DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Online CompTIA CAS-003 Mock Tests & Study Materials, CompTIA CASP+ Certification | SPOTO

Prepare to dominate the CompTIA CASP+ Certification exam with SPOTO's comprehensive mock tests and study materials! The CAS-003 exam is a vital assessment of advanced-level cybersecurity skills and knowledge, and our resources are tailored to ensure your success. Our preparatory course covers exam topics in detail, including risk management, enterprise security operations and architecture, research and collaboration, and integration of enterprise security. Access our mock tests to simulate real exam scenarios and refine your test-taking skills. Utilize our study materials to deepen your understanding and reinforce key concepts. With SPOTO's expertly crafted exam preparation resources, you'll be well-equipped to excel on exam day and achieve your CompTIA CASP+ Certification. Trust SPOTO to provide you with top-quality resources and strategies for exam success. Start your preparation with SPOTO today and dominate the CAS-003 exam!
Take other online exams

Question #1
A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate RTO and RPO for the organization’s ERP. Which of the following should the CISO interview as MOST qualified to provide RTO/RPO metrics?
A. Data custodian
B. Data owner
C. Security analyst
D. Business unit director
E. Chief Executive Officer (CEO)
View answer
Correct Answer: D
Question #2
A corporate forensic investigator has been asked to acquire five forensic images of an employee database application. There are three images to capture in the United States, one in the United Kingdom, and one in Germany. Upon completing the work, the forensics investigator saves the images to a local workstation. Which of the following types of concerns should the forensic investigator have about this work assignment?
A. Environmental
B. Privacy
C. Ethical
D. Criminal
View answer
Correct Answer: B
Question #3
A technician is validating compliance with organizational policies. The user and machine accounts in the AD are not set to expire, which is non-compliant. Which of the following network tools would provide this type of information?
A. SIEM server
B. IDS appliance
C. SCAP scanner
D. HTTP interceptor
View answer
Correct Answer: B
Question #4
A Chief Information Security Officer (CISO) recently changed jobs into a new industry. The CISO’s first task is to write a new, relevant risk assessment for the organization. Which of the following would BEST help the CISO find relevant risks to the organization? (Choose two.)
A. Perform a penetration test
B. Conduct a regulatory audit
C. Hire a third-party consultant
D. Define the threat model
E. Review the existing BIA
F. Perform an attack path analysis
View answer
Correct Answer: CE
Question #5
A security engineer is investigating a compromise that occurred between two internal computers. The engineer has determined during the investigation that one computer infected another. While reviewing the IDS logs, the engineer can view the outbound callback traffic, but sees no traffic between the two computers. Which of the following would BEST address the IDS visibility gap?
A. Install network taps at the edge of the network
B. Send syslog from the IDS into the SIEM
C. Install HIDS on each computer
D. SPAN traffic form the network core into the IDS
View answer
Correct Answer: D
Question #6
A school contracts with a vendor to devise a solution that will enable the school library to lend out tablet computers to students while on site. The tablets must adhere to string security and privacy practices. The school’s key requirements are to: Maintain privacy of students in case of loss Have a theft detection control in place Be compliant with defined disability requirements Have a four-hour minimum battery life Which of the following should be configured to BEST meet the requirements? (Choose two.)
A. Remote wiping
B. Geofencing
C. Antivirus software
D. TPM
E. FDE
F. Tokenization
View answer
Correct Answer: AD
Question #7
A technician is configuring security options on the mobile device manager for users who often utilize public Internet connections while travelling. After ensuring that full disk encryption is enabled, which of the following security measures should the technician take? (Choose two.)
A. Require all mobile device backups to be encrypted
B. Ensure all mobile devices back up using USB OTG
C. Issue a remote wipe of corporate and personal partitions
D. Restrict devices from making long-distance calls during business hours
E. Implement an always-on VPN
View answer
Correct Answer: AE
Question #8
A development team is testing an in-house-developed application for bugs. During the test, the application crashes several times due to null pointer exceptions. Which of the following tools, if integrated into an IDE during coding, would identify these bugs routinely?
A. Issue tracker
B. Static code analyzer
C. Source code repository
D. Fuzzing utility
View answer
Correct Answer: D
Question #9
An information security manager conducted a gap analysis, which revealed a 75% implementation of security controls for high-risk vulnerabilities, 90% for medium vulnerabilities, and 10% for low-risk vulnerabilities. To create a road map to close the identified gaps, the assurance team reviewed the likelihood of exploitation of each vulnerability and the business impact of each associated control. To determine which controls to implement, which of the following is the MOST important to consider?
A. KPI
B. KRI
C. GRC
D. BIA
View answer
Correct Answer: C
Question #10
A government contractor was the victim of a malicious attack that resulted in the theft of sensitive information. An analyst’s subsequent investigation of sensitive systems led to the following discoveries: There was no indication of the data owner’s or user’s accounts being compromised. No database activity outside of previous baselines was discovered. All workstations and servers were fully patched for all known vulnerabilities at the time of the attack. It was likely not an insider threat, as all employe
A. The attacker harvested the hashed credentials of an account within the database administrators group after dumping the memory of a compromised machine
B. An account, which belongs to an administrator of virtualization infrastructure, was compromised with a successful phishing attack
C. A shared workstation was physically accessible in a common area of the contractor’s office space and was compromised by an attacker using a USB exploit, which resulted in gaining a local administrator account
D. After successfully using a watering hole attack to deliver an exploit to a machine, which belongs to an employee of the contractor, an attacker gained access to a corporate laptop
View answer
Correct Answer: B
Question #11
An organization’s network security administrator has been using an SSH connection to manage switches and routers for several years. After attempting to connect to a router, an alert appears on the terminal emulation software, warning that the SSH key has changed. After confirming the administrator is using the typical workstation and the router has not been replaced, which of the following are the MOST likely explanations for the warning message? (Choose two.).
A. The SSH keys were given to another department
B. A MITM attack is being performed by an APT
C. The terminal emulator does not support SHA-256
D. An incorrect username or password was entered
E. A key rotation has occurred as a result of an incident
F. The workstation is not syncing with the correct NTP server
View answer
Correct Answer: B
Question #12
A Chief Information Security Officer (CISO) requests the following external hosted services be scanned for malware, unsecured PII, and healthcare data: Corporate intranet site Online storage application Email and collaboration suite Security policy also is updated to allow the security team to scan and detect any bulk downloads of corporate data from the company’s intranet and online storage site. Which of the following is needed to comply with the corporate security policy and the CISO’s request?
A. Port scanner
B. CASB
C. DLP agent
D. Application sandbox
E. SCAP scanner
View answer
Correct Answer: B
Question #13
A Chief Security Officer (CSO) is reviewing the organization’s incident response report from a recent incident. The details of the event indicate: 1. A user received a phishing email that appeared to be a report from the organization’s CRM tool. 2. The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool. 3. The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials. 4. Several weeks l
A. Security awareness training
B. Last login verification
C. Log correlation
D. Time-of-check controls
E. Time-of-use controls
F. WAYF-based authentication
View answer
Correct Answer: A
Question #14
Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue. The security team needs to find a technical control mechanism that will meet the following requirements and aid in preventing these outbreaks: Stop malicious software that does not match a signature Report on instances of suspicious behavior Protect from previously unknown threats Augment existing security capabilities Which of the following tools would BEST meet these requirements?
