DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Master CompTIA CAS-003 Certification Questions & Study Resources, CompTIA CASP+ Certification | SPOTO

Master the CompTIA CAS-003 Certification with our comprehensive study resources and expertly crafted practice tests. Our platform offers a wealth of exam materials, including free tests, exam questions and answers, sample questions, and mock exams, meticulously designed to optimize your exam preparation journey. Developed by seasoned professionals, our practice tests delve into essential topics such as risk management, enterprise security operations, architecture, research, collaboration, and integration of enterprise security, ensuring thorough comprehension and readiness. Whether you're in need of online exam questions or an exam simulator, our platform provides the essential tools for effective exam practice. Elevate your confidence and proficiency with our curated exam materials. Start your preparation today and embark on the path to mastering the CASP+ certification exam with confidence.
Take other online exams

Question #1
A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive analysis attacks. Which of the following is the BEST solution?
A. Use an entropy-as-a-service vendor to leverage larger entropy pools
B. Loop multiple pseudo-random number generators in a series to produce larger numbers
C. Increase key length by two orders of magnitude to detect brute forcing
D. Shift key generation algorithms to ECC algorithms
View answer
Correct Answer: A
Question #2
A company has created a policy to allow employees to use their personally owned devices. The Chief Information Officer (CISO) is getting reports of company data appearing on unapproved forums and an increase in theft of personal electronic devices. Which of the following security controls would BEST reduce the risk of exposure?
A. Disk encryption on the local drive
B. Group policy to enforce failed login lockout
C. Multifactor authentication
D. Implementation of email digital signatures
View answer
Correct Answer: A
Question #3
A security engineer is deploying an IdP to broker authentication between applications. These applications all utilize SAML 2.0 for authentication. Users log into the IdP with their credentials and are given a list of applications they may access. One of the application’s authentications is not functional when a user initiates an authentication attempt from the IdP. The engineer modifies the configuration so users browse to the application first, which corrects the issue. Which of the following BEST describe
A. The application only supports SP-initiated authentication
B. The IdP only supports SAML 1
C. There is an SSL certificate mismatch between the IdP and the SaaS application
D. The user is not provisioned correctly on the IdP
View answer
Correct Answer: A
Question #4
A company has decided to lower costs by conducting an internal assessment on specific devices and various internal and external subnets. The assessment will be done during regular office hours, but it must not affect any production servers. Which of the following would MOST likely be used to complete the assessment? (Select two.)
A. Agent-based vulnerability scan
B. Black-box penetration testing
C. Configuration review
D. Social engineering
E. Malware sandboxing
F. Tabletop exercise
View answer
Correct Answer: AC
Question #5
A systems administrator has installed a disk wiping utility on all computers across the organization and configured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. The company has also instituted a policy that requires users to erase files containing sensitive information when they are no longer needed. To ensure the process provides the intended results, an auditor reviews the following content from a randomly selected decommissioned hard disk: Which of the followi
A. The hard disk contains bad sectors
B. The disk has been degaussed
C. The data represents part of the disk BIOS
D. Sensitive data might still be present on the hard drives
View answer
Correct Answer: A
Question #6
A large company with a very complex IT environment is considering a move from an on-premises, internally managed proxy to a cloud-based proxy solution managed by an external vendor. The current proxy provides caching, content filtering, malware analysis, and URL categorization for all staff connected behind the proxy. Staff members connect directly to the Internet outside of the corporate network. The cloud-based version of the solution would provide content filtering, TLS decryption, malware analysis, and
A. 1
B. 1
C. 1
D. 1
View answer
Correct Answer: D
Question #7
A security engineer is performing an assessment again for a company. The security engineer examines the following output from the review: Which of the following tools is the engineer utilizing to perform this assessment?
A. Vulnerability scanner
B. SCAP scanner
C. Port scanner
D. Interception proxy
View answer
Correct Answer: B
Question #8
The marketing department has developed a new marketing campaign involving significant social media outreach. The campaign includes allowing employees and customers to submit blog posts and pictures of their day-to-day experiences at the company. The information security manager has been asked to provide an informative letter to all participants regarding the security risks and how to avoid privacy and operational security issues. Which of the following is the MOST important information to reference in the l
A. After-action reports from prior incidents
B. Social engineering techniques
C. Company policies and employee NDAs
D. Data classification processes
View answer
Correct Answer: C
Question #9
Ann, a terminated employee, left personal photos on a company-issued laptop and no longer has access to them. Ann emails her previous manager and asks to get her personal photos back. Which of the following BEST describes how the manager should respond?
A. Determine if the data still exists by inspecting to ascertain if the laptop has already been wiped and if the storage team has recent backups
B. Inform Ann that the laptop was for company data only and she should not have stored personal photos on a company asset
C. Report the email because it may have been a spoofed request coming from an attacker who is trying to exfiltrate data from the company laptop
D. Consult with the legal and/or human resources department and check company policies around employment and termination procedures
View answer
Correct Answer: D
Question #10
A network engineer is upgrading the network perimeter and installing a new firewall, IDS, and external edge router. The IDS is reporting elevated UDP traffic, and the internal routers are reporting high utilization. Which of the following is the BEST solution?
A. Reconfigure the firewall to block external UDP traffic
B. Establish a security baseline on the IDS
C. Block echo reply traffic at the firewall
D. Modify the edge router to not forward broadcast traffic
View answer
Correct Answer: B
Question #11
A security engineer is attempting to convey the importance of including job rotation in a company’s standard security policies. Which of the following would be the BEST justification?
A. Making employees rotate through jobs ensures succession plans can be implemented and prevents single point of failure
B. Forcing different people to perform the same job minimizes the amount of time malicious actions go undetected by forcing malicious actors to attempt collusion between two or more people
C. Administrators and engineers who perform multiple job functions throughout the day benefit from being cross-trained in new job areas
D. It eliminates the need to share administrative account passwords because employees gain administrative rights as they rotate into a new job area
View answer
Correct Answer: B
Question #12
A forensic analyst suspects that a buffer overflow exists in a kernel module. The analyst executes the following command: dd if=/dev/ram of=/tmp/mem/dmp The analyst then reviews the associated output: ^34^#AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/bin/bash^21^03#45 However, the analyst is unable to find any evidence of the running shell. Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell?
A. The NX bit is enabled
B. The system uses ASLR
C. The shell is obfuscated
D. The code uses dynamic libraries
View answer
Correct Answer: B
Question #13
A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable. Which of the following solutions BEST meets all of the architect’s objectives?
A. An internal key infrastructure that allows users to digitally sign transaction logs
B. An agreement with an entropy-as-a-service provider to increase the amount of randomness in generated keys
C. A publicly verified hashing algorithm that allows revalidation of message integrity at a future date
D. An open distributed transaction ledger that requires proof of work to append entries
View answer
Correct Answer: A
Question #14
Developers are working on anew feature to add to a social media platform. Thew new feature involves users uploading pictures of what they are currently doing. The data privacy officer (DPO) is concerned about various types of abuse that might occur due to this new feature. The DPO state the new feature cannot be released without addressing the physical safety concerns of the platform’s users. Which of the following controls would BEST address the DPO’s concerns?
A. Increasing blocking options available to the uploader
B. Adding a one-hour delay of all uploaded photos
C. Removing all metadata in the uploaded photo file
D. Not displaying to the public who uploaded the photo
E. Forcing TLS for all connections on the platform
View answer
Correct Answer: C
Question #15
A company has adopted and established a continuous-monitoring capability, which has proven to be effective in vulnerability management, diagnostics, and mitigation. The company wants to increase the likelihood that it is able to discover and therefore respond to emerging threats earlier in the life cycle. Which of the following methodologies would BEST help the company to meet this objective? (Choose two.)
A. Install and configure an IPS
B. Enforce routine GPO reviews
C. Form and deploy a hunt team
D. Institute heuristic anomaly detection
E. Use a protocol analyzer with appropriate connectors
View answer
Correct Answer: AD
Question #16
SIMULATION An administrator wants to install a patch to an application. INSTRUCTIONS Given the scenario, download, verify, and install the patch in the most secure manner. The last install that is completed will be the final submission. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
SIMULATION An administrator wants to install a patch to an application. INSTRUCTIONS Given the scenario, download, verify, and install the patch in the most secure manner
View answer
Correct Answer: S
Question #17
A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The Chief Information Security Officer (CISO) will then present this list to the board to request funding for controls in areas that have insufficient coverage. Which of the following exercise types should the analyst perform?
A. Summarize the most recently disclosed vulnerabilities
B. Research industry best practices and latest RFCs
C. Undertake an external vulnerability scan and penetration test
D. Conduct a threat modeling exercise
View answer
Correct Answer: D
Question #18
An enterprise with global sites processes and exchanges highly sensitive information that is protected under several countries’ arms trafficking laws. There is new information that malicious nation-state-sponsored activities are targeting the use of encryption between the geographically disparate sites. The organization currently employs ECDSA and ECDH with P-384, SHA-384, and AES-256-GCM on VPNs between sites. Which of the following techniques would MOST likely improve the resilience of the enterprise to a
A. Add a second-layer VPN from a different vendor between sites
B. Upgrade the cipher suite to use an authenticated AES mode of operation
C. Use a stronger elliptic curve cryptography algorithm
D. Implement an IDS with sensors inside (clear-text) and outside (cipher-text) of each tunnel between sites
E. Ensure cryptography modules are kept up to date from vendor supplying them
View answer
Correct Answer: C
Question #19
An administrator is working with management to develop policies related to the use of the cloud-based resources that contain corporate data. Management plans to require some control over organizational data stored on personal devices, such as tablets. Which of the following controls would BEST support management’s policy?
A. MDM
B. Sandboxing
C. Mobile tokenization
D. FDE
E. MFA
View answer
Correct Answer: A
Question #20
A bank is initiating the process of acquiring another smaller bank. Before negotiations happen between the organizations, which of the following business documents would be used as the FIRST step in the process?
A. MOU
B. OLA
C. BPA
D. NDA
View answer
Correct Answer: D
Question #21
Given the following code snippet: Of which of the following is this snippet an example?
A. Data execution prevention
B. Buffer overflow
C. Failure to use standard libraries
D. Improper filed usage
E. Input validation
View answer
Correct Answer: D
Question #22
A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities. The analyst inspects the following portions of different configuration files: Configuration file 1: Operator ALL=/sbin/reboot Configuration file 2: Command=”/sbin/shutdown now”, no-x11-forwarding, no-pty, ssh-dss Configuration file 3: Operator:x:1000:1000::/home/operator:/bin/bash Which of the following explains why an intended operator cannot perform the int
A. The sudoers file is locked down to an incorrect command
B. SSH command shell restrictions are misconfigured
C. The passwd file is misconfigured
D. The SSH command is not allowing a pty session
View answer
Correct Answer: D
Question #23
An organization, which handles large volumes of PII, allows mobile devices that can process, store, and transmit PII and other sensitive data to be issued to employees. Security assessors can demonstrate recovery and decryption of remnant sensitive data from device storage after MDM issues a successful wipe command. Assuming availability of the controls, which of the following would BEST protect against the loss of sensitive data in the future?
A. Implement a container that wraps PII data and stores keying material directly in the container’s encrypted application space
B. Use encryption keys for sensitive data stored in an eF use-backed memory space that is blown during remote wipe
C. Issue devices that employ a stronger algorithm for the authentication of sensitive data stored on them
D. Procure devices that remove the bootloader binaries upon receipt of an MDM-issued remote wipe command
View answer
Correct Answer: A
Question #24
A user asks a security practitioner for recommendations on securing a home network. The user recently purchased a connected home assistant and multiple IoT devices in an effort to automate the home. Some of the IoT devices are wearables, and other are installed in the user’s automobiles. The current home network is configured as a single flat network behind an ISP-supplied router. The router has a single IP address, and the router performs NAT on incoming traffic to route it to individual devices. Which of
A. Ensure all IoT devices are configured in a geofencing mode so the devices do not work when removed from the home network
B. Install a firewall capable of cryptographically separating network traffic require strong authentication to access all IoT devices, and restrict network access for the home assistant based on time-of-day restrictions
C. Segment the home network to separate network traffic from users and the IoT devices, ensure security settings on the home assistant support no or limited recording capability, and install firewall rules on the router to restrict traffic to the home assistant as much as possible
D. Change all default passwords on the IoT devices, disable Internet access for the IoT devices and the home assistant, obtain routable IP addresses for all devices, and implement IPv6 and IPSec protections on all network traffic
View answer
Correct Answer: B
Question #25
Engineers at a company believe a certain type of data should be protected from competitors, but the data owner insists the information is not sensitive. An information security engineer is implementing controls to secure the corporate SAN. The controls require dividing data into four groups: non-sensitive, sensitive but accessible, sensitive but export-controlled, and extremely sensitive. Which of the following actions should the engineer take regarding the data?
A. Label the data as extremely sensitive
B. Label the data as sensitive but accessible
C. Label the data as non-sensitive
D. Label the data as sensitive but export-controlled
View answer
Correct Answer: C
Question #26
After several industry comnpetitors suffered data loss as a result of cyebrattacks, the Chief Operating Officer (COO) of a company reached out to the information security manager to review the organization’s security stance. As a result of the discussion, the COO wants the organization to meet the following criteria: Blocking of suspicious websites Prevention of attacks based on threat intelligence Reduction in spam Identity-based reporting to meet regulatory compliance Prevention of viruses based on signat
A. Reconfigure existing IPS resources
B. Implement a WAF
C. Deploy a SIEM solution
D. Deploy a UTM solution
E. Implement an EDR platform
View answer
Correct Answer: D

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: