CAS-003 Exam Dumps - Try Best CAS-003 Exam Questions from Training Expert Fast2test
Practice Examples and Dumps & Tips for 2022 Latest CAS-003 Valid Tests Dumps
Target Audience and Prerequisites
The target candidates for the CompTIA CAS-003 exam are the cybersecurity professionals with competence in the enterprise security domain and risk analysis. They have expertise in interpreting data trends and anticipating cyber-defense requirements to fulfill the business objectives. They also have the knowledge and practical experience in implementing cryptographic methods, including cryptocurrency, blockchain, and mobile device encryption.
There is no prior certification that is required to obtain CompTIA CASP+. However, it is recommended that the individuals have the extensive skills in the cybersecurity field. It is advised that the applicants possess at least ten years of practical experience in the IT administration, which should include a minimum of five years of practical experience in technical security. Additionally, the students must understand the exam content before taking the actual test.
Technical Integration of Enterprise Security: 23%
- Integrating and troubleshooting advanced authorization and authentication technologies in supporting enterprise security objectives: the candidates should be able to demonstrate their knowledge of authentication, authorization, attestation, identity proofing, identity propagation, federation, and trust models.
- Selecting relevant controls for security collaboration and communications solutions: the test takers must understand unified collaboration tools and remote access.
- Integrating virtualization and Cloud technologies into secure enterprise architecture: this section covers the examinees’ skills in technical deployments models; security benefits and drawbacks of virtualization; Cloud augmented security service; data security consideration; resources provisioning & de-provisioning.
- Integrating hosts, networks, applications, and storage into secure enterprise architectures: this objective will evaluate the learners’ skills in adapting data flow security to fulfill changing business requirements; standards; interoperability issues; resilience issues; data security considerations; resource provisioning & de-provisioning; designing consideration during demergers/divestitures, acquisitions, and mergers; logical deployment diagram & corresponding deployment diagram for appropriate devices; privacy and security considerations for storage integration.
- Implementing cryptographic techniques: this domain requires the understanding of techniques and implementations.
NEW QUESTION 40
A Chief Information Security Officer (CISO) is reviewing the results of a gap analysis with an outside cybersecurity consultant. The gap analysis reviewed all procedural and technical controls and found the following:
* High-impact controls implemented: 6 out of 10
* Medium-impact controls implemented: 409 out of 472
* Low-impact controls implemented: 97 out of 1000
The report includes a cost-benefit analysis for each control gap. The analysis yielded the following information:
* Average high-impact control implementation cost: $15,000; Probable ALE for each high-impact control gap: $95,000
* Average medium-impact control implementation cost: $6,250; Probable ALE for each medium-impact control gap: $11,000
Due to the technical construction and configuration of the corporate enterprise, slightly more than 50% of the medium-impact controls will take two years to fully implement. Which of the following conclusions could the CISO draw from the analysis?
- A. Because of the significant ALE for each high-risk vulnerability, efforts should be focused on those controls
- B. The cybersecurity team has balanced residual risk for both high and medium controls
- C. Too much emphasis has been placed on eliminating low-risk vulnerabilities in the past
- D. The enterprise security team has focused exclusively on mitigating high-level risks
Answer: A
NEW QUESTION 41 


Answer:
Explanation:
Step 1: Verify that the certificate is valid or not. In case of any warning message, cancel the download.
Step 2: If certificate issue is not there then, download the file in your system.
Step 3: Calculate the hash value of the downloaded file.
Step 4: Match the hash value of the downloaded file with the one which you selected on the website.
Step 5: Install the file if the hash value matches.
NEW QUESTION 42
The results of an external penetration test for a software development company show a small number of applications account for the largest number of findings. While analyzing the content and purpose of the applications, the following matrix is created.
The findings are then categorized according to the following chart:
Which of the following would BEST reduce the amount of immediate risk incurred by the organization from a compliance and legal standpoint? (Select TWO)
- A. Place a WAF in line with Application 2
- B. Implement an IDS/IPS on the same network segment as Application 3
- C. Use network segmentation and ACLs to control access to Application 5.
- D. Move Application 3 to a secure VLAN and require employees to use a jump server for access.
- E. Install a FIM on the server hosting Application 4
- F. Apply the missing OS and software patches to the server hosting Application 4
Answer: A,C
NEW QUESTION 43
A security administrator must configure the database server shown below to comply with the four requirements listed. Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement. Answer options may be used once or not at all.
Answer:
Explanation:

NEW QUESTION 44
Legal authorities notify a company that its network has been compromised for the second time in two
years. The investigation shows the attackers were able to use the same vulnerability on different systems
in both attacks. Which of the following would have allowed the security team to use historical information to
protect against the second attack?
- A. Key risk indicators
- B. Recovery point objectives
- C. Lessons learned
- D. Tabletop exercise
Answer: A
NEW QUESTION 45
A developer has implemented a piece of client-side JavaScript code to sanitize a user's provided input to a web page login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web server log:
10.235.62.11 - - [02/Mar/2014:06:13:04] "GET
/site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1" 200 5724
Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer?
- A. The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters.
- B. The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced.
- C. The security administrator is concerned with SQL injection, and the developer should implement server side input validation.
- D. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side.
Answer: C
Explanation:
The code in the question is an example of a SQL Injection attack. The code '1=1' will always provide a value of true. This can be included in statement designed to return all rows in a SQL table.
In this question, the administrator has implemented client-side input validation. Client-side validation can be bypassed. It is much more difficult to bypass server-side input validation.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
NEW QUESTION 46
To meet a SLA, which of the following document should be drafted, defining the company's internal interdependent unit responsibilities and delivery timelines.
- A. MSA
- B. OLA
- C. MOU
- D. BPA
Answer: B
Explanation:
Explanation
OLA is an agreement between the internal support groups of an institution that supports SLA. According to the Operational Level Agreement, each internal support group has certain responsibilities to the other group.
The OLA clearly depicts the performance and relationship of the internal service groups. The main objective of OLA is to ensure that all the support groups provide the intended ServiceLevelAgreement.
NEW QUESTION 47
A deployment manager is working with a software development group to assess the security of a new version of the organization's internally developed ERP tool. The organization prefers to not perform assessment activities following deployment, instead focusing on assessing security throughout the life cycle. Which of the following methods would BEST assess the security of the product?
- A. Penetration testing of the UAT environment
- B. Static code analysis in the IDE environment
- C. Vulnerability scanning of the production environment
- D. Peer review prior to unit testing
- E. Penetration testing of the production environment
Answer: D
Explanation:
Explanation/Reference:
NEW QUESTION 48
A penetration tester is inspecting traffic on a new mobile banking application and sends the following web request:
POST http://www.example.com/resources/NewBankAccount HTTP/1.1
Content-type: application/json
{
"account":
[
{ "creditAccount":"Credit Card Rewards account"}
{ "salesLeadRef":"www.example.com/badcontent/exploitme.exe"}
],
"customer":
[
{ "name":"Joe Citizen"}
{ "custRef":"3153151"}
]
}
The banking website responds with:
HTTP/1.1 200 OK
{
"newAccountDetails":
[
{ "cardNumber":"1234123412341234"}
{ "cardExpiry":"2020-12-31"}
{ "cardCVV":"909"}
],
"marketingCookieTracker":"JSESSIONID=000000001"
"returnCode":"Account added successfully"
}
Which of the following are security weaknesses in this example? (Select TWO).
- A. Vulnerable to XSS
- B. Vulnerable to malware file uploads
- C. Sensitive details communicated in clear-text
- D. Missing input validation on some fields
- E. JSON/REST is not as secure as XML
- F. Vulnerable to SQL injection
Answer: C,D
Explanation:
The SalesLeadRef field has no input validation. The penetration tester should not be able to enter
"www.example.com/badcontent/exploitme.exe" in this field. The credit card numbers are communicated in clear text which makes it vulnerable to an attacker. This kind of information should be encrypted.
NEW QUESTION 49
A user workstation was infected with a new malware variant as a result of a drive-by download. The security administrator reviews key controls on the infected workstation and discovers the following:
Which of the following would BEST prevent the problem from reoccurring in the future?
(Choose two.)
- A. Install EDR
- B. Enable DLP
- C. Improve patch management processes
- D. Enable application blacklisting
- E. Install HIPS
- F. Install HIDS
Answer: B,D
NEW QUESTION 50
Lab Simulation
Compliance with company policy requires a quarterly review of firewall rules. A new administrator is asked to conduct this review on the internal firewall sitting between several Internal networks.
The intent of this firewall is to make traffic more restrictive. Given the following information answer the questions below:
User Subnet: 192.168.1.0/24
Server Subnet: 192.168.2.0/24
Finance Subnet:192.168.3.0/24
Instructions: To perform the necessary tasks, please modify the DST port, Protocol, Action, and/or Rule Order columns. Firewall ACLs are read from the top down Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working. Identify the rule and correct this issue.
Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to allow communications.
Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue.
Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is allowed.

