Free CAS-003 Sample Questions — CompTIA Advanced Security Practitioner (CASP) CAS-003

An organization is evaluating options related to moving organizational assets to a cloud-based environment using an IaaS provider. One engineer has suggested connecting a second cloud environment within the organization's existing facilities to capitalize on available datacenter space and resources. Other project team members are concerned about such a commitment of organizational assets, and ask the Chief Security Officer (CSO) for input. The CSO explains that the project team should work with the engineer to evaluate the risks associated with using the datacenter to implement:

• A. a hybrid cloud
• B. an on-premises private cloud
• C. a hosted hybrid cloud
• D. a private cloud

A security administrator is advocating for enforcement of a new policy that would require employers with privileged access accounts to undergo periodic inspections and review of certain job performance data. To which of the following policies is the security administrator MOST likely referring?

• A. Background investigation
• B. Mandatory vacation
• C. Least privilege
• D. Separation of duties

A threat advisory alert was just emailed to the IT security staff. The alert references specific types of host operating systems that can allow an unauthorized person to access files on a system remotely. A fix was recently published, but it requires a recent endpoint protection engine to be installed prior to running the fix. Which of the following MOST likely need to be configured to ensure the system are mitigated accordingly? (Choose two.)

• A. Antivirus
• B. HIPS
• C. Application whitelisting
• D. Patch management
• E. Group policy implementation
• F. Firmware updates

A security consultant was hired to audit a company's password are account policy. The company implements the following controls: ✑ Minimum password length: 16 ✑ Maximum password age: 0 ✑ Minimum password age: 0 ✑ Password complexity: disabled ✑ Store passwords in plain text: disabled ✑ Failed attempts lockout: 3 ✑ Lockout timeout: 1 hour The password database uses salted hashes and PBKDF2. Which of the following is MOST likely to yield the greatest number of plain text passwords in the shortest amount of time?

• A. Offline hybrid dictionary attack
• B. Offline brute-force attack
• C. Online hybrid dictionary password spraying attack
• D. Rainbow table attack
• E. Online brute-force attack
• F. Pass-the-hash attack

A recent penetration test identified that a web server has a major vulnerability. The web server hosts a critical shipping application for the company and requires 99.99% availability. Attempts to fix the vulnerability would likely break the application. The shipping application is due to be replaced in the next three months. Which of the following would BEST secure the web server until the replacement web server is ready?

• A. Patch management
• B. Antivirus
• C. Application firewall
• D. Spam filters
• E. HIDS

A security engineer is investigating a compromise that occurred between two internal computers. The engineer has determined during the investigation that one computer infected another. While reviewing the IDS logs, the engineer can view the outbound callback traffic, but sees no traffic between the two computers. Which of the following would BEST address the IDS visibility gap?

• A. Install network taps at the edge of the network
• B. Send syslog from the IDS into the SIEM
• C. Install HIDS on each computer
• D. SPAN traffic form the network core into the IDS

A security analyst is attempting to break into a client's secure network. The analyst was not given prior information about the client, except for a block of public IP addresses that are currently in use. After network enumeration, the analyst's NEXT step is to perform:

• A. a gray-box penetration test
• B. a risk analysis
• C. a vulnerability assessment
• D. an external security audit
• E. a red team exercise

The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would BEST to improve the incident response process?

• A. Updating the playbook with better decision points
• B. Dividing the network into trusted and untrusted zones
• C. Providing additional end-user training on acceptable use
• D. Implementing manual quarantining of infected hosts

An organization wants to arm its cybersecurity defensive suite automatically with intelligence on zero-day threats shortly after they emerge. Acquiring tools and services that support which of the following data standards would BEST enable the organization to meet this objective?

• A. XCCDF
• B. OVAL
• C. STIX
• D. CWE
• E. CVE

A security controls assessor intends to perform a holistic configuration compliance test of networked assets. The assessor has been handed a package of definitions provided in XML format, and many of the files have two common tags within them: `<object object_ref=`¦ />` and `<state state_ref=`¦ / >`. Which of the following tools BEST supports the use of these definitions?

• A. HTTP interceptor
• B. Static code analyzer
• C. SCAP scanner
• D. XML fuzzer

A government contracting company issues smartphones to employees to enable access to corporate resources. Several employees will need to travel to a foreign country for business purposes and will require access to their phones. However, the company recently received intelligence that its intellectual property is highly desired by the same country's government. Which of the following MDM configurations would BEST reduce the risk of compromise while on foreign soil?

• A. Disable firmware OTA updates
• B. Disable location services
• C. Disable push notification services
• D. Disable wipe

A business is growing and starting to branch out into other locations. In anticipation of opening an office in a different country, the Chief Information Security Officer (CISO) and legal team agree they need to meet the following criteria regarding data to open the new office: ✑ Store taxation-related documents for five years ✑ Store customer addresses in an encrypted format ✑ Destroy customer information after one year ✑ Keep data only in the customer's home country Which of the following should the CISO implement to BEST meet these requirements? (Choose three.)

• A. Capacity planning policy
• B. Data retention policy
• C. Data classification standard
• D. Legal compliance policy
• E. Data sovereignty policy
• F. Backup policy
• G. Acceptable use policy
• H. Encryption standard

The Chief Executive Officers (CEOs) from two different companies are discussing the highly sensitive prospect of merging their respective companies together. Both have invited their Chief Information Officers (CIOs) to discern how they can securely and digitally communicate, and the following criteria are collectively determined: ✑ Must be encrypted on the email servers and clients ✑ Must be OK to transmit over unsecure Internet connections Which of the following communication methods would be BEST to recommend?

• A. Force TLS between domains
• B. Enable STARTTLS on both domains
• C. Use PGP-encrypted emails
• D. Switch both domains to utilize DNSSEC

A security engineer discovers a PC may have been breached and accessed by an outside agent. The engineer wants to find out how this breach occurred before remediating the damage. Which of the following should the security engineer do FIRST to begin this investigation?

• A. Create an image of the hard drive
• B. Capture the incoming and outgoing network traffic
• C. Dump the contents of the RAM
• D. Parse the PC logs for information on the attacker

Following the most recent patch deployment, a security engineer receives reports that the ERP application is no longer accessible. The security engineer reviews the situation and determines a critical security patch that was applied to the ERP server is the cause. The patch is subsequently backed out. Which of the following security controls would be BEST to implement to mitigate the threat caused by the missing patch?

• A. Anti-malware
• B. Patch testing
• C. HIPS
• D. Vulnerability scanner

During the deployment of a new system, the implementation team determines that APIs used to integrate the new system with a legacy system are not functioning properly. Further investigation shows there is a misconfigured encryption algorithm used to secure data transfers between systems. Which of the following should the project manager use to determine the source of the defined algorithm in use?

• A. Code repositories
• B. Security requirements traceability matrix
• C. Software development lifecycle
• D. Roles matrix
• E. Implementation guide

A company wants to confirm sufficient executable space protection is in place for scenarios in which malware may be attempting buffer overflow attacks. Which of the following should the security engineer check?

• A. NX/XN
• B. ASLR
• C. strcpy
• D. ECC

A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence. The firm's systems are running modern operating systems and feature UEFI and TPMs. Which of the following technical options would provide the MOST preventive value?

• A. Update and deploy GPOs
• B. Configure and use measured boot
• C. Strengthen the password complexity requirements
• D. Update the antivirus software and definitions

An international e-commerce company has identified attack traffic originating from a whitelisted third party's IP address used to mask the third party's internal network. The security team needs to block the attack traffic without impacting the vendor's services. Which of the following is the BEST approach to identify the threat?

• A. Ask the third-party vendor to block the attack traffic
• B. Configure the third party's proxy to begin sending X-Forwarded-For headers
• C. Configure the e-commerce company's IPS to inspect HTTP traffic
• D. Perform a vulnerability scan against the network perimeter and remediate any issues identified

An employee decides to log into an authorized system. The system does not prompt the employee for authentication prior to granting access to the console, and it cannot authenticate the network resources. Which of the following attack types can this lead to if it is not mitigated?

• A. Memory leak
• B. Race condition
• C. Smurf
• D. Deadlock