DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

2024 CompTIA CAS-003 Exam Prep: Practice Tests & Study Materials, CompTIA CASP+ Certification | SPOTO

Prepare for the CompTIA CASP+ Certification exam with SPOTO's comprehensive 2024 exam prep resources! Our practice tests and study materials are meticulously designed to ensure your success on the CAS-003 exam. Dive into our extensive collection of practice tests and sample questions covering essential topics such as operating systems, security, software, and operational procedures. Access our exam dumps to reinforce your understanding and familiarize yourself with the exam format. Utilize our mock exams and exam simulator to simulate real exam conditions and bolster your confidence. With SPOTO's expertly curated exam materials and answers, you'll be thoroughly prepared to excel on exam day. Trust SPOTO for the most effective exam preparation resources and strategies tailored for your CompTIA CASP+ Certification journey. Start your exam preparation with SPOTO today and pave your way to certification success!
Take other online exams

Question #1
A project manager is working with a software development group to collect and evaluate user stories related to the organization’s internally designed CRM tool. After defining requirements, the project manager would like to validate the developer’s interpretation and understanding of the user’s request. Which of the following would BEST support this objective?
A. Peer review
B. Design review
C. Scrum
D. User acceptance testing
E. Unit testing
View answer
Correct Answer: C
Question #2
An engineer is evaluating the control profile to assign to a system containing PII, financial, and proprietary data. Based on the data classification table above, which of the following BEST describes the overall classification?
A. High confidentiality, high availability
B. High confidentiality, medium availability
C. Low availability, low confidentiality
D. High integrity, low availability
View answer
Correct Answer: B
Question #3
The Chief Executive Officers (CEOs) from two different companies are discussing the highly sensitive prospect of merging their respective companies together. Both have invited their Chief Information Officers (CIOs) to discern how they can securely and digitaly communicate, and the following criteria are collectively determined: Must be encrypted on the email servers and clients Must be OK to transmit over unsecure Internet connections Which of the following communication methods would be BEST to recommend?
A. Force TLS between domains
B. Enable STARTTLS on both domains
C. Use PGP-encrypted emails
D. Switch both domains to utilize DNSSEC
View answer
Correct Answer: D
Question #4
Given the following: Which of the following vulnerabilities is present in the above code snippet?
A. Disclosure of database credential
B. SQL-based string concatenation
C. DOM-based injection
D. Information disclosure in comments
View answer
Correct Answer: D
Question #5
After investigating virus outbreaks that have cost the company $1000 per incident, the company’s Chief Information Security Officer (CISO) has been researching new antivirus software solutions to use and be fully supported for the next two years. The CISO has narrowed down the potential solutions to four candidates that meet all the company’s performance and capability requirements: Using the table above, which of the following would be the BEST business-driven choice among five possible solutions?
A. Product A
B. Product B
C. Product C
D. Product D
E. Product E
View answer
Correct Answer: D
Question #6
An organization is currently performing a market scan for managed security services and EDR capability. Which of the following business documents should be released to the prospective vendors in the first step of the process? (Select TWO).
A. MSA
B. RFP
C. NDA
D. RFI
E. MOU
F. RFQ
View answer
Correct Answer: CD
Question #7
A hospital uses a legacy electronic medical record system that requires multicast for traffic between the application servers and databases on virtual hosts that support segments of the application. Following a switch upgrade, the electronic medical record is unavailable despite physical connectivity between the hypervisor and the storage being in place. The network team must enable multicast traffic to restore access to the electronic medical record. The ISM states that the network team must reduce the foo
A. VLAN201, VLAN202, VLAN400
B. VLAN201, VLAN202, VLAN700
C. VLAN201, VLAN202, VLAN400, VLAN680, VLAN700
D. VLAN400, VLAN680, VLAN700
View answer
Correct Answer: D
Question #8
When reviewing KRIs of the email security appliance with the Chief Information Security Officer (CISO) of an insurance company, the security engineer notices the following: Which of the following measures should the security engineer take to ensure PII is not intercepted in transit while also preventing interruption to business?
A. Quarantine emails sent to external domains containing PII and release after inspection
B. Prevent PII from being sent to domains that allow users to sign up for free webmail
C. Enable transport layer security on all outbound email communications and attachments
D. Provide security awareness training regarding transmission of PII
View answer
Correct Answer: C
Question #9
A network printer needs Internet access to function. Corporate policy states all devices allowed on the network must be authenticated. Which of the following is the MOST secure method to allow the printer on the network without violating policy?