Answer:
Explanation:
Firewall rules should be re-arranged to look like this:
Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working. Identify the rule and correct this issue. The rule shown in the image below is the rule in question. It is not working because the action is set to Deny. This needs to be set to Permit.
Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to allow communications.
The web servers rule is shown in the image below. Port 80 (HTTP) needs to be changed to port
443 for HTTPS (HTTP over SSL).
Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue. The SQL Server rule is shown in the image below. It is not working because the protocol is wrong. It should be TCP, not UDP.
Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is allowed.
The network time rule is shown in the image below.
However, this rule is not being used because the `any' rule shown below allows all traffic and the rule is placed above the network time rule. To block all other traffic, the `any' rule needs to be set to Deny, not Permit and the rule needs to be placed below all the other rules (it needs to be placed at the bottom of the list to the rule is enumerated last).
NEW QUESTION 51
A security auditor needs to review the manner in which an entertainment device operates. The auditor is analyzing the output of a port scanning tool to determine the next steps in the security review. Given the following log output.
The best option for the auditor to use NEXT is:
- A. Network interception.
- B. Reverse engineering
- C. A SCAP assessment.
- D. Fuzzing
Answer: A
NEW QUESTION 52
A security engineer is working on a large software development project. As part of the design of the project, various stakeholder requirements were gathered and decomposed to an implementable and testable level. Various security requirements were also documented.
Organize the following security requirements into the correct hierarchy required for an SRTM.
Requirement 1: The system shall provide confidentiality for data in
transit and data at rest.
Requirement 2: The system shall use SSL, SSH, or SCP for all data
transport.
Requirement 3: The system shall implement a file-level encryption
scheme.
Requirement 4: The system shall provide integrity for all data at rest.
Requirement 5: The system shall perform CRC checks on all files.
- A. Level 1: Requirements 1 and 4; Level 2: Requirements 2, 3, and 5
- B. Level 1: Requirements 1 and 4; Level 2: Requirements 2 and 3 under 1, Requirement 5 under 4
- C. Level 1: Requirements 1 and 4; Level 2: Requirement 2 under 1, Requirement 5 under 4; Level 3:
Requirement 3 under 2 - D. Level 1: Requirements 1, 2, and 3; Level 2: Requirements 4 and 5
Answer: B
Explanation:
Confidentiality and integrity are two of the key facets of data security. Confidentiality ensures that sensitive information is not disclosed to unauthorized users; while integrity ensures that data is not altered by unauthorized users. These are Level 1 requirements.
Confidentiality is enforced through encryption of data at rest, encryption of data in transit, and access control. Encryption of data in transit is accomplished by using secure protocols such as PSec, SSL, PPTP, SSH, and SCP, etc.
Integrity can be enforced through hashing, digital signatures and CRC checks on the files.
In the SRTM hierarchy, the enforcement methods would fall under the Level requirement.
NEW QUESTION 53
The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53?
- A. NMAP
- B. NESSUS
- C. NSLOOKUP
- D. PING
Answer: A
Explanation:
NMAP works as a port scanner and is used to check if the DNS server is listening on port 53.
NEW QUESTION 54
A security engineer is analyzing an application during a security assessment to ensure it is configured to protect against common threats. Given the output below:
Which of the following tools did the security engineer MOST likely use to generate this output?
- A. Fuzzer
- B. Applicationfingerprinter
- C. Vulnerabilityscanner
- D. HTTPinterceptor
Answer: D
NEW QUESTION 55
Drag and drop the cloud deployment model to the associated use-case scenario. Options may be used only once or not at all.
Answer:
Explanation:

NEW QUESTION 56
A security consultant is considering authentication options for a financial institution. The following authentication options are available. Drag and drop the security mechanism to the appropriate use case.
Options may be used once.
Answer:
Explanation:
Explanation
NEW QUESTION 57
The network administrator at an enterprise reported a large data leak. One compromised server was used to aggregate data from several critical application servers and send it out to the Internet using HTTPS. Upon investigation, there have been no user logins over the previous week and the endpoint protection software is not reporting any issues. Which of the following BEST provides insight into where the compromised server collected the information?
- A. Configure the server logs to collect unusual activity including failed logins and restarted services.
- B. Correlate data loss prevention logs for anomalous communications from the server.
- C. Review the flow data against each server's baseline communications profile.
- D. Setup a packet capture on the firewall to collect all of the server communications.