A. Host-based firewall
B. EDR
C. HIPS
D. Patch management
View answer
Correct Answer: C
Question #15
A security analyst is classifying data based on input from data owners and other stakeholders. The analyst has identified three data types: 1. Financially sensitive data 2. Project data 3. Sensitive project data The analyst proposes that the data be protected in two major groups, with further access control separating the financially sensitive data from the sensitive project data. The normal project data will be stored in a separate, less secure location. Some stakeholders are concerned about the recommend
A. Conduct a quantitative evaluation of the risks associated with commingling the data and reject or accept the concerns raised by the stakeholders
B. Meet with the affected stakeholders and determine which security controls would be sufficient to address the newly raised risks
C. Use qualitative methods to determine aggregate risk scores for each project and use the derived scores to more finely segregate the data
D. Increase the number of available data storage devices to provide enough capacity for physical separation of non-sensitive project data
View answer
Correct Answer: B
Question #16
A regional business is expecting a severe winter storm next week. The IT staff has been reviewing corporate policies on how to handle various situations and found some are missing or incomplete. After reporting this gap in documentation to the information security manager, a document is immediately drafted to move various personnel to other locations to avoid downtime in operations. This is an example of:
A. a disaster recovery plan
B. an incident response plan
C. a business continuity plan
D. a risk avoidance plan
View answer
Correct Answer: C
Question #17
A security administrator is reviewing the following output from an offline password audit: Which of the following should the systems administrator implement to BEST address this audit finding? (Choose two.)
A. Cryptoprocessor
B. Bcrypt
C. SHA-256
D. PBKDF2
E. Message authentication
View answer
Correct Answer: BD
Question #18
A security engineer is employed by a hospital that was recently purchased by a corporation. Throughout the acquisition process, all data on the virtualized file servers must be shared by departments within both organizations. The security engineer considers data ownership to determine:
A. the amount of data to be moved
B. the frequency of data backups
C. which users will have access to which data
D. when the file server will be decommissioned
View answer
Correct Answer: C
Question #19
A software company is releasing a new mobile application to a broad set of external customers. Because the software company is rapidly releasing new features, it has built in an over-the-air software update process that can automatically update the application at launch time. Which of the following security controls should be recommended by the company’s security architect to protect the integrity of the update process? (Choose two.)
A. Validate cryptographic signatures applied to software updates
B. Perform certificate pinning of the associated code signing key
C. Require HTTPS connections for downloads of software updates
D. Ensure there are multiple download mirrors for availability
E. Enforce a click-through process with user opt-in for new features
View answer
Correct Answer: AB
Question #20
A company has decided to replace all the T-1 uplinks at each regional office and move away from using the existing MPLS network. All regional sites will use highspeed connections and VPNs to connect back to the main campus. Which of the following devices would MOST likely be added at each location?
A. SIEM
B. IDS/IPS
C. Proxy server
D. Firewall
E. Router
View answer
Correct Answer: E
Question #21
A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior. The company must deploy a host solution to meet the following requirements: Detect administrative actions Block unwanted MD5 hashes Provide alerts Stop exfiltration of cardholder data Which of the following solutions would BEST meet these requirements? (Choose two.)
A. AV
B. EDR
C. HIDS
D. DLP
E. HIPS
F. EFS
View answer
Correct Answer: BE
Question #22
An external red team is brought into an organization to perform a penetration test of a new network-based application. The organization deploying the network application wants the red team to act like remote, external attackers, and instructs the team to use a black-box approach. Which of the following is the BEST methodology for the red team to follow?
A. Run a protocol analyzer to determine what traffic is flowing in and out of the server, and look for ways to alter the data stream that will result in information leakage or a system failure
B. Send out spear-phishing emails against users who are known to have access to the network-based application, so the red team can go on-site with valid credentials and use the software
C. Examine the application using a port scanner, then run a vulnerability scanner against open ports looking for known, exploitable weaknesses the application and related services may have
D. Ask for more details regarding the engagement using social engineering tactics in an attempt to get the organization to disclose more information about the network application to make attacks easier
View answer
Correct Answer: A
Question #23
A manufacturing company recently recovered from an attack on its ICS devices. It has since reduced the attack surface by isolating the affected components. The company now wants to implement detection capabilities. It is considering a system that is based on machine learning. Which of the following features would BEST describe the driver to adopt such nascent technology over mainstream commercial IDSs?
A. Trains on normal behavior and identifies deviations therefrom
B. Identifies and triggers upon known bad signatures and behaviors
C. Classifies traffic based on logical protocols and messaging formats
D. Automatically reconfigures ICS devices based on observed behavior
View answer
Correct Answer: C
Question #24
Following a recent outage, a systems administrator is conducting a study to determine a suitable bench stock on server hard drives. Which of the following metrics is MOST valuable to the administrator in determining how many hard drives to keep-on hand?
