Latest CompTIA CAS-003 Practice Exam Questions | Pass CAS-003 Exam in First Attempt
                      
 
 
 
 
Com p tia
CAS-00 3
CompTIA Advanced Security Practitioner
 
 
https://www.exam4help.com/comp tia/cas-003-dumps.html
 
 
 
 
 
Question: 1 
   
An organization, which handles large volumes of PII, allows mobile devices that can process, store, and 
transmit PII and other sensitive data to be issued to employees. Security assessors can demonstrate 
recovery and decryption of remnant sensitive data from device storage after MDM issues a successful 
wipe command. Assuming availability of the controls, which of the following would BEST protect against 
the loss of sensitive data in the future? 
 
A. Implement a container that wraps PII data and stores keying material directly in the container’s 
encrypted application space. 
B. Use encryption keys for sensitive data stored in an eF use-backed memory space that is blown during 
remote wipe. 
C. Issue devices that employ a stronger algorithm for the authentication of sensitive data stored on 
them. 
D. Procure devices that remove the bootloader binaries upon receipt of an MDM-issued remote wipe 
command. 
 
Answer: A     
 
Question: 2 
   
A large company with a very complex IT environment is considering a move from an on-premises, 
internally managed proxy to a cloud-based proxy solution managed by an external vendor. The current 
proxy provides caching, content filtering, malware analysis, and URL categorization for all staff 
connected behind the proxy. Staff members connect directly to the Internet outside of the corporate 
network. The cloud-based version of the solution would provide content filtering, TLS decryption, 
malware analysis, and URL categorization. After migrating to the cloud solution, all internal proxies 
would be decommissioned. Which of the following would MOST likely change the company’s risk 
profile? 
 
A. 1. There would be a loss of internal intellectual knowledge regarding proxy configurations and 
application data flows.2. There would be a greater likelihood of Internet access outages due to lower 
resilience of cloud gateways.3. There would be data sovereignty concerns due to changes required in 
routing and proxy PAC files. 
B. 1. The external vendor would have access to inbound and outbound gateway traffic.2. The service 
would provide some level of protection for staff working from home.3. Outages would be likely to occur 
for systems or applications with hard-coded proxy information. 
C. 1. The loss of local caching would dramatically increase ISP changes and impact existing bandwidth.2. 
There would be a greater likelihood of Internet access outages due to lower resilience of cloud 
gateways.3. There would be a loss of internal intellectual knowledge regarding proxy configurations and 
application data flows. 
D. 1. Outages would be likely to occur for systems or applications with hard-coded proxy information.2. 
The service would provide some level of protection for staff members working from home.3. Malware 
detection times would decrease due to third-party management of the service. 
 
https://www.exam4help.com/comp tia/cas-003-dumps.html
 
 
Answer: D     
 
Question: 3 
   
A security engineer is deploying an IdP to broker authentication between applications. These 
applications all utilize SAML 2.0 for authentication. Users log into the IdP with their credentials and are 
given a list of applications they may access. One of the application’s authentications is not functional 
when a user initiates an authentication attempt from the IdP. The engineer modifies the configuration 
so users browse to the application first, which corrects the issue. Which of the following BEST describes 
the root cause? 
 
A. The application only supports SP-initiated authentication. 
B. The IdP only supports SAML 1.0 
C. There is an SSL certificate mismatch between the IdP and the SaaS application. 
D. The user is not provisioned correctly on the IdP. 
 
Answer: A     
 
Question: 4 
   
A security manager recently categorized an information system. During the categorization effort, the 
manager determined the loss of integrity of a specific information type would impact business 
significantly. Based on this, the security manager recommends the implementation of several solutions. 
Which of the following, when combined, would BEST mitigate this risk? (Select TWO.) 
 
A. Access control 
B. Whitelisting 
C. Signing 
D. Validation 
E. Boot attestation 
 
Answer: A,D     
 
Question: 5 
   
A security analyst is reviewing the following company requirements prior to selecting the appropriate 
technical control configuration and parameter: 
RTO:2 days 
RPO:36 hours 
MTTR:24 hours 
MTBF:60 days 
 
https://www.exam4help.com/comp tia/cas-003-dumps.html
 
Which of the following solutions will address the RPO requirements? 
 
A. Remote Syslog facility collecting real-time events 
B. Server farm behind a load balancer delivering five-nines uptime 
C. Backup solution that implements daily snapshots 
D. Cloud environment distributed across geographic regions 
 
Answer: C     
 
Question: 6 
   
A penetration test is being scoped for a set of web services with API endpoints. The APIs will be hosted 
on existing web application servers. Some of the new APIs will be available to unauthenticated users, 
but some will only be available to authenticated users. Which of the following tools or activities would 
the penetration tester MOST likely use or do during the engagement? (Select TWO.) 
 
