DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Comprehensive CompTIA CAS-003 Practice Tests and Exam Resources, CompTIA CASP+ Certification | SPOTO

Prepare comprehensively for the CompTIA CASP+ Certification exam with SPOTO's extensive resources, including practice tests and exam materials! Our meticulously curated collection of practice tests and sample questions covers all essential topics required for the CAS-003 exam. Access our exam dumps to reinforce your understanding and become familiar with the exam format. Utilize our mock exams and exam simulator to simulate real exam scenarios and enhance your confidence. With SPOTO's expertly crafted exam materials and answers, you'll be fully prepared to tackle any challenge on exam day. Trust SPOTO to provide you with the most effective exam preparation resources and strategies tailored to your CompTIA CASP+ Certification journey. Start your preparation with SPOTO today and pave your way to success in achieving your certification goals!
Take other online exams

Question #1
Ann, a terminated employee, left personal photos on a company-issued laptop and no longer has access to them. Ann emails her previous manager and asks to get her personal photos back. Which of the following BEST describes how the manager should respond?
A. Determine if the data still exists by inspecting to ascertain if the laptop has already been wiped and if the storage team has recent backups
B. Inform Ann that the laptop was for company data only and she should not have stored personal photos on a company asset
C. Report the email because it may have been a spoofed request coming from an attacker who is trying to exfiltrate data from the company laptop
D. Consult with the legal and/or human resources department and check company policies around employment and termination procedures
View answer
Correct Answer: D

View The Updated CAS-003 Exam Questions

SPOTO Provides 100% Real CAS-003 Exam Questions for You to Pass Your CAS-003 Exam!

