CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 20)

Page 20 of 137
PDF with 683 Questions

An organization is currently working with a client to migrate data between a legacy ERP system and a cloud- based ERP tool using a global PaaS provider. As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements. Which of the following is the MOST likely reason for the need to sanitize the client data?

  1. Data aggregation
  2. Data sovereignty
  3. Data isolation
  4. Data volume
  5. Data analytics

Answer(s): B



The code snippet below controls all electronic door locks to a secure facility in which the doors should only fail open in an emergency. In the code, “criticalValue” indicates if an emergency is underway:


Which of the following is the BEST course of action for a security analyst to recommend to the software developer?

  1. Rewrite the software to implement fine-grained, conditions-based testing
  2. Add additional exception handling logic to the main program to prevent doors from being opened
  3. Apply for a life-safety-based risk exception allowing secure doors to fail open
  4. Rewrite the software’s exception handling routine to fail in a secure state

Answer(s): B



Compliance with company policy requires a quarterly review of firewall rules. You are asked to conduct a review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more secure. Given the following information perform the tasks listed below:

Untrusted zone: 0.0.0.0/0
User zone: USR 10.1.1.0/24
User zone: USR2 10.1.2.0/24
DB zone: 10.1.4.0/24
Web application zone: 10.1.5.0/24
Management zone: 10.1.10.0/24
Web server: 10.1.5.50
MS-SQL server: 10.1.4.70
MGMT platform: 10.1.10.250

Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.


Task 1) A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.
Task 2) The firewall must be configured so that the SQL server can only receive requests from the web server.
Task 3) The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.
Task 4) Ensure the final rule is an explicit deny.
Task 5) Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.

  1. Please refer to Explanation below for the answer.

Answer(s): A

Explanation:

Task 1: A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.

In Rule no. 1 edit the Action to Deny to block internet access from the management platform.


Task 2: The firewall must be configured so that the SQL server can only receive requests from the web server. In Rule no. 6 from top, edit the Action to be Permit.


Task 3: The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.

In rule no. 5 from top, change the DST port to Any from 80 to allow all unencrypted traffic.


Task 4: Ensure the final rule is an explicit deny

Enter this at the bottom of the access list i.e. the line at the bottom of the rule:


Task 5: Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.

In Rule number 4 from top, edit the DST port to 443 from 80



A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production code on the project.

Which of the following methods could be used in addition to an integrated development environment to reduce the severity of the issue?

  1. Conduct a penetration test on each function as it is developed
  2. Develop a set of basic checks for common coding errors
  3. Adopt a waterfall method of software development
  4. Implement unit tests that incorporate static code analyzers

Answer(s): D



Page 20 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote