DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CompTIA CAS-003 Dumps & Mock Exam for Success, CompTIA CASP+ Certification | SPOTO

Achieve success in the CompTIA CAS-003 exam with our comprehensive dumps and mock exams tailored for success. Our platform offers a range of resources, including exam dumps, mock exams, practice tests, and exam questions and answers, designed to optimize your exam preparation. Developed by experts, our materials cover key topics such as risk management, enterprise security operations, architecture, research, collaboration, and integration of enterprise security. Whether you're seeking online exam questions or an exam simulator, our platform provides the necessary tools for effective exam practice. Elevate your confidence and proficiency with our curated exam materials. Start your preparation today and pave your way to success in obtaining the CASP+ certification with ease.
Take other online exams
Question #1
A systems administrator at a medical imaging company discovers protected health information (PHI) on a general purpose file server. Which of the following steps should the administrator take NEXT?
A. Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2
B. Immediately encrypt all PHI with AES 256
C. Delete all PHI from the network until the legal department is consulted
D. Consult the legal department to determine legal requirements
View answer
Correct Answer: C
Question #2
The Chief Financial Officer (CFO) of a major hospital system has received a ransom letter that demands a large sum of cryptocurrency be transferred to an anonymous account. If the transfer does not take place within ten hours, the letter states that patient information will be released on the dark web. A partial listing of recent patients is included in the letter. This is the first indication that a breach took place. Which of the following steps should be done FIRST?
A. Review audit logs to determine the extent of the breach
B. Pay the hacker under the condition that all information is destroyed
C. Engage a counter-hacking team to retrieve the data
D. Notify the appropriate legal authorities and legal counsel
View answer
Correct Answer: D
Question #3
Following a recent network intrusion, a company wants to determine the current security awareness of all of its employees. Which of the following is the BEST way to test awareness?
A. Conduct a series of security training events with comprehensive tests at the end
B. Hire an external company to provide an independent audit of the network security posture
C. Review the social media of all employees to see how much proprietary information is shared
D. Send an email from a corporate account, requesting users to log onto a website with their enterprise account
View answer
Correct Answer: B
Question #4
Within the past six months, a company has experienced a series of attacks directed at various collaboration tools. Additionally, sensitive information was compromised during a recent security breach of a remote access session from an unsecure site. As a result, the company is requiring all collaboration tools to comply with the following: Secure messaging between internal users using digital signatures Secure sites for video-conferencing sessions Presence information for all office employees Restriction of
A. Remote desktop
B. VoIP
C. Remote assistance
D. Email
E. Instant messaging
F. Social media websites
View answer
Correct Answer: BE
Question #5
A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate RTO and RPO for the organization’s ERP. Which of the following should the CISO interview as MOST qualified to provide RTO/RPO metrics?
A. Data custodian
B. Data owner
C. Security analyst
D. Business unit director
E. Chief Executive Officer (CEO)
View answer
Correct Answer: D
Question #6
First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss in a rush to isolate the three hosts that were calling out to the NAS to encrypt whole directories, the hosts were shut down immediately without investigation and then isolated. Which of the following were missed? (Choose two.)
A. CPU, process state tables, and main memory dumps
B. Essential information needed to perform data restoration to a known clean state
C. Temporary file system and swap space
D. Indicators of compromise to determine ransomware encryption
E. Chain of custody information needed for investigation
View answer
Correct Answer: DE
Question #7
A Chief Information Security Officer (CISO) is working with a consultant to perform a gap assessment prior to an upcoming audit. It is determined during the assessment that the organization lacks controls to effectively assess regulatory compliance by third-party service providers. Which of the following should be revised to address this gap?
A. Privacy policy
B. Work breakdown structure
C. Interconnection security agreement
D. Vendor management plan
E. Audit report
View answer
Correct Answer: D
Question #8
A security assessor is working with an organization to review the policies and procedures associated with managing the organization’s virtual infrastructure. During a review of the virtual environment, the assessor determines the organization is using servers to provide more than one primary function, which violates a regulatory requirement. The assessor reviews hardening guides and determines policy allows for this configuration. It would be MOST appropriate for the assessor to advise the organization to:
A. segment dual-purpose systems on a hardened network segment with no external access
B. assess the risks associated with accepting non-compliance with regulatory requirements
C. update system implementation procedures to comply with regulations
D. review regulatory requirements and implement new policies on any newly provisioned servers
View answer
Correct Answer: A
Question #9
A user workstation was infected with a new malware variant as a result of a drive-by download. The security administrator reviews key controls on the infected workstation and discovers the following: Which of the following would BEST prevent the problem from reoccurring in the future? (Choose two.)
A. Install HIPS
B. Enable DLP
C. Install EDR
D. Install HIDS
E. Enable application blacklisting
F. Improve patch management processes
View answer
Correct Answer: B
Question #10
A newly hired Chief Information Security Officer (CISO) is reviewing the organization’s security budget from the previous year. The CISO notices $100,000 worth of fines were paid for not properly encrypting outbound email messages. The CISO expects next year’s costs associated with fines to double and the volume of messages to increase by 100%. The organization sent out approximately 25,000 messages per year over the last three years. Given the table below: Which of the following would be BEST for the CISO
A. A budget line for DLP Vendor A
B. A budget line for DLP Vendor B
C. A budget line for DLP Vendor C
D. A budget line for DLP Vendor D
E. A budget line for paying future fines
View answer
Correct Answer: E
Question #11
An engineer is assisting with the design of a new virtualized environment that will house critical company services and reduce the datacenter’s physical footprint. The company has expressed concern about the integrity of operating systems and wants to ensure a vulnerability exploited in one datacenter segment would not lead to the compromise of all others. Which of the following design objectives should the engineer complete to BEST mitigate the company’s concerns? (Choose two.)
A. Deploy virtual desktop infrastructure with an OOB management network
B. Employ the use of vTPM with boot attestation
C. Leverage separate physical hardware for sensitive services and data
D. Use a community CSP with independently managed security services
E. Deploy to a private cloud with hosted hypervisors on each physical machine
View answer
Correct Answer: BE
Question #12
While investigating suspicious activity on a server, a security administrator runs the following report: In addition, the administrator notices changes to the /etc/shadow file that were not listed in the report. Which of the following BEST describe this scenario? (Choose two.)
A. An attacker compromised the server and may have used a collision hash in the MD5 algorithm to hide the changes to the /etc/shadow file
B. An attacker compromised the server and may have also compromised the file integrity database to hide the changes to the /etc/shadow file
C. An attacker compromised the server and may have installed a rootkit to always generate valid MD5 hashes to hide the changes to the /etc/shadow file
D. An attacker compromised the server and may have used MD5 collision hashes to generate valid passwords, allowing further access to administrator accounts on the server
E. An attacker compromised the server and may have used SELinux mandatory access controls to hide the changes to the /etc/shadow file
View answer
Correct Answer: D
Question #13
A development team is testing an in-house-developed application for bugs. During the test, the application crashes several times due to null pointer exceptions. Which of the following tools, if integrated into an IDE during coding, would identify these bugs routinely?
A. Issue tracker
B. Static code analyzer
C. Source code repository
D. Fuzzing utility
View answer
Correct Answer: D
Question #14
A security engineer is employed by a hospital that was recently purchased by a corporation. Throughout the acquisition process, all data on the virtualized file servers must be shared by departments within both organizations. The security engineer considers data ownership to determine:
A. the amount of data to be moved
B. the frequency of data backups
C. which users will have access to which data
D. when the file server will be decommissioned
View answer
Correct Answer: C
Question #15
The Chief Information Security Officer (CISO) suspects that a database administrator has been tampering with financial data to the administrator’s advantage. Which of the following would allow a third-party consultant to conduct an on-site review of the administrator’s activity?
A. Separation of duties
B. Job rotation
C. Continuous monitoring
D. Mandatory vacation
View answer
Correct Answer: A
Question #16
A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization’s vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to the organization. The CISO determines systems administrators need to participate in industry security events. Which of the following is the CISO looking to improve?
A. Vendor diversification
B. System hardening standards
C. Bounty programs
D. Threat awareness
E. Vulnerability signatures
View answer
Correct Answer: D
Question #17
A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior. The company must deploy a host solution to meet the following requirements: Detect administrative actions Block unwanted MD5 hashes Provide alerts Stop exfiltration of cardholder data Which of the following solutions would BEST meet these requirements? (Choose two.)
A. AV
B. EDR
C. HIDS
D. DLP
E. HIPS
F. EFS
View answer
Correct Answer: BE
Question #18
A security analyst is reviewing the following packet capture of communication between a host and a company’s router: Which of the following actions should the security analyst take to remove this vulnerability?
A. Update the router code
B. Implement a router ACL
C. Disconnect the host from the network
D. Install the latest antivirus definitions
E. Deploy a network-based IPS
View answer
Correct Answer: B
Question #19
A Chief Security Officer (CSO) is reviewing the organization’s incident response report from a recent incident. The details of the event indicate: 1. A user received a phishing email that appeared to be a report from the organization’s CRM tool. 2. The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool. 3. The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials. 4. Several weeks l
A. Security awareness training
B. Last login verification
C. Log correlation
D. Time-of-check controls
E. Time-of-use controls
F. WAYF-based authentication
View answer
Correct Answer: A
Question #20
A security technician receives a copy of a report that was originally sent to the board of directors by the Chief Information Security Officer (CISO). The report outlines the following KPVKRI data for the last 12 months: Which of the following BEST describes what could be interpreted from the above data?
A. 1
B. 1
C. 1
D. 1
View answer
Correct Answer: A
Question #21
The finance department has started to use a new payment system that requires strict PII security restrictions on various network devices. The company decides to enforce the restrictions and configure all devices appropriately. Which of the following risk response strategies is being used?
A. Avoid
B. Mitigate
C. Transfer
D. Accept
View answer
Correct Answer: D
Question #22
While conducting a BIA for a proposed acquisition, the IT integration team found that both companies outsource CRM services to competing and incompatible third-party cloud services. The decision has been made to bring the CRM service in-house, and the IT team has chosen a future solution. With which of the following should the Chief Information Security Officer (CISO) be MOST concerned? (Choose two.)
A. Data remnants
B. Sovereignty
C. Compatible services
D. Storage encryption
E. Data migration
F. Chain of custody
View answer
Correct Answer: CE
Question #23
An internal penetration tester was assessing a recruiting page for potential issues before it was pushed to the production website. The penetration tester discovers an issue that must be corrected before the page goes live. The web host administrator collects the log files below and gives them to the development team so improvements can be made to the security design of the website. Which of the following types of attack vector did the penetration tester use?
A. SQLi
B. CSRF
C. Brute force
D. XSS
E. TOC/TOU
View answer
Correct Answer: B
Question #24
An organization is in the process of integrating its operational technology and information technology areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents. The following observations have been identified: 1. The ICS supplier has specified that any software installed will result in lack of support. 2. There is no documented trust
A. VNC, router, and HIPS
B. SIEM, VPN, and firewall
C. Proxy, VPN, and WAF
D. IDS, NAC, and log monitoring
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.