DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass Your CompTIA CAS-003 Exam Prep: CompTIA CAS-003 Study Materials, CompTIA CASP+ Certification | SPOTO

Ace your CompTIA CAS-003 exam preparation with SPOTO's comprehensive study materials! The CASP+ certification is internationally recognized and validates advanced-level cybersecurity expertise. Our preparatory course, endorsed by The Computing Technology Industry Association (CompTIA), thoroughly covers exam topics such as risk management, enterprise security operations and architecture, research and collaboration, and integration of enterprise security. Access our study materials to delve into these areas in detail and enhance your understanding. With SPOTO's expertly crafted resources, including exam questions and answers, you'll be well-prepared to excel on exam day. Trust SPOTO to provide you with top-quality exam preparation resources and strategies tailored to your CompTIA CASP+ Certification journey. Start preparing with SPOTO today and ensure your success in passing your CAS-003 exam with flying colors!
Take other online exams

Question #1
A company is moving all of its web applications to an SSO configuration using SAML. Some employees report that when signing in to an application, they get an error message on the login screen after entering their username and password, and are denied access. When they access another system that has been converted to the new SSO authentication model, they are able to authenticate successfully without being prompted for login. Which of the following is MOST likely the issue?
A. The employees are using an old link that does not use the new SAML authentication
B. The XACML for the problematic application is not in the proper format or may be using an older schema
C. The web services methods and properties are missing the required WSDL to complete the request after displaying the login page
D. A threat actor is implementing an MITM attack to harvest credentials
View answer
Correct Answer: B
Question #2
A penetration testing manager is contributing to an RFP for the purchase of a new platform. The manager has provided the following requirements: Must be able to MITM web-based protocols Must be able to find common misconfigurations and security holes Which of the following types of testing should be included in the testing platform? (Choose two.)
A. Reverse engineering tool
B. HTTP intercepting proxy
C. Vulnerability scanner
D. File integrity monitor
E. Password cracker
F. Fuzzer
View answer
Correct Answer: AB
Question #3
As part of the asset management life cycle, a company engages a certified equipment disposal vendor to appropriately recycle and destroy company assets that are no longer in use. As part of the company’s vendor due diligence, which of the following would be MOST important to obtain from the vendor?
A. A copy of the vendor’s information security policies
B. A copy of the current audit reports and certifications held by the vendor
C. A signed NDA that covers all the data contained on the corporate systems
D. A copy of the procedures used to demonstrate compliance with certification requirements
View answer
Correct Answer: C
Question #4
An enterprise’s Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) are meeting to discuss ongoing capacity and resource planning issues. The enterprise has experienced rapid, massive growth over the last 12 months, and the technology department is stretched thin for resources. A new accounting service is required to support the enterprise’s growth, but the only available compute resources that meet the accounting service requirements are on the virtual platform, which is hosting th
A. Poor capacity planning could cause an oversubscribed host, leading to poor performance on the company’s website
B. A security vulnerability that is exploited on the website could expose the accounting service
C. Transferring as many services as possible to a CSP could free up resources
D. The CTO does not have the budget available to purchase required resources and manage growth
View answer
Correct Answer: A
Question #5
Due to a recent acquisition, the security team must find a way to secure several legacy applications. During a review of the applications, the following issues are documented: The applications are considered mission-critical. The applications are written in code languages not currently supported by the development staff. Security updates and patches will not be made available for the applications. Username and passwords do not meet corporate standards. The data contained within the applications includes bot
A. Update the company policies to reflect the current state of the applications so they are not out of compliance
B. Create a group policy to enforce password complexity and username requirements
C. Use network segmentation to isolate the applications and control access
D. Move the applications to virtual servers that meet the password and account standards
View answer
Correct Answer: C
Question #6
A new security policy states all wireless and wired authentication must include the use of certificates when connecting to internal resources within the enterprise LAN by all employees. Which of the following should be configured to comply with the new security policy? (Choose two.)
A. SSO
B. New pre-shared key
C. 802
D. OAuth
E. Push-based authentication
F. PKI
View answer
Correct Answer: D
Question #7
A security engineer is assessing the controls that are in place to secure the corporate-Internet-facing DNS server. The engineer notices that security ACLs exist but are not being used properly. The DNS server should respond to any source but only provide information about domains it has authority over. Additionally, the DNS administrator have identified some problematic IP addresses that should not be able to make DNS requests. Given the ACLs below: Which of the following should the security administrator
A.
B.
C.
D.
View answer
Correct Answer: A
Question #8
A forensics analyst suspects that a breach has occurred. Security logs show the company’s OS patch system may be compromised, and it is serving patches that contain a zero-day exploit and backdoor. The analyst extracts an executable file from a packet capture of communication between a client computer and the patch server Which of the following should the analyst use to confirm this suspicion?
A. File size
B. Digital signature
C. Checksums
D. Anti-malware software
E. Sandboxing
View answer
Correct Answer: B
Question #9
A laptop is recovered a few days after it was stolen. Which of the following should be verified during incident response activities to determine the possible impact of the incident?
A. Full disk encryption status
B. TPM PCR values
C. File system integrity
D. Presence of UEFI vulnerabilities
View answer
Correct Answer: D
Question #10
An online bank has contracted with a consultant to perform a security assessment of the bank’s web portal. The consultant notices the login page is linked from the main page with HTTPS, but when the URL is changed to HTTP, the browser is automatically redirected back to the HTTPS site. Which of the following is a concern for the consultant, and how can it be mitigated?
A. XSS could be used to inject code into the login page during the redirect to the HTTPS site
B. The consultant is concerned the site is using an older version of the SSL 3
C. The HTTP traffic is vulnerable to network sniffing, which could disclose usernames and passwords to an attacker
D. A successful MITM attack Could intercept the redirect and use sslstrip to decrypt further HTTPS traffic
View answer
Correct Answer: D
Question #11
A developer emails the following output to a security administrator for review: Which of the following tools might the security administrator use to perform further security assessment of this issue?
A. Port scanner
B. Vulnerability scanner
C. Fuzzer
D. HTTP interceptor
View answer
Correct Answer: B
Question #12
The audit team was only provided the physical and logical addresses of the network without any type of access credentials. Which of the following methods should the audit team use to gain initial access during the security assessment? (Choose two.)
A. Tabletop exercise
B. Social engineering
C. Runtime debugging
D. Reconnaissance
E. Code review
F. Remote access tool
View answer
Correct Answer: D
Question #13
An infrastructure team within an energy organization is at the end of a procurement process and has selected a vendor’s SaaS platform to deliver services. As part of the legal negotiation, there are a number of outstanding risks, including: 1. There are clauses that confirm a data retention period in line with what is in the energy organization’s security policy. 2. The data will be hosted and managed outside of the energy organization’s geographical location. The number of users accessing the system will b
A. Develop a security exemption, as the solution does not meet the security policies of the energy organization
B. Require a solution owner within the energy organization to accept the identified risks and consequences
C. Mititgate the risks by asking the vendor to accept the in-country privacy principles and modify the retention period
D. Review the procurement process to determine the lessons learned in relation to discovering risks toward the end of the process
View answer
Correct Answer: B
Question #14
A security administrator wants to implement controls to harden company-owned mobile devices. Company policy specifies the following requirements: Mandatory access control must be enforced by the OS. Devices must only use the mobile carrier data transport. Which of the following controls should the security administrator implement? (Choose three.)
A. Enable DLP
B. Enable SEAndroid
C. Enable EDR
D. Enable secure boot
E. Enable remote wipe
F. Disable Bluetooth
G. Disable 802
H. Disable geotagging
View answer
Correct Answer: D
Question #15
A product manager is concerned about the unintentional sharing of the company’s intellectual property through employees’ use of social media. Which of the following would BEST mitigate this risk?
A. Virtual desktop environment
B. Network segmentation
C. Web application firewall
D. Web content filter
View answer
Correct Answer: BF
Question #16
After significant vulnerabilities and misconfigurations were found in numerous production web applications, a security manager identified the need to implement better development controls. Which of the following controls should be verified? (Choose two.)