Answer: C
Explanation:
Explanation
Network logging tools such as Syslog, DNS, NetFlow, behavior analytics, IP reputation, honeypots, and DLP solutions provide visibility into the entire infrastructure. This visibility is important because signature-based systems are no longer sufficient for identifying the advanced attacker that relies heavily on custom malware and zero-day exploits. Having knowledge of each host's communications, protocols, and traffic volumes as well as the content of the data in question is key to identifying zero-day and APT (advance persistent threat) malware and agents. Data intelligence allows forensic analysis to identify anomalous or suspicious communications by comparing suspected traffic patterns against normal data communication behavioral baselines. Automated network intelligence and next-generation live forensics provide insight into network events and rely on analytical decisions based on known vs. unknown behavior taking place within a corporate network.
NEW QUESTION 58
A recent assessment identified that several users' mobile devices are running outdated versions of
endpoint security software that do not meet the company's security policy. Which of the following should be
performed to ensure the users can access the network and meet the company's security requirements?
- A. Vulnerability assessment
- B. Patch management
- C. Incident management
- D. Risk assessment
- E. Device quarantine
Answer: B
NEW QUESTION 59
The marketing department has developed a new marketing campaign involving significant social media outreach. The campaign includes allowing employees and customers to submit blog posts and pictures of their day-to-day experiences at the company. The information security manager has been asked to provide an informative letter to all participants regarding the security risks and how to avoid privacy and operational security issues.
Which of the following is the MOST important information to reference in the letter?
- A. Social engineering techniques
- B. Company policies and employee NDAs
- C. After-action reports from prior incidents.
- D. Data classification processes
Answer: B
NEW QUESTION 60
A security controls assessor intends to perform a holistic configuration compliance test of networked assets.
The assessor has been handed a package of definitions provided in XML format, and many of the files have two common tags within them: "<object object_ref=... />" and "<state state_ref=... />". Which of the following tools BEST supports the use of these definitions?
- A. SCAP scanner
- B. Static code analyzer
- C. HTTP interceptor
- D. XML fuzzer
Answer: D
NEW QUESTION 61
An accountant at a small business is trying to understand the value of a server to determine if the business can afford to buy another server for DR. The risk manager only provided the accountant with the SLE of $24,000, ARO of 20% and the exposure factor of 25%. Which of the following is the correct asset value calculated by the accountant?
- A. $4,800
- B. $120,000
- C. $24,000
- D. $96,000
Answer: D
Explanation:
The annualized loss expectancy (ALE) is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as: ALE = ARO x SLE Single Loss Expectancy (SLE) is mathematically expressed as: Asset value (AV) x Exposure Factor (EF) Thus if SLE = $ 24,000 and EF = 25% then the Asset value is SLE/EF = $ 96,000 References:
http://www.financeformulas.net/Return_on_Investment.html
https://en.wikipedia.org/wiki/Risk_assessment
NEW QUESTION 62
A medical device company is implementing a new COTS antivirus solution in its manufacturing plant. All validated machines and instruments must be retested for interoperability with the new software. Which of the following would BEST ensure the software and instruments are working as designed?
- A. Peer review
- B. User acceptance testing
- C. Change control documentation
- D. System design documentation
- E. Static code analysis testing
Answer: D
NEW QUESTION 63
A security administrator is reviewing the following output from an offline password audit:
Which of the following should the systems administrator implement to BEST address this audit finding? (Choose two.)
- A. SHA-256
- B. PBKDF2
- C. Bcrypt
- D. Message authentication
- E. Cryptoprocessor
Answer: B,C
Explanation:
You should never use a hash to store passwords (subject to rainbowtable attacks).
Actually, bcrypt and PBKDF2 are being replaced by other algorithms, but for this question it is the best option.
NEW QUESTION 64
A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs. The program has highlighted the following requirements:
1. Long-lived sessions are required, as users do not log in very often.
2. The solution has multiple SPs, which include mobile and web applications.
3. A centralized IdP is utilized for all customer digital channels.
4. The applications provide different functionality types such as forums and customer portals.
5. The user experience needs to be the same across both mobile and web-based applications.
Which of the following would BEST improve security while meeting these requirements?
- A. Social login to IdP, securely store the session cookies, and implement one-time passwords sent to the mobile device
- B. Username and password authentication to SP, securely store Java web tokens, and implement SMS OTPs.
- C. Username and password authentication to IdP, securely store refresh tokens, and implement context- aware authentication.
- D. Create-based authentication to IdP, securely store access tokens, and implement secure push notifications.
Answer: D
NEW QUESTION 65
......
What is the duration of the CAS-003 Exam
- Number of Questions: 90
- Format: Multiple choices, multiple answers
- Length of Examination: 165 minutes
Latest 100% Passing Guarantee - Brilliant CAS-003 Exam Questions PDF: https://www.fast2test.com/CAS-003-premium-file.html