CompTIA Advanced Security Practitioner exam questions and answers updated

The latest CompTIA Advanced Security Practitioner exam questions and answers have been updated to ensure that they are true and valid! CompTIA Advanced Security Practitioner exam code “CAS-003”. Get the complete CompTIA CAS-003 exam dumps https://www.leads4pass.com/cas-003.html (Total Questions: 717 Q&A).
This site shares a part of CompTIA CAS-003 exam practice questions You can practice the test online.

CompTIA CAS-003 exam PDF download online

CompTIA CAS-003 exam PDF Share a free part of the dumps from the Lead4Pass CAS-003 exam.
Get the complete CompTIA CAS-003 exam questions and answers to help you pass the exam successfully

Share free CompTIA CAS-003 exam questions online practice test

QUESTION 1
A pentester must attempt to crack passwords on a windows domain that enforces strong complex passwords. Which of
the following would crack the MOST passwords in the shortest time period?
A. Online password testing
B. Rainbow tables attack
C. Dictionary attack
D. Brute force attack
Correct Answer: B
The passwords in a Windows (Active Directory) domain are encrypted.
When a password is “tried” against a system it is “hashed” using encryption so that the actual password is never sent in
clear text across the communications line. This prevents eavesdroppers from intercepting the password. The hash of a
password usually looks like a bunch of garbage and is typically a different length than the original password. Your
password might be “shitzu” but the hash of your password would look something like
“7378347eedbfdd761619451949225ec1”.
To verify a user, a system takes the hash value created by the password hashing function on the client computer and
compares it to the hash value stored in a table on the server. If the hashes match, then the user is authenticated and
granted access.
Password cracking programs work in a similar way to the login process. The cracking program starts by taking plaintext
passwords, running them through a hash algorithm, such as MD5, and then compares the hash output with the hashes
in the stolen password file. If it finds a match then the program has cracked the password.
Rainbow Tables are basically huge sets of precomputed tables filled with hash values that are pre-matched to possible
plaintext passwords. The Rainbow Tables essentially allow hackers to reverse the hashing function to determine what
the plaintext password might be.
The use of Rainbow Tables allow for passwords to be cracked in a very short amount of time compared with brute-force
methods, however, the trade-off is that it takes a lot of storage (sometimes Terabytes) to hold the Rainbow Tables
themselves.

QUESTION 2
Which of the following is the GREATEST security concern with respect to BYOD?
A. The filtering of sensitive data out of data flows at geographic boundaries.
B. Removing potential bottlenecks in data transmission paths.
C. The transfer of corporate data onto mobile corporate devices.
D. The migration of data into and out of the network in an uncontrolled manner.
Correct Answer: D

QUESTION 3
During an audit, it was determined from a sample that four out of 20 former employees were still accessing their email
accounts An information security analyst is reviewing the access to determine if the audit was valid Which of the
following would assist with the validation and provide the necessary documentation to audit?
A. Examining the termination notification process from human resources and employee account access logs
B. Checking social media platforms for disclosure of company sensitive and proprietary information
C. Sending a test email to the former employees to document an undeliverable email and review the ERP access
D. Reviewing the email global account list and the collaboration platform for recent activity
Correct Answer: A

QUESTION 4
A company is in the process of re-architecting its sensitive system infrastructure to take advantage of on-demand
computing through a public cloud provider The system to be migrated is sensitive with respect to latency availability, and
integrity The infrastructure team agreed to the following
1.
Application and middleware servers will migrate to the cloud”; Database servers will remain on-site
2.
Data backup wilt be stored in the cloud
Which of the following solutions would ensure system and security requirements are met?
A. Implement a direct connection from the company to the cloud provider
B. Use a cloud orchestration tool and implement appropriate change control processes
C. Implement a standby database on the cloud using a CASB for data-at-rest security
D. Use multizone geographic distribution with satellite relays
Correct Answer: A

QUESTION 5
Confidential information related to Application A. Application B and Project X appears to have been leaked to a
competitor. After consulting with the legal team, the IR team is advised to take immediate action to preserve evidence
for possible litigation and criminal charges.
While reviewing the rights and group ownership of the data involved in the breach, the IR team inspects the following
distribution group access lists:comptia cas-003 exam questions q5

Which of the following actions should the IR team take FIRST?
A. Remove all members from the distribution groups immediately
B. Place the mailbox for jsmith on legal hold
C. Implement a proxy server on the network to inspect all outbound SMTP traffic for the DevOps group
D. Install DLP software on all developer laptops to prevent data from leaving the network.
Correct Answer: A

QUESTION 6
An organization is deploying IoT locks, sensors, and cameras, which operate over 802.11, to replace legacy building
access control systems. These devices are capable of triggering physical access changes, including locking and
unlocking doors and gates. Unfortunately, the devices have known vulnerabilities for which the vendor has yet to
provide firmware updates.
Which of the following would BEST mitigate this risk?
A. Direct wire the IoT devices into physical switches and place them on an exclusive VLAN.
B. Require sensors to sign all transmitted unlock control messages digitally.
C. Associate the devices with an isolated wireless network configured for WPA2 and EAP-TLS.
D. Implement an out-of-band monitoring solution to detect message injections and attempts.
Correct Answer: C

QUESTION 7
Ann, a corporate executive, has been the recent target of increasing attempts to obtain corporate secrets by competitors
through advanced, well-funded means. Ann frequently leaves her laptop unattended and physically unsecure in hotel
rooms during travel. A security engineer must find a practical solution for Ann that minimizes the need for user training.
Which of the following is the BEST solution in this scenario?
A. Full disk encryption
B. Biometric authentication
C. An eFuse-based solution
D. Two-factor authentication
Correct Answer: A
Exam B

QUESTION 8
Which of the following represents important technical controls for securing a SAN storage infrastructure? (Select TWO).
A. Synchronous copy of data
B. RAID configuration
C. Data de-duplication
D. Storage pool space allocation
E. Port scanning
F. LUN masking/mapping
G. Port mapping
Correct Answer: FG
A logical unit number (LUN) is a unique identifier that designates individual hard disk devices or grouped devices for
address by a protocol associated with a SCSI, iSCSI, Fibre Channel (FC) or similar interface. LUNs are central to the
management of block storage arrays shared over a storage area network (SAN).
LUN masking subdivides access to a given port. Then, even if several LUNs are accessed through the same port, the
server masks can be set to limit each server\\’s access to the appropriate LUNs. LUN masking is typically conducted at
the host bus adapter (HBA) or switch level.
Port mapping is used in `Zoning\\’. In storage networking, Fibre Channel zoning is the partitioning of a Fibre Channel
fabric into smaller subsets to restrict interference, add security, and to simplify management. While a SAN makes
available several devices and/or ports to a single device, each system connected to the SAN should only be allowed
access to a controlled subset of these devices/ports.
Zoning can be applied to either the switch port a device is connected to OR the WWN World Wide Name on the host
being connected. As port based zoning restricts traffic flow based on the specific switch port a device is connected to, if
the device is moved, it will lose access. Furthermore, if a different device is connected to the port in question, it will gain
access to any resources the previous host had access to.

QUESTION 9
The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the country for the sales
staff to generate business. The company needs an effective communication solution to remain in constant contact with
each other, while maintaining a secure business environment. A junior-level administrator suggests that the company
and the sales staff stay connected via free social media. Which of the following decisions is BEST for the CEO to
make?
A. Social media is an effective solution because it is easily adaptable to new situations.
B. Social media is an ineffective solution because the policy may not align with the business.
C. Social media is an effective solution because it implements SSL encryption.
D. Social media is an ineffective solution because it is not primarily intended for business applications.
Correct Answer: B
Social media networks are designed to draw people\\’s attention quickly and to connect people is thus the main focus;
security is not the main concern. Thus the CEO should decide that it would be ineffective to use social media in the
company as it does not align with the company business.

QUESTION 10
A SaaS-based email service provider often receives reports from legitimate customers that their IP netblocks are on
blacklists and they cannot send email. The SaaS has confirmed that affected customers typically have IP addresses
within broader network ranges and some abusive customers within the same IP ranges may have performed spam
campaigns. Which of the following actions should the SaaS provider perform to minimize legitimate customer impact?
A. Inform the customer that the service provider does not have any control over third-party blacklist entries. The
customer should reach out to the blacklist operator directly
B. Perform a takedown of any customer accounts that have entries on email blacklists because this is a strong indicator
of hostile behavior
C. Work with the legal department and threaten legal action against the blacklist operator if the netblocks are not
removed because this is affecting legitimate traffic
D. Establish relationship with a blacklist operators so broad entries can be replaced with more granular entries and
incorrect entries can be quickly pruned
Correct Answer: D

QUESTION 11
A newly hired Chief Information Security Officer (CISO) is reviewing the organization\\’s security budget from the
previous year. The CISO notices $100,000 worth of fines were paid for not properly encrypting outbound email
messages. The CISO expects next year\\’s costs associated with fines to double and the volume of messages to
increase by 100%. The organization sent out approximately 25,000 messages per year over the last three years. Given
the table below:comptia cas-003 exam questions q11

Which of the following would be BEST for the CISO to include in this year\\’s budget?
A. A budget line for DLP Vendor A
B. A budget line for DLP Vendor B
C. A budget line for DLP Vendor C
D. A budget line for DLP Vendor D
E. A budget line for paying future fines
Correct Answer: E

QUESTION 12
An investigation showed a worm was introduced from an engineer\\’s laptop. It was determined the company does not
provide engineers with company-owned laptops, which would be subject to a company policy and technical controls.
Which of the following would be the MOST secure control implement?
A. Deploy HIDS on all engineer-provided laptops, and put a new router in the management network.
B. Implement role-based group policies on the management network for client access.
C. Utilize a jump box that is only allowed to connect to client from the management network.
D. Deploy a company-wide approved engineering workstation for management access.
Correct Answer: A

QUESTION 13
A company that has been breached multiple times is looking to protect cardholder data. The previous undetected
attacks all mimicked normal administrative-type behavior. The company must deploy a host solution to meet the
following requirements:
Detect administrative actions Block unwanted MD5 hashes Provide alerts Stop exfiltration of cardholder data
Which of the following solutions would BEST meet these requirements? (Choose two.)
A. AV
B. EDR
C. HIDS
D. DLP
E. HIPS
F. EFS
Correct Answer: BE

QUESTION 14
A security administrator is advocating for enforcement of a new policy that would require employers with privileged
access accounts to undergo periodic inspections and review of certain job performance data. To which of the following
policies is the security administrator MOST likely referring?
A. Background investigation
B. Mandatory vacation
C. Least privilege
D. Separation of duties
Correct Answer: C

QUESTION 15
A security auditor suspects two employees of having devised a scheme to steal money from the company. While one
employee submits purchase orders for personal items, the other employee approves these purchase orders. The auditor
has contacted the human resources director with suggestions on how to detect such illegal activities. Which of the
following should the human resource director implement to identify the employees involved in these activities and
reduce the risk of this activity occurring in the future?
A. Background checks
B. Job rotation
C. Least privilege
D. Employee termination procedures
Correct Answer: B
Job rotation can reduce fraud or misuse by preventing an individual from having too much control over an area.

CompTIA CAS-003 exam questions and answers are updated. All exam questions and answers have been updated and corrected.
Lead4pass CAS-003 exam dumps https://www.leads4pass.com/CAS-003.html (PDF + VCE). Guarantee 100 % Successfully passed the exam.

ps.
CompTIA CAS-003 exam PDF Share a free part of the dumps from the Lead4Pass CAS-003 exam.
Get the complete CompTIA CAS-003 exam questions and answers to help you pass the exam successfully

[MAR 2021] CompTIA CAS-003 exam dumps and online practice questions are available from Lead4Pass

The latest updated CompTIA CAS-003 exam dumps and free CAS-003 exam practice questions and answers! Latest updates from Lead4Pass CompTIA CAS-003 Dumps PDF and CAS-003 Dumps VCE, Lead4Pass CAS-003 exam questions updated and answers corrected!
Get the full CompTIA CAS-003 dumps from https://www.leads4pass.com/cas-003.html (VCE&PDF)

Latest CAS-003 PDF for free

Share the CompTIA CAS-003 Dumps PDF for free From Lead4pass CAS-003 Dumps part of the distraction collected on Google Drive shared by Lead4pass
https://drive.google.com/file/d/1JTsX2fmwZCYTE1uEVTEt1vANk-lSbMNT/

The latest updated CompTIA CAS-003 Exam Practice Questions and Answers Online Practice Test is free to share from Lead4Pass (Q1-Q13)

QUESTION 1
A company wants to extend its help desk availability beyond business hours. The Chief Information Officer (CIO)
decides to augment the help desk with a third-party service that will answer calls and provide Tier 1 problem resolution,
such as password resets and remote assistance. The security administrator implements the following firewall change:
The administrator provides the appropriate path and credentials to the third-party company. Which of the following
technologies is MOST likely being used to provide access to the third company?[2021.3] lead4pass cas-003 practice test q1

A. LDAP
B. WAYF
C. OpenID
D. RADIUS
E. SAML
Correct Answer: D

QUESTION 2
A systems administrator establishes a CIFS share on a UNIX device to share data to Windows systems. The security
authentication on the Windows domain is set to the highest level. Windows users are stating that they cannot
authenticate to the UNIX share. Which of the following settings on the UNIX server would correct this problem?
A. Refuse LM and only accept NTLMv2
B. Accept only LM
C. Refuse NTLMv2 and accept LM
D. Accept only NTLM
Correct Answer: A
In a Windows network, NT LAN Manager (NTLM) is a suite of Microsoft security protocols that provides authentication,
integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft LAN Manager
(LANMAN or LM), an older Microsoft product, and attempts to provide backward compatibility with LANMAN. NTLM
version 2 (NTLMv2), which was introduced in Windows NT
4.0 SP4 (and natively supported in Windows 2000), enhances NTLM security by hardening the protocol against many
spoofing attacks and adding the ability for a server to authenticate to the client.
This question states that the security authentication on the Windows domain is set to the highest level. This will be
NTLMv2. Therefore, the answer to the question is to allow NTLMv2 which will enable the Windows users to connect to
the UNIX server. To improve security, we should disable the old and insecure LM protocol as it is not used by the
Windows computers.

QUESTION 3
An administrator wants to enable policy-based flexible mandatory access controls on an open-source OS to prevent
abnormal application modifications or executions. Which of the following would BEST accomplish this?
A. Access control lists
B. SELinux
C. IPtables firewall
D. HIPS
Correct Answer: B
The most common open-source operating system is LINUX.
Security-Enhanced Linux (SELinux) was created by the United States National Security Agency (NSA) and is a Linux
kernel security module that provides a mechanism for supporting access control security policies, including United
States Department of Defense style mandatory access controls (MAC).
NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible
mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced
mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows
threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of
damage that can be caused by malicious or flawed applications.

QUESTION 4
A database administrator is required to adhere to and implement privacy principles when executing daily tasks. A
manager directs the administrator to reduce the number of unique instances of PII stored within an organization\\’s
systems to the greatest extent possible. Which of the following principles is being demonstrated?
A. Administrator accountability
B. PII security
C. Record transparency
D. Data minimization
Correct Answer: D

QUESTION 5
A developer is determining the best way to improve security within the code being developed. The developer is focusing
on input fields where customers enter their credit card details. Which of the following techniques, if implemented in the
code, would be the MOST effective in protecting the fields from malformed input?
A. Client-side input validation
B. Stored procedure
C. Encrypting credit card details
D. Regular expression matching
Correct Answer: D
Regular expression matching is a technique for reading and validating input, particularly in web software. This question
is asking about securing input fields where customers enter their credit card details. In this case, the expected input into
the credit card number field would be a sequence of numbers of a certain length. We can use regular expression
matching to verify that the input is indeed a sequence of numbers. Anything that is not a sequence of numbers could be
malicious code.

QUESTION 6
An internal application has been developed to increase the efficiency of an operational process of a global
manufacturer. New code was implemented to fix a security bug, but it has caused operations to halt. The executive
team has decided fixing the security bug is less important than continuing operations.
Which of the following would BEST support immediate rollback of the failed fix? (Choose two.)
A. Version control
B. Agile development
C. Waterfall development
D. Change management
E. Continuous integration
Correct Answer: AD

QUESTION 7
An insurance company has two million customers and is researching the top transactions on its customer portal. It
identifies that the top transaction is currently password reset. Due to users not remembering their secret questions, a
large number of calls are consequently routed to the contact center for manual password resets. The business wants to
develop a mobile application to improve customer engagement in the future, continue with a single factor of
authentication, minimize management overhead of the solution, remove passwords, and eliminate the contact center.
Which of the following techniques would BEST meet the requirements? (Choose two.)
A. Magic link sent to an email address
B. Customer ID sent via push notification
C. SMS with OTP sent to a mobile number
D. Third-party social login
E. Certificate sent to be installed on a device
F. Hardware tokens sent to customers
Correct Answer: CE

QUESTION 8
A security analyst is inspecting the pseudocode of the following multithreaded application:
1. perform daily ETL of data
1.1 validate that yesterday\\’s data model file exists
1.2 validate that today\\’s data model file does not exist
1.2 extract yesterday\\’s data model
1.3 transform the format
1.4 load the transformed data into today\\’s data model file
1.5 exit
Which of the following security concerns is evident in the above pseudocode?
A. Time of check/time of use
B. Resource exhaustion
C. Improper storage of sensitive data
D. Privilege escalation
Correct Answer: A

QUESTION 9
A senior network security engineer has been tasked to decrease the attack surface of the corporate network. Which of
the following actions would protect the external network interfaces from external attackers performing network
scanning?
A. Remove contact details from the domain name registrar to prevent social engineering attacks.
B. Test external interfaces to see how they function when they process fragmented IP packets.
C. Enable a honeynet to capture and facilitate future analysis of malicious attack vectors.
D. Filter all internal ICMP message traffic, forcing attackers to use full-blown TCP port scans against external network
interfaces.
Correct Answer: B
Fragmented IP packets are often used to evade firewalls or intrusion detection systems.
Port Scanning is one of the most popular reconnaissance techniques attackers use to discover services they can break
into. All machines connected to a Local Area Network (LAN) or Internet run many services that listen at well-known and
not-so-well-known ports. A port scan helps the attacker find which ports are available (i.e., what service might be listing
to a port).
One problem, from the perspective of the attacker attempting to scan a port, is that services listening on these ports log
scans. They see an incoming connection, but no data, so an error is logged. There exist a number of stealth scan
techniques to avoid this. One method is a fragmented port scan.
Fragmented packet Port Scan
The scanner splits the TCP header into several IP fragments. This bypasses some packet filter firewalls because they
cannot see a complete TCP header that can match their filter rules. Some packet filters and firewalls do queue all IP
fragments, but many networks cannot afford the performance loss caused by the queuing.

QUESTION 10
A pentester must attempt to crack passwords on a windows domain that enforces strong complex passwords. Which of
the following would crack the MOST passwords in the shortest time period?
A. Online password testing
B. Rainbow tables attack
C. Dictionary attack D. Brute force attack
Correct Answer: B
The passwords in a Windows (Active Directory) domain are encrypted.
When a password is “tried” against a system it is “hashed” using encryption so that the actual password is never sent in
clear text across the communications line. This prevents eavesdroppers from intercepting the password. The hash of a
password usually looks like a bunch of garbage and is typically a different length than the original password. Your
password might be “shitzu” but the hash of your password would look something like
“7378347eedbfdd761619451949225ec1”.
To verify a user, a system takes the hash value created by the password hashing function on the client computer and
compares it to the hash value stored in a table on the server. If the hashes match, then the user is authenticated and
granted access.
Password cracking programs work in a similar way to the login process. The cracking program starts by taking plaintext
passwords, running them through a hash algorithm, such as MD5, and then compares the hash output with the hashes
in the stolen password file. If it finds a match then the program has cracked the password.
Rainbow Tables are basically huge sets of precomputed tables filled with hash values that are pre-matched to possible
plaintext passwords. The Rainbow Tables essentially allow hackers to reverse the hashing function to determine what
the plaintext password might be.
The use of Rainbow Tables allow for passwords to be cracked in a very short amount of time compared with brute-force
methods, however, the trade-off is that it takes a lot of storage (sometimes Terabytes) to hold the Rainbow Tables
themselves.

QUESTION 11
The Chief Information Officer (CISO) is concerned that certain systems administrators will privileged access may be
reading other users\\’ emails. A review of a tool\\’s output shows the administrators have used webmail to log into other
users\\’ inboxes.
Which of the following tools would show this type of output?
A. Log analysis tool
B. Password cracker
C. Command-line tool
D. File integrity monitoring tool
Correct Answer: A

QUESTION 12
A software development manager is running a project using agile development methods. The company cybersecurity
engineer has noticed a high number of vulnerabilities have been making it into production code on the project.
Which of the following methods could be used in addition to an integrated development environment to reduce the
severity of the issue?
A. Conduct a penetration test on each function as it is developed
B. Develop a set of basic checks for common coding errors
C. Adopt a waterfall method of software development
D. Implement unit tests that incorporate static code analyzers
Correct Answer: D

QUESTION 13
select id, firstname, lastname from authors
User input= firstname= Hack;man
lastname=Johnson
Which of the following types of attacks is the user attempting?
A. XML injection
B. Command injection
C. Cross-site scripting
D. SQL injection
Correct Answer: D
The code in the question is SQL code. The attack is a SQL injection attack. SQL injection is a code injection technique,
used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution
(e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an
application\\’s software, for example, when user input is either incorrectly filtered for string literal escape characters
embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly
known as an attack vector for websites but can be used to attack any type of SQL database.


Braindump4it shares the latest updated CompTIA CAS-003 exam exercise questions, CAS-003 dumps pdf for free.
All exam questions and answers come from the Lead4pass exam dumps shared part! Lead4pass updates throughout the year and shares a portion of your exam questions for free to help you understand the exam content and enhance your exam experience!
Get the full CompTIA CAS-003 exam dumps questions at: https://www.leads4pass.com/cas-003.html (pdf&vce)

ps.
Get free CompTIA CAS-003 dumps PDF online: https://drive.google.com/file/d/1D1USsX5ML464scD9Df8P_Hga4jFL94Af/