[MAR 2021] CompTIA CAS-003 exam dumps and online practice questions are available from Lead4Pass

The latest updated CompTIA CAS-003 exam dumps and free CAS-003 exam practice questions and answers! Latest updates from Lead4Pass CompTIA CAS-003 Dumps PDF and CAS-003 Dumps VCE, Lead4Pass CAS-003 exam questions updated and answers corrected!
Get the full CompTIA CAS-003 dumps from https://www.leads4pass.com/cas-003.html (VCE&PDF)

Latest CAS-003 PDF for free

Share the CompTIA CAS-003 Dumps PDF for free From Lead4pass CAS-003 Dumps part of the distraction collected on Google Drive shared by Lead4pass
https://drive.google.com/file/d/1JTsX2fmwZCYTE1uEVTEt1vANk-lSbMNT/

The latest updated CompTIA CAS-003 Exam Practice Questions and Answers Online Practice Test is free to share from Lead4Pass (Q1-Q13)

QUESTION 1
A company wants to extend its help desk availability beyond business hours. The Chief Information Officer (CIO)
decides to augment the help desk with a third-party service that will answer calls and provide Tier 1 problem resolution,
such as password resets and remote assistance. The security administrator implements the following firewall change:
The administrator provides the appropriate path and credentials to the third-party company. Which of the following
technologies is MOST likely being used to provide access to the third company?[2021.3] lead4pass cas-003 practice test q1

A. LDAP
B. WAYF
C. OpenID
D. RADIUS
E. SAML
Correct Answer: D

QUESTION 2
A systems administrator establishes a CIFS share on a UNIX device to share data to Windows systems. The security
authentication on the Windows domain is set to the highest level. Windows users are stating that they cannot
authenticate to the UNIX share. Which of the following settings on the UNIX server would correct this problem?
A. Refuse LM and only accept NTLMv2
B. Accept only LM
C. Refuse NTLMv2 and accept LM
D. Accept only NTLM
Correct Answer: A
In a Windows network, NT LAN Manager (NTLM) is a suite of Microsoft security protocols that provides authentication,
integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft LAN Manager
(LANMAN or LM), an older Microsoft product, and attempts to provide backward compatibility with LANMAN. NTLM
version 2 (NTLMv2), which was introduced in Windows NT
4.0 SP4 (and natively supported in Windows 2000), enhances NTLM security by hardening the protocol against many
spoofing attacks and adding the ability for a server to authenticate to the client.
This question states that the security authentication on the Windows domain is set to the highest level. This will be
NTLMv2. Therefore, the answer to the question is to allow NTLMv2 which will enable the Windows users to connect to
the UNIX server. To improve security, we should disable the old and insecure LM protocol as it is not used by the
Windows computers.

QUESTION 3
An administrator wants to enable policy-based flexible mandatory access controls on an open-source OS to prevent
abnormal application modifications or executions. Which of the following would BEST accomplish this?
A. Access control lists
B. SELinux
C. IPtables firewall
D. HIPS
Correct Answer: B
The most common open-source operating system is LINUX.
Security-Enhanced Linux (SELinux) was created by the United States National Security Agency (NSA) and is a Linux
kernel security module that provides a mechanism for supporting access control security policies, including United
States Department of Defense style mandatory access controls (MAC).
NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible
mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced
mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows
threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of
damage that can be caused by malicious or flawed applications.

QUESTION 4
A database administrator is required to adhere to and implement privacy principles when executing daily tasks. A
manager directs the administrator to reduce the number of unique instances of PII stored within an organization\\’s
systems to the greatest extent possible. Which of the following principles is being demonstrated?
A. Administrator accountability
B. PII security
C. Record transparency
D. Data minimization
Correct Answer: D

QUESTION 5
A developer is determining the best way to improve security within the code being developed. The developer is focusing
on input fields where customers enter their credit card details. Which of the following techniques, if implemented in the
code, would be the MOST effective in protecting the fields from malformed input?
A. Client-side input validation
B. Stored procedure
C. Encrypting credit card details
D. Regular expression matching
Correct Answer: D
Regular expression matching is a technique for reading and validating input, particularly in web software. This question
is asking about securing input fields where customers enter their credit card details. In this case, the expected input into
the credit card number field would be a sequence of numbers of a certain length. We can use regular expression
matching to verify that the input is indeed a sequence of numbers. Anything that is not a sequence of numbers could be
malicious code.

QUESTION 6
An internal application has been developed to increase the efficiency of an operational process of a global
manufacturer. New code was implemented to fix a security bug, but it has caused operations to halt. The executive
team has decided fixing the security bug is less important than continuing operations.
Which of the following would BEST support immediate rollback of the failed fix? (Choose two.)
A. Version control
B. Agile development
C. Waterfall development
D. Change management
E. Continuous integration
Correct Answer: AD

QUESTION 7
An insurance company has two million customers and is researching the top transactions on its customer portal. It
identifies that the top transaction is currently password reset. Due to users not remembering their secret questions, a
large number of calls are consequently routed to the contact center for manual password resets. The business wants to
develop a mobile application to improve customer engagement in the future, continue with a single factor of
authentication, minimize management overhead of the solution, remove passwords, and eliminate the contact center.
Which of the following techniques would BEST meet the requirements? (Choose two.)
A. Magic link sent to an email address
B. Customer ID sent via push notification
C. SMS with OTP sent to a mobile number
D. Third-party social login
E. Certificate sent to be installed on a device
F. Hardware tokens sent to customers
Correct Answer: CE

QUESTION 8
A security analyst is inspecting the pseudocode of the following multithreaded application:
1. perform daily ETL of data
1.1 validate that yesterday\\’s data model file exists
1.2 validate that today\\’s data model file does not exist
1.2 extract yesterday\\’s data model
1.3 transform the format
1.4 load the transformed data into today\\’s data model file
1.5 exit
Which of the following security concerns is evident in the above pseudocode?
A. Time of check/time of use
B. Resource exhaustion
C. Improper storage of sensitive data
D. Privilege escalation
Correct Answer: A

QUESTION 9
A senior network security engineer has been tasked to decrease the attack surface of the corporate network. Which of
the following actions would protect the external network interfaces from external attackers performing network
scanning?
A. Remove contact details from the domain name registrar to prevent social engineering attacks.
B. Test external interfaces to see how they function when they process fragmented IP packets.
C. Enable a honeynet to capture and facilitate future analysis of malicious attack vectors.
D. Filter all internal ICMP message traffic, forcing attackers to use full-blown TCP port scans against external network
interfaces.
Correct Answer: B
Fragmented IP packets are often used to evade firewalls or intrusion detection systems.
Port Scanning is one of the most popular reconnaissance techniques attackers use to discover services they can break
into. All machines connected to a Local Area Network (LAN) or Internet run many services that listen at well-known and
not-so-well-known ports. A port scan helps the attacker find which ports are available (i.e., what service might be listing
to a port).
One problem, from the perspective of the attacker attempting to scan a port, is that services listening on these ports log
scans. They see an incoming connection, but no data, so an error is logged. There exist a number of stealth scan
techniques to avoid this. One method is a fragmented port scan.
Fragmented packet Port Scan
The scanner splits the TCP header into several IP fragments. This bypasses some packet filter firewalls because they
cannot see a complete TCP header that can match their filter rules. Some packet filters and firewalls do queue all IP
fragments, but many networks cannot afford the performance loss caused by the queuing.

QUESTION 10
A pentester must attempt to crack passwords on a windows domain that enforces strong complex passwords. Which of
the following would crack the MOST passwords in the shortest time period?
A. Online password testing
B. Rainbow tables attack
C. Dictionary attack D. Brute force attack
Correct Answer: B
The passwords in a Windows (Active Directory) domain are encrypted.
When a password is “tried” against a system it is “hashed” using encryption so that the actual password is never sent in
clear text across the communications line. This prevents eavesdroppers from intercepting the password. The hash of a
password usually looks like a bunch of garbage and is typically a different length than the original password. Your
password might be “shitzu” but the hash of your password would look something like
“7378347eedbfdd761619451949225ec1”.
To verify a user, a system takes the hash value created by the password hashing function on the client computer and
compares it to the hash value stored in a table on the server. If the hashes match, then the user is authenticated and
granted access.
Password cracking programs work in a similar way to the login process. The cracking program starts by taking plaintext
passwords, running them through a hash algorithm, such as MD5, and then compares the hash output with the hashes
in the stolen password file. If it finds a match then the program has cracked the password.
Rainbow Tables are basically huge sets of precomputed tables filled with hash values that are pre-matched to possible
plaintext passwords. The Rainbow Tables essentially allow hackers to reverse the hashing function to determine what
the plaintext password might be.
The use of Rainbow Tables allow for passwords to be cracked in a very short amount of time compared with brute-force
methods, however, the trade-off is that it takes a lot of storage (sometimes Terabytes) to hold the Rainbow Tables
themselves.

QUESTION 11
The Chief Information Officer (CISO) is concerned that certain systems administrators will privileged access may be
reading other users\\’ emails. A review of a tool\\’s output shows the administrators have used webmail to log into other
users\\’ inboxes.
Which of the following tools would show this type of output?
A. Log analysis tool
B. Password cracker
C. Command-line tool
D. File integrity monitoring tool
Correct Answer: A

QUESTION 12
A software development manager is running a project using agile development methods. The company cybersecurity
engineer has noticed a high number of vulnerabilities have been making it into production code on the project.
Which of the following methods could be used in addition to an integrated development environment to reduce the
severity of the issue?
A. Conduct a penetration test on each function as it is developed
B. Develop a set of basic checks for common coding errors
C. Adopt a waterfall method of software development
D. Implement unit tests that incorporate static code analyzers
Correct Answer: D

QUESTION 13
select id, firstname, lastname from authors
User input= firstname= Hack;man
lastname=Johnson
Which of the following types of attacks is the user attempting?
A. XML injection
B. Command injection
C. Cross-site scripting
D. SQL injection
Correct Answer: D
The code in the question is SQL code. The attack is a SQL injection attack. SQL injection is a code injection technique,
used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution
(e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an
application\\’s software, for example, when user input is either incorrectly filtered for string literal escape characters
embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly
known as an attack vector for websites but can be used to attack any type of SQL database.


Braindump4it shares the latest updated CompTIA CAS-003 exam exercise questions, CAS-003 dumps pdf for free.
All exam questions and answers come from the Lead4pass exam dumps shared part! Lead4pass updates throughout the year and shares a portion of your exam questions for free to help you understand the exam content and enhance your exam experience!
Get the full CompTIA CAS-003 exam dumps questions at: https://www.leads4pass.com/cas-003.html (pdf&vce)

ps.
Get free CompTIA CAS-003 dumps PDF online: https://drive.google.com/file/d/1D1USsX5ML464scD9Df8P_Hga4jFL94Af/

Get real CompTIA CASP CAS-003 exam questions and CAS-003 dumps practice for free

Where can I get the real (CASP) CAS-003 exam questions? Braindump4it shares the latest and effective CompTIA CASP CAS-003 exam questions and answers, online practice tests, and the most authoritative CompTIA exam experts update CAS-003 exam questions throughout the year. Get the full CAS-003 exam dumps selection: https://www.leads4pass.com/cas-003.html (491 Q&As). Pass the exam with ease!

Table of Contents:

Latest CompTIA CAS-003 google drive

[PDF] Free CompTIA CAS-003 pdf dumps download from Google Drive: https://drive.google.com/open?id=1QZw_MPIYiI6w1CWtMK7AYYZcaO4XT6KY

CompTIA Advanced Security Practitioner (CASP+):https://www.comptia.org/certifications/comptia-advanced-security-practitioner

About the Exam

The CASP+ certification validates advanced-level competency in risk management, enterprise security operations and architecture, research and collaboration, and integration of enterprise security. The CASP+ exam covers the following:

  • Enterprise security domain expanded to include operations and architecture concepts, techniques and requirements
  • More emphasis on analyzing risk through interpreting trend data and anticipating cyberdefense needs to meet business goals
  • Expanding security control topics to include mobile and small-form-factor devices, as well as software vulnerability
  • Broader coverage of integrating cloud and virtualization technologies into a secure enterprise architecture
  • Inclusion of implementing cryptographic techniques, such as blockchain, cryptocurrency and mobile device encryption

Latest updates CompTIA CAS-003 exam practice questions

QUESTION 1
A security consultant is evaluating forms which will be used on a company website. Which of the following techniques or
terms is MOST effective at preventing malicious individuals from successfully exploiting programming flaws in the
website?
A. Anti-spam software
B. Application sandboxing
C. Data loss prevention
D. Input validation
Correct Answer: D

QUESTION 2
A developer has implemented a piece of client-side JavaScript code to sanitize a user\\’s provided input to a web page
login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and
that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web
server log:
10.235.62.11 ?- [02/Mar/2014:06:13:04] “GET /site/script.php?user=admiand;pass=pass%20or%201=1 HTTP/1.1” 200
5724
Given this log, which of the following is the security administrator concerned with and which fix should be implemented
by the developer?
A. The security administrator is concerned with nonprintable characters being used to gain administrative access, and
the developer should strip all nonprintable characters.
B. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the
browser side.
C. The security administrator is concerned with SQL injection, and the developer should implement server side input
validation.
D. The security administrator is concerned that someone may log on as the administrator, and the developer should
ensure strong passwords are enforced.
Correct Answer: C
The code in the question is an example of a SQL Injection attack. The code `1=1\\’ will always provide a value of true.
This can be included in statement designed to return all rows in a SQL table.
In this question, the administrator has implemented client-side input validation. Client-side validation can be bypassed. It
is much more difficult to bypass server-side input validation.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements
are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must
exploit a security vulnerability in an application\\’s software, for example, when user input is either incorrectly filtered for
string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly
executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL
database.

QUESTION 3
An organization is currently working with a client to migrate data between a legacy ERP system and a cloud-based ERP
tool using a global PaaS provider. As part of the engagement, the organization is performing data deduplication and
sanitization of client data to ensure compliance with regulatory requirements. Which of the following is the MOST likely
reason for the need to sanitize the client data?
A. Data aggregation
B. Data sovereignty
C. Data isolation
D. Data volume
E. Data analytics
Correct Answer: A

QUESTION 4
A system owner has requested support from data owners to evaluate options for the disposal of equipment containing
sensitive data. Regulatory requirements state the data must be rendered unrecoverable via logical means or physically
destroyed.
Which of the following factors is the regulation intended to address?
A. Sovereignty
B. E-waste
C. Remanence
D. Deduplication
Correct Answer: B

QUESTION 5
IT staff within a company often conduct remote desktop sharing sessions with vendors to troubleshoot vendor product-
related issues. Drag and drop the following security controls to match the associated security concern. Options may be
used once or not at all.
Select and Place:lead4pass cas-003 exam question q5

Correct Answer:

lead4pass cas-003 exam question q5-1

Vendor may accidentally or maliciously make changes to the IT system – Allow view-only access.
With view-only access, the third party can view the desktop but cannot interact with it. In other words, they cannot
control the keyboard or mouse to make any changes.
Desktop sharing traffic may be intercepted by network attackers – Use SSL for remote sessions.
SSL (Secure Sockets Layer) encrypts data in transit between computers. If an attacker intercepted the traffic, the data
would be encrypted and therefore unreadable to the attacker.
No guarantees that shoulder surfing attacks are not occurring at the vendor – Identified control gap.
Shoulder surfing is where someone else gains information by looking at your computer screen. This should be identified
as a risk. A control gap occurs when there are either insufficient or no actions taken to avoid or mitigate a significant
risk.
Vendor may inadvertently see confidential material from the company such as email and IMs – Limit desktop session to
certain windows.
The easiest way to prevent a third party from viewing your emails and IMs is to close the email and IM application
windows for the duration of the desktop sharing session.

QUESTION 6
A security administrator has been asked to select a cryptographic algorithm to meet the criteria of a new application.
The application utilizes streaming video that can be viewed both on computers and mobile devices. The application
designers have asked that the algorithm support the transport encryption with the lowest possible performance
overhead. Which of the following recommendations would BEST meet the needs of the application designers? (Select
TWO).
A. Use AES in Electronic Codebook mode
B. Use RC4 in Cipher Block Chaining mode
C. Use RC4 with Fixed IV generation
D. Use AES with cipher text padding
E. Use RC4 with a nonce generated IV
F. Use AES in Counter mode
Correct Answer: EF
In cryptography, an initialization vector (IV) is a fixed-size input to a cryptographic primitive that is typically required to be
random or pseudorandom. Randomization is crucial for encryption schemes to achieve semantic security, a property
whereby repeated usage of the scheme under the same key does not allow an attacker to infer relationships between
segments of the encrypted message.
Some cryptographic primitives require the IV only to be non-repeating, and the required randomness is derived
internally. In this case, the IV is commonly called a nonce (number used once), and the primitives are described as
stateful as opposed to randomized. This is because the IV need not be explicitly forwarded to a recipient but may be
derived from a common state updated at both sender and receiver side. An example of stateful encryption schemes is
the counter mode of operation, which uses a sequence number as a nonce.
AES is a block cipher. Counter mode turns a block cipher into a stream cipher. It generates the next keystream block by
encrypting successive values of a “counter”. The counter can be any function which produces a sequence which is
guaranteed not to repeat for a long time, although an actual increment-by-one counter is the simplest and most popular.

QUESTION 7
Company Z is merging with Company A to expand its global presence and consumer base. This purchase includes
several offices in different countries. To maintain strict internal security and compliance requirements, all employee
activity may be monitored and reviewed. Which of the following would be the MOST likely cause for a change in this
practice?
A. The excessive time it will take to merge the company\\’s information systems.
B. Countries may have different legal or regulatory requirements.
C. Company A might not have adequate staffing to conduct these reviews.
D. The companies must consolidate security policies during the merger.
Correct Answer: B

QUESTION 8
A user on a virtual machine downloads a large file using a popular peer-to-peer torrent program. The user is unable to
execute the program on their VM. A security administrator scans the VM and detects a virus in the program. The
administrator reviews the hypervisor logs and correlates several access attempts to the time of execution of the virus.
Which of the following is the MOST likely explanation for this behavior?
A. The hypervisor host does not have hardware acceleration enabled and does not allow DEP.
B. The virus scanner on the VM changes file extensions of all programs downloaded via P2P to prevent execution.
C. The virtual machine is configured to require administrator rights to execute all programs.
D. The virus is trying to access a virtual device which the hypervisor is configured to restrict.
Correct Answer: D

QUESTION 9
During an incident involving the company main database, a team of forensics experts is hired to respond to the breach.
The team is in charge of collecting forensics evidence from the company\\’s database server. Which of the following is
the correct order in which the forensics team should engage?
A. Notify senior management, secure the scene, capture volatile storage, capture non-volatile storage, implement chain
of custody, and analyze original media.
B. Take inventory, secure the scene, capture RAM, capture hard drive, implement chain of custody, document, and
analyze the data.
C. Implement chain of custody, take inventory, secure the scene, capture volatile and non-volatile storage, and
document the findings.
CAS-003 VCE Dumps | CAS-003 Practice Test | CAS-003 Braindumps 7 / 10https://www.leads4pass.com/cas-003.html
2019 Latest lead4pass CAS-003 PDF and VCE dumps Download
D. Secure the scene, take inventory, capture volatile storage, capture non-volatile storage, document, and implement
chain of custody.
Correct Answer: D
The scene has to be secured first to prevent contamination. Once a forensic copy has been created, an analyst will
begin the process of moving from most volatile to least volatile information. The chain of custody helps to protect the
integrity and reliability of the evidence by keeping an evidence log that shows all access to evidence, from collection to
appearance in court.

QUESTION 10
A manufacturing company is having issues with unauthorized access and modification of the controls operating the
production equipment. A communication requirement is to allow the free flow of data between all network segments at
the site. Which of the following BEST remediates the issue?
A. Implement SCADA security measures.
B. Implement NIPS to prevent the unauthorized activity.
C. Implement an AAA solution.
D. Implement a firewall to restrict access to only a single management station.
Correct Answer: C

QUESTION 11
A security architect is seeking to outsource company server resources to a commercial cloud service provider. The
provider under consideration has a reputation for poorly controlling physical access to datacenters and has been the
victim of multiple social engineering attacks. The service provider regularly assigns VMs from multiple clients to the
same physical resources. When conducting the final risk assessment which of the following should the security architect
take into consideration?
A. The ability to implement user training programs for the purpose of educating internal staff about the dangers of social
engineering.
B. The cost of resources required to relocate services in the event of resource exhaustion on a particular VM.
C. The likelihood a malicious user will obtain proprietary information by gaining local access to the hypervisor platform.
D. Annual loss expectancy resulting from social engineering attacks against the cloud service provider affecting
corporate network infrastructure.
Correct Answer: C

QUESTION 12
Company A is purchasing Company B, and will import all of Company B\\’s users into its authentication system.
Company A uses 802.1x with a RADIUS server, while Company B uses a captive SSL portal with an LDAP backend.
Which of the following is the BEST way to integrate these two networks?
A. Enable RADIUS and end point security on Company B\\’s network devices.
B. Enable LDAP authentication on Company A\\’s network devices.
C. Enable LDAP/TLS authentication on Company A\\’s network devices.
D. Enable 802.1x on Company B\\’s network devices.
Correct Answer: D

QUESTION 13
A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on
their tablets. The doctors and specialists access patient records over the hospital\\’s guest WiFi network which is
isolated from the internal network with appropriate security controls. The patient records management system can be
accessed from the guest network and require two factor authentication. Using a remote desktop type interface, the
doctors and specialists can interact with the hospital\\’s system. Cut and paste and printing functions are disabled to
prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO).
A. Privacy could be compromised as patient records can be viewed in uncontrolled areas.
B. Device encryption has not been enabled and will result in a greater likelihood of data loss.
C. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data.
D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes.
E. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable.
Correct Answer: AD
Privacy could be compromised because patient records can be from a doctor\\’s personal device. This can then be
shown to persons not authorized to view this information. Similarly, the doctor\\’s personal device could have malware
on it.

Related CAS-003 Popular Exam resources

title pdf youtube CompTIA lead4pass Lead4Pass Total Questions related CompTIA blog
CompTIA CASP lead4pass CAS-003 dumps pdf lead4pass CAS-003 youtube CompTIA Advanced Security Practitioner (CASP+) https://www.leads4pass.com/cas-003.html 491 Q&A Passontheinfo comptia casp cas-003 exam

Lead4Pass Year-round Discount Code

lead4pass coupon

What are the advantages of Lead4pass?

Lead4pass employs the most authoritative exam specialists from CompTIA, Microsoft, Cisco, Oracle, EMC, etc. We update exam data throughout the year. Highest pass rate! We have a large user base. We are an industry leader! Choose Lead4Pass to pass the exam with ease!

about lead4pass

Summarize:

It’s not easy to pass the CompTIA CAS-003 exam, but with accurate learning materials and proper practice, you can crack the exam with excellent results. https://www.leads4pass.com/cas-003.html provides you with the most relevant learning materials that you can use to help you prepare.