Question #2
A security analyst who is concerned about sensitive data exfiltration reviews the following: Which of the following tools would allow the analyst to confirm if data exfiltration is occuring?
A. Port scanner
B. SCAP tool
C. File integrity monitor
D. Protocol analyzer
View answer
Correct Answer: BF
Question #3
A security engineer is attempting to convey the importance of including job rotation in a company’s standard security policies. Which of the following would be the BEST justification?
A. Making employees rotate through jobs ensures succession plans can be implemented and prevents single points of failure
B. Forcing different people to perform the same job minimizes the amount of time malicious actions go undetected by forcing malicious actors to attempt collusion between two or more people
C. Administrators and engineers who perform multiple job functions throughout the day benefit from being cross-trained in new job areas
D. It eliminates the need to share administrative account passwords because employees gain administrative rights as they rotate into a new job area
View answer
Correct Answer: C
Question #4
After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees’ devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees’ devices into the network securely?
A. Distribute a NAC client and use the client to push the company’s private key to all the new devices
B. Distribute the device connection policy and a unique public/private key pair to each new employee’s device
C. Install a self-signed SSL certificate on the company’s RADIUS server and distribute the certificate’s public key to all new client devices
D. Install an 802
View answer
Correct Answer: D
Question #5
A consulting firm was hired to conduct assessment for a company. During the first stage, a penetration tester used a tool that provided the following output: TCP 80 open TCP 443 open TCP 1434 filtered The penetration tester then used a different tool to make the following requests: GET / script/login.php?token=45$MHT000MND876 GET / script/login.php?token=@#984DCSPQ%091DF Which of the following tools did the penetration tester use?
A. Protocol analyzer
B. Port scanner
C. Fuzzer
D. Brute forcer
E. Log analyzer
F. HTTP interceptor
View answer
Correct Answer: B
Question #6
A company is transitioning to a new VDI environment, and a system engineer is responsible for developing a sustainable security strategy for the VDIs. Which of the following is the MOST appropriate order of steps to be taken?
A. Firmware update, OS patching, HIDS, antivirus, baseline, monitoring agent
B. OS patching, baseline, HIDS, antivirus, monitoring agent, firmware update
C. Firmware update, OS patching, HIDS, antivirus, monitoring agent, baseline
D. Baseline, antivirus, OS patching, monitoring agent, HIDS, firmware update
View answer
Correct Answer: A
Question #7
A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable. Which of the following solutions BEST meets all of the architect’s objectives?
A. An internal key infrastructure that allows users to digitally sign transaction logs
B. An agreement with an entropy-as-a-service provider to increase the amount of randomness in generated keys
C. A publicly verified hashing algorithm that allows revalidation of message integrity at a future date
D. An open distributed transaction ledger that requires proof of work to append entries
View answer
Correct Answer: A
Question #8
After several industry competitors suffered data loss as a result of cyberattacks, the Chief Operating Officer (COO) of a company reached out to the information security manager to review the organization’s security stance. As a result of the discussion, the COO wants the organization to meet the following criteria: Blocking of suspicious websites Prevention of attacks based on threat intelligence Reduction in spam Identity-based reporting to meet regulatory compliance Prevention of viruses based on signatu
A. Reconfigure existing IPS resources
B. Implement a WAF
C. Deploy a SIEM solution
D. Deploy a UTM solution
E. Implement an EDR platform
View answer
Correct Answer: D
Question #9
A forensic analyst suspects that a buffer overflow exists in a kernel module. The analyst executes the following command: However, the analyst is unable to find any evidence of the running shell. Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell?
A. The NX bit is enabled
B. The system uses ASLR
C. The shell is obfuscated
D. The code uses dynamic libraries
View answer
Correct Answer: C
Question #10
An organization has recently deployed an EDR solution across its laptops, desktops, and server infrastructure. The organization’s server infrastructure is deployed in an IaaS environment. A database within the non-production environment has been misconfigured with a routable IP and is communicating with a command and control server. Which of the following procedures should the security responder apply to the situation? (Choose two.)
A. Contain the server
B. Initiate a legal hold
C. Perform a risk assessment
D. Determine the data handling standard
E. Disclose the breach to customers
F. Perform an IOC sweep to determine the impact
View answer
Correct Answer: D
Question #11
A company has created a policy to allow employees to use their personally owned devices. The Chief Information Security Officer (CISO) is getting reports of company data appearing on unapproved forums and an increase in theft of personal electronic devices. Which of the following security controls would BEST reduce the risk of exposure?
A. Disk encryption on the local drive
B. Group policy to enforce failed login lockout
C. Multifactor authentication
D. Implementation of email digital signatures
View answer
Correct Answer: A
Question #12
The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review. Which of the following BEST meets the needs of the board?
A. KRI: - Compliance with regulations - Backlog of unresolved security investigations - Severity of threats and vulnerabilities reported by sensors - Time to patch critical issues on a monthly basis KPI: - Time to resolve open security items - % of suppliers with approved security control frameworks - EDR coverage across the fleet - Threat landscape rating
B. KRI: - EDR coverage across the fleet - Backlog of unresolved security investigations - Time to patch critical issues on a monthly basis - Threat landscape ratingKPI: - Time to resolve open security items - Compliance with regulations - % of suppliers with approved security control frameworks - Severity of threats and vulnerabilities reported by sensors
C. KRI: - EDR coverage across the fleet - % of suppliers with approved security control framework - Backlog of unresolved security investigations- Threat landscape rating KPI: - Time to resolve open security items - Compliance with regulations - Time to patch critical issues on a monthly basis - Severity of threats and vulnerabilities reported by sensors
D. KPI: - Compliance with regulations - % of suppliers with approved security control frameworks - Severity of threats and vulnerabilities reported by sensors - Threat landscape rating KRI: - Time to resolve open security items - Backlog of unresolved security investigations - EDR coverage across the fleet - Time to patch critical issues on a monthly basis
View answer
Correct Answer: A
Question #13
With which of the following departments should an engineer for a consulting firm coordinate when determining the control and reporting requirements for storage of sensitive, proprietary customer information?
A. Human resources
B. Financial
C. Sales
D. Legal counsel
View answer
Correct Answer: D
Question #14
An enterprise with global sites processes and exchanges highly sensitive information that is protected under several countries’ arms trafficking laws. There is new information that malicious nation-state-sponsored activities are targeting the use of encryption between the geographically disparate sites. The organization currently employs ECDSA and ECDH with P-384, SHA-384, and AES-256-GCM on VPNs between sites. Which of the following techniques would MOST likely improve the resilience of the enterprise to a
A. Add a second-layer VPN from a different vendor between sites
B. Upgrade the cipher suite to use an authenticated AES mode of operation
C. Use a stronger elliptic curve cryptography algorithm
D. Implement an IDS with sensors inside (clear-text) and outside (cipher-text) of each tunnel between sites
E. Ensure cryptography modules are kept up to date from vendor supplying them
View answer
Correct Answer: C
Question #15
A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place, as well as allow for the upload of commands from a centralized command and control server . The total cost of the device must be kept to a minimum in case the device is discovered during an assessment. Which of the following tools should the engineer load onto the device being designed?
A. Custom firmware with rotating key generation
B. Automatic MITM proxy
C. TCP beacon broadcast software
D. Reverse shell endpoint listener
View answer
Correct Answer: A
Question #16
A Chief Security Officer (CSO) is reviewing the organization’s incident response report from a recent incident. The details of the event indicate: 1. A user received a phishing email that appeared to be a report from the organization’s CRM tool. 2. The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool. 3. The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials. 4. Several weeks l
A. Security awareness training
B. Last login verification
C. Log correlation
D. Time-of-check controls
E. Time-of-use controls
F. WAYF-based authentication
View answer
Correct Answer: B
Question #17
During a criminal investigation, the prosecutor submitted the original hard drive from the suspect’s computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected. Which of the following practices should the prosecutor’s forensics team have used to ensure the suspect’s data would be admissible as evidence? (Select TWO.)
A. Follow chain of custody best practices
B. Create an identical image of the original hard drive, store the original securely, and then perform forensics only on the imaged drive
C. Use forensics software on the original hard drive and present generated reports as evidence
D. Create a tape backup of the original hard drive and present the backup as evidence
E. Create an exact image of the original hard drive for forensics purposes, and then place the original back in service
View answer
Correct Answer: B
Question #18
An administrator is working with management to develop policies related to the use of the cloud-based resources that contain corporate data. Management plans to require some control over organizational data stored on personal devices, such as tablets. Which of the following controls would BEST support management’s policy?
A. MDM
B. Sandboxing
C. Mobile tokenization
D. FDE
E. MFA
View answer
Correct Answer: B
Question #19
An organization just merged with an organization in another legal jurisdiction and must improve its network security posture in ways that do not require additional resources to implement data isolation. One recommendation is to block communication between endpoint PCs. Which of the following would be the BEST solution?
A. Installing HIDS
B. Configuring a host-based firewall
C. Configuring EDR
D. Implementing network segmentation
View answer
Correct Answer: AB
Question #20
A security manager recently categorized an information system. During the categorization effort, the manager determined the loss of integrity of a specific information type would impact business significantly. Based on this, the security manager recommends the implementation of several solutions. Which of the following, when combined, would BEST mitigate this risk? (Choose two.)
A. Access control
B. Whitelisting
C. Signing
D. Validation
E. Boot attestation
View answer
Correct Answer: B
Question #21
An organization, which handles large volumes of PII, allows mobile devices that can process, store, and transmit PII and other sensitive data to be issued to employees. Security assessors can demonstrate recovery and decryption of remnant sensitive data from device storage after MDM issues a successful wipe command. Assuming availability of the controls, which of the following would BEST protect against the loss of sensitive data in the future?
A. Implement a container that wraps PII data and stores keying material directly in the container’s encrypted application space
B. Use encryption keys for sensitive data stored in an eFuse-backed memory space that is blown during remote wipe
C. Issue devices that employ a stronger algorithm for the authentication of sensitive data stored on them
D. Procure devices that remove the bootloader binaries upon receipt of an MDM-issued remote wipe command
View answer
Correct Answer: AF
Question #22
A large company with a very complex IT environment is considering a move from an on-premises, internally managed proxy to a cloud-based proxy solution managed by an external vendor. The current proxy provides caching, content filtering, malware analysis, and URL categorization for all staff connected behind the proxy. Staff members connect directly to the Internet outside of the corporate network. The cloud-based version of the solution would provide content filtering, TLS decryption, malware analysis, and
A. 1
B. 1
C. 1
D. 1
View answer
Correct Answer: A
Question #23
Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in a secure environment?
A. NDA
B. MOU
C. BIA
D. SLA
View answer
Correct Answer: B
Question #24
As part of an organization’s compliance program, administrators must complete a hardening checklist and note any potential improvements. The process of noting improvements in the checklist is MOST likely driven by:
A. the collection of data as part of the continuous monitoring program
B. adherence to policies associated with incident response
C. the organization’s software development life cycle
D. changes in operating systems or industry trends
View answer
Correct Answer: C
Question #25
A penetration test is being scoped for a set of web services with API endpoints. The APIs will be hosted on existing web application servers. Some of the new APIs will be available to unauthenticated users, but some will only be available to authenticated users. Which of the following tools or activities would the penetration tester MOST likely use or do during the engagement? (Choose two.)
A. Static code analyzer
B. Intercepting proxy
C. Port scanner
D. Reverse engineering
E. Reconnaissance gathering
F. User acceptance testing
View answer
Correct Answer: C
Question #26
A user asks a security practitioner for recommendations on securing a home network. The user recently purchased a connected home assistant and multiple IoT devices in an effort to automate the home. Some of the IoT devices are wearables, and other are installed in the user’s automobiles. The current home network is configured as a single flat network behind an ISP-supplied router. The router has a single IP address, and the router performs NAT on incoming traffic to route it to individual devices. Which of
A. Ensure all IoT devices are configured in a geofencing mode so the devices do not work when removed from the home network
B. Install a firewall capable of cryptographically separating network traffic, require strong authentication to access all IoT devices, and restrict network access for the home assistant based on time-of-day restrictions
C. Segment the home network to separate network traffic from users and the IoT devices, ensure security settings on the home assistant support no or limited recording capability, and install firewall rules on the router to restrict traffic to the home assistant as much as possible
D. Change all default passwords on the IoT devices, disable Internet access for the IoT devices and the home assistant, obtain routable IP addresses for all devices, and implement IPv6 and IPSec protections on all network traffic
View answer
Correct Answer: C
Question #27
A recent overview of the network’s security and storage applications reveals a large amount of data that needs to be isolated for security reasons. Below are the critical applications and devices configured on the network: Firewall Core switches RM server Virtual environment NAC solution The security manager also wants data from all critical applications to be aggregated to correlate events from multiple sources. Which of the following must be configured in certain applications to help ensure data aggregati
A. Routing tables
B. Log forwarding
C. Data remanants
D. Port aggregation
E. NIC teaming
F. Zones
View answer
Correct Answer: BE
Question #28
As part of the development process for a new system, the organization plans to perform requirements analysis and risk assessment. The new system will replace a legacy system, which the organization has used to perform data analytics. Which of the following is MOST likely to be part of the activities conducted by management during this phase of the project?
A. Static code analysis and peer review of all application code
B. Validation of expectations relating to system performance and security
C. Load testing the system to ensure response times is acceptable to stakeholders
D. Design reviews and user acceptance testing to ensure the system has been deployed properly
E. Regression testing to evaluate interoperability with the legacy system during the deployment
View answer
Correct Answer: D
Question #29
Users have been reporting unusual automated phone calls, including names and phone numbers, that appear to come from devices internal to the company. Which of the following should the systems administrator do to BEST address this problem?
A. Add an ACL to the firewall to block VoIP
B. Change the settings on the phone system to use SIP-TLS
C. Have the phones download new configurations over TFTP
D. Enable QoS configuration on the phone VLAN
View answer
Correct Answer: A
Question #30
An engineer needs to provide access to company resources for several offshore contractors. The contractors require: Access to a number of applications, including internal websites Access to database data and the ability to manipulate it The ability to log into Linux and Windows servers remotely Which of the following remote access technologies are the BEST choices to provide all of this access securely? (Choose two.)
A. VTC
B. VRRP
C. VLAN
D. VDI
E. VPN
F. Telnet
View answer
Correct Answer: D
Question #31
As a result of an acquisition, a new development team is being integrated into the company. The development team has BYOD laptops with IDEs installed, build servers, and code repositories that utilize SaaS. To have the team up and running effectively, a separate Internet connection has been procured. A stand up has identified the following additional requirements: 1. Reuse of the existing network infrastructure 2. Acceptable use policies to be enforced 3. Protection of sensitive files 4. Access to the corpo
A. IPSec VPN
B. HIDS
C. Wireless controller
D. Rights management
E. SSL VPN
F. NAC
G. WAF
H. Load balancer
View answer
Correct Answer: DEF
Question #32
Developers are working on a new feature to add to a social media platform. The new feature involves users uploading pictures of what they are currently doing. The data privacy officer (DPO) is concerned about various types of abuse that might occur due to this new feature. The DPO states the new feature cannot be released without addressing the physical safety concerns of the platform’s users. Which of the following controls would BEST address the DPO’s concerns?
A. Increasing blocking options available to the uploader
B. Adding a one-hour delay of all uploaded photos
C. Removing all metadata in the uploaded photo file
D. Not displaying to the public who uploaded the photo
E. Forcing TLS for all connections on the platform
View answer
Correct Answer: D

View The Updated CompTIA Exam Questions

SPOTO Provides 100% Real CompTIA Exam Questions for You to Pass Your CompTIA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: