Download CompTIA Advanced Security Practitioner (CASP).CAS-003.ActualTests.2018-09-12.42q.vcex

Vendor: CompTIA
Exam Code: CAS-003
Exam Name: CompTIA Advanced Security Practitioner (CASP)
Date: Sep 12, 2018
File Size: 913 KB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: TAURUSSIM_20OFF

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
An SQL database is no longer accessible online due to a recent security breach. An investigation reveals that unauthorized access to the database was possible due to an SQL injection vulnerability. To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two.) 
  1. Secure storage policies
  2. Browser security updates
  3. Input validation
  4. Web application firewall
  5. Secure coding standards
  6. Database activity monitoring
Correct answer: CF
Question 2
A company has entered into a business agreement with a business partner for managed human resources services. The Chief Information Security Officer (CISO) has been asked to provide documentation that is required to set up a business-to-business VPN between the two organizations. Which of the following is required in this scenario?
  1. ISA
  2. BIA
  3. SLA
  4. RA
Correct answer: C
Question 3
A penetration tester has been contracted to conduct a physical assessment of a site. Which of the following is the MOST plausible method of social engineering to be conducted during this engagement?
  1. Randomly calling customer employees and posing as a help desk technician requiring user password to resolve issues
  2. Posing as a copier service technician and indicating the equipment had “phoned home” to alert the technician for a service call
  3. Simulating an illness while at a client location for a sales call and then recovering once listening devices are installed
  4. Obtaining fake government credentials and impersonating law enforcement to gain access to a company facility
Correct answer: A
Question 4
A security engineer is designing a system in which offshore, outsourced staff can push code from the development environment to the production environment securely. The security engineer is concerned with data loss, while the business does not want to slow down its development process. Which of the following solutions BEST balances security requirements with business need?
  1. Set up a VDI environment that prevents copying and pasting to the local workstations of outsourced staff members
  2. Install a client-side VPN on the staff laptops and limit access to the development network
  3. Create an IPSec VPN tunnel from the development network to the office of the outsourced staff
  4. Use online collaboration tools to initiate workstation-sharing sessions with local staff who have access to the development network
Correct answer: D
Question 5
A systems security engineer is assisting an organization’s market survey team in reviewing requirements for an upcoming acquisition of mobile devices. The engineer expresses concerns to the survey team about a particular class of devices that uses a separate SoC for baseband radio I/O. For which of the following reasons is the engineer concerned?
  1. These devices can communicate over networks older than HSPA+ and LTE standards, exposing device communications to poor encryptions routines
  2. The organization will be unable to restrict the use of NFC, electromagnetic induction, and Bluetooth technologies
  3. The associated firmware is more likely to remain out of date and potentially vulnerable
  4. The manufacturers of the baseband radios are unable to enforce mandatory access controls within their driver set
Correct answer: B
Question 6
During a security assessment, an organization is advised of inadequate control over network segmentation. The assessor explains that the organization’s reliance on VLANs to segment traffic is insufficient to provide segmentation based on regulatory standards. Which of the following should the organization consider implementing along with VLANs to provide a greater level of segmentation?
  1. Air gaps
  2. Access control lists
  3. Spanning tree protocol
  4. Network virtualization
  5. Elastic load balancing
Correct answer: D
Question 7
A security administrator was informed that a server unexpectedly rebooted. The administrator received an export of syslog entries for analysis:
  
Which of the following does the log sample indicate? (Choose two.) 
  1. A root user performed an injection attack via kernel module
  2. Encrypted payroll data was successfully decrypted by the attacker
  3. Jsmith successfully used a privilege escalation attack
  4. Payroll data was exfiltrated to an attacker-controlled host
  5. Buffer overflow in memory paging caused a kernel panic
  6. Syslog entries were lost due to the host being rebooted
Correct answer: CE
Question 8
An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions. Which of the following types of information could be drawn from such participation?
  1. Threat modeling
  2. Risk assessment
  3. Vulnerability data
  4. Threat intelligence
  5. Risk metrics
  6. Exploit frameworks
Correct answer: F
Question 9
A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security. The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises. Which of the following should the consultant recommend be performed to evaluate potential risks? 
  1. The consultant should attempt to gain access to physical offices through social engineering and then attempt data exfiltration
  2. The consultant should be granted access to all physical access control systems to review logs and evaluate the likelihood of the threat
  3. The company should conduct internal audits of access logs and employee social media feeds to identify potential insider threats
  4. The company should install a temporary CCTV system to detect unauthorized access to physical offices
Correct answer: A
Question 10
A server (10.0.0.2) on the corporate network is experiencing a DoS from a number of marketing desktops that have been compromised and are connected to a separate network segment. The security engineer implements the following configuration on the management router:
  
Which of the following is the engineer implementing?
  1. Remotely triggered black hole
  2. Route protection
  3. Port security
  4. Transport security
  5. Address space layout randomization
Correct answer: B
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!