DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Crack CompTIA CAS-003 Exams with Real Practice Tests, CompTIA CASP+ Certification | SPOTO

Master the CompTIA CAS-003 Exams with our authentic practice tests tailored to real exam scenarios. Our platform offers a comprehensive range of resources, including free tests, exam questions and answers, sample questions, and mock exams, meticulously designed to enhance your exam preparation experience. Developed by industry experts, our practice tests delve into crucial topics such as risk management, enterprise security operations, architecture, research, collaboration, and integration of enterprise security, ensuring thorough preparation. Whether you're seeking online exam questions or an exam simulator, our platform provides the necessary tools for effective exam practice. Elevate your confidence and proficiency with our curated exam materials. Start your preparation today and crack the CASP+ certification exam with confidence.
Take other online exams

Question #1
A company monitors the performance of all web servers using WMI. A network administrator informs the security engineer that web servers hosting the company’s client-facing portal are running slowly today After some investigation, the security engineer notices a large number of attempts at enumerating host information via SNMP from multiple IP addresses Which of the following would be the BEST technique for the security engineer to employ in an attempt to prevent reconnaissance activity?
A. Install a HIPS on the web servers
B. Disable inbound traffic from offending sources
C. Disable SNMP on the web servers
D. install anti-DDoS protection in the DMZ
View answer
Correct Answer: A

View The Updated CAS-003 Exam Questions

SPOTO Provides 100% Real CAS-003 Exam Questions for You to Pass Your CAS-003 Exam!

Question #2
A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence. The firm’s systems are running modern operating systems and feature UEFI and TPMs. Which of the following technical options would provide the MOST preventive value?
A. Update and deploy GPOs
B. Configure and use measured boot
C. Strengthen the password complexity requirements
D. Update the antivirus software and definitions
View answer
Correct Answer: C
Question #3
Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatment strategies. As part of the CISO’s evaluation, a judgment of potential impact based on the identified risk is performed To prioritize response actions, the CISO uses past experience to take into account the exposure factor as well as the external accessibility of the weakness identified Which of the following is the CISO performing?
A. Documentation of lessons learned
B. Quantitative risk assessment
C. Qualitative assessment of risk
D. Business impact scoring
E. Threat modeling
View answer
Correct Answer: B
Question #4
A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security. The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises. Which of the following should the consultant recommend be performed to evaluate potential risks?
A. The consultant should attempt to gain access to physical offices through social engineering and then attempt data exfiltration
B. The consultant should be granted access to all physical access control systems to review logs and evaluate the likelihood of the threat
C. The company should conduct internal audits of access logs and employee social media feeds to identify potential insider threats
D. The company should install a temporary CCTV system to detect unauthorized access to physical offices
View answer
Correct Answer: A
Question #5
A software development team has spent the last 18 months developing a new web-based front-end that will allow clients to check the status of their orders as they proceed through manufacturing The marketing team schedules a launch party to present the new application to the client base in two weeks. Before the launch, the security team discovers numerous flaws that may introduce dangerous vulnerabilities, allowing direct access tA.database used by manufacturing The development team did not plan to remediate
A. Implementing regression testing
B. Completing user acceptance testing
C. Verifying system design documentation
D. using a SRTM
View answer
Correct Answer: D
Question #6
A newly hired systems administrator is trying to connect a new and fully updated, but very customized, Android device to access corporate resources However, the MDM enrollment process continually fails The administrator asks a security team member to look into the issue Which of the following is the MOST likely reason the MDM is not allowing enrollment?
A. The OS version is not compatible
B. The OEM is prohibited
C. C The device does not support FDE
D. The device is rooted
View answer
Correct Answer: D
Question #7
A hospital uses a legacy electronic medical record system that requires multicast for traffic between the application servers and databases on virtual hosts that support segments of the application Following a switch upgrade, the electronic medical record is unavailable despite physical connectivity between the hypervisor and the storage being in place The network team must enable multicast traffic to restore access to the electronic medical record The ISM states that the network team must reduce the footpr
A. VLAN201, VLAN202, VLAN400
B. VLAN201, VLAN202, VLAN700
C. VLAN201, VLAN202, VLAN400, VLAN680, VLAN700
D. VLAN400, VLAN680, VLAN700
View answer
Correct Answer: D
Question #8
A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises Which of the following should the consultant recommend be performed to evaluate potential risks?
A. The consultant should attempt to gain access to physical offices through social engineering and then attempt data exfiltration
B. The consultant should be granted access to all physical access control systems to review logs and evaluate the likelihood of the threat
C. The company should conduct internal audits of access logs and employee social media feeds to identify potential insider threats
D. The company should install a temporary CCTV system to detect unauthorized access to physical offices
View answer
Correct Answer: A
Question #9
A Chief Information Security Officer (CISO) is reviewing the results of a gap analysis with an outside cybersecurity consultant. The gap analysis reviewed all procedural and technical controls and found the following: High-impact controls implemented: 6 out of 10 Medium-impact controls implemented: 409 out of 472 Low-impact controls implemented: 97 out of 1000 The report includes a cost-benefit analysis for each control gap. The analysis yielded the following information: Average high-impact control impleme
A. Too much emphasis has been placed on eliminating low-risk vulnerabilities in the past
B. The enterprise security team has focused exclusively on mitigating high-level risks
C. Because of the significant ALE for each high-risk vulnerability, efforts should be focused on those controls
D. The cybersecurity team has balanced residual risk for both high and medium controls
View answer
Correct Answer: C
Question #10
A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes Which of the following controls would BEST mitigate the identified vulnerability?
A. issue digital certificates to all users, including owners of group mailboxes, and enable S/MIME
B. Federate with an existing PKI provider, and reject all non-signed emails
C. implement two-factor email authentication, and require users to hash all email messages upon receipt
D. Provide digital certificates to all systems, and eliminate the user group or shared mailboxes
View answer
Correct Answer: A
Question #11
A recent penetration test identified that a web server has a major vulnerability The web server hosts a critical shipping application for the company and requires 99.99% availability Attempts to fix the vulnerability would likely break the application The shipping application is due to be replaced in the next three months Which of the following would BEST secure the web server until the replacement web server is ready?
A. Patch management
B. Antivirus
C. Application firewall
D. Spam filters
E. KIDS
View answer
Correct Answer: E
Question #12
An internal penetration tester was assessing a recruiting page for potential issues before it was pushed to the production website The penetration tester discovers an issue that must be corrected before the page goes live The web host administrator collects the log files below and gives them to the development team so improvements can be made to the security design of the website Which of the following types of attack vector did the penetration tester use?
A. SQLi
B. CSRF
C. Brute force
D. XSS
E. TOC/TOU
View answer
Correct Answer: B
Question #13
An insurance company has two million customers and is researching the top transactions on its customer portal It identifies that the top transaction is currently password reset Due to users not remembering their secret questions, a large number of calls are consequently routed to the contact center for manual password resets The business wants to develop a mobile application to improve customer engagement in the future, continue with a single factor of authentication, minimize management overhead of the sol
A. Magic link sent to an email address
B. Customer ID sent via push notification
C. SMS with OTP sent to a mobile number
D. Third-party social login
E. Certificate sent to be installed on a device
F. Hardware tokens sent to customers
View answer
Correct Answer: CE
Question #14
After investigating virus outbreaks that have cost the company $1,000 per incident the company’s Chief Information Security Officer (CISO) has been researching new antivirus software solutions to use and be fully supported for the next two years The CISO has narrowed down the potential solutions to four candidates that meet all the company’s performance and capability requirements: Using the table above, which of the following would be the BEST business-driven choice among five possible solutions?
A. Product A
B. Product B
C. Product C
D. Product D
E. Product E
View answer
Correct Answer: E
Question #15
An SQL database is no longer accessible online due to a recent security breach An investigation reveals that unauthorized access to the database was possible due to an SQL injection vulnerability To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two )
A. Secure storage policies
B. Browser security updates
C. Input validation
D. Web application firewall
E. Secure coding standards
F. Database activity monitoring
View answer
Correct Answer: CF
Question #16
A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two )
A. Conduct role-based training for privileged users that highlights common threats against them and covers best practices to thwart attacks
B. Increase the frequency at which host operating systems are scanned for vulnerabilities, and decrease the amount of time permitted between vulnerability identification and the application of corresponding patches
C. Enforce command shell restrictions via group policies for all workstations by default to limit which native operating system tools are available for use
D. Modify the existing rules of behavior to include an explicit statement prohibiting users from enumerating user and file directories using available tools and/or accessing visible resources that do not directly pertain to their job functions
E. For all workstations, implement full-disk encryption and configure UEFI instances to require complex passwords for authentication
F. Implement application blacklisting enforced by the operating systems of all machines in the enterprise
View answer
Correct Answer: S
Question #17
A security administrator wants to allow external organizations to cryptographically validate the company's domain name in email messages sent by employees Which of the following should the security administrator implement?
A. SPF
B. S/MIME
C. TLS
D. DKIM
View answer
Correct Answer: D
Question #18
A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software The server was reimaged and patched offline Which of the following tools should be implemented to detect similar attacks?
A. Vulnerability scanner
B. TPM
C. Host-based firewall
D. File integrity monitor
E. HIPS
View answer
Correct Answer: CD
Question #19
An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions. Which of the following types of information could be drawn from such participation?
A. Threat modeling
B. Risk assessment
C. Vulnerability data
D. Threat intelligence
E. Risk metrics
F. Exploit frameworks
View answer
Correct Answer: F
Question #20
Two new technical SMB security settings have been enforced and have also become policies that increase secure communications. Network Client: Digitally sign communication Network Server: Digitally sign communication A storage administrator in a remote location with a legacy storage array, which contains time-sensitive data, reports employees can no longer connect to their department shares Which of the following mitigation strategies should an information security manager recommend to the data owner?
A. Accept the risk, reverse the settings for the remote location, and have the remote location file a risk exception until the legacy storage device can be upgraded
B. Accept the risk for the remote location, and reverse the settings indefinitely since the legacy storage device will not be upgraded
C. Mitigate the risk for the remote location by suggesting a move tA
D. Avoid the risk, leave the settings alone, and decommission the legacy storage device
View answer
Correct Answer: A
Question #21
After investigating virus outbreaks that have cost the company $1,000 per incident, the company’s Chief Information Security Officer (CISO) has been researching new antivirus software solutions to use and be fully supported for the next two years. The CISO has narrowed down the potential solutions to four candidates that meet all the company’s performance and capability requirements: Using the table above, which of the following would be the BEST business-driven choice among five possible solutions?
A. Product A
B. Product B
C. Product C
D. Product D
E. Product E
View answer
Correct Answer: B
Question #22
An organization is currently working with a client to migrate data between a legacy ERP system and a cloud-based ERP tool using a global PaaS provider As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements Which of the following is the MOST likely reason for the need to sanitize the client data?
A. Data aggregation
B. Data sovereignty
C. Data isolation
D. Data volume
E. Data analytics
View answer
Correct Answer: A
Question #23
A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline. Which of the following tools should be implemented to detect similar attacks?
A. Vulnerability scanner
B. TPM
C. Host-based firewall
D. File integrity monitor
E. NIPS
View answer
Correct Answer: CD
Question #24
A Chief Information Officer (CIO) publicly announces the implementation of a new financial system. As part of a security assessment that includes a social engineering task, which of the following tasks should be conducted to demonstrate the BEST means to gain information to use for a report on social vulnerability details about the financial system?
A. Call the CIO and ask for an interview, posing as a job seeker interested in an open position
B. Compromise the email server to obtain a list of attendees who responded to the invitation who is on the IT staff
C. Notify the CIO that, through observation at events, malicious actors can identify individuals to befriend
D. Understand the CIO is a social drinker, and find the means to befriend the CIO at establishments the CIO frequents
View answer
Correct Answer: BE
Question #25
The Chief Information Security Officer (CISO) has asked the security team to determine whether the organization is susceptible tA.zero-day exploit utilized in the banking industry and whether attribution is possible The CISO has asked what process would be utilized to gather the information, and then wants to apply signatureless controls to stop these kinds of attacks in the future Which of the following are the MOST appropriate ordered steps to take to meet the CISO’s request?
A. 1 Perform the ongoing research of the best practices 2 Determine current vulnerabilities and threats 3 Apply Big Data techniques 4 Use antivirus control
B. 1 Apply artificial intelligence algorithms for detection 2 Inform the CERT team 3 Research threat intelligence and potential adversaries 4 Utilize threat intelligence to apply Big Data techniques
C. 1 Obtain the latest lOCs from the open source repositories 2 Perform a sweep across the network to identify positive matches 3
D. 1 Analyze the current threat intelligence 2 Utilize information sharing to obtain the latest industry lOCs 3 Perform a sweep across the network to identify positive matches 4 Apply machine learning algorithms
View answer
Correct Answer: C
Question #26
After embracing a BYOD policy, a company is faced with new security challenges from unmanaged mobile devices and laptops. The company’s IT department has seen a large number of the following incidents: •Duplicate IP addresses •Rogue network devices •Infected systems probing the company's network Which of the following should be implemented to remediate the above issues? (Choose two )
A. Port security
B. Route protection
C. NAC
D. HIPS
E. NIDS
View answer
Correct Answer: BC
Question #27
A security engineer is designing a system in which offshore, outsourced staff can push code from the development environment to the production environment securely. The security engineer is concerned with data loss, while the business does not want to slow down its development process. Which of the following solutions BEST balances security requirements with business need?
A. Set up a VDI environment that prevents copying and pasting to the local workstations of outsourced staff members
B. Install a client-side VPN on the staff laptops and limit access to the development network
C. Create an IPSec VPN tunnel from the development network to the office of the outsourced staff
D. Use online collaboration tools to initiate workstation-sharing sessions with local staff who have access to the development network
View answer
Correct Answer: D
Question #28
The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board meeting Which of the following would be the BEST methods to prepare this report? (Choose two )
A. Review the CVE database for critical exploits over the past year
B. Use social media to contact industry analysts
C. Use intelligence gathered from the Internet relay chat channels
D. Request information from security vendors and government agencies
E. E Perform a penetration test of the competitor’s network and share the results with the board
View answer
Correct Answer: AD

View The Updated CompTIA Exam Questions

SPOTO Provides 100% Real CompTIA Exam Questions for You to Pass Your CompTIA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: