CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 10)

Page 10 of 137
PDF with 683 Questions

A company monitors the performance of all web servers using WMI. A network administrator informs the security engineer that web servers hosting the company’s client-facing portal are running slowly today. After some investigation, the security engineer notices a large number of attempts at enumerating host information via SNMP from multiple IP addresses. Which of the following would be the BEST technique for the security engineer to employ in an attempt to prevent reconnaissance activity?

  1. Install a HIPS on the web servers
  2. Disable inbound traffic from offending sources
  3. Disable SNMP on the web servers
  4. Install anti-DDoS protection in the DMZ

Answer(s): A



One of the objectives of a bank is to instill a security awareness culture. Which of the following are techniques that could help to achieve this? (Choose two.)

  1. Blue teaming
  2. Phishing simulations
  3. Lunch-and-learn
  4. Random audits
  5. Continuous monitoring
  6. Separation of duties

Answer(s): B,E



The risk subcommittee of a corporate board typically maintains a master register of the most prominent risks to the company. A centralized holistic view of risk is particularly important to the corporate Chief Information Security Officer (CISO) because:

  1. IT systems are maintained in silos to minimize interconnected risks and provide clear risk boundaries used to implement compensating controls
  2. risks introduced by a system in one business unit can affect other business units in ways in which the individual business units have no awareness
  3. corporate general counsel requires a single system boundary to determine overall corporate risk exposure
  4. major risks identified by the subcommittee merit the prioritized allocation of scare funding to address cybersecurity concerns

Answer(s): B



An insurance company has two million customers and is researching the top transactions on its customer portal. It identifies that the top transaction is currently password reset. Due to users not remembering their secret questions, a large number of calls are consequently routed to the contact center for manual password resets. The business wants to develop a mobile application to improve customer engagement in the future, continue with a single factor of authentication, minimize management overhead of the solution, remove passwords, and eliminate to the contact center. Which of the following techniques would BEST meet the requirements? (Choose two.)

  1. Magic link sent to an email address
  2. Customer ID sent via push notification
  3. SMS with OTP sent to a mobile number
  4. Third-party social login
  5. Certificate sent to be installed on a device
  6. Hardware tokens sent to customers

Answer(s): C,E



Page 10 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote