CompTIA Advanced Security Practitioner (CASP) CAS-003 v1.0 (CAS-003)

Page:    1 / 32   
Total 488 questions

A company is developing requirements for a customized OS build that will be used in an embedded environment. The company procured hardware that is capable of reducing the likelihood of successful buffer overruns while executables are processing. Which of the following capabilities must be included for the OS to take advantage of this critical hardware-based countermeasure?

  • A. Application whitelisting
  • B. NX/XN bit
  • C. ASLR
  • D. TrustZone
  • E. SCP

Answer : B

A software development team has spent the last 18 months developing a new web-based front-end that will allow clients to check the status of their orders as they proceed through manufacturing. The marketing team schedules a launch party to present the new application to the client base in two weeks. Before the launch, the security team discovers numerous flaws that may introduce dangerous vulnerabilities, allowing direct access to a database used by manufacturing. The development team did not plan to remediate these vulnerabilities during development. Which of the following SDLC best practices should the development team have followed?

  • A. Implementing regression testing
  • B. Completing user acceptance testing
  • C. Verifying system design documentation
  • D. Using a SRTM

Answer : D

An engineer maintains a corporate-owned mobility infrastructure, and the organization requires that all web browsing using corporate-owned resources be monitored. Which of the following would allow the organization to meet its requirement? (Choose two.)

  • A. Exempt mobile devices from the requirement, as this will lead to privacy violations
  • B. Configure the devices to use an always-on IPSec VPN
  • C. Configure all management traffic to be tunneled into the enterprise via TLS
  • D. Implement a VDI solution and deploy supporting client apps to devices
  • E. Restrict application permissions to establish only HTTPS connections outside of the enterprise boundary

Answer : BE

After multiple service interruptions caused by an older datacenter design, a company decided to migrate away from its datacenter. The company has successfully completed the migration of all datacenter servers and services to a cloud provider. The migration project includes the following phases:
✑ Selection of a cloud provider
✑ Architectural design
✑ Microservice segmentation
✑ Virtual private cloud
✑ Geographic service redundancy
✑ Service migration
The Chief Information Security Officer (CISO) is still concerned with the availability requirements of critical company applications. Which of the following should the company implement NEXT?

  • A. Multicloud solution
  • B. Single-tenancy private cloud
  • C. Hybrid cloud solution
  • D. Cloud access security broker

Answer : D

A security controls assessor intends to perform a holistic configuration compliance test of networked assets. The assessor has been handed a package of definitions provided in XML format, and many of the files have two common tags within them: ג€<object object_ref=ג€¦ />ג€ and ג€<state state_ref=ג€¦ /
>ג€. Which of the following tools BEST supports the use of these definitions?

  • A. HTTP interceptor
  • B. Static code analyzer
  • C. SCAP scanner
  • D. XML fuzzer

Answer : D

Legal authorities notify a company that its network has been compromised for the second time in two years. The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks. Which of the following would have allowed the security team to use historical information to protect against the second attack?

  • A. Key risk indicators
  • B. Lessons learned
  • C. Recovery point objectives
  • D. Tabletop exercise

Answer : B

A web developer has implemented HTML5 optimizations into a legacy web application. One of the modifications the web developer made was the following client side optimization: localStorage.setItem(ג€session-cookieג€, document.cookie);
Which of the following should the security engineer recommend?

  • A. SessionStorage should be used so authorized cookies expire after the session ends
  • B. Cookies should be marked as ג€secureג€ and ג€HttpOnlyג€
  • C. Cookies should be scoped to a relevant domain/path
  • D. Client-side cookies should be replaced by server-side mechanisms

Answer : C

A hospitalג€™s security team recently determined its network was breached and patient data was accessed by an external entity. The Chief Information Security
Officer (CISO) of the hospital approaches the executive management team with this information, reports the vulnerability that led to the breach has already been remediated, and explains the team is continuing to follow the appropriate incident response plan. The executive team is concerned about the hospitalג€™s brand reputation and asks the CISO when the incident should be disclosed to the affected patients. Which of the following is the MOST appropriate response?

  • A. When it is mandated by their legal and regulatory requirements
  • B. As soon as possible in the interest of the patients
  • C. As soon as the public relations department is ready to be interviewed
  • D. When all steps related to the incident response plan are completed
  • E. Upon the approval of the Chief Executive Officer (CEO) to release information to the public

Answer : A

A deployment manager is working with a software development group to assess the security of a new version of the organizationג€™s internally developed ERP tool.
The organization prefers to not perform assessment activities following deployment, instead focusing on assessing security throughout the life cycle. Which of the following methods would BEST assess the security of the product?

  • A. Static code analysis in the IDE environment
  • B. Penetration testing of the UAT environment
  • C. Vulnerability scanning of the production environment
  • D. Penetration testing of the production environment
  • E. Peer review prior to unit testing

Answer : C

During a security event investigation, a junior analyst fails to create an image of a serverג€™s hard drive before removing the drive and sending it to the forensics analyst. Later, the evidence from the analysis is not usable in the prosecution of the attackers due to the uncertainty of tampering. Which of the following should the junior analyst have followed?

  • A. Continuity of operations
  • B. Chain of custody
  • C. Order of volatility
  • D. Data recovery

Answer : C


A team is at the beginning stages of designing a new enterprise-wide application. The new application will have a large database and require a capital investment in hardware. The Chief Information Officer (׀¡IO) has directed the team to save money and reduce the reliance on the datacenter, and the vendor must specialize in hosting large databases in the cloud. Which of the following cloud-hosting options would BEST meet these needs?

  • A. Multi-tenancy SaaS
  • B. Hybrid IaaS
  • C. Single-tenancy PaaS
  • D. Community IaaS

Answer : C

A company wants to extend its help desk availability beyond business hours. The Chief Information Officer (CIO) decides to augment the help desk with a third- party service that will answer calls and provide Tier 1 problem resolution, such as password resets and remote assistance. The security administrator implements the following firewall change:

The administrator provides the appropriate path and credentials to the third-party company. Which of the following technologies is MOST likely being used to provide access to the third company?

  • A. LDAP
  • B. WAYF
  • C. OpenID
  • E. SAML

Answer : D

An architect was recently hired by a power utility to increase the security posture of the companyג€™s power generation and distribution sites. Upon review, the architect identifies legacy hardware with highly vulnerable and unsupported software driving critical operations. These systems must exchange data with each other, be highly synchronized, and pull from the Internet time sources. Which of the following architectural decisions would BEST reduce the likelihood of a successful attack without harming operational capability? (Choose two.)

  • A. Isolate the systems on their own network
  • B. Install a firewall and IDS between systems and the LAN
  • C. Employ own stratum-0 and stratum-1 NTP servers
  • D. Upgrade the software on critical systems
  • E. Configure the systems to use government-hosted NTP servers

Answer : BE

A business is growing and starting to branch out into other locations. In anticipation of opening an office in a different country, the Chief Information Security
Officer (CISO) and legal team agree they need to meet the following criteria regarding data to open the new office:
✑ Store taxation-related documents for five years
✑ Store customer addresses in an encrypted format
✑ Destroy customer information after one year
✑ Keep data only in the customerג€™s home country
Which of the following should the CISO implement to BEST meet these requirements? (Choose three.)

  • A. Capacity planning policy
  • B. Data retention policy
  • C. Data classification standard
  • D. Legal compliance policy
  • E. Data sovereignty policy
  • F. Backup policy
  • G. Acceptable use policy
  • H. Encryption standard

Answer : BEH

A company contracts a security engineer to perform a penetration test of its client-facing web portal. Which of the following activities would be MOST appropriate?

  • A. Use a protocol analyzer against the site to see if data input can be replayed from the browser
  • B. Scan the website through an interception proxy and identify areas for the code injection
  • C. Scan the site with a port scanner to identify vulnerable services running on the web server
  • D. Use network enumeration tools to identify if the server is running behind a load balancer

Answer : C

Page:    1 / 32   
Total 488 questions