A. Input validation routines are enforced on the server side
B. Operating systems do not permit null sessions
C. Systems administrators receive application security training
D. VPN connections are terminated after a defined period of time
E. Error-handling logic fails securely
F. OCSP calls are handled effectively
View answer
Correct Answer: D
Question #17
One of the objectives of a bank is to instill a security awareness culture Which of the following are techniques that could help to achieve this? (Choose two )
A. Blue teaming
B. Phishing simulations
C. Lunch-and-learn
D. Random audits
E. Continuous monitoring
F. Separation of duties
View answer
Correct Answer: BE
Question #18
An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes. The machine is running a very recent release of the Linux OS. Which of the following technical approaches would be the MOST feasible way to accomplish this capture?
A. Run the memdump utility with the -k flag
B. Use a loadable kernel module capture utility, such as LiME
C. Run dd on/dev/mem
D. Employ a stand-alone utility, such as FTK Imager
View answer
Correct Answer: BC
Question #19
The Chief Information Security Officer (CISO) for an organization wants to develop custom IDS rulesets faster, prior to new rules being released by IDS vendors Which of the following BEST meets this objective?
A. identify a third-party source for IDS rules and change the configuration on the applicable IDSs to pull in the new rulesets
B. Encourage cybersecurity analysts to review open-source intelligence products and threat database to generate new IDS rules based on those sources
C. Leverage the latest TCP- and UDP-related RFCs to arm sensors and IDSs with appropriate heuristics for anomaly detection
D. Use annual hacking conventions to document the latest attacks and threats, and then develop IDS rules to counter those threats
View answer
Correct Answer: B
Question #20
A company contracts a security engineer to perform a penetration test of its client-facing web portal Which of the following activities would be MOST appropriate?
A. Use a protocol analyzer against the site to see if data input can be replayed from the browser
B. Scan the website through an interception proxy and identify areas for the code injection
C. Scan the site with a port scanner to identify vulnerable services running on the web server
D. Use network enumeration tools to identify if the server is running behind a load balancer
View answer
Correct Answer: C
Question #21
An organization is currently working with a client to migrate data between a legacy ERP system and a cloud-based ERP tool using a global PaaS provider. As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements. Which of the following is the MOST likely reason for the need to sanitize the client data? (Choose two.)
A. Data aggregation
B. Data sovereignty
C. Data isolation
D. Data volume
E. Data analytics
F. Data precision
View answer
Correct Answer: B
Question #22
Ann, a security administrator, is conducting an assessment on a new firewall, which was placed at the perimeter of a network containing PII. Ann runs the following commands on a server (10.0.1.19) behind the firewall: From her own workstation (192.168.2.45) outside the firewall, Ann then runs a port scan against the server and records the following packet capture of the port scan: Connectivity to the server from outside the firewall worked as expected prior to executing these commands. Which of the followin
A. It is correctly dropping all packets destined for the server
B. It is not blocking or filtering any traffic to the server
C. Iptables needs to be restarted
D. The IDS functionality of the firewall is currently disabled
View answer
Correct Answer: D
Question #23
A deployment manager is working with a software development group to assess the security of a new version of the organization’s internally developed ERP tool The organization prefers to not perform assessment activities following deployment instead focusing on assessing security throughout the life cycle Which of the following methods would BEST assess the security of the product?
A. static code analysis in the IDE environment
B. Penetration testing of the UAT environment
C. Vulnerability scanning of the production environment
D. Penetration testing of the production environment
E. Peer review prior to unit testing
View answer
Correct Answer: C
Question #24
While conducting online research about a company to prepare for an upcoming penetration test, a security analyst discovers detailed financial information on an investor website the company did not make public. The analyst shares this information with the Chief Financial Officer (CFO), who confirms the information is accurate, as it was recently discussed at a board of directors meeting. Many of the details are verbatim discussion comments captured by the board secretary for purposes of transcription on a mo
A. Remote wipe
B. FDE
C. Geolocation
D. eFuse
E. VPN
View answer
Correct Answer: BFG
Question #25
A security appliance vendor is reviewing an RFP that is requesting solutions for the defense of a set of web-based applications. This RFP is from a financial institution with very strict performance requirements. The vendor would like to respond with its solutions. Before responding, which of the following factors is MOST likely to have an adverse effect on the vendor’s qualifications?
A. The solution employs threat information-sharing capabilities using a proprietary data model
B. The RFP is issued by a financial institution that is headquartered outside of the vendor’s own country
C. The overall solution proposed by the vendor comes in less that the TCO parameter in the RFP
D. The vendor’s proposed solution operates below the KPPs indicated in the RFP
View answer
Correct Answer: A
Question #26
During a sprint, developers are responsible for ensuring the expected outcome of a change is thoroughly evaluated for any security impacts. Any impacts must be reported to the team lead. Before changes are made to the source code, which of the following MUST be performed to provide the required information to the team lead?
A. Risk assessment
B. Regression testing
C. User story development
D. Data abstraction
E. Business impact assessment
View answer
Correct Answer: C
Question #27
After an employee was terminated, the company discovered the employee still had access to emails and attached content that should have been destroyed during the off-boarding. The employee’s laptop and cell phone were confiscated and accounts were disabled promptly. Forensic investigation suggests the company’s DLP was effective, and the content in question was not sent outside of work or transferred to removable media. Personality owned devices are not permitted to access company systems or information. Whi
A. Install application whitelist on mobile devices
B. Disallow side loading of applications on mobile devices
C. Restrict access to company systems to expected times of day and geographic locations
D. Prevent backup of mobile devices to personally owned computers
E. Perform unannounced insider threat testing on high-risk employees
View answer
Correct Answer: A
Question #28
Legal authorities notify a company that its network has been compromised for the second time in two years The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks. Which of the following would have allowed the security team to use historical information to protect against the second attack?
A. Key risk indicators
B. Lessons learned
C. Recovery point objectives
D. Tabletop exercise
View answer
Correct Answer: A
Question #29
A SaaS-based email service provider often receives reports from legitimate customers that their IP netblocks are on blacklists and they cannot send email The SaaS has confirmed that affected customers typically have IP addresses within broader network ranges and some abusive customers within the same IP ranges may have performed spam campaigns. Which of the following actions should the SaaS provider perform to minimize legitimate customer impact?
A. inform the customer that the service provider does not have any control over third-party blacklist entries The customer should reach out to the blacklist operator directly
B. Perform a takedown of any customer accounts that have entries on email blacklists because this is a strong indicator of hostile behavior
C. Work with the legal department and threaten legal action against the blacklist operator if the netblocks are not removed because this is affecting legitimate traffic
D. Establish relationship with a blacklist operators so broad entries can be replaced with more granular entries and incorrect entries can be quickly pruned
View answer
Correct Answer: D
Question #30
A security consultant was hired to audit a company’s password are account policy. The company implements the following controls: Minimum password length: 16 Maximum password age: 0 Minimum password age: 0 Password complexity: disabled Store passwords in plain text: disabled Failed attempts lockout: 3 Lockout timeout: 1 hour The password database uses salted hashes and PBKDF2. Which of the following is MOST likely to yield the greatest number of plain text passwords in the shortest amount of time?
A. Offline hybrid dictionary attack
B. Offline brute-force attack
C. Online hybrid dictionary password spraying attack
D. Rainbow table attack
E. Online brute-force attack
F. Pass-the-hash attack
View answer
Correct Answer: CF
Question #31
A new database application was added to a company’s hosted VM environment. Firewall ACLs were modified to allow database users to access the server remotely. The company’s cloud security broker then identified abnormal from a database user on-site. Upon further investigation, the security team noticed the user ran code on a VM that provided access to the hypervisor directly and access to other sensitive data. Which of the following should the security team do to help mitigate future attacks within the VM e
A. Install the appropriate patches
B. Install perimeter NGFW
C. Configure VM isolation
D. Deprovision database VM
E. Change the user’s access privileges
F. Update virus definitions on all endpoints
View answer
Correct Answer: A
Question #32
A penetration tester is trying to gain access to a remote system. The tester is able to see the secure login page and knows one user account and email address, but has not yet discovered a password. Which of the following would be the EASIEST method of obtaining a password for the known account?
A. Man-in-the-middle
B. Reverse engineering
C. Social engineering
D. Hash cracking
View answer
Correct Answer: A
Question #33
An organization is deploying IoT locks, sensors, and cameras, which operate over 802.11, to replace legacy building access control systems. These devices are capable of triggering physical access changes, including locking and unlocking doors and gates. Unfortunately, the devices have known vulnerabilities for which the vendor has yet to provide firmware updates. Which of the following would BEST mitigate this risk?
A. Direct wire the IoT devices into physical switches and place them on an exclusive VLAN
B. Require sensors to sign all transmitted unlock control messages digitally
C. Associate the devices with an isolated wireless network configured for WPA2 and EAP-TLS
D. Implement an out-of-band monitoring solution to detect message injections and attempts
View answer
Correct Answer: D
Question #34
A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence The firm’s systems are running modern operating systems and feature UEFI and TPMs. Which of the following technical options would provide the MOST preventive value?
A. Update and deploy GPOs
B. Configure and use measured boot
C. strengthen the password complexity requirements
D. Update the antivirus software and definitions
View answer
Correct Answer: D
Question #35
A financial institution’s information security officer is working with the risk management officer to determine what to do with the institution’s residual risk after all security controls have been implemented. Considering the institution’s very low risk tolerance, which of the following strategies would be BEST?
A. Transfer the risk
B. Avoid the riskC
D. Accept the risk
View answer
Correct Answer: AE
Question #36
A company recently implemented a new cloud storage solution and installed the required synchronization client on all company devices. A few months later, a breach of sensitive data was discovered. Root cause analysis shows the data breach happened from a lost personal mobile device. Which of the following controls can the organization implement to reduce the risk of similar breaches?
A. Biometric authentication
B. Cloud storage encryption
C. Application containerization
D. Hardware anti-tamper
View answer
Correct Answer: BF
Question #37
A web developer has implemented HTML5 optimizations int a legacy web application One of the modifications the web developer made was the following client side optimization: locaIStorage.setltem("session-cookie”, document.cookie); Which of the following should the security engineer recommend?
A. SessionStorage should be used so authorized cookies expire after the session ends
B. Cookies should be marked as “secure" and " HttpOnly"
C. Cookies should be scoped t0 a relevant domain/path
D. Client-side cookies should be replaced by server-side mechanisms
View answer
Correct Answer: C
Question #38
Ann, a corporate executive, has been the recent target of increasing attempts to obtain corporate secrets by competitors through advanced, well-funded means. Ann frequently leaves her laptop unattended and physically unsecure in hotel rooms during travel. A security engineer must find a practical solution for Ann that minimizes the need for user training. Which of the following is the BEST solution in this scenario?
A. Full disk encryption
B. Biometric authentication
C. An eFuse-based solution
D. Two-factor authentication
View answer
Correct Answer: B
Question #39
Company leadership believes employees are experiencing an increased number of cyber attacks; however, the metrics do not show this. Currently, the company uses “Number of successful phishing attacks” as a KRI, but it does not show an increase. Which of the following additional information should be the Chief Information Security Officer (CISO) include in the report?
A. The ratio of phishing emails to non-phishing emails
B. The number of phishing attacks per employee
C. The number of unsuccessful phishing attacks
D. The percent of successful phishing attacks
View answer
Correct Answer: D
Question #40
A company uses an application in its warehouse that works with several commercially available tablets and can only be accessed inside the warehouse. The support department would like the selection of tablets to be limited to three models to provide better support and ensure spares are on hand. Users often keep the tablets after they leave the department, as many of them store personal media items. Which of the following should the security engineer recommend to meet these requirements?
A. COPE with geofencing
B. BYOD with containerization
C. MDM with remote wipe
D. CYOD with VPN
View answer
Correct Answer: D

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: