Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > CompTIA > CompTIA Advanced Security Practitioner > CAS-003 > CAS-003 Online Practice Questions and Answers

CAS-003 Online Practice Questions and Answers

Questions 4

An organization has implemented an Agile development process for front end web application development. A new security architect has just joined the company and wants to integrate security activities into the SDLC. Which of the following activities MUST be mandated to ensure code quality from a security perspective? (Select TWO).

A. Static and dynamic analysis is run as part of integration

B. Security standards and training is performed as part of the project

C. Daily stand-up meetings are held to ensure security requirements are understood

D. For each major iteration penetration testing is performed

E. Security requirements are story boarded and make it into the build

F. A security design is performed at the end of the requirements phase

Buy Now

Correct Answer: AD

SDLC stands for systems development life cycle. An agile project is completed in small sections called iterations. Each iteration is reviewed and critiqued by the project team. Insights gained from the critique of an iteration are used to determine what the next step should be in the project. Each project iteration is typically scheduled to be completed within two weeks.

Static and dynamic security analysis should be performed throughout the project. Static program analysis is the analysis of computer software that is performed without actually executing programs (analysis performed on executing programs is known as dynamic analysis). In most cases the analysis is performed on some version of the source code, and in the other cases, some form of the object code.

For each major iteration penetration testing is performed. The output of a major iteration will be a functioning part of the application. This should be penetration tested to ensure security of the application.

Questions 5

A Chief Information Security Officer (CISO) is working with a consultant to perform a gap assessment prior to an upcoming audit. It is determined during the assessment that the organization lacks controls to effectively assess regulatory compliance by third-party service providers. Which of the following should be revised to address this gap?

A. Privacy policy

B. Work breakdown structure

C. Interconnection security agreement

D. Vendor management plan

E. Audit report

Buy Now

Correct Answer: D

Questions 6

An architect was recently hired by a power utility to increase the security posture of the company's power generation and distribution sites. Upon review, the architect identifies legacy hardware with highly vulnerable and unsupported software driving critical operations. These systems must exchange data with each other, be highly synchronized, and pull from the Internet time sources. Which of the following architectural decisions would BEST reduce the likelihood of a successful attack without harming operational capability? (Choose two.)

A. Isolate the systems on their own network

B. Install a firewall and IDS between systems and the LAN

C. Employ own stratum-0 and stratum-1 NTP servers

D. Upgrade the software on critical systems

E. Configure the systems to use government-hosted NTP servers

Buy Now

Correct Answer: BE

Questions 7

Developers are working on anew feature to add to a social media platform. Thew new feature involves users uploading pictures of what they are currently doing. The data privacy officer (DPO) is concerned about various types of abuse that might occur due to this new feature. The DPO state the new feature cannot be released without addressing the physical safety concerns of the platform's users. Which of the following controls would BEST address the DPO's concerns?

A. Increasing blocking options available to the uploader

B. Adding a one-hour delay of all uploaded photos

C. Removing all metadata in the uploaded photo file

D. Not displaying to the public who uploaded the photo

E. Forcing TLS for all connections on the platform

Buy Now

Correct Answer: B

Questions 8

A security researcher is gathering information about a recent spoke in the number of targeted attacks against multinational banks. The spike is on top of already sustained attacks against the banks. Some of the previous attacks have resulted in the loss of sensitive data, but as of yet the attackers have not successfully stolen any funds.

Based on the information available to the researcher, which of the following is the MOST likely threat profile?

A. Nation-state-sponsored attackers conducting espionage for strategic gain.

B. Insiders seeking to gain access to funds for illicit purposes.

C. Opportunists seeking notoriety and fame for personal gain.

D. Hacktivists seeking to make a political statement because of socio-economic factors.

Buy Now

Correct Answer: A

Questions 9

A Chief Information Officer (CIO) publicly announces the implementation of a new financial system. As part of a security assessment that includes a social engineering task, which of the following tasks should be conducted to demonstrate the BEST means to gain information to use for a report on social vulnerability details about the financial system?

A. Call the CIO and ask for an interview, posing as a job seeker interested in an open position

B. Compromise the email server to obtain a list of attendees who responded to the invitation who is on the IT staff

C. Notify the CIO that, through observation at events, malicious actors can identify individuals to befriend

D. Understand the CIO is a social drinker, and find the means to befriend the CIO at establishments the CIO frequents

Buy Now

Correct Answer: D

Questions 10

A laptop is recovered a few days after it was stolen.

Which of the following should be verified during incident response activities to determine the possible impact of the incident?

A. Full disk encryption status

B. TPM PCR values

C. File system integrity

D. Presence of UEFI vulnerabilities

Buy Now

Correct Answer: D

Questions 11

Which of the following may indicate a configuration item has reached end-of-life?

A. The device will no longer turn on and indicated an error.

B. The vendor has not published security patches recently.

C. The object has been removed from the Active Directory.

D. Logs show a performance degradation of the component.

Buy Now

Correct Answer: B

Questions 12

Which of the following BEST sets expectation between the security team and business units within an organization?

A. Risk assessment

B. Memorandum of understanding

C. Business impact analysis

D. Business partnership agreement

E. Services level agreement

Buy Now

Correct Answer: C

Questions 13

A security manager wants to implement a policy that will provide management with the ability to monitor employee's activities with minimum impact to productivity. Which of the following policies is BEST suited for this scenario?

A. Separation of duties

B. Mandatory vacations

C. Least privilege

D. Incident response

Buy Now

Correct Answer: A

Exam Code: CAS-003
Exam Name: CompTIA Advanced Security Practitioner (CASP+)
Last Update: Jan 22, 2024
Questions: 791

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2024 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.