[3-Mar-2022] New CASP CAS-003 Dumps with VCE and PDF from PassLeader (New Questions)

PassLeader released the NEWEST CompTIA CAS-003 exam dumps recently! Both CAS-003 VCE dumps and CAS-003 PDF dumps are available on PassLeader, either CAS-003 VCE dumps or CAS-003 PDF dumps have the NEWEST CAS-003 exam questions in it, they will help you passing CompTIA CAS-003 exam easily! You can download the valid CAS-003 dumps VCE and PDF from PassLeader here: https://www.passleader.com/cas-003.html (974 Q&As Dumps)

Also, previewing the NEWEST PassLeader CAS-003 dumps online for free on Google Drive: https://drive.google.com/open?id=1bfoVeMAPqLPPEtiIibD38-i-xMle-2O0

A security engineer is performing a routine audit of a company’s decommissioned devices. The current process involves a third-party firm removing the hard drive from a company device, wiping it using a seven-pass software placing it back into the device and tagging the device for reuse or disposal. The audit reveals sensitive information is present m the hard drive duster tips. Which of the following should the third-party firm implement NEXT to ensure all data is permanently removed?

A.    Degauss the drives using a commercial tool,
B.    Scramble the file allocation table.
C.    Wipe the drives using a 21-pass overwrite.
D.    Disable the logic board using high-voltage input.

Answer: C

An organization recently suffered a high-impact loss due to a zero-day vulnerability exploited in a concentrator enabling iPSec VPN access for users. The attack included a pivot into the internal server subnet. The organization now wants to integrate new changes into its architecture to make a similar future attack less impactful. Which of the following changes would BEST achieve this objective?

A.    Configure the IPSec VPN concentrator to support cipher suites with ephemeral keys.
B.    Routinely restore servers to a known state to reduce the likelihood of attacker persistence.
C.    Restrict user access to email and file services when connecting remotely.
D.    Install a redundant VPN concentrator for high availability.
E.    Deploy and tune ACLs NIPS, and sensors within the server subnet.

Answer: E

Following a major security modem that resulted in a significant loss of revenue and extended loss of server availability, a new Chief Information Security Officer (CISO) conducts a root cause analysis. Which of the following additional steps should the CISO take to mitigate the chance of a recurrence?

A.    Capture recommendations from a lessons-learned session with key management.
B.    Install additional detective controls to facilitate a better root cause analysts in future incidents.
C.    Purchase cyber-incident insurance specifically covering the root cause.
D.    Compile a report containing all help desk tickets received during the incident.

Answer: A

A corporation with a BYOO policy is very concerned about issues that may arise from data ownership. The corporation is investigating a new MOM solution and has gathered the following requirements as part of the requirements-gathering phase:
– Each device must be issued a secure token of trust from the corporate PKl.
– Al corporate applications and local data must be able to be deleted from a central console.
– Access to corporate data must be restricted on international travel.
– Devices must be on the latest OS version within three weeks of an OS release.
Which of the following should be features in the new MDM solution to meet these requirements? (Choose two.)

A.    Application-based containerization.
B.    Enforced full-device encryption.
C.    Geofencing.
D.    Application allow listing.
E.    Biometric requirement to unlock device.
F.    Over-the-air update restriction.

Answer: BC

An organization’s email filler is an ineffective control and as a result employees have been constantly receiving phishing emails. As part of a security incident investigation a security analyst identifies the following:
– An employee was working remotely when the security alert was triggered.
– An employee visited a number of uncategorized internet sites.
– A doc file was downloaded.
– A number of files were uploaded to an unknown collaboration site.
Which of the following controls would provide the security analyst with more data to identify the root cause of the issue and protect the organization’s information during future incidents?

A.    EDR and DLP.
B.    DAM and MFA.
C.    HIPS and application whitelisting.
D.    FIM and antivirus.

Answer: A

Following a recent disaster a business activates its DRP. The business is operational again within 60 minutes. The business has multiple geographically dispersed locations that have similar equipment and operational capabilities. Which of the following strategies has the business implemented?

A.    Cold site.
B.    Reciprocal agreement.
C.    Recovery point objective.
D.    Internal redundancy.

Answer: C

A network engineer is concerned about hosting web SFTP. and email services m a single DMZ that is hosted in the same security zone. This could potentially allow lateral movement within the environment. Which of the following should the engineer implement to mitigate the risk?

A.    Put all the services on a single host to reduce the number of servers.
B.    Create separate security zones for each service and use ACLs for segmentation.
C.    Keep the web server in the DMZ and move the other server services to the internal network.
D.    Deploy a switch and create VLANs for each service.

Answer: B

A company’s potential new vendors are asking for detailed network and traffic information so they can properly size a firewall. Which of the following would work BEST to protect the company’s sensitive information during the procurement process?

A.    Issuing an appropriate public RFP.
B.    Requiring each vendor to sign an MSA.
C.    Submitting an RFQ to each vendor.
D.    Asking each vendor to sign an NDA.

Answer: D

A company’s design team is increasingly concerned about intellectual property theft members of the team often travel to suppliers’ offices where they collaborate and share access to their sensitive data. Which of the following should be implemented?

A.    Apply MOM and enforce full disk encryption on all design team laptops.
B.    Allow access to sensitive data only through a multifactor-authenticated VDI environment.
C.    Require all sensitive files be saved only on company fileshares accessible only through multifactor-authenticated VPN.
D.    Store all sensitive data on geographically/ restricted, public-facing SFTP servers authenticated using TOTP.

Answer: A

A line-of-business manager has deeded in conjunction with the IT and legal departments, that outsourcing a specific function to a third-party vendor would be the best course of action for the business to increase efficiency and profit. Which of the following should the Chief Security Officer (CSO) perform before signing off on the third-party vendor?

A.    Supply chain audit.
B.    Vulnerability assessment.
C.    Penetration test.
D.    Application code review.
E.    Risk assessment.

Answer: E

A company needs to deploy a home assistant that has the following requirements:
– Revalidate identity when sensitive personal information is accessed and when there is a change m device state.
– Authenticate every three months and upon registration.
– Support seamless access on all channel.
Which of the following actions would be BEST to support the above requirements securely? (Choose two.)

A.    Implement long-lived refresh tokens when the application is opened with OAuth support of beater tokens.
B.    Refresh a new access token when the application is opened and OAuth device flow registration is implemented.
C.    Implement a content-aware security risk engine with push notification tokens.
D.    Request a new bearer token from the token service when the application is opened and OAuth browserless flows are implemented.
E.    Implement a user and entity behavioral analytics detection engine with a one-time magic link.
F.    Implement a rules-based security engine with software OTP tokens.

Answer: AD

A Chief Information Security Officer (CISO) wants to set up a SOC to respond to security threats and events more quickly. The SOC must have the following capacities:
– Real-time response.
– Visualization.
– Threat intelligence integration.
– Cross-referencing from multiple sources.
– Deduplication.
Which of the following technologies would BEST meet these requirements?

A.    SIEM
B.    EDR
D.    UTM

Answer: A

A recent incident revealed a log entry was modified alter its original creation. Which of the following technologies would BEST ensure end user systems are able to defend against future incidents?

A.    Use an offline archival server.
B.    Deploy MFA for access to services.
C.    Implement a blockchain scheme.
D.    Employ a behavioral HIDS on end user devices.

Answer: A

A security analyst must carry out the incident response plan for a specific targeted attack that was detected by the security operations center. The director of network security wants to ensure this type of attack cannot be executed again in the environment. Which of the following should the analyst present to the director to BEST meet the director’s goal?

A.    Incident downtime statistics.
B.    Root cause analysis.
C.    After-action report.
D.    Incident scope and cost metrics.

Answer: B

A company decides to procure only laptops that use permanent, solid-stale storage. Which of the following risk mitigation strategies BEST meets the company’s requirement to ensure all company data is destroyed before disposing of the laptops?

A.    Secure erase from the storage vendor.
B.    Degaussing of the entire laptop.
C.    Full disk encryption in the OS.
D.    Deep formatting of the storage.

Answer: A

An organization is a subsidiary of a larger firm that provides managed IT and human resources controls to the subsidiary. The subsidiary determines the contract in place between the two firms does not define and apply terms appropriate relating to the controls provided by the larger firm. Which of the following would be MOST appropriate for both firms to formally document the controls to be provided? (Choose two.)

A.    Service-level agreement.
B.    Non-disclosure agreement.
C.    Interoperability agreement.
D.    Master service agreement.
E.    Business impact analysis.
F.    Interconnection security agreement.

Answer: CF

Historical information shows that a small aerospace R&D company has a lack of user security awareness and is susceptible to nation-state social-engineering attacks and zero-day exploits. A network engineer advises the Chief Information Security Officer (CISO) to invest in a next-generation firewall to guard against incoming traffic and allow for the development of ACLs for new sessions. Which of the following is the FIRST course of action for the CISO to take?

A.    Conduct a vulnerability scan.
B.    Develop a threat model.
C.    Purchase the firewall as suggested.
D.    Place the public-facing website in the DMZ.

Answer: B

A security technician wants to learn about the latest zero-day threats and newly discovered vulnerabilities but does not have the budget to purchase a commercial threat intelligence service. Which of the following would BEST meet the needs of the security technician? (Choose two.)

A.    Social media platforms.
B.    Conferences and local community security events.
C.    Software vendor threat reports.
D.    RSS feed from reputable security bloggers.
E.    Regional CERT.
F.    White papers and journal articles.

Answer: DE

A company is implementing a new MFA initiative. The requirements for the second factor are as following:
– It cannot be phished.
– It must work as a second factor for laptop logins.
– It must be something the user has.
Which of the following solutions should the company choose?

A.    User biometrics.
B.    U2F hardware keys.
C.    TOTP hardware keys.
D.    Push ratification to a mobile device.
E.    SMS notification to a managed device.

Answer: A

A company is concerned about insider threats and wants to perform a security assessment. The lead security engineer has identified business-critical applications about half of which are homegrown. Which of the following methods would BEST accomplish this objective?

A.    Perform an outside black-box penetration test.
B.    Perform social engineering against the application owners.
C.    Perform code review of the code base of these applications.
D.    Perform a white-box test by penetration testers.

Answer: A

An analyst needs to obtain information about an organization as part of the initial phase of a black-box penetration test. Which of the following can the analyst use to gain intelligence without connecting to the target? (Choose two.)

A.    Traceroute.
B.    Fingerprinting.
C.    Vulnerability scanning.
D.    Banner grabbing.
E.    Email harvesting.
F.    Whois search.

Answer: EF

A consulting firm is performing RD on a machine teaming system to characterize a network environment for new clients rapidly. The goal is to be able to label service/consumer behaviors to establish a normal baseline. Which of tie following represents the GREATEST limiting factor toward successful deployment of this new machine learning system?

A.    Supportability for non-traditional ports protocols, and services.
B.    Non-availability or insufficiency of training data.
C.    Lack of target environment design documentation.
D.    Unanticipated presence of ICS and SCADA equipment within client networks.

Answer: C

A security engineer has received feedback from other security professionals about the effectiveness of hiding a wireless SSID as a security measure. Opinions vary as to whether this practice is effective or hinders WiFi performance. The security engineer decides to get information from a definitive source. Which of the following should the security engineer do to BEST make an informed decision?

A.    Read the RFCs that pertain to the subject.
B.    Read white papers posted on industry vendor websites.
C.    Subscribe to threat feeds filtered for WiFi.
D.    Attend industry trade shows and discuss the matter with subject matter experts.
E.    Read the configuration guides associated with the hardware in use.

Answer: C

Company policy mandates the secure disposal of sensitive data at the end of the useful lifespan of IT equipment. The IT department donates old devices to charity and recycles truly obsolete equipment. In addition to deleting workstations from the systems responsible for monitoring network connections which of the following actions should the company implement? (Choose two.)

A.    Secure shredding of SSOs separate from laptop chassis.
B.    Removing the devices from the asset management system.
C.    Deleting and overwriting the boot sectors of each workstation.
D.    Ensuring change notices for each asset are recorded.
E.    Staggering device disposal dates to coordinate with acceptance testing.
F.    Removing and storing hard drives for archival purposes.

Answer: AF

As a result of a recent breach a systems administrator is asked to review the security controls in place for an organization’s cloud-based environment. The organization runs numerous instances and maintains several separate accounts for managing cloud-based resources. As part of the review the systems administrator finds MFA is enabled for production-level systems but not staging systems. Which of the following is the primary risk associated with this configuration?

A.    Pivoting between staging and production instances.
B.    The use of staging to harvest production-level account credentials.
C.    The loss of data integrity within the code repositories being migrated to staging.
D.    The accidental disclosure of data in production due to the use of unsecure protocols.

Answer: B

Which of the following would MOST likely cause an organization to review and potentially rebaseline its current risk assessment?

A.    Emergence of a new class of threats.
B.    Decommissioning of a backup server.
C.    Implementation of a new access control system.
D.    Reduction in the attack surface.

Answer: A

A security analyst discovers what is believed to be evidence of a compromise due to a watering-note attack. After an initial review of the incident the analyst notes there is ongoing web traffic to the same site. Which of the Mowing command-line tools would BEST allow the incident to be investigated?

A.    nc
B.    dd
C.    netatat
D.    tcpdump

Answer: D

Which of the following is the BEST way for a company to begin understanding product-based solutions to mitigate a known risk?

A.    RFQ
B.    RFI
C.    OLA
D.    MSA
E.    RFP

Answer: B

A security engineer is attempting to inventory all network devices. Most unknown devices are not responsive to SNMP queries. Which of the following would be the MOST secure configuration?

A.    Switch to SNMPv1 device inventory credentials.
B.    Enable SSH for all switches and routers.
C.    Set SFTP to enabled on all network devices.
D.    Configure SNMPv3 server settings to match client settings.

Answer: D

The credentials of a hospital’s HVAC vendor were obtained using credential-harvesting malware through a phishing email. The HVAC vendor has administrative privileges m the SCADA network. Which of the following would prevent this from happening again in the future?

A.    Network segmentation.
B.    Vulnerability scanning.
C.    Password complexity rules.
D.    Security patching.

Answer: A

A security architect is called into a roadmap planning meeting for the next year of IT protects. One of the protects involves migrating from the current mobile, laptop, and tablet device management system to a cloud-based MDM system. The biggest motivator seems to be cost savings but the security architect is concerned about the privacy of the personal data of those using BYOD. Which of the following concerns might convince the group to more strongly consider privacy concerns? (Choose two.)

A.    Weak forms of authentication being used.
B.    Unauthorized remote activation and control of devices.
C.    Concerns about personal health data leakage.
D.    Unsigned and unauthorized application usage.
E.    Concerns about lack of containerization.
F.    Rooting and jailbreaking of mobile devices.

Answer: CF

Which of the following is a major goal of stakeholder engagement?

A.    Completing risk compliance outreach and understanding.
B.    Determining which security requirements can be deferred safety.
C.    Ensuring security requirements are supportive of business goals.
D.    Understanding the best way to limit user privilege escalation.

Answer: C

A company is updating its acceptable use and security policies to allow personal devices to be connected to the network as king as certain security parameters can be enforced. Which of the following describes this new policy change?

A.    COPE
B.    CYOD
C.    BYOD
D.    POTS

Answer: C


Welcome to choose PassLeader CAS-003 dumps for 100% passing CompTIA CAS-003 exam: https://www.passleader.com/cas-003.html (974 Q&As VCE Dumps and PDF Dumps)

Also, previewing the NEWEST PassLeader CAS-003 dumps online for free on Google Drive: https://drive.google.com/open?id=1bfoVeMAPqLPPEtiIibD38-i-xMle-2O0