A. Static code analyzer 
B. Intercepting proxy 
C. Port scanner 
D. Reverse engineering 
E. Reconnaissance gathering 
F. User acceptance testing 
 
Answer: B,E     
 
Question: 7 
   
A recent overview of the network’s security and storage applications reveals a large amount of data that 
needs to be isolated for security reasons. Below are the critical applications and devices configured on 
the network: 
Firewall  
Core switches  
RM server  
Virtual environment  
NAC solution  
The security manager also wants data from all critical applications to be aggregated to correlate events 
from multiple sources. Which of the following must be configured in certain applications to help ensure 
data aggregation and data isolation are implemented on the critical applications and devices? (Select 
TWO). 
 
A. Routing tables 
B. Log forwarding 
C. Data remanants 
D. Port aggregation 
 
https://www.exam4help.com/comp tia/cas-003-dumps.html
 
E. NIC teaming 
F. Zones 
 
Answer: C,F     
 
Question: 8 
   
A security analyst who is concerned about sensitive data exfiltration reviews the following: 
 
Which of the following tools would allow the analyst to confirm if data exfiltration is occuring? 
 
A. Port scanner 
B. SCAP tool 
C. File integrity monitor 
D. Protocol analyzer 
 
Answer: A     
 
Question: 9 
   
As part of the development process for a new system, the organization plans to perform requirements 
analysis and risk assessment. The new system will replace a legacy system, which the organization has 
used to perform data analytics. Which of the following is MOST likely to be part of the activities 
conducted by management during this phase of the project? 
 
A. Static code analysis and peer review of all application code 
B. Validation of expectations relating to system performance and security 
C. Load testing the system to ensure response times is acceptable to stakeholders 
D. Design reviews and user acceptance testing to ensure the system has been deployed properly 
E. Regression testing to evaluate interoperability with the legacy system during the deployment 
 
Answer: C     
 
Question: 10 
   
A system owner has requested support from data owners to evaluate options for the disposal of 
equipment containing sensitive data. Regulatory requirements state the data must be rendered 
unrecoverable via logical means or physically destroyed. Which of the following factors is the regulation 
intended to address? 
 
A. Sovereignty 
 
https://www.exam4help.com/comp tia/cas-003-dumps.html
 
B. E-waste 
C. Remanence 
D. Deduplication 
 
Answer: B     
 
Question: 11 
   
During a criminal investigation, the prosecutor submitted the original hard drive from the suspect’s 
computer as evidence. The defense objected during the trial proceedings, and the evidence was 
rejected. Which of the following practices should the prosecutor’s forensics team have used to ensure 
the suspect’s data would be admissible as evidence? (Select TWO.) 
 
A. Follow chain of custody best practices 
B. Create an identical image of the original hard drive, store the original securely, and then perform 
forensics only on the imaged drive. 
C. Use forensics software on the original hard drive and present generated reports as evidence 
D. Create a tape backup of the original hard drive and present the backup as evidence 
E. Create an exact image of the original hard drive for forensics purposes, and then place the original 
back in service 
 
Answer: A,B     
 
Question: 12 
   
An organization just merged with an organization in another legal jurisdiction and must improve its 
network security posture in ways that do not require additional resources to implement data isolation. 
One recommendation is to block communication between endpoint PCs. Which of the following would 
be the BEST solution? 
 
A. Installing HIDS 
B. Configuring a host-based firewall 
C. Configuring EDR 
D. Implementing network segmentation 
 
Answer: D     
 
Question: 13 
   
After several industry comnpetitors suffered data loss as a result of cyebrattacks, the Chief Operating 
Officer (COO) of a company reached out to the information security manager to review the 
 
https://www.exam4help.com/comp tia/cas-003-dumps.html
 
organization’s security stance. As a result of the discussion, the COO wants the organization to meet the 
following criteria: 
Blocking of suspicious websites  
Prevention of attacks based on threat intelligence  
Reduction in spam  
Identity-based reporting to meet regulatory compliance  
Prevention of viruses based on signature  
Protect applications from web-based threats  
Which of the following would be the BEST recommendation the information security manager could 
make? 
 
A. Reconfigure existing IPS resources 
B. Implement a WAF 
C. Deploy a SIEM solution 
D. Deploy a UTM solution 
E. Implement an EDR platform 
 
Answer: D     
 
Question: 14 
   
A company’s chief cybersecurity architect wants to configure mutual authentication to access an 
internal payroll website. The architect has asked the administration team to determine the 
configuration that would provide the best defense against MITM attacks. Which of the following 
implementation approaches would BEST support the architect’s goals? 
 
A. Utilize a challenge-response prompt as required input at username/password entry. 
B. Implement TLS and require the client to use its own certificate during handshake. 
C. Configure a web application proxy and institute monitoring of HTTPS transactions. 
D. Install a reverse proxy in the corporate DMZ configured to decrypt TLS sessions. 
 
Answer: C     
 
https://www.exam4help.com/comp tia/cas-003-dumps.html