DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CompTIA CAS-003 Exam Prep: Study Materials & Mock Tests, CompTIA CASP+ Certification | SPOTO

Prepare efficiently for the CompTIA CAS-003 exam with our comprehensive study materials and mock tests. Our platform offers a wide range of resources, including practice tests, exam questions and answers, sample questions, and mock exams, tailored to enhance your exam preparation experience. Developed by industry experts, our study materials cover key topics such as risk management, enterprise security operations, architecture, research, collaboration, and integration of enterprise security, ensuring thorough understanding and readiness. Whether you're looking for online exam questions or an exam simulator, our platform provides the necessary tools for effective exam practice. Elevate your confidence and proficiency with our curated exam materials. Start your preparation today and maximize your chances of success in obtaining the CASP+ certification with ease.
Take other online exams

Question #1
A Chief Financial Officer (CFO) has raised concerns with the Chief Information Security Officer (CISO) because money has been spent on IT security infrastructure, but corporate assets are still found to be vulnerable. The business recently funded a patch management product and SOE hardening initiative. A third party auditor reported findings against the business because some systems were missing patches. Which of the following statements BEST describes this situation?
A. The CFO is at fault because they are responsible for patching the systems and have already been given patch management and SOE hardening products
B. The audit findings are invalid because remedial steps have already been applied to patch servers and the remediation takes time to complete
C. The CISO has not selected the correct controls and the audit findings should be assigned to them instead of the CFO
D. Security controls are generally never 100% effective and gaps should be explained to stakeholders and managed accordingly
View answer
Correct Answer: D
Question #2
The source workstation image for new accounting PCs has begun blue-screening. A technician notices that the date/time stamp of the image source appears to have changed. The desktop support director has asked the Information Security department to determine if any changes were made to the source image. Which of the following methods would BEST help with this process? (Select TWO).
A. Retrieve source system image from backup and run file comparison analysis on the two images
B. Parse all images to determine if extra data is hidden using steganography
C. Calculate a new hash and compare it with the previously captured image hash
D. Ask desktop support if any changes to the images were made
E. Check key system files to see if date/time stamp is in the past six month
View answer
Correct Answer: C
Question #3
A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented. The CISO wants to know upfront what the projected TCO would be before looking further into this concern. Two vendor proposals have been received: Vendor A: product-based solution which can be purchased by the pharmaceutical company. Capital expenses to cover central log collectors, correlators, storage and management consoles expected to be $150,000. Operational expenses are expected to be a 0.5 full time employee
A. Based on cost alone, having an outsourced solution appears cheaper
B. Based on cost alone, having an outsourced solution appears to be more expensive
C. Based on cost alone, both outsourced an in-sourced solutions appear to be the same
D. Based on cost alone, having a purchased product solution appears cheape
View answer
Correct Answer: C
Question #4
A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. Where would the consultant find this information and why would it be valuable?
A. This information can be found in global routing tables, and is valuable because backupconnections typically do not have perimeter protection as strong as the primary connection
B. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network
C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections
D. This information can be found by querying the network’s DNS servers, and is valuable because backup DNS servers typically allow recursive queries from Internet hosts
View answer
Correct Answer: A
Question #5
A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?
A. The malware file’s modify, access, change time properties
B. The timeline analysis of the file system
C. The time stamp of the malware in the swap file
D. The date/time stamp of the malware detection in the antivirus log
View answer
Correct Answer: BD
Question #6
A security consultant is improving the physical security of a sensitive site and takes pictures of the unbranded building to include in the report. Two weeks later, the security consultant misplaces the phone, which only has one hour of charge left on it. The person who finds the phone removes the MicroSD card in an attempt to discover the owner to return it. The person extracts the following data from the phone and EXIF data from some files: DCIM Images folder Audio books folder Torrentz My TAX.xls Consult
A. MicroSD in not encrypted and also contains personal data
B. MicroSD contains a mixture of personal and work data
C. MicroSD in not encrypted and contains geotagging information
D. MicroSD contains pirated software and is not encrypte
View answer
Correct Answer: A
Question #7
As part of an organization’s compliance program, administrators must complete a hardening checklist and note any potential improvements. The process of noting improvements in the checklist is MOST likely driven by:
A. the collection of data as part of the continuous monitoring program
B. adherence to policies associated with incident response
C. the organization’s software development life cycle
D. changes in operating systems or industry trend
View answer
Correct Answer: A
Question #8
A bank is in the process of developing a new mobile application. The mobile client renders content and communicates back to the company servers via REST/JSON calls. The bank wants to ensure that the communication is stateless between the mobile application and the web services gateway. Which of the following controls MUST be implemented to enable stateless communication?
A. Generate a one-time key as part of the device registration process
B. Require SSL between the mobile application and the web services gateway
C. The jsession cookie should be stored securely after authentication
D. Authentication assertion should be stored securely on the clien
View answer
Correct Answer: C
Question #9
Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client and server components of the proprietary web application before launch. Which of the following is the penetration tester MOST likely to use while performing black box testing of the security of the company’s purchased application? (Select TWO).
A. Code review
B. Sandbox
C. Local proxy
D. Fuzzer
E. Port scanner
View answer
Correct Answer: D
Question #10
ABC Corporation uses multiple security zones to protect systems and information, and all of the VM hosts are part of a consolidated VM infrastructure. Each zone has different VM administrators. Which of the following restricts different zone administrators from directly accessing the console of a VM host from another zone?
A. Ensure hypervisor layer firewalling between all VM hosts regardless of security zone
B. Maintain a separate virtual switch for each security zone and ensure VM hosts bind to only the correct virtual NIC(s)
C. Organize VM hosts into containers based on security zone and restrict access using an ACL
D. Require multi-factor authentication when accessing the console at the physical VM hos
View answer
Correct Answer: AC
Question #11
The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO).
A. Block traffic from the ISP’s networks destined for blacklisted IPs
B. Prevent the ISP’s customers from querying DNS servers other than those hosted by the ISP
C. Scan the ISP’s customer networks using an up-to-date vulnerability scanner
D. Notify customers when services they run are involved in an attack
E. Block traffic with an IP source not allocated to customers from exiting the ISP's network
View answer
Correct Answer: B
Question #12
A company has issued a new mobile device policy permitting BYOD and company-issued devices. The company-issued device has a managed middleware client that restricts the applications allowed on company devices and provides those that are approved. The middleware client provides configuration standardization for both company owned and BYOD to secure data and communication to the device according to industry best practices. The policy states that, “BYOD clients must meet the company’s infrastructure requiremen
A. Asset management
B. IT governance
C. Change management
D. Transference of risk
View answer
Correct Answer: A
Question #13
At 9:00 am each morning, all of the virtual desktops in a VDI implementation become extremely slow and/or unresponsive. The outage lasts for around 10 minutes, after which everything runs properly again. The administrator has traced the problem to a lab of thin clients that are all booted at 9:00 am each morning. Which of the following is the MOST likely cause of the problem and the BEST solution? (Select TWO).
A. Add guests with more memory to increase capacity of the infrastructure
B. A backup is running on the thin clients at 9am every morning
C. Install more memory in the thin clients to handle the increased load while booting
D. Booting all the lab desktops at the same time is creating excessive I/O
E. Install 10-Gb uplinks between the hosts and the lab to increase network capacity
F. Install faster SSD drives in the storage system used in the infrastructure
View answer
Correct Answer: DEF
Question #14
The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to the RFQ. Which of the following questions is the MOST important?
A. What are the protections against MITM?
B. What accountability is built into the remote support application?
C. What encryption standards are used in tracking database?
D. What snapshot or “undo” features are present in the application?
E. What encryption standards are used in remote desktop and file transfer functionality?
View answer
Correct Answer: AD
Question #15
A security administrator has noticed that an increased number of employees’ workstations are becoming infected with malware. The company deploys an enterprise antivirus system as well as a web content filter, which blocks access to malicious web sites where malware files can be downloaded. Additionally, the company implements technical measures to disable external storage. Which of the following is a technical control that the security administrator should implement next to reduce malware infection?
A. Implement an Acceptable Use Policy which addresses malware downloads
B. Deploy a network access control system with a persistent agent
C. Enforce mandatory security awareness training for all employees and contractors
D. Block cloud-based storage software on the company networ
View answer
Correct Answer: B
Question #16
The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the company’s wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Which of the following are MOST important to include w
A. Business or technical justification for not implementing the requirements
B. Risks associated with the inability to implement the requirements
C. Industry best practices with respect to the technical implementation of the current controls
D. All sections of the policy that may justify non-implementation of the requirements
E. A revised DRP and COOP plan to the exception form
F. Internal procedures that may justify a budget submission to implement the new requirement
View answer
Correct Answer: A
Question #17
An insurance company has an online quoting system for insurance premiums. It allows potential customers to fill in certain details about their car and obtain a quote. During an investigation, the following patterns were detected: Pattern 1 – Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated. Pattern 2 – For every quote completed, a new customer number is created; due to legacy systems, customer numbers are running out. Whi
A. Apply a hidden field that triggers a SIEM alert
B. Cross site scripting attack
C. Resource exhaustion attack
D. Input a blacklist of all known BOT malware IPs into the firewall
E. SQL injection
F. Implement an inline WAF and integrate into SIEM G
View answer
Correct Answer: C
Question #18
A company is facing penalties for failing to effectively comply with e-discovery requests. Which of the following could reduce the overall risk to the company from this issue?
A. Establish a policy that only allows filesystem encryption and disallows the use of individual file encryption
B. Require each user to log passwords used for file encryption to a decentralized repository
C. Permit users to only encrypt individual files using their domain password and archive all old user passwords
D. Allow encryption only by tools that use public keys from the existing escrowed corporate PK
View answer
Correct Answer: A
Question #19
A company sales manager received a memo from the company’s financial department which stated that the company would not be putting its software products through the same security testing as previous years to reduce the research and development cost by 20 percent for the upcoming year. The memo also stated that the marketing material and service level agreement for each product would remain unchanged. The sales manager has reviewed the sales goals for the upcoming year and identified an increased target acro
A. Discuss the issue with the software product's user groups
B. Consult the company’s legal department on practices and law
C. Contact senior finance management and provide background information
D. Seek industry outreach for software practices and law
View answer
Correct Answer: CD
Question #20
A system worth $100,000 has an exposure factor of eight percent and an ARO of four. Which of the following figures is the system’s SLE?
A. $2,000
B. $8,000
C. $12,000
D. $32,000
View answer
Correct Answer: ABG
Question #21
A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization’s customer database. The database will be accessed by both the company’s users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO).
A. Physical penetration test of the datacenter to ensure there are appropriate controls
B. Penetration testing of the solution to ensure that the customer data is well protected
C. Security clauses are implemented into the contract such as the right to audit
D. Review of the organizations security policies, procedures and relevant hosting certifications
E. Code review of the solution to ensure that there are no back doors located in the softwar
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: