DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CompTIA CAS-003 Exam Success: Mock Tests & Study Resources, CompTIA CASP+ Certification | SPOTO

Achieve exam success in the CompTIA CAS-003 with our comprehensive mock tests and study resources. Our platform provides a wide array of resources, including practice tests, exam questions and answers, sample questions, and mock exams, meticulously designed to optimize your exam preparation journey. Developed by industry experts, our study materials cover essential topics such as risk management, enterprise security operations, architecture, research, collaboration, and integration of enterprise security, ensuring thorough comprehension and readiness. Whether you're in need of online exam questions or an exam simulator, our platform offers the necessary tools for effective exam practice. Elevate your confidence and proficiency with our curated exam materials. Start your preparation today and pave your way to success in obtaining the CASP+ certification with ease.
Take other online exams

Question #1
Which of the following represents important technical controls for securing a SAN storage infrastructure? (Select TWO).
A. Synchronous copy of data
B. RAID configuration
C. Data de-duplication
D. Storage pool space allocation
E. Port scanning
F. LUN masking/mapping G
View answer
Correct Answer: B
Question #2
An investigation showed a worm was introduced from an engineer’s laptop. It was determined the company does not provide engineers with company-owned laptops, which would be subject to a company policy and technical controls. Which of the following would be the MOST secure control implement?
A. Deploy HIDS on all engineer-provided laptops, and put a new router in the management network
B. Implement role-based group policies on the management network for client access
C. Utilize a jump box that is only allowed to connect to client from the management network
D. Deploy a company-wide approved engineering workstation for management acces
View answer
Correct Answer: C
Question #3
There have been some failures of the company’s internal facing website. A security engineer has found the WAF to be the root cause of the failures. System logs show that the WAF has been unavailable for 14 hours over the past month, in four separate situations. One of these situations was a two hour scheduled maintenance time, aimed at improving the stability of the WAF. Using the MTTR based on the last month’s performance figures, which of the following calculations is the percentage of uptime assuming the
A. 92
B. 98
C. 98
D. 99
View answer
Correct Answer: C
Question #4
During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy. Six months later, the company is audited for compliance to regulations. The audit discovers that 40 percent of the desktops do not meet requirements. Which of the following is the MOST likely cause of the noncompliance?
A. The devices are being modified and settings are being overridden in production
B. The patch management system is causing the devices to be noncompliant after issuing the latest patches
C. The desktop applications were configured with the default username and password
D. 40 percent of the devices use full disk encryptio
View answer
Correct Answer: A
Question #5
The IT Security Analyst for a small organization is working on a customer’s system and identifies a possible intrusion in a database that contains PII. Since PII is involved, the analyst wants to get the issue addressed as soon as possible. Which of the following is the FIRST step the analyst should take in mitigating the impact of the potential intrusion?
A. Contact the local authorities so an investigation can be started as quickly as possible
B. Shut down the production network interfaces on the server and change all of the DBMS account passwords
C. Disable the front-end web server and notify the customer by email to determine how the customer would like to proceed
D. Refer the issue to management for handling according to the incident response proces
View answer
Correct Answer: C
Question #6
The finance department for an online shopping website has discovered that a number of customers were able to purchase goods and services without any payments. Further analysis conducted by the security investigations team indicated that the website allowed customers to update a payment amount for shipping. A specially crafted value could be entered and cause a roll over, resulting in the shipping cost being subtracted from the balance and in some instances resulted in a negative balance. As a result, the sy
A. Race condition
B. Click-jacking
C. Integer overflow
D. Use after free
E. SQL injection
View answer
Correct Answer: D
Question #7
A malware infection spread to numerous workstations within the marketing department. The workstations were quarantined and replaced with machines. Which of the following represents a FINAL step in the prediction of the malware?
A. The workstations should be isolated from the network
B. The workstations should be donated for refuse
C. The workstations should be reimaged
D. The workstations should be patched and scanne
View answer
Correct Answer: B
Question #8
A security administrator is assessing a new application. The application uses an API that is supposed to encrypt text strings that are stored in memory. How might the administrator test that the strings are indeed encrypted in memory?
A. Use fuzzing techniques to examine application inputs
B. Run nmap to attach to application memory
C. Use a packet analyzer to inspect the strings
D. Initiate a core dump of the application
E. Use an HTTP interceptor to capture the text strings
View answer
Correct Answer: A
Question #9
An insurance company is looking to purchase a smaller company in another country. Which of the following tasks would the security administrator perform as part of the security due diligence?
A. Review switch and router configurations
B. Review the security policies and standards
C. Perform a network penetration test
D. Review the firewall rule set and IPS logs
View answer
Correct Answer: C
Question #10
During the decommissioning phase of a hardware project, a security administrator is tasked with ensuring no sensitive data is released inadvertently. All paper records are scheduled to be shredded in a crosscut shredded, and the waste will be burned. The system drives and removable media have been removed prior to e-cycling the hardware. Which of the following would ensure no data is recovered from the system droves once they are disposed of?
A. Overwriting all HDD blocks with an alternating series of data
B. Physically disabling the HDDs by removing the dive head
C. Demagnetizing the hard drive using a degausser
D. Deleting the UEFI boot loaders from each HD
View answer
Correct Answer: D
Question #11
A developer is determining the best way to improve security within the code being developed. The developer is focusing on input fields where customers enter their credit card details. Which of the following techniques, if implemented in the code, would be the MOST effective in protecting the fields from malformed input?
A. Client side input validation
B. Stored procedure
C. Encrypting credit card details
D. Regular expression matching
View answer
Correct Answer: C
Question #12
The technology steering committee is struggling with increased requirements stemming from an increase in telecommuting. The organization has not addressed telecommuting in the past. The implementation of a new SSL-VPN and a VOIP phone solution enables personnel to work from remote locations with corporate assets. Which of the following steps must the committee take FIRST to outline senior management’s directives?
A. Develop an information classification scheme that will properly secure data on corporate systems
B. Implement database views and constrained interfaces so remote users will be unable to access PII from personal equipment
C. Publish a policy that addresses the security requirements for working remotely with company equipment
D. Work with mid-level managers to identify and document the proper procedures for telecommuting
View answer
Correct Answer: B
Question #13
The latest independent research shows that cyber attacks involving SCADA systems grew an average of 15% per year in each of the last four years, but that this year’s growth has slowed to around 7%. Over the same time period, the number of attacks against applications has decreased or stayed flat each year. At the start of the measure period, the incidence of PC boot loader or BIOS based attacks was negligible. Starting two years ago, the growth in the number of PC boot loader attacks has grown exponentially
A. Spending on SCADA protections should stay steady; application control spending should increase substantially and spending on PC boot loader controls should increase substantially
B. Spending on SCADA security controls should stay steady; application control spending should decrease slightly and spending on PC boot loader protections should increase substantially
C. Spending all controls should increase by 15% to start; spending on application controls should be suspended, and PC boot loader protection research should increase by 100%
D. Spending on SCADA security controls should increase by 15%; application control spending should increase slightly, and spending on PC boot loader protections should remain steady
View answer
Correct Answer: A
Question #14
A company decides to purchase commercially available software packages. This can introduce new security risks to the network. Which of the following is the BEST description of why this is true?
A. Commercially available software packages are typically well known and widely available
B. Commercially available software packages are often widely availabl
C. Information concerning vulnerabilities is often kept internal to the company that developed the software
D. Commercially available software packages are not widespread and are only available in limited area
E. Information concerning vulnerabilities is often ignored by business managers
F. Commercially available software packages are well known and widely availabl G
View answer
Correct Answer: A
Question #15
The following has been discovered in an internally developed application: Error - Memory allocated but not freed: char *myBuffer = malloc(BUFFER_SIZE); if (myBuffer != NULL) { *myBuffer = STRING_WELCOME_MESSAGE; printf(“Welcome to: %s\n”, myBuffer); } exit(0); Which of the following security assessment methods are likely to reveal this security weakness? (Select TWO).
A. Static code analysis
B. Memory dumping
C. Manual code review
D. Application sandboxing
E. Penetration testing
F. Black box testing
View answer
Correct Answer: B
Question #16
A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three changes to deploy a new application onto the network before it is operational. Security now has a significant effect on overall availability. Which of the following would be the FIRST process to perform as a result of these findings?
A. Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solutio
B. Reuse the firewall infrastructure on other projects
C. Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issue
D. Decrease the current SLA expectations to match the new solution
E. Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirement
F. As part of the review ask them to review the control effectiveness
View answer
Correct Answer: A
Question #17
An administrator wants to enable policy based filexible mandatory access controls on an open source OS to prevent abnormal application modifications or executions. Which of the following would BEST accomplish this?
A. Access control lists
B. SELinux
C. IPtables firewall
D. HIPS
View answer
Correct Answer: A
Question #18
After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of the following would help meet these goals by having co-workers occasionally audit another worker's position?
A. Least privilege
B. Job rotation
C. Mandatory vacation
D. Separation of duties
View answer
Correct Answer: B
Question #19
Which of the following would be used in forensic analysis of a compromised Linux system? (Select THREE).
A. Check log files for logins from unauthorized IPs
B. Check /proc/kmem for fragmented memory segments
C. Check for unencrypted passwords in /etc/shadow
D. Check timestamps for files modified around time of compromise
E. Use lsof to determine files with future timestamps
F. Use gpg to encrypt compromised data files
View answer
Correct Answer: B
Question #20
The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router’s external interface is maxed out. The security engineer then inspects the followi
A. After the senior engineer used a network analyzer to identify an active Fraggle attack, the company’s ISP should be contacted and instructed to block the malicious packets
B. After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication
C. After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGPsinkhole should be configured to drop traffic at the source networks
D. After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the company’s external router to block incoming UDP port 19 traffic
View answer
Correct Answer: D
Question #21
The Chief Information Security Officer (CISO) at a company knows that many users store business documents on public cloud-based storage, and realizes this is a risk to the company. In response, the CISO implements a mandatory training course in which all employees are instructed on the proper use of cloud-based storage. Which of the following risk strategies did the CISO implement?
A. Avoid
B. Accept
C. Mitigate
D. Transfer
View answer
Correct Answer: AB
Question #22
A large enterprise acquires another company which uses antivirus from a different vendor. The CISO has requested that data feeds from the two different antivirus platforms be combined in a way that allows management to assess and rate the overall effectiveness of antivirus across the entire organization. Which of the following tools can BEST meet the CISO’s requirement?
A. GRC
B. IPS
C. CMDB
D. Syslog-ng
E. IDS
View answer
Correct Answer: FG

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: