Free CompTIA CAS-003 Exam Dumps and CAS-003 Exam Questions

Question No: 1

MultipleChoice

A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior. The company must deploy a host solution to meet the following requirements:

* Detect administrative actions

* Block unwanted MD5 hashes

* Provide alerts

* Stop exfiltration of cardholder data

Which of the following solutions would BEST meet these requirements? (Choose two.)

Options

AAV

BEDR

CHIDS

DDLP

EHIPS

FEFS

Question No: 2

MultipleChoice

A security analyst is classifying data based on input from data owners and other stakeholders. The analyst has identified three data types:

* Financially sensitive data

* Project data

* Sensitive project data

The analyst proposes that the data be protected in two major groups, with further access control separating the financially sensitive data from the sensitive project data. The normal project data will be stored in a separate, less secure location. Some stakeholders are concerned about the recommended approach and insist that commingling data from different sensitive projects would leave them vulnerable to industrial espionage.

Which of the following is the BEST course of action for the analyst to recommend?

Options

AConduct a quantitative evaluation of the risks associated with commingling the data and reject or accept the concerns raised by the stakeholders.

BMeet with the affected stakeholders and determine which security controls would be sufficient to address the newly raised risks.

CUse qualitative methods to determine aggregate risk scores for each project and use the derived scores to more finely segregate the data.

DIncrease the number of available data storage devices to provide enough capacity for physical separation of non-sensitive project data.

Question No: 3

MultipleChoice

Following a recent outage, a systems administrator is conducting a study to determine a suitable bench stock on server hard drives.

Which of the following metrics is MOST valuable to the administrator in determining how many hard drives to keep-on hand?

Options

ATTR

BALE

CMTBF

DSLE

ERPO

Question No: 4

MultipleChoice

A school contracts with a vendor to devise a solution that will enable the school library to lend out tablet computers to students while on site. The tablets must adhere to string security and privacy practices. The school's key requirements are to:

* Maintain privacy of students in case of loss

* Have a theft detection control in place

* Be compliant with defined disability requirements

* Have a four-hour minimum battery life

Which of the following should be configured to BEST meet the requirements? (Choose two.)

Options

ARemote wiping

BGeofencing

CAntivirus software

DTPM

EFDE

FTokenization

Question No: 5

MultipleChoice

A system administrator recently conducted a vulnerability scan of the internet. Subsequently, the organization was successfully attacked by an adversary. Which of the following in the MOST likely explanation for why the organization network was compromised?

Options

AThere was a false positive since the network was fully patched.

BThe system administrator did not perform a full system sun.

CThe systems administrator performed a credentialed scan.

DThe vulnerability database was not updated.

Question No: 6

MultipleChoice

An information security officer reviews a report and notices a steady increase in outbound network traffic over the past ten months. There is no clear explanation for the increase The security officer interviews several business units and discovers an unsanctioned cloud storage provider was used to share marketing materials with potential customers. Which of the following services would be BEST for the security officer to recommend to the company?

Options

ANIDS

BHIPS

CCASB

DSFTP

Question No: 7

MultipleChoice

An organization's network security administrator has been using an SSH connection to manage switches and routers for several years. After attempting to connect to a router, an alert appears on the terminal emulation software, warning that the SSH key has changed.

After confirming the administrator is using the typical workstation and the router has not been replaced, which of the following are the MOST likely explanations for the warning message? (Choose two.).

Options

AThe SSH keys were given to another department.

BA MITM attack is being performed by an APT.

CThe terminal emulator does not support SHA-256.

DAn incorrect username or password was entered.

EA key rotation has occurred as a result of an incident.

FThe workstation is not syncing with the correct NTP server.

Question No: 8

MultipleChoice

An customers that their IP netblocks are on blacklists and they cannot send email. The SaaS has confirmed that affected customers typically have IP addresses within broader network ranges and some abusive customers within the same IP ranges may have performed spam campaigns. Which of the following actions should the SaaS provider perform to minimize legitimate customer impact?

Options

AInform the customer that the service provider does not have any control over third-party blacklist entries. The customer should reach out to the blacklist operator directly

BPerform a takedown of any customer accounts that have entries on email blacklists because this is a strong indicator of hostile behavior

CWork with the legal department and threaten legal action against the blacklist operator if the netblocks are not removed because this is affecting legitimate traffic

DEstablish relationship with a blacklist operators so broad entries can be replaced with more granular entries and incorrect entries can be quickly pruned

Question No: 9

MultipleChoice

A company has deployed MFA Some employees, however, report they ate not gelling a notification on their mobile device Other employees report they downloaded a common authenticates application but when they tap the code in the application it just copies the code to memory instead of confirming the authentication attempt Which of the following are the MOST likely explanations for these scenarios? (Select TWO)

Options

AThe company is using a claims-based authentication system for MFA

BThese are symptoms of known compatibility issues with OAuth 1 0

COpenID Connect requires at least one factor to be a biometric

DThe company does not allow an SMS authentication method

EThe WAYF method requires a third factor before the authentication process can complete

FA vendor-specific authenticator application is needed for push notifications