CompTIA CAS-003 Free Practice Questions

NEW QUESTION 1
A government organization operates and maintains several ICS environments. The categorization of one of the ICS environments led to a moderate baseline. The organization has complied a set of applicable security controls based on this categorization.
Given that this is a unique environment, which of the following should the organization do NEXT to determine if other security controls should be considered?

• A. Check for any relevant or required overlays.
• B. Review enhancements within the current control set.
• C. Modify to a high-baseline set of controls.
• D. Perform continuous monitorin

Answer: C

NEW QUESTION 2
A managed service provider is designing a log aggregation service for customers who no longer want to manage an internal SIEM infrastructure. The provider expects that customers will send all types of logs to them, and that log files could contain very sensitive entries. Customers have indicated they want on-premises and cloud-based infrastructure logs to be stored in this new service. An engineer, who is designing the new service, is deciding how to segment customers. Which of the following is the BEST statement for the engineer to take into consideration?

• A. Single-tenancy is often more expensive and has less efficient resource utilizatio
• B. Multi-tenancy may increase the risk of cross-customer exposure in the event of service vulnerabilities.
• C. The managed service provider should outsource security of the platform to an existing cloud compan
• D. This will allow the new log service to be launched faster and with well-tested security controls.
• E. Due to the likelihood of large log volumes, the service provider should use a multi-tenancy model for the data storage tier, enable data deduplication for storage cost efficiencies, and encrypt data at rest.
• F. The most secure design approach would be to give customers on-premises appliances, install agents on endpoints, and then remotely manage the service via a VPN.

Answer: A

NEW QUESTION 3
A network administrator with a company’s NSP has received a CERT alert for targeted adversarial behavior at the company. In addition to the company’s physical security, which of the following can the network administrator use to detect the presence of a malicious actor physically accessing the company’s network or information systems from within? (Select TWO).

• A. RAS
• B. Vulnerability scanner
• C. HTTP intercept
• D. HIDS
• E. Port scanner
• F. Protocol analyzer

Answer: DF

Explanation:
A protocol analyzer can be used to capture and analyze signals and data traffic over a communication
channel which makes it ideal for use to assess a company’s network from within under the circumstances.
HIDS is used as an intrusion detection system that can monitor and analyze the internal company network especially the dynamic behavior and the state of the computer systems; behavior such as network packets targeted at that specific host, which programs accesses what resources etc. Incorrect Answers:
A: RAS is a term that refers to any combination of hardware or software that will enable the remote access tools or information that typically reside on a network of IT devices. This tool will not allow you to detect the presence of a malicious actor physical accessing the network from within.
B: Vulnerability scanners are used to identify vulnerable systems and applications that may be in need of patching.
C: A HTTP Interceptor is a program that is used to assess and analyze web traffic and works by acting as a proxy for the traffic between the web client and the web server, not useful in this scenario.
E: Port Scanners are used to scan the TCP and UDP ports as well as their status. Port scanning makes allowance to run probes to check which services are running on a targeted computer.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 137-138, 181, 399-402
https://en.wikipedia.org/wiki/Host-based_intrusion_detection_system

NEW QUESTION 4
A security engineer is working on a large software development project. As part of the design of the project, various stakeholder requirements were gathered and decomposed to an implementable and testable level. Various security requirements were also documented.
Organize the following security requirements into the correct hierarchy required for an SRTM. Requirement 1: The system shall provide confidentiality for data in transit and data at rest. Requirement 2: The system shall use SSL, SSH, or SCP for all data transport.
Requirement 3: The system shall implement a file-level encryption scheme. Requirement 4: The system shall provide integrity for all data at rest. Requirement 5: The system shall perform CRC checks on all files.

• A. Level 1: Requirements 1 and 4; Level 2: Requirements 2, 3, and 5
• B. Level 1: Requirements 1 and 4; Level 2: Requirements 2 and 3 under 1, Requirement 5 under 4
• C. Level 1: Requirements 1 and 4; Level 2: Requirement 2 under 1, Requirement 5 under 4; Level 3:Requirement 3 under 2
• D. Level 1: Requirements 1, 2, and 3; Level 2: Requirements 4 and 5

Answer: B

Explanation:
Confidentiality and integrity are two of the key facets of data security. Confidentiality ensures that sensitive information is not disclosed to unauthorized users; while integrity ensures that data is not altered by unauthorized users. These are Level 1 requirements.
Confidentiality is enforced through encryption of data at rest, encryption of data in transit, and access control. Encryption of data in transit is accomplished by using secure protocols such as PSec, SSL, PPTP, SSH, and SCP, etc.
Integrity can be enforced through hashing, digital signatures and CRC checks on the files. In the SRTM hierarchy, the enforcement methods would fall under the Level requirement. References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 17-19, 20, 27-29

NEW QUESTION 5
The source workstation image for new accounting PCs has begun blue-screening. A technician notices that the date/time stamp of the image source appears to have changed. The desktop support director has asked the Information Security department to determine if any changes were made to
the source image. Which of the following methods would BEST help with this process? (Select TWO).

• A. Retrieve source system image from backup and run file comparison analysis on the two images.
• B. Parse all images to determine if extra data is hidden using steganography.
• C. Calculate a new hash and compare it with the previously captured image hash.
• D. Ask desktop support if any changes to the images were made.
• E. Check key system files to see if date/time stamp is in the past six month

Answer: AC

Explanation:
Running a file comparison analysis on the two images will determine whether files have been changed, as well as what files were changed.
Hashing can be used to meet the goals of integrity and non-repudiation. One of its advantages of hashing is its ability to verify that information has remained unchanged. If the hash values are the same, then the images are the same. If the hash values differ, there is a difference between the two
images.
Incorrect Answers:
B: Steganography is a type of data exfiltration. Data exfiltration is the unauthorized transfer of data from a computer.
D: According to the scenario, the desktop support director has asked the Information Security department to determine if any changes were made to the source image. Asking the desktop support if any changes to the images were made would therefore be redundant.
E: The question requires the Information Security department to determine if any changes were made to the source image, not when the date/time stamp manipulation occurred.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley & Sons, Indianapolis, 2012, pp. 18, 134

NEW QUESTION 6
The risk subcommittee of a corporate board typically maintains a master register of the most prominent risks to the company. A centralized holistic view of risk is particularly important to the corporate Chief Information Security Officer (CISO) because:

• A. IT systems are maintained in silos to minimize interconnected risks and provide clear risk boundaries used to implement compensating controls
• B. risks introduced by a system in one business unit can affect other business units in ways in which the individual business units have no awareness
• C. corporate general counsel requires a single system boundary to determine overall corporate risk exposure
• D. major risks identified by the subcommittee merit the prioritized allocation of scare funding to address cybersecurity concerns

Answer: A

NEW QUESTION 7
A consulting firm was hired to conduct assessment for a company. During the first stage, a penetration tester used a tool that provided the following output:
TCP 80 open
TCP 443 open
TCP 1434 filtered
The penetration tester then used a different tool to make the following requests:
GET / script/login.php?token=45$MHT000MND876
GET / script/login.php?token=@#984DCSPQ 1DF
Which of the following tools did the penetration tester use?

• A. Protocol analyzer
• B. Port scanner
• C. Fuzzer
• D. Brute forcer
• E. Log analyzer
• F. HTTP interceptor

Answer: C

NEW QUESTION 8
A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities. The analyst inspects the following portions of different configuration files:
Configuration file 1: Operator ALL=/sbin/reboot Configuration file 2:
Command=”/sbin/shutdown now”, no-x11-forwarding, no-pty, ssh-dss Configuration file 3:
Operator:x:1000:1000::/home/operator:/bin/bash
Which of the following explains why an intended operator cannot perform the intended action?

• A. The sudoers file is locked down to an incorrect command
• B. SSH command shell restrictions are misconfigured
• C. The passwd file is misconfigured
• D. The SSH command is not allowing a pty session

Answer: D

NEW QUESTION 9
A security analyst has requested network engineers integrate sFlow into the SOC’s overall monitoring picture. For this to be a useful addition to the monitoring capabilities, which of the following must be considered by the engineering team?

• A. Effective deployment of network taps
• B. Overall bandwidth available at Internet PoP
• C. Optimal placement of log aggregators
• D. Availability of application layer visualizers

Answer: D

NEW QUESTION 10
An organization enables BYOD but wants to allow users to access the corporate email, calendar, and contacts from their devices. The data associated with the user’s accounts is sensitive, and therefore, the organization wants to comply with the following requirements:
Active full-device encryption Enabled remote-device wipe Blocking unsigned applications
Containerization of email, calendar, and contacts
Which of the following technical controls would BEST protect the data from attack or loss and meet the above requirements?

• A. Require frequent password changes and disable NFC.
• B. Enforce device encryption and activate MAM.
• C. Install a mobile antivirus application.
• D. Configure and monitor devices with an MD

Answer: B

NEW QUESTION 11
A SaaS-based email service provider often receives reports from legitimate customers that their IP netblocks are on blacklists and they cannot send email. The SaaS has confirmed that affected customers typically have IP addresses within broader network ranges and some abusive customers within the same IP ranges may have performed spam campaigns. Which of the following actions should the SaaS provider perform to minimize legitimate customer impact?

• A. Inform the customer that the service provider does not have any control over third-party blacklist entrie
• B. The customer should reach out to the blacklist operator directly
• C. Perform a takedown of any customer accounts that have entries on email blacklists because this is a strong indicator of hostile behavior
• D. Work with the legal department and threaten legal action against the blacklist operator if the netblocks are not removed because this is affecting legitimate traffic
• E. Establish relationship with a blacklist operators so broad entries can be replaced with more granular entries and incorrect entries can be quickly pruned

Answer: D

NEW QUESTION 12
A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production code on the project.
Which of the following methods could be used in addition to an integrated development environment to reduce the severity of the issue?

• A. Conduct a penetration test on each function as it is developed
• B. Develop a set of basic checks for common coding errors
• C. Adopt a waterfall method of software development
• D. Implement unit tests that incorporate static code analyzers

Answer: D

NEW QUESTION 13
An engineer needs to provide access to company resources for several offshore contractors. The contractors require:
Access to a number of applications, including internal websites Access to database data and the ability to manipulate it
The ability to log into Linux and Windows servers remotely
Which of the following remote access technologies are the BEST choices to provide all of this access securely? (Choose two.)

• A. VTC
• B. VRRP
• C. VLAN
• D. VDI
• E. VPN
• F. Telnet

Answer: DE

NEW QUESTION 14
The legal department has required that all traffic to and from a company’s cloud-based word processing and email system is logged. To meet this requirement, the Chief Information Security Officer (CISO) has implemented a next-generation firewall to perform inspection of the secure traffic and has decided to use a cloud-based log aggregation solution for all traffic that is logged. Which of the following presents a long-term risk to user privacy in this scenario?

• A. Confidential or sensitive documents are inspected by the firewall before being logged.
• B. Latency when viewing videos and other online content may increase.
• C. Reports generated from the firewall will take longer to produce due to more information from inspected traffic.
• D. Stored logs may contain non-encrypted usernames and passwords for personal website

Answer: A

NEW QUESTION 15
A penetration tester noticed special characters in a database table. The penetration tester configured the browser to use an HTTP interceptor to verify that the front-end user registration web form accepts invalid input in the user’s age field. The developer was notified and asked to fix the issue. Which of the following is the MOST secure solution for the developer to implement?

• A. IF $AGE == “!@#%^&*()_+<>?”:{}[]” THEN ERROR
• B. IF $AGE == [1234567890] {1,3} THEN CONTINUE
• C. IF $AGE != “a-bA-Z!@#$%^&*()_+<>?”{}[]”THEN CONTINUE
• D. IF $AGE == [1-0] {0,2} THEN CONTINUE

Answer: B

NEW QUESTION 16
......