CAS-003
Free trial
Verified
Question 1
DRAG DROP -
Drag and drop the cloud deployment model to the associated use-case scenario. Options may be used only once or not at all.
Select and Place:
Question 2
A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet:
Which of the following should the penetration tester conclude about the command output?
- A: The public/private views on the Comptia.org DNS servers are misconfigured
- B: Comptia.org is running an older mail server, which may be vulnerable to exploits
- C: The DNS SPF records have not been updated for Comptia.org
- D: 192.168.102.67 is a backup mail server that may be more vulnerable to attack
Question 3
Ann, a member of the finance department at a large corporation, has submitted a suspicious email she received to the information security team. The team was not expecting an email from Ann, and it contains a PDF file inside a ZIP compressed archive. The information security team is not sure which files were opened. A security team member uses an air-gapped PC to open the ZIP and PDF, and it appears to be a social engineering attempt to deliver an exploit.
Which of the following would provide greater insight on the potential impact of this attempted attack?
- A: Run an antivirus scan on the finance PC.
- B: Use a protocol analyzer on the air-gapped PC.
- C: Perform reverse engineering on the document.
- D: Analyze network logs for unusual traffic.
- E: Run a baseline analyzer against the user's computer.
Question 4
A new cluster of virtual servers has been set up in a lab environment and must be audited before being allowed on the production network. The security manager needs to ensure unnecessary services are disabled and all system accounts are using strong credentials.
Which of the following tools should be used? (Choose two.)
- A: Fuzzer
- B: SCAP scanner
- C: Packet analyzer
- D: Password cracker
- E: Network enumerator
- F: SIEM
Question 5
A security engineer is embedded with a development team to ensure security is built into products being developed. The security engineer wants to ensure developers are not blocked by a large number of security requirements applied at specific schedule points.
Which of the following solutions BEST meets the engineer's goal?
- A: Schedule weekly reviews of al unit test results with the entire development team and follow up between meetings with surprise code inspections.
- B: Develop and implement a set of automated security tests to be installed on each development team leader's workstation.
- C: Enforce code quality and reuse standards into the requirements definition phase of the waterfall development process.
- D: Deploy an integrated software tool that builds and tests each portion of code committed by developers and provides feedback.
Question 6
A security engineer is working with a software development team. The engineer is tasked with ensuring all security requirements are adhered to by the developers.
Which of the following BEST describes the contents of the supporting document the engineer is creating?
- A: A series of ad-hoc tests that each verify security control functionality of the entire system at once.
- B: A series of discrete tasks that, when viewed in total, can be used to verify and document each individual constraint from the SRTM.
- C: A set of formal methods that apply to one or more of the programing languages used on the development project.
- D: A methodology to verify each security control in each unit of developed code prior to committing the code.
Question 7
A security technician is incorporating the following requirements in an RFP for a new SIEM:
✑ New security notifications must be dynamically implemented by the SIEM engine
✑ The SIEM must be able to identify traffic baseline anomalies
✑ Anonymous attack data from all customers must augment attack detection and risk scoring
Based on the above requirements, which of the following should the SIEM support? (Choose two.)
- A: Autoscaling search capability
- B: Machine learning
- C: Multisensor deployment
- D: Big Data analytics
- E: Cloud-based management
- F: Centralized log aggregation
Question 8
An organization enables BYOD but wants to allow users to access the corporate email, calendar, and contacts from their devices. The data associated with the user's accounts is sensitive, and therefore, the organization wants to comply with the following requirements:
✑ Active full-device encryption
✑ Enabled remote-device wipe
✑ Blocking unsigned applications
✑ Containerization of email, calendar, and contacts
Which of the following technical controls would BEST protect the data from attack or loss and meet the above requirements?
- A: Require frequent password changes and disable NFC.
- B: Enforce device encryption and activate MAM.
- C: Install a mobile antivirus application.
- D: Configure and monitor devices with an MDM.
Question 9
The Chief Information Officer (CIO) wants to increase security and accessibility among the organization's cloud SaaS applications. The applications are configured to use passwords, and two-factor authentication is not provided natively.
Which of the following would BEST address the CIO's concerns?
- A: Procure a password manager for the employees to use with the cloud applications.
- B: Create a VPN tunnel between the on-premises environment and the cloud providers.
- C: Deploy applications internally and migrate away from SaaS applications.
- D: Implement an IdP that supports SAML and time-based, one-time passwords.
Question 10
During a security assessment, activities were divided into two phases: internal and external exploitation. The security assessment team set a hard time limit on external activities before moving to a compromised box within the enterprise perimeter.
Which of the following methods is the assessment team most likely to employ NEXT?
- A: Pivoting from the compromised, moving laterally through the enterprise, and trying to exfiltrate data and compromise devices.
- B: Conducting a social engineering attack attempt with the goal of accessing the compromised box physically.
- C: Exfiltrating network scans from the compromised box as a precursor to social media reconnaissance
- D: Open-source intelligence gathering to identify the network perimeter and scope to enable further system compromises.
Question 11
An organization's network engineering team recently deployed a new software encryption solution to ensure the confidentiality of data at rest, which was found to add 300ms of latency to data read-write requests in storage, impacting business operations.
Which of the following alternative approaches would BEST address performance requirements while meeting the intended security objective?
- A: Employ hardware FDE or SED solutions.
- B: Utilize a more efficient cryptographic hash function.
- C: Replace HDDs with SSD arrays.
- D: Use a FIFO pipe a multithreaded software solution.
Question 12
Two new technical SMB security settings have been enforced and have also become policies that increase secure communications.
Network Client: Digitally sign communication
Network Server: Digitally sign communication
A storage administrator in a remote location with a legacy storage array, which contains time-sensitive data, reports employees can no longer connect to their department shares. Which of the following mitigation strategies should an information security manager recommend to the data owner?
- A: Accept the risk, reverse the settings for the remote location, and have the remote location file a risk exception until the legacy storage device can be upgraded
- B: Accept the risk for the remote location, and reverse the settings indefinitely since the legacy storage device will not be upgraded
- C: Mitigate the risk for the remote location by suggesting a move to a cloud service provider. Have the remote location request an indefinite risk exception for the use of cloud storage
- D: Avoid the risk, leave the settings alone, and decommission the legacy storage device
Question 13
While attending a meeting with the human resources department, an organization's information security officer sees an employee using a username and password written on a memo pad to log into a specific service. When the information security officer inquires further as to why passwords are being written down, the response is that there are too many passwords to remember for all the different services the human resources department is required to use.
Additionally, each password has specific complexity requirements and different expiration time frames.
Which of the following would be the BEST solution for the information security officer to recommend?
- A: Utilizing MFA
- B: Implementing SSO
- C: Deploying 802.1X
- D: Pushing SAML adoption
- E: Implementing TACACS
Question 14
Which of the following is the GREATEST security concern with respect to BYOD?
- A: The filtering of sensitive data out of data flows at geographic boundaries.
- B: Removing potential bottlenecks in data transmission paths.
- C: The transfer of corporate data onto mobile corporate devices.
- D: The migration of data into and out of the network in an uncontrolled manner.
Question 15
Given the following code snippet:
Which of the following failure modes would the code exhibit?
- A: Open
- B: Secure
- C: Halt
- D: Exception
Question 16
A medical facility wants to purchase mobile devices for doctors and nurses. To ensure accountability, each individual will be assigned a separate mobile device.
Additionally, to protect patients' health information, management has identified the following requirements:
✑ Data must be encrypted at rest.
✑ The device must be disabled if it leaves the facility.
✑ The device must be disabled when tampered with.
Which of the following technologies would BEST support these requirements? (Choose two.)
- A: eFuse
- B: NFC
- C: GPS
- D: Biometric
- E: USB 4.1
- F: MicroSD
Question 17
A security administrator wants to implement two-factor authentication for network switches and routers. The solution should integrate with the company's RADIUS server, which is used for authentication to the network infrastructure devices. The security administrator implements the following:
✑ An HOTP service is installed on the RADIUS server.
✑ The RADIUS server is configured to require the HOTP service for authentication.
The configuration is successfully tested using a software supplicant and enforced across all network devices. Network administrators report they are unable to log onto the network devices because they are not being prompted for the second factor.
Which of the following should be implemented to BEST resolve the issue?
- A: Replace the password requirement with the second factor. Network administrators will enter their username and then enter the token in place of their password in the password field.
- B: Configure the RADIUS server to accept the second factor appended to the password. Network administrators will enter a password followed by their token in the password field.
- C: Reconfigure network devices to prompt for username, password, and a token. Network administrators will enter their username and password, and then they will enter the token.
- D: Install a TOTP service on the RADIUS server in addition to the HOTP service. Use the HOTP on older devices that do not support two-factor authentication. Network administrators will use a web portal to log onto these devices.
Question 18
Following a merger, the number of remote sites for a company has doubled to 52. The company has decided to secure each remote site with an NGFW to provide web filtering, NIDS/NIPS, and network antivirus. The Chief Information Officer (CIO) has requested that the security engineer provide recommendations on sizing for the firewall with the requirements that it be easy to manage and provide capacity for growth.
The tables below provide information on a subset of remote sites and the firewall options:
Which of the following would be the BEST option to recommend to the CIO?
- A: Vendor C for small remote sites, and Vendor B for large sites.
- B: Vendor B for all remote sites
- C: Vendor C for all remote sites
- D: Vendor A for all remote sites
- E: Vendor D for all remote sites
Question 19
Given the following output from a security tool in Kali:
- A: Log reduction
- B: Network enumerator
- C: Fuzzer
- D: SCAP scanner
Question 20
Due to a recent breach, the Chief Executive Officer (CEO) has requested the following activities be conducted during incident response planning:
✑ Involve business owners and stakeholders
✑ Create an applicable scenario
✑ Conduct a biannual verbal review of the incident response plan
✑ Report on the lessons learned and gaps identified
Which of the following exercises has the CEO requested?
- A: Parallel operations
- B: Full transition
- C: Internal review
- D: Tabletop
- E: Partial simulation
Question 21
A government organization operates and maintains several ICS environments. The categorization of one of the ICS environments led to a moderate baseline. The organization has complied a set of applicable security controls based on this categorization.
Given that this is a unique environment, which of the following should the organization do NEXT to determine if other security controls should be considered?
- A: Check for any relevant or required overlays.
- B: Review enhancements within the current control set.
- C: Modify to a high-baseline set of controls.
- D: Perform continuous monitoring.
Question 22
A security researcher is gathering information about a recent spoke in the number of targeted attacks against multinational banks. The spike is on top of already sustained attacks against the banks. Some of the previous attacks have resulted in the loss of sensitive data, but as of yet the attackers have not successfully stolen any funds.
Based on the information available to the researcher, which of the following is the MOST likely threat profile?
- A: Nation-state-sponsored attackers conducting espionage for strategic gain.
- B: Insiders seeking to gain access to funds for illicit purposes.
- C: Opportunists seeking notoriety and fame for personal gain.
- D: Hacktivists rolling out a marketing campaign to change landing pages.
Question 23
A security engineer is designing a system in which offshore, outsourced staff can push code from the development environment to the production environment securely. The security engineer is concerned with data loss, while the business does not want to slow down its development process. Which of the following solutions BEST balances security requirements with business need?
- A: Set up a VDI environment that prevents copying and pasting to the local workstations of outsourced staff members
- B: Install a client-side VPN on the staff laptops and limit access to the development network
- C: Create an IPSec VPN tunnel from the development network to the office of the outsourced staff
- D: Use remote SaaS to provide administrative sharing in production
Question 24
An organization is considering the use of a thin client architecture as it moves to a cloud-hosted environment. A security analyst is asked to provide thoughts on the security advantages of using thin clients and virtual workstations.
Which of the following are security advantages of the use of this combination of thin clients and virtual workstations?
- A: Malicious insiders will not have the opportunity to tamper with data at rest and affect the integrity of the system.
- B: Thin client workstations require much less security because they lack storage and peripherals that can be easily compromised, and the virtual workstations are protected in the cloud where security is outsourced.
- C: All thin clients use TPM for core protection, and virtual workstations use vTPM for core protection with both equally ensuring a greater security advantage for a cloud-hosted environment.
- D: Malicious users will have reduced opportunities for data extractions from their physical thin client workstations, this reducing the effectiveness of local attacks.
Question 25
A security analyst is attempting to break into a client's secure network. The analyst was not given prior information about the client, except for a block of public IP addresses that are currently in use.
After network enumeration, the analyst's NEXT step is to perform:
- A: a gray-box penetration test
- B: a risk analysis
- C: a vulnerability assessment
- D: an external security audit
- E: a red team exercise
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!