DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

2024 Updated CompTIA CAS-003 Exam Questions & Practice Tests, CompTIA CASP+ Certification | SPOTO

Prepare for the CompTIA CASP+ Certification exam with SPOTO's updated practice tests and exam questions for 2024! Our comprehensive resources are meticulously crafted to help you succeed on the CAS-003 exam. Dive into our practice tests and sample questions, covering crucial topics like operating systems, security, software, and operational procedures. Access our exam dumps to reinforce your understanding and familiarize yourself with the exam format. Utilize our mock exams and exam simulator to simulate real exam conditions and enhance your confidence. With SPOTO's expertly curated exam materials and answers, you'll be thoroughly prepared to tackle any challenge on exam day. Trust SPOTO for the most effective resources and strategies to prepare for your CompTIA CASP+ Certification. Start your journey towards certification success with SPOTO today!

Take other online exams
Question #1
A web developer has implemented HTML5 optimizations into a legacy web application. One of the modifications the web developer made was the following client side optimization: localStorage.setItem(“session-cookie”, document.cookie); Which of the following should the security engineer recommend?
A. SessionStorage should be used so authorized cookies expire after the session ends
B. Cookies should be marked as “secure” and “HttpOnly”
C. Cookies should be scoped to a relevant domain/path
D. Client-side cookies should be replaced by server-side mechanisms
View answer
Correct Answer: C
Question #2
Ann, a member of the finance department at a large corporation, has submitted a suspicious email she received to the information security team. The team was not expecting an email from Ann, and it contains a PDF file inside a ZIP compressed archive. The information security learn is not sure which files were opened. A security team member uses an air-gapped PC to open the ZIP and PDF, and it appears to be a social engineering attempt to deliver an exploit. Which of the following would provide greater insig
A. Run an antivirus scan on the finance PC
B. Use a protocol analyzer on the air-gapped PC
C. Perform reverse engineering on the document
D. Analyze network logs for unusual traffic
E. Run a baseline analyzer against the user’s computer
View answer
Correct Answer: B
Question #3
A team is at the beginning stages of designing a new enterprise-wide application. The new application will have a large database and require a capital investment in hardware. The Chief Information Officer (СIO) has directed the team to save money and reduce the reliance on the datacenter, and the vendor must specialize in hosting large databases in the cloud. Which of the following cloud-hosting options would BEST meet these needs?
A. Multi-tenancy SaaS
B. Hybrid IaaS
C. Single-tenancy PaaS
D. Community IaaS
View answer
Correct Answer: C
Question #4
A software development team has spent the last 18 months developing a new web-based front-end that will allow clients to check the status of their orders as they proceed through manufacturing. The marketing team schedules a launch party to present the new application to the client base in two weeks. Before the launch, the security team discovers numerous flaws that may introduce dangerous vulnerabilities, allowing direct access to a database used by manufacturing. The development team did not plan to remedi
A. Implementing regression testing
B. Completing user acceptance testing
C. Verifying system design documentation
D. Using a SRTM
View answer
Correct Answer: D
Question #5
A security analyst has requested network engineers integrate sFlow into the SOC’s overall monitoring picture. For this to be a useful addition to the monitoring capabilities, which of the following must be considered by the engineering team?
A. Effective deployment of network taps
B. Overall bandwidth available at Internet PoP
C. Optimal placement of log aggregators
D. Availability of application layer visualizers
View answer
Correct Answer: D
Question #6
Two competing companies experienced similar attacks on their networks from various threat actors. To improve response times, the companies wish to share some threat intelligence about the sources and methods of attack. Which of the following business documents would be BEST to document this engagement?
A. Business partnership agreement
B. Memorandum of understanding
C. Service-level agreement
D. Interconnection security agreement
View answer
Correct Answer: D
Question #7
To meet a SLA, which of the following document should be drafted, defining the company’s internal interdependent unit responsibilities and delivery timelines.
A. BPA
B. OLA
C. MSA
D. MOU
View answer
Correct Answer: B
Question #8
A consultant is hired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessment will be considered successful if the consultant can discover the name of one of the IT administrators. Which of the following is MOST likely to produce the needed information?
A. Whois
B. DNS enumeration
C. Vulnerability scanner
D. Fingerprinting
View answer
Correct Answer: A
Question #9
A deployment manager is working with a software development group to assess the security of a new version of the organization’s internally developed ERP tool. The organization prefers to not perform assessment activities following deployment, instead focusing on assessing security throughout the life cycle. Which of the following methods would BEST assess the security of the product?
A. Static code analysis in the IDE environment
B. Penetration testing of the UAT environment
C. Vulnerability scanning of the production environment
D. Penetration testing of the production environment
E. Peer review prior to unit testing
View answer
Correct Answer: C
Question #10
Given the code snippet below: Which of the following vulnerability types in the MOST concerning?
A. Only short usernames are supported, which could result in brute forcing of credentials
B. Buffer overflow in the username parameter could lead to a memory corruption vulnerability
C. Hardcoded usernames with different code paths taken depend on which user is entered
D. Format string vulnerability is present for admin users but not for standard users
View answer
Correct Answer: B
Question #11
A company is developing requirements for a customized OS build that will be used in an embedded environment. The company procured hardware that is capable of reducing the likelihood of successful buffer overruns while executables are processing. Which of the following capabilities must be included for the OS to take advantage of this critical hardware-based countermeasure?
A. Application whitelisting
B. NX/XN bit
C. ASLR
D. TrustZone
E. SCP
View answer
Correct Answer: B
Question #12
A new cluster of virtual servers has been set up in a lab environment and must be audited before being allowed on the production network. The security manager needs to ensure unnecessary services are disabled and all system accounts are using strong credentials. Which of the following tools should be used? (Choose two.)
A. Fuzzer
B. SCAP scanner
C. Packet analyzer
D. Password cracker
E. Network enumerator
F. SIEM
View answer
Correct Answer: BF
Question #13
A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes. Which of the following controls would BEST mitigate the identified vulnerability?
A. Issue digital certificates to all users, including owners of group mailboxes, and enable S/MIME
B. Federate with an existing PKI provider, and reject all non-signed emails
C. Implement two-factor email authentication, and require users to hash all email messages upon receipt
D. Provide digital certificates to all systems, and eliminate the user group or shared mailboxes
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.