A. Request an exception to the corporate policy from the risk management committee
B. Require anyone trying to use the printer to enter their username and password
C. Have a help desk employee sign in to the printer every morning
D. Issue a certificate to the printer and use certificate-based authentication
View answer
Correct Answer: D
Question #10
A recent penetration test identified that a web server has a major vulnerability. The web server hosts a critical shipping application for the company and requires 99.99% availability. Attempts to fix the vulnerability would likely break the application. The shipping application is due to be replaced in the next three months. Which of the following would BEST secure the web server until the replacement web server is ready?
A. Patch management
B. Antivirus
C. Application firewall
D. Spam filters
E. HIDS
View answer
Correct Answer: E
Question #11
A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet: Which of the following should the penetration tester conclude about the command output?
A. The public/private views on the Comptia
B. Comptia
C. The DNS SPF records have not been updated for Comptia
D. 192
View answer
Correct Answer: B
Question #12
An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions. Which of the following types of information could be drawn from such participation?
A. Threat modeling
B. Risk assessment
C. Vulnerability data
D. Threat intelligence
E. Risk metrics
F. Exploit frameworks
View answer
Correct Answer: F
Question #13
A security analyst is reviewing the corporate MDM settings and notices some disabled settings, which consequently permit users to download programs from untrusted developers and manually install them. After some conversations, it is confirmed that these settings were disabled to support the internal development of mobile applications. The security analyst is now recommending that developers and testers have a separate device profile allowing this, and that the rest of the organization’s users do not have th
A. OTA updates
B. Remote wiping
C. Side loading
D. Sandboxing
E. Containerization
F. Signed applications
View answer
Correct Answer: EF
Question #14
A security engineer has implemented an internal user access review tool so service teams can baseline user accounts and group memberships. The tool is functional and popular among its initial set of onboarded teams. However, the tool has not been built to cater to a broader set of internal teams yet. The engineer has sought feedback from internal stakeholders, and a list of summarized requirements is as follows: The tool needs to be responsive so service teams can query it, and then perform an automated res
A. Scalability
B. Latency
C. Availability
D. Usability
E. Recoverability
F. Maintainability
View answer
Correct Answer: BCE
Question #15
The Chief Information Security Officer (CISO) for an organization wants to develop custom IDS rulesets faster, prior to new rules being released by IDS vendors. Which of the following BEST meets this objective?
A. Identify a third-party source for IDS rules and change the configuration on the applicable IDSs to pull in the new rulesets
B. Encourage cybersecurity analysts to review open-source intelligence products and threat database to generate new IDS rules based on those sources
C. Leverage the latest TCP- and UDP-related RFCs to arm sensors and IDSs with appropriate heuristics for anomaly detection
D. Use annual hacking conventions to document the latest attacks and threats, and then develop IDS rules to counter those threats
View answer
Correct Answer: B
Question #16
The risk subcommittee of a corporate board typically maintains a master register of the most prominent risks to the company. A centralized holistic view of risk is particularly important to the corporate Chief Information Security Officer (CISO) because:
A. IT systems are maintained in silos to minimize interconnected risks and provide clear risk boundaries used to implement compensating controls
B. risks introduced by a system in one business unit can affect other business units in ways in which the individual business units have no awareness
C. corporate general counsel requires a single system boundary to determine overall corporate risk exposure
D. major risks identified by the subcommittee merit the prioritized allocation of scare funding to address cybersecurity concerns
View answer
Correct Answer: A
Question #17
A Chief Information Officer (CIO) publicly announces the implementation of a new financial system. As part of a security assessment that includes a social engineering task, which of the following tasks should be conducted to demonstrate the BEST means to gain information to use for a report on social vulnerability details about the financial system?
A. Call the CIO and ask for an interview, posing as a job seeker interested in an open position
B. Compromise the email server to obtain a list of attendees who responded to the invitation who is on the IT staff
C. Notify the CIO that, through observation at events, malicious actors can identify individuals to befriend
D. Understand the CIO is a social drinker, and find the means to befriend the CIO at establishments the CIO frequents
View answer
Correct Answer: D
Question #18
An organization is improving its web services to enable better customer engagement and self-service. The organization has a native mobile application and a rewards portal provided by a third party. The business wants to provide customers with the ability to log in once and have SSO between each of the applications. The integrity of the identity is important so it can be propagated through to back-end systems to maintain a consistent audit trail. Which of the following authentication and authorization types
A. SAML
B. Social login
C. OpenID connect
D. XACML
E. SPML
F. OAuth
View answer
Correct Answer: BC
Question #19
After the departure of a developer under unpleasant circumstances, the company is concerned about the security of the software to which the developer has access. Which of the following is the BEST way to ensure security of the code following the incident?
A. Hire an external red tem to conduct black box testing
B. Conduct a peer review and cross reference the SRTM
C. Perform white-box testing on all impacted finished products
D. Perform regression testing and search for suspicious code
View answer
Correct Answer: A
Question #20
A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence. The firm’s systems are running modern operating systems and feature UEFI and TPMs. Which of the following technical options would provide the MOST preventive value?
A. Update and deploy GPOs
B. Configure and use measured boot
C. Strengthen the password complexity requirements
D. Update the antivirus software and definitions
View answer
Correct Answer: D
Question #21
A systems administrator at a medical imaging company discovers protected health information (PHI) on a general purpose file server. Which of the following steps should the administrator take NEXT?
A. Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2
B. Immediately encrypt all PHI with AES 256
C. Delete all PHI from the network until the legal department is consulted
D. Consult the legal department to determine legal requirements
View answer
Correct Answer: B
Question #22
A systems administrator receives an advisory email that a recently discovered exploit is being used in another country and the financial institutions have ceased operations while they find a way to respond to the attack. Which of the following BEST describes where the administrator should look to find information on the attack to determine if a response must be prepared for the systems? (Choose two.)
A. Bug bounty websites
B. Hacker forums
C. Antivirus vendor websites
D. Trade industry association websites
E. CVE database
F. Company’s legal department
View answer
Correct Answer: EF
Question #23
During a security assessment, an organization is advised of inadequate control over network segmentation. The assessor explains that the organization’s reliance on VLANs to segment traffic is insufficient to provide segmentation based on regulatory standards. Which of the following should the organization consider implementing along with VLANs to provide a greater level of segmentation?
A. Air gaps
B. Access control lists
C. Spanning tree protocol
D. Network virtualization
E. Elastic load balancing
View answer
Correct Answer: D
Question #24
Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatment strategies. As part of the CISO’s evaluation, a judgment of potential impact based on the identified risk is performed. To prioritize response actions, the CISO uses past experience to take into account the exposure factor as well as the external accessibility of the weakness identified. Which of the following is the CISO performing?
A. Documentation of lessons learned
B. Quantitative risk assessment
C. Qualitative assessment of risk
D. Business impact scoring
E. Threat modeling
View answer
Correct Answer: B
Question #25
With which of the following departments should an engineer for a consulting firm coordinate when determining the control and reporting requirements for storage of sensitive, proprietary customer information?
A. Human resources
B. Financial
C. Sales
D. Legal counsel
View answer
Correct Answer: D
Question #26
A security engineer is assisting a developer with input validation, and they are studying the following code block: The security engineer wants to ensure strong input validation is in place for customer-provided account identifiers. These identifiers are ten-digit numbers. The developer wants to ensure input validation is fast because a large number of people use the system. Which of the following would be the BEST advice for the security engineer to give to the developer?
A. Replace code with Java-based type checks
B. Parse input into an array
C. Use regular expressions
D. Canonicalize input into string objects before validation
View answer
Correct Answer: C
Question #27
A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs. The program has highlighted the following requirements: 1. Long-lived sessions are required, as users do not log in very often. 2. The solution has multiple SPs, which include mobile and web applications. 3. A centralized IdP is utilized for all customer digital channels. 4. The applications provide different functionality types such as forums and
A. Social login to IdP, securely store the session cookies, and implement one-time passwords sent to the mobile device
B. Create-based authentication to IdP, securely store access tokens, and implement secure push notifications
C. Username and password authentication to IdP, securely store refresh tokens, and implement context-aware authentication
D. Username and password authentication to SP, securely store Java web tokens, and implement SMS OTPs
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: