CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 19)

Page 19 of 137
PDF with 683 Questions

An architect was recently hired by a power utility to increase the security posture of the company’s power generation and distribution sites. Upon review, the architect identifies legacy hardware with highly vulnerable and unsupported software driving critical operations. These systems must exchange data with each other, be highly synchronized, and pull from the Internet time sources. Which of the following architectural decisions would BEST reduce the likelihood of a successful attack without harming operational capability? (Choose two.)

  1. Isolate the systems on their own network
  2. Install a firewall and IDS between systems and the LAN
  3. Employ own stratum-0 and stratum-1 NTP servers
  4. Upgrade the software on critical systems
  5. Configure the systems to use government-hosted NTP servers

Answer(s): B,E



A business is growing and starting to branch out into other locations. In anticipation of opening an office in a different country, the Chief Information Security Officer (CISO) and legal team agree they need to meet the following criteria regarding data to open the new office:

-Store taxation-related documents for five years
-Store customer addresses in an encrypted format
-Destroy customer information after one year
-Keep data only in the customer’s home country

Which of the following should the CISO implement to BEST meet these requirements? (Choose three.)

  1. Capacity planning policy
  2. Data retention policy
  3. Data classification standard
  4. Legal compliance policy
  5. Data sovereignty policy
  6. Backup policy
  7. Acceptable use policy
  8. Encryption standard

Answer(s): B,E,H



A company contracts a security engineer to perform a penetration test of its client-facing web portal. Which of the following activities would be MOST appropriate?

  1. Use a protocol analyzer against the site to see if data input can be replayed from the browser
  2. Scan the website through an interception proxy and identify areas for the code injection
  3. Scan the site with a port scanner to identify vulnerable services running on the web server
  4. Use network enumeration tools to identify if the server is running behind a load balancer

Answer(s): C



A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares. Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two.)

  1. Conduct role-based training for privileged users that highlights common threats against them and covers best practices to thwart attacks
  2. Increase the frequency at which host operating systems are scanned for vulnerabilities, and decrease the amount of time permitted between vulnerability identification and the application of corresponding patches
  3. Enforce command shell restrictions via group policies for all workstations by default to limit which native operating system tools are available for use
  4. Modify the existing rules of behavior to include an explicit statement prohibiting users from enumerating user and file directories using available tools and/or accessing visible resources that do not directly pertain to their job functions
  5. For all workstations, implement full-disk encryption and configure UEFI instances to require complex passwords for authentication
  6. Implement application blacklisting enforced by the operating systems of all machines in the enterprise

Answer(s): C,D



Page 19 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote