CompTIA CAS-003 Exam Practice Test Instant Access

Question 1

Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the must occur to ensure the integrity of the image?

AThe image must be password protected against changes.

BA hash value of the image must be computed.

CThe disk containing the image must be placed in a seated container.

DA duplicate copy of the image must be maintained

Answer : B

Question 2

A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relations employee who has access to several of the compromised accounts. Subsequent antivirus scans of the device do not return an findings, but the CIRT finds undocumented services running on the device. Which of the following controls would reduce the discovery time for similar in the future.

AImplementing application blacklisting

BConfiguring the mall to quarantine incoming attachment automatically

CDeploying host-based firewalls and shipping the logs to the SIEM

DIncreasing the cadence for antivirus DAT updates to twice daily

Answer : C

Question 3

A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?

AIsolate all of the PHI on its own VLAN and keep it segregated at Layer 2.

BTake an MD5 hash of the server.

CDelete all PHI from the network until the legal department is consulted.

DConsult the legal department to determine the legal requirements.

Answer : A

Question 4

A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation's. Given the following output:

The penetration testers MOST likely took advantage of:

AA TOC/TOU vulnerability

BA plain-text password disclosure

CAn integer overflow vulnerability

DA buffer overflow vulnerability

Answer : A

Question 5

A financial institution has several that currently employ the following controls:

* The severs follow a monthly patching cycle.

* All changes must go through a change management process.

* Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.

* The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.

An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

ARequire more than one approver for all change management requests.

BImplement file integrity monitoring with automated alerts on the servers.

CDisable automatic patch update capabilities on the servers

DEnhanced audit logging on the jump servers and ship the logs to the SIEM.

Answer : B

Please Wait...

CompTIA CAS-003 CompTIA Advanced Security Practitioner Exam Practice Test

Question 1

Question 2

Question 3

Question 4

Question 5

Please Wait...

Popular Vendors

CompTIA CAS-003 CompTIA Advanced Security Practitioner Exam Practice Test

Question 1

Question 2

Question 3

Question 4

Question 5