to other sensitive data.
Which of the following should the security do to help mitigate future attacks within the VM environment? (Choose two.)
A. Install the appropriate patches.
B. Install perimeter NGFW.
C. Configure VM isolation.
D. Deprovision database VM.
E. Change the user\\’s access privileges.
F. Update virus definitions on all endpoints.
Correct Answer: AB


QUESTION 9
A forensics analyst suspects that a breach has occurred. Security logs show the company\\’s OS patch system may be
compromised, and it is serving patches that contain a zero-day exploit and backdoor. The analyst extracts an
executable file from a packet capture of communication between a client computer and the patch server.
Which of the following should the analyst use to confirm this suspicion?
A. File size
B. Digital signature
C. Checksums
D. Anti-malware software
E. Sandboxing
Correct Answer: B


QUESTION 10
The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The
board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO
produces a basic report containing both KPI and KRI data in two separate sections for the board to review.
Which of the following BEST meets the needs of the board?
A. KRI:- Compliance with regulations- Backlog of unresolved security investigations- Severity of threats and
vulnerabilities reported by sensors- Time to patch critical issues on a monthly basisKPI:- Time to resolve open security
items- % of suppliers with approved security control frameworks- EDR coverage across the fleet- Threat landscape
rating
B. KRI:- EDR coverage across the fleet- Backlog of unresolved security investigations- Time to patch critical issues on a
monthly basis- Threat landscape ratingKPI:- Time to resolve open security items- Compliance with regulations- % of
suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors
C. KRI:- EDR coverage across the fleet- % of suppliers with approved security control framework- Backlog of
unresolved security investigations- Threat landscape ratingKPI:- Time to resolve open security items- Compliance with
regulations-Time to patch critical issues on a monthly basis- Severity of threats and vulnerabilities reported by sensors
D. KPI:- Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and
vulnerabilities reported by sensors- Threat landscape ratingKRI:- Time to resolve open security items- Backlog of unresolved security investigations- EDR coverage across the fleet- Time to patch critical issues on a monthly basis
Correct Answer: A


QUESTION 11
A security analyst is reviewing logs and discovers that a company-owned computer issued to an employee is generating
many alerts and analyst continues to review the log events and discovers that a non-company-owned device from a
different, unknown IP address is general same events. The analyst informs the manager of these finding, and the
manager explains that these activities are already known and . . . ongoing simulation. Given this scenario, which of the
following roles are the analyst, the employee, and the manager fillings?
A. The analyst is red team The employee is blue team The manager is white team
B. The analyst is white team The employee is red team The manager is blue team
C. The analyst is red team The employee is white team The manager is blue team
D. The analyst is blue team The employee is red team The manager is white team
Correct Answer: D

QUESTION 12
An online bank has contracted with a consultant to perform a security assessment of the bank\\’s web portal. The
consultant notices the login page is linked from the main page with HTTPS, but when the URL is changed to HTTP, the
browser is automatically redirected back to the HTTPS site. Which of the following is a concern for the consultant, and
how can it be mitigated?
A. XSS could be used to inject code into the login page during the redirect to the HTTPS site. The consultant should
implement a WAF to prevent this.
B. The consultant is concerned the site is using an older version of the SSL 3.0 protocol that is vulnerable to a variety of
attacks. Upgrading the site to TLS 1.0 would mitigate this issue.
C. The HTTP traffic is vulnerable to network sniffing, which could disclose usernames and passwords to an attacker.
The consultant should recommend disabling HTTP on the web server.
D. A successful MITM attack Could intercept the redirect and use sslstrip to decrypt further HTTPS traffic. Implementing
HSTS on the web server would prevent this.
Correct Answer: D


QUESTION 13
A hospital uses a legacy electronic medical record system that requires multicast for traffic between the application
servers and databases on virtual hosts that support segments of the application. Following a switch upgrade, the
electronic medical record is unavailable despite physical connectivity between the hypervisor and the storage being in
place. The network team must enable multicast traffic to restore access to the electronic medical record. The ISM states
that the network team must reduce the footprint of multicast traffic on the network.

Pmtrainingprep CAS-003 exam questions-q13

Using the above information, on which VLANs should multicast be enabled?
A. VLAN201, VLAN202, VLAN400
B. VLAN201, VLAN202, VLAN700
C. VLAN201, VLAN202, VLAN400, VLAN680, VLAN700
D. VLAN400, VLAN680, VLAN700
Correct Answer: D

Tips To Pass CompTIA CAS-003 Exam

Pass4itsure tips

12% Discount Code “2020PASS”

The discount has been applied to CompTIA exam products, bringing maximum convenience and assistance to customers.

The latest discount code “2020PASS” is provided below.

Pass4itsure discount code 2020

CompTIA CAS-003 exam questions pdf dumps and practice exam questions and answers can be used to prepare CompTIA CAS-003 exam. https://www.pass4itsure.com/cas-003.html CompTIA CAS-003 dumps. Use them correctly and you will not fail.

cas-003 dump | cas-003 dump pdf | cas-003 dump free | cas-003 pdf | cas-003 study guide pdf