comptia cas-003 practice test
CompTIA Advanced Security Practitioner (CASP) CAS-003
Question 1
A security engineer is assessing the controls that are in place to secure the corporate-Internet-facing DNS server. The
engineer notices that security ACLs exist but are not being used properly. The DNS server should respond to any source but
only provide information about domains it has authority over. Additionally, the DNS administrator have identified some
problematic IP addresses that should not be able to make DNS requests. Given the ACLs below:
Which of the following should the security administrator configure to meet the DNS security needs?
- A. Option A
- B. Option B
- C. Option C
- D. Option D
Answer:
D
Question 2
Ann, a corporate executive, has been the recent target of increasing attempts to obtain corporate secrets by competitors
through advanced, well-funded means. Ann frequently leaves her laptop unattended and physically unsecure in hotel rooms
during travel. A security engineer must find a practical solution for Ann that minimizes the need for user training. Which of the
following is the BEST solution in this scenario?
- A. Full disk encryption
- B. Biometric authentication
- C. An eFuse-based solution
- D. Two-factor authentication
Answer:
A
Question 3
Legal counsel has notified the information security manager of a legal matter that will require the preservation of electronic
records for 2000 sales force employees. Source records will be email, PC, network shares, and applications.
After all restrictions have been lifted, which of the following should the information manager review?
- A. Data retention policy
- B. Legal hold
- C. Chain of custody
- D. Scope statement
Answer:
A
Question 4
An organizations Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The
CFO has subsequently worked closely with the Chief Information Security Officer (CISO) to increase awareness of what
attacks may look like. An unexpected email arrives in the CFOs inbox from a familiar name with an attachment. Which of the
following should the CISO task a security analyst with to determine whether or not the attachment is safe?
- A. Place it in a malware sandbox.
- B. Perform a code review of the attachment.
- C. Conduct a memory dump of the CFO’s PC.
- D. Run a vulnerability scan on the email server.
Answer:
A
Question 5
A company has decided to replace all the T-1 uplinks at each regional office and move away from using the existing MPLS
network. All regional sites will use high-speed connections and VPNs to connect back to the main campus. Which of the
following devices would MOST likely be added at each location?
- A. SIEM
- B. IDS/IPS
- C. Proxy server
- D. Firewall
- E. Router
Answer:
D
Question 6
A firewall specialist has been newly assigned to participate in red team exercises and needs to ensure the skills represent
real-world threats.
Which of the following would be the BEST choice to help the new team member learn bleeding-edge techniques?
- A. Attend hacking conventions.
- B. Research methods while using Tor.
- C. Interview current red team members.
- D. Attend web-based training.
Answer:
A
Question 7
An engineer is assisting with the design of a new virtualized environment that will house critical company services and
reduce the datacenters physical footprint. The company has expressed concern about the integrity of operating systems and
wants to ensure a vulnerability exploited in one datacenter segment would not lead to the compromise of all others. Which of
the following design objectives should the engineer complete to BEST mitigate the companys concerns? (Choose two.)
- A. Deploy virtual desktop infrastructure with an OOB management network
- B. Employ the use of vTPM with boot attestation
- C. Leverage separate physical hardware for sensitive services and data
- D. Use a community CSP with independently managed security services
- E. Deploy to a private cloud with hosted hypervisors on each physical machine
Answer:
A C
Question 8
Ann, a member of the finance department at a large corporation, has submitted a suspicious email she received to the
information security team. The team was not expecting an email from Ann, and it contains a PDF file inside a ZIP
compressed archive. The information security team is not sure which files were opened. A security team member uses an
air-gapped PC to open the ZIP and PDF, and it appears to be a social engineering attempt to deliver an exploit.
Which of the following would provide greater insight on the potential impact of this attempted attack?
- A. Run an antivirus scan on the finance PC.
- B. Use a protocol analyzer on the air-gapped PC.
- C. Perform reverse engineering on the document.
- D. Analyze network logs for unusual traffic.
- E. Run a baseline analyzer against the user’s computer.
Answer:
C
Question 9
An application developer has been informed of a web application that is susceptible to a clickjacking vulnerability. Which of
the following code snippets would be MOST applicable to resolve this vulnerability?
- A. Option A
- B. Option B
- C. Option C
- D. Option D
Answer:
A
Explanation:
Content-Security-Policy: frame-ancestors 'none';
This prevents any domain from framing the content. This setting is recommended unless a specific need has been identified
for framing.
Reference: https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html
Question 10
A software development manager is running a project using agile development methods. The company cybersecurity
engineer has noticed a high number of vulnerabilities have been making it into production code on the project.
Which of the following methods could be used in addition to an integrated development environment to reduce the severity of
the issue?
- A. Conduct a penetration test on each function as it is developed
- B. Develop a set of basic checks for common coding errors
- C. Adopt a waterfall method of software development
- D. Implement unit tests that incorporate static code analyzers
Answer:
D
Question 11
An analyst is investigating anomalous behavior on a corporate-owned, corporate-managed mobile device with application
whitelisting enabled, based on a name string. The employee to whom the device is assigned reports the approved email
client is displaying warning messages that can launch browser windows and is adding unrecognized email addresses to the
compose window.
Which of the following would provide the analyst the BEST chance of understanding and characterizing the malicious
behavior?
- A. Reverse engineer the application binary.
- B. Perform static code analysis on the source code.
- C. Analyze the device firmware via the JTAG interface.
- D. Change to a whitelist that uses cryptographic hashing.
- E. Penetration test the mobile application.
Answer:
A
Question 12
Following a complete outage of the electronic medical record system for more than 18 hours, the hospitals Chief Executive
Officer (CEO) has requested that the Chief Information Security Officer (CISO) perform an investigation into the possibility of
a disgruntled employee causing the outage maliciously. To begin the investigation, the CISO pulls all event logs and device
configurations from the time of the outage. The CISO immediately notices the configuration of a top-of-rack switch from one
day prior to the outage does not match the configuration that was in place at the time of the outage. However, none of the
event logs show who changed the switch configuration, and seven people have the ability to change it. Because of this, the
investigation is inconclusive.
Which of the following processes should be implemented to ensure this information is available for future investigations?
- A. Asset inventory management
- B. Incident response plan
- C. Test and evaluation
- D. Configuration and change management
Answer:
D
Question 13
Users have reported that an internally developed web application is acting erratically, and the response output is
inconsistent. The issue began after a web application dependency patch was applied to improve security. Which of the
following would be the MOST appropriate tool to help identify the issue?
- A. Fuzzer
- B. SCAP scanner
- C. Vulnerability scanner
- D. HTTP interceptor
Answer:
D
Question 14
A systems administrator recently conducted a vulnerability scan of the intranet. Subsequently, the organization was
successfully attacked by an adversary. Which of the following is the MOST likely explanation for why the organizations
network was compromised?
- A. There was a false positive since the network was fully patched
- B. The systems administrator did not perform a full system scan
- C. The systems administrator performed a credentialed scan
- D. The vulnerability database was not updated
Answer:
C
Question 15
An organization enables BYOD but wants to allow users to access the corporate email, calendar, and contacts from their
devices. The data associated with the users accounts is sensitive, and therefore, the organization wants to comply with the
following requirements:
Active full-device encryption
Enabled remote-device wipe
Blocking unsigned applications
Containerization of email, calendar, and contacts
Which of the following technical controls would BEST protect the data from attack or loss and meet the above requirements?
- A. Require frequent password changes and disable NFC.
- B. Enforce device encryption and activate MAM.
- C. Install a mobile antivirus application.
- D. Configure and monitor devices with an MDM.
Answer:
D