A. TTR
B. ALE
C. MTBF
D. SLE
E. RPO
View answer
Correct Answer: C
Question #25
A project manager is working with a software development group to collect and evaluate user stories related to the organization’s internally designed CRM tool. After defining requirements, the project manager would like to validate the developer’s interpretation and understanding of the user’s request. Which of the following would BEST support this objective?
A. Peer review
B. Design review
C. Scrum
D. User acceptance testing
E. Unit testing
View answer
Correct Answer: B
Question #26
A security engineer is assisting a developer with input validation, and they are studying the following code block: The security engineer wants to ensure strong input validation is in place for customer-provided account identifiers. These identifiers are ten-digit numbers. The developer wants to ensure input validation is fast because a large number of people use the system. Which of the following would be the BEST advice for the security engineer to give to the developer?
A. Replace code with Java-based type checks
B. Parse input into an array
C. Use regular expressions
D. Canonicalize input into string objects before validation
View answer
Correct Answer: C
Question #27
A networking administrator was recently promoted to security administrator in an organization that handles highly sensitive data. The Chief Information Security Officer (CISO) has just asked for all IT security personnel to review a zero-day vulnerability and exploit for specific application servers to help mitigate the organization’s exposure to that risk. Which of the following should the new security administrator review to gain more information? (Choose three.)
A. CVE database
B. Recent security industry conferences
C. Security vendor pages
D. Known vendor threat models
E. Secure routing metrics
F. Server’s vendor documentation
G. Verified security forums
H. NetFlow analytics
View answer
Correct Answer: CEF
Question #28
First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss in a rush to isolate the three hosts that were calling out to the NAS to encrypt whole directories, the hosts were shut down immediately without investigation and then isolated. Which of the following were missed? (Choose two.)
A. CPU, process state tables, and main memory dumps
B. Essential information needed to perform data restoration to a known clean state
C. Temporary file system and swap space
D. Indicators of compromise to determine ransomware encryption
E. Chain of custody information needed for investigation
View answer
Correct Answer: DE
Question #29
A university’s help desk is receiving reports that Internet access on campus is not functioning. The network administrator looks at the management tools and sees the 1Gbps Internet is completely saturated with ingress traffic. The administrator sees the following output on the Internet router: The administrator calls the university’s ISP for assistance, but it takes more than four hours to speak to a network engineer who can resolve the problem. Based on the information above, which of the following should
A. The ISP engineer should null route traffic to the web server immediately to restore Internet connectivity
B. A university web server is under increased load during enrollment
C. The ISP engineer should immediately begin blocking IP addresses that are attacking the web server to restore Internet connectivity
D. The ISP engineer should begin refusing network connections to the web server immediately to restore Internet connectivity on campus
View answer
Correct Answer: D
Question #30
A security administrator is updating a company’s SCADA authentication system with a new application. To ensure interoperability between the legacy system and the new application, which of the following stakeholders should be involved in the configuration process before deployment? (Choose two.)
A. Network engineer
B. Service desk personnel
C. Human resources administrator
D. Incident response coordinator
E. Facilities manager
F. Compliance manager
View answer
Correct Answer: AE
Question #31
The Chief Information Security Officer (CISO) of an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local authorities, and when they arrive on-site, the authorities ask a security engineer to create a point-in-time copy of the running database in their presence. This is an example of:
A. creating a forensic image
B. deploying fraud monitoring
C. following a chain of custody
D. analyzing the order of volatility
View answer
Correct Answer: C
Question #32
A security administrator is concerned about the increasing number of users who click on malicious links contained within phishing emails. Although the company has implemented a process to block these links at the network perimeter, many accounts are still becoming compromised. Which of the following should be implemented for further reduce the number of account compromises caused by remote users who click these links?
A. Anti-spam gateways
B. Security awareness training
C. URL rewriting
D. Internal phishing campaign
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: