Want a Thriving Business? Focus on 2019 Updated CompTIA CAS-003 Dumps!

Views:
 
Category: Education
     
 

Presentation Description

Dumps4download.us has a milestone in completing extraordinary work by creating CompTIA CAS-003 exam question and answers for the help of IT student’s help. You can acquire a good enough understanding of this concise and complete study material. All the topics and their brief description have been presented in multiple choice questions and answers to keep it easy to remember and recall any time. We are providing a lot of other benefits in accretion for outstanding preparation. Our first priority is the satisfaction and positive feedback of our clients. With all these benefits we are also providing free demo questions to check the reliability of the original PDF file. If you thoroughly study this exam dumps material with a better understanding than you will get familiar with every exam topic very well. After preparing your exam through CompTIA CAS-003 exam study material, you can test our knowledge through online practice test which will represent you that how much you get knowledge about the exam. You will get money back guarantee with 100% passing assurance. Now download CompTIA CAS-003 dumps fleetly and prepare this exam and gain best possible results. Moreover visit: https://www.dumps4download.us/free-cas-003/comptia-question-answers.html

Comments

Presentation Transcript

slide 1:

Comptia CAS-003 CompTIA Advanced Security Practitioner CASP

slide 2:

Question: 1 A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive analysis attacks. Which of the following is the BEST solution A. Use an entropy-as-a-service vendor to leverage larger entropy pools. B. Loop multiple pseudo-random number generators in a series to produce larger numbers. C. Increase key length by two orders of magnitude to detect brute forcing. D. Shift key generation algorithms to ECC algorithms. Answer: A Question: 2 A security engineer is attempting to convey the importance of including job rotation in a company’s standard security policies. Which of the following would be the BEST justification A. Making employees rotate through jobs ensures succession plans can be implemented and prevents single point of failure. B. Forcing different people to perform the same job minimizes the amount of time malicious actions go undetected by forcing malicious actors to attempt collusion between two or more people. C. Administrators and engineers who perform multiple job functions throughout the day benefit from being cross-trained in new job areas. D. It eliminates the need to share administrative account passwords because employees gain administrative rights as they rotate into a new job area. Answer: B Question: 3 A company is transitioning to a new VDI environment and a system engineer is responsible for developing a sustainable security strategy for the VDIs. Which of the following is the MOST appropriate order of steps to be taken A. Firmware update OS patching HIDS antivirus baseline monitoring agent B. OS patching baseline HIDS antivirus monitoring agent firmware update C. Firmware update OS patching HIDS antivirus monitoring agent baseline D. Baseline antivirus OS patching monitoring agent HIDS firmware update Answer: A

slide 3:

Question: 4 The Chief Information Officer CIO has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review. Which of the following BEST meets the needs of the board A. KRI:- Compliance with regulations- Backlog of unresolved security investigations- Severity of threats and vulnerabilities reported by sensors- Time to patch critical issues on a monthly basisKPI:- Time to resolve open security items- of suppliers with approved security control frameworks- EDR coverage across the fleet- Threat landscape rating B. KRI:- EDR coverage across the fleet- Backlog of unresolved security investigations- Time to patch critical issues on a monthly basis- Threat landscape ratingKPI:- Time to resolve open security items- Compliance with regulations- of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors C. KRI:- EDR coverage across the fleet- of suppliers with approved security control framework- Backlog of unresolved security investigations- Threat landscape ratingKPI:- Time to resolve open security items- Compliance with regulations- Time to patch critical issues on a monthly basis- Severity of threats and vulnerabilities reported by sensors D. KPI:- Compliance with regulations- of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors- Threat landscape ratingKRI:- Time to resolve open security items- Backlog of unresolved security investigations- EDR coverage across the fleet- Time to patch critical issues on a monthly basis Answer: A Question: 5 The Chief Executive Officer CEO of a small startup company has an urgent need for a security policy and assessment to address governance risk management and compliance. The company has a resource-constrained IT department but has no information security staff. The CEO has asked for this to be completed in three months. Which of the following would be the MOST cost-effective solution to meet the company’s needs A. Select one of the IT personnel to obtain information security training and then develop all necessary policies and documents in-house. B. Accept all risks associated with information security and then bring up the issue again at next year’s annual board meeting. C. Release an RFP to consultancy firms and then select the most appropriate consultant who can fulfill the requirements. D. Hire an experienced full-time information security team to run the startup company’s information security department.

slide 4:

Answer: C Question: 6 As part of an organization’s compliance program administrators must complete a hardening checklist and note any potential improvements. The process of noting improvements in the checklist is MOST likely driven by: A. the collection of data as part of the continuous monitoring program. B. adherence to policies associated with incident response. C. the organization’s software development life cycle. D. changes in operating systems or industry trends. Answer: A Question: 7 A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place as well as allow for the upload of commands from a centralized command and control answer. The total cost of the device must be kept to a minimum in case the device is discovered during an assessment. Which of the following tools should the engineer load onto the device being designed A. Custom firmware with rotating key generation B. Automatic MITM proxy C. TCP beacon broadcast software D. Reverse shell endpoint listener Answer: B Question: 8 A security consultant is improving the physical security of a sensitive site and takes pictures of the unbranded building to include in the report. Two weeks later the security consultant misplaces the phone which only has one hour of charge left on it. The person who finds the phone removes the MicroSD card in an attempt to discover the owner to return it. The person extracts the following data from the phone and EXIF data from some files: DCIM Images folder Audio books folder Torrentz My TAX.xls Consultancy HR Manual.doc

slide 5:

Camera: SM-G950F Exposure time: 1/60s Location: 3500 Lacey Road USA Which of the following BEST describes the security problem A. MicroSD in not encrypted and also contains personal data. B. MicroSD contains a mixture of personal and work data. C. MicroSD in not encrypted and contains geotagging information. D. MicroSD contains pirated software and is not encrypted. Answer: A Question: 9 An engineer needs to provide access to company resources for several offshore contractors. The contractors require: Access to a number of applications including internal websites Access to database data and the ability to manipulate it The ability to log into Linux and Windows servers remotely Which of the following remote access technologies are the BEST choices to provide all of this access securely Choose two. A. VTC B. VRRP C. VLAN D. VDI E. VPN F. Telnet Answer: DE Question: 10 A project manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor’s cloud-based infrastructure. The organization will maintain responsibility for the software but will not manage the underlying server applications. Which of the following does the organization plan to leverage A. SaaS B. PaaS C. IaaS D. Hybrid cloud E. Network virtualization

slide 6:

Answer: B For more info: CompTIA CAS-003 Exam Study Material

authorStream Live Help