getcertified4sure.com

Refresh CompTIA Advanced Security Practitioner (CASP) CAS-003 Test Question




Actualtests CAS-003 Questions are updated and all CAS-003 answers are verified by experts. Once you have completely prepared with our CAS-003 exam prep kits you will be ready for the real CAS-003 exam without a problem. We have Latest CompTIA CAS-003 dumps study guide. PASSED CAS-003 First attempt! Here What I Did.

Also have CAS-003 free dumps questions for you:

NEW QUESTION 1
The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance department. The following information is compiled:
Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0
Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0
Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0
All callers are connected to the same switch and are routed by a router with five built-in interfaces. The upstream router interface’s MAC is 00-01-42-32-ab-1a
A packet capture shows the following:
09:05:15.934840 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)
09:06:16.124850 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)
09:07:25.439811 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)
09:08:10.937590 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2305, seq 1, length 65534
09:08:10.937591 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2306, seq 2, length 65534
09:08:10.937592 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2307, seq 3, length 65534
Which of the following is occurring on the network?

  • A. A man-in-the-middle attack is underway on the network.
  • B. An ARP flood attack is targeting at the router.
  • C. The default gateway is being spoofed on the network.
  • D. A denial of service attack is targeting at the route

Answer: D

Explanation:
The above packet capture shows an attack where the attacker is busy consuming your resources (in this case the router) and preventing normal use. This is thus a Denial Of Service Attack.
Incorrect Answers:
A: A man-in-the-middle attack is when an attacker intercepts and perhaps changes the data that is transmitted between two users. The packet capture is not indicative of a man-in-the-middle attack. B: With an ARP flood attack thousands of spoofed data packets with different physical addresses are sent to a device. This is not the case here.
C: A gateway being spoofed show up as any random number that the attacker feels like listing as the caller. This is not what is exhibited in this case.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, p. 286

NEW QUESTION 2
A newly hired security analyst has joined an established SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concerned about it. Which of the following is the MOST likely reason for the team lead’s position?

  • A. The organization has accepted the risks associated with web-based threats.
  • B. The attack type does not meet the organization’s threat model.
  • C. Web-based applications are on isolated network segments.
  • D. Corporate policy states that NIPS signatures must be updated every hou

Answer: A

NEW QUESTION 3
ABC Corporation uses multiple security zones to protect systems and information, and all of the VM hosts are part of a consolidated VM infrastructure. Each zone has different VM administrators. Which of the following restricts different zone administrators from directly accessing the console of a VM host from another zone?

  • A. Ensure hypervisor layer firewalling between all VM hosts regardless of security zone.
  • B. Maintain a separate virtual switch for each security zone and ensure VM hosts bind to only the correct virtual NIC(s).
  • C. Organize VM hosts into containers based on security zone and restrict access using an ACL.
  • D. Require multi-factor authentication when accessing the console at the physical VM hos

Answer: C

Explanation:
Access Control Lists (ACLs) are used to restrict access to the console of a virtual host. Virtual hosts are often managed by centralized management servers (for example: VMware vCenter Server). You can create logical containers that can contain multiple hosts and you can configure ACLs on the
containers to provide access to the hosts within the container. Incorrect Answers:
A: Hypervisor layer firewalling is used to restrict the network traffic that can access the host. It does not prevent a user from directly accessing the console of the host.
B: Maintaining a separate virtual switch for each security zone and ensuring VM hosts bind to only the correct virtual NIC(s) will restrict the network access of the VM hosts. It does not prevent a user from directly accessing the console of the host.
D: Multi-factor authentication is a secure way of authenticating a user. However, that’s all it does: authenticates someone. In other words, it only proves that the person is who they say they are. You would still need an ACL to determine whether that person is allowed or not allowed to access the console of the host.

NEW QUESTION 4
Which of the following describes a risk and mitigation associated with cloud data storage?

  • A. Risk: Shared hardware caused data leakage Mitigation: Strong encryption at rest
  • B. Risk: Offsite replication Mitigation: Multi-site backups
  • C. Risk: Data loss from de-duplication Mitigation: Dynamic host bus addressing
  • D. Risk: Combined data archivingMitigation: Two-factor administrator authentication

Answer: A

Explanation:
With cloud data storage, the storage provider will have large enterprise SANs providing large pools of storage capacity. Portions of the storage pools are assigned to customers. The risk is that multiple customers are storing their data on the same physical hardware storage devices. This presents a risk (usually a very small risk, but a risk all the same) of other customers using the same cloud storage hardware being able to view your data.
The mitigation of the risk is to encrypt your data stored on the SAN. Then the data would be unreadable even if another customer was able to access it.
Incorrect Answers:
B: Offsite replication is used for disaster recovery purposes. It is not considered to be a risk as long as the data is secure in the other site. Multi-site backups are not a risk mitigation.
C: Data loss from de-duplication is not considered to be a risk. De-duplication removes duplicate copies of data to reduce the storage space required for the dat
A. Dynamic host bus addressing is not a risk mitigation.
D: Combined data archiving is not considered to be a risk. The archived data would be less accessible to other customers than the live data on the shared storage.

NEW QUESTION 5
After investigating virus outbreaks that have cost the company $1,000 per incident, the company’s Chief Information Security Officer (CISO) has been researching new antivirus software solutions to use and be fully supported for the next two years. The CISO has narrowed down the potential solutions to four candidates that meet all the company’s performance and capability requirements:
CAS-003 dumps exhibit
Using the table above, which of the following would be the BEST business-driven choice among five possible solutions?

  • A. Product A
  • B. Product B
  • C. Product C
  • D. Product D
  • E. Product E

Answer: E

NEW QUESTION 6
Legal counsel has notified the information security manager of a legal matter that will require the preservation of electronic records for 2000 sales force employees. Source records will be email, PC, network shares, and applications.
After all restrictions have been lifted, which of the following should the information manager review?

  • A. Data retention policy
  • B. Legal hold
  • C. Chain of custody
  • D. Scope statement

Answer: B

NEW QUESTION 7
At a meeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company’s web servers can be obtained publicly and is not proprietary in any way. The next day the company’s website is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website. Which of the following is the FIRST action the company should take?

  • A. Refer to and follow procedures from the company’s incident response plan.
  • B. Call a press conference to explain that the company has been hacked.
  • C. Establish chain of custody for all systems to which the systems administrator has access.
  • D. Conduct a detailed forensic analysis of the compromised system.
  • E. Inform the communications and marketing department of the attack detail

Answer: A

NEW QUESTION 8
An information security manager is concerned that connectivity used to configure and troubleshoot critical network devices could be attacked. The manager has tasked a network security engineer with meeting the following requirements:
Encrypt all traffic between the network engineer and critical devices. Segregate the different networking planes as much as possible.
Do not let access ports impact configuration tasks.
Which of the following would be the BEST recommendation for the network security engineer to present?

  • A. Deploy control plane protections.
  • B. Use SSH over out-of-band management.
  • C. Force only TACACS to be allowed.
  • D. Require the use of certificates for AAA.

Answer: B

NEW QUESTION 9
A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive analysis attacks.
Which of the following is the BEST solution?

  • A. Use an entropy-as-a-service vendor to leverage larger entropy pools.
  • B. Loop multiple pseudo-random number generators in a series to produce larger numbers.
  • C. Increase key length by two orders of magnitude to detect brute forcing.
  • D. Shift key generation algorithms to ECC algorithm

Answer: A

NEW QUESTION 10
As part of an organization’s compliance program, administrators must complete a hardening checklist and note any potential improvements. The process of noting improvements in the checklist is MOST likely driven by:

  • A. the collection of data as part of the continuous monitoring program.
  • B. adherence to policies associated with incident response.
  • C. the organization’s software development life cycle.
  • D. changes in operating systems or industry trend

Answer: A

NEW QUESTION 11
A security administrator notices a recent increase in workstations becoming compromised by malware. Often, the malware is delivered via drive-by downloads, from malware hosting websites, and is not being detected by the corporate antivirus. Which of the following solutions would provide the BEST protection for the company?

  • A. Increase the frequency of antivirus downloads and install updates to all workstations.
  • B. Deploy a cloud-based content filter and enable the appropriate category to prevent further infections.
  • C. Deploy a WAF to inspect and block all web traffic which may contain malware and explogts.
  • D. Deploy a web based gateway antivirus server to intercept viruses before they enter the networ

Answer: B

Explanation:
The undetected malware gets delivered to the company via drive-by and malware hosing websites. Display filters and Capture filters when deployed on the cloud-based content should provide the protection required.
Incorrect Answers:
A: The company already has an antivirus application that is not detecting the malware, increasing the frequency of antivirus downloads and installing the updates will thus not address the issue of the drive-by downloads and malware hosting websites.
C: A WAF is designed to sit between a web client and a web server to analyze OSI Layer 7 traffic; this will not provide the required protection in this case. WAFs are not 100% effective.
D: A web-based gateway antivirus is not going to negate the problem of drive-by downloads and malware hosting websites.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 116, 405-406

NEW QUESTION 12
An organization is considering the use of a thin client architecture as it moves to a cloud-hosted environment. A security analyst is asked to provide thoughts on the security advantages of using thin clients and virtual workstations. Which of the following are security advantages of the use of this combination of thin clients and virtual workstations?

  • A. Malicious insiders will not have the opportunity to tamper with data at rest and affect the integrity of the system.
  • B. Thin client workstations require much less security because they lack storage and peripherals that can be easily compromised, and the virtual workstations are protected in the cloud where security is outsourced.
  • C. All thin clients use TPM for core protection, and virtual workstations use vTPM for core protection with both equally ensuring a greater security advantage for a cloud-hosted environment.
  • D. Malicious users will have reduced opportunities for data extractions from their physical thin client workstations, this reducing the effectiveness of local attacks.

Answer: B

NEW QUESTION 13
A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the following would MOST appropriately address Joe's concerns?

  • A. Ensure web services hosting the event use TCP cookies and deny_hosts.
  • B. Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions.
  • C. Contract and configure scrubbing services with third-party DDoS mitigation providers.
  • D. Purchase additional bandwidth from the company’s Internet service provide

Answer: C

Explanation:
Scrubbing is an excellent way of dealing with this type of situation where the company wants to stay connected no matter what during the one-time high profile event. It involves deploying a multi- layered security approach backed by extensive threat research to defend against a variety of attacks with a guarantee of always-on.
Incorrect Answers:
A: Making use of TCP cookies will not be helpful in this event since cookins are used to maintain selections on previous pages and attackers can assess cookies in transit or in storage to carry out their attacks.
B: Using intrusion prevention systems blocking IPs is contra productive for a one-time high profile event if you want to attract and reach many clients and the same time.
D: Purchasing additional bandwidth from the ISP not going to prevent attackers from hi-jacking your one-time event.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 159, 165, 168
http://www.level3.com/en/products/ddos-mitigation/

NEW QUESTION 14
The security configuration management policy states that all patches must undergo testing procedures before being moved into production. The sec… analyst notices a single web application server has been downloading and applying patches during non-business hours without testing. There are no apparent adverse reaction, server functionality does not seem to be affected, and no malware was found after a scan. Which of the following action should the analyst take?

  • A. Reschedule the automated patching to occur during business hours.
  • B. Monitor the web application service for abnormal bandwidth consumption.
  • C. Create an incident ticket for anomalous activity.
  • D. Monitor the web application for service interruptions caused from the patchin

Answer: C

NEW QUESTION 15
An engineer is evaluating the control profile to assign to a system containing PII, financial, and proprietary data.
CAS-003 dumps exhibit
Based on the data classification table above, which of the following BEST describes the overall classification?

  • A. High confidentiality, high availability
  • B. High confidentiality, medium availability
  • C. Low availability, low confidentiality
  • D. High integrity, low availability

Answer: B

NEW QUESTION 16
......

100% Valid and Newest Version CAS-003 Questions & Answers shared by Dumps-files.com, Get Full Dumps HERE: https://www.dumps-files.com/files/CAS-003/ (New 555 Q&As)