Get CAS-003 Exam Dumps - CompTIA CAS-003 PDF
                      
 
 
 
Comp tia
 
CAS-00 3
CompTIA Advanced S ecurity Practitioner
 
 
https://www.realexamcollection.com/comptia/cas-003-dumps.html
 
 
 
 
Question: 1 
   
 An organization is improving its web services to enable better customer engagement and self-service. 
The organization has a native mobile application and a rewards portal provided by a third party. The 
business wants to provide customers with the ability to log in once and have SSO between each of the 
applications. The integrity of the identity is important so it can be propagated through to back-end 
systems to maintain a consistent audit trail. Which of the following authentication and authorization 
types BEST meet the requirements? (Choose two.) 
 
A. SAML 
B. Social login 
C. OpenID connect 
D. XACML 
E. SPML 
F. OAuth 
 
Answer: B,C         
 
Question: 2 
   
After the departure of a developer under unpleasant circumstances, the company is concerned about 
the security of the software to which the developer has access. Which of the following is the BEST way 
to ensure security of the code following the incident? 
 
A. Hire an external red tem to conduct black box testing 
B. Conduct a peer review and cross reference the SRTM 
C. Perform white-box testing on all impacted finished products 
D. Perform regression testing and search for suspicious code 
 
Answer: A     
 
Question: 3 
   
A software company is releasing a new mobile application to a broad set of external customers. Because 
the software company is rapidly releasing new features, it has built in an over-the-air software update 
process that can automatically update the application at launch time. Which of the following security 
controls should be recommended by the company’s security architect to protect the integrity of the 
update process? (Choose two.) 
 
A. Validate cryptographic signatures applied to software updates 
B. Perform certificate pinning of the associated code signing key 
C. Require HTTPS connections for downloads of software updates 
 
D. Ensure there are multiple download mirrors for availability 
E. Enforce a click-through process with user opt-in for new features 
 
Answer: A,B     
 
Question: 4 
   
A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants 
to gather requirements to determine the appropriate RTO and RPO for the organization’s ERP. Which of 
the following should the CISO interview as MOST qualified to provide RTO/RPO metrics? 
 
A. Data custodian 
B. Data owner 
C. Security analyst 
D. Business unit director 
E. Chief Executive Officer (CEO) 
 
Answer: D     
 
Question: 5 
   
A Chief Information Security Officer (CISO) requests the following external hosted services be scanned 
for malware, unsecured PII, and healthcare data: 
Corporate intranet site  
Online storage application  
Email and collaboration suite  
Security policy also is updated to allow the security team to scan and detect any bulk downloads of 
corporate data from the company’s intranet and online storage site. Which of the following is needed to 
comply with the corporate security policy and the CISO’s request? 
 
A. Port scanner 
B. CASB 
C. DLP agent 
D. Application sandbox 
E. SCAP scanner 
 
Answer: B     
 
Question: 6 
   
 
Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue. The 
security team needs to find a technical control mechanism that will meet the following requirements 
and aid in preventing these outbreaks: 
Stop malicious software that does not match a signature  
Report on instances of suspicious behavior  
Protect from previously unknown threats  
Augment existing security capabilities  
Which of the following tools would BEST meet these requirements? 
 
A. Host-based firewall 
B. EDR 
C. HIPS 
D. Patch management 
 
Answer: C     
 
Question: 7 
   
A company that has been breached multiple times is looking to protect cardholder data. The previous 
undetected attacks all mimicked normal administrative-type behavior. The company must deploy a host 
solution to meet the following requirements: 
Detect administrative actions  
Block unwanted MD5 hashes  
Provide alerts  
Stop exfiltration of cardholder data  
Which of the following solutions would BEST meet these requirements? (Choose two.) 
 
A. AV 
B. EDR 
C. HIDS 
D. DLP 
E. HIPS 
F. EFS 
 
Answer: B,E     
 
Question: 8 
   
A security engineer is employed by a hospital that was recently purchased by a corporation. Throughout 
the acquisition process, all data on the virtualized file servers must be shared by departments within 
both organizations. The security engineer considers data ownership to determine: 
 
A. the amount of data to be moved. 
B. the frequency of data backups. 
 
C. which users will have access to which data 
D. when the file server will be decommissioned 
 
Answer: C     
 
Question: 9 
   
A security analyst is reviewing the following packet capture of communication between a host and a 
company’s router: 
 
Which of the following actions should the security analyst take to remove this vulnerability? 
 
A. Update the router code 
B. Implement a router ACL 
C. Disconnect the host from the network 
D. Install the latest antivirus definitions 
E. Deploy a network-based IPS 
 
Answer: B     
 
Question: 10 
   
An information security manager conducted a gap analysis, which revealed a 75% implementation of 
security controls for high-risk vulnerabilities, 90% for medium vulnerabilities, and 10% for low-risk 
vulnerabilities. To create a road map to close the identified gaps, the assurance team reviewed the 
likelihood of exploitation of each vulnerability and the business impact of each associated control. To 
determine which controls to implement, which of the following is the MOST important to consider? 
 
A. KPI 
B. KRI 
C. GRC 
D. BIA 
 
Answer: C     
 
https://www.realexamcollection.com/comptia/cas-003-dumps.html