CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 22)

Page 22 of 137
PDF with 683 Questions

An organization has established the following controls matrix:


The following control sets have been defined by the organization and are applied in aggregate fashion:

-Systems containing PII are protected with the minimum control set.
-Systems containing medical data are protected at the moderate level.
-Systems containing cardholder data are protected at the high level.

The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients. Based on the controls classification, which of the following controls would BEST meet these requirements?

  1. Proximity card access to the server room, context-based authentication, UPS, and full-disk encryption for the database server.
  2. Cipher lock on the server room door, FDE, surge protector, and static analysis of all application code.
  3. Peer review of all application changes, static analysis of application code, UPS, and penetration testing of the complete system.
  4. Intrusion detection capabilities, network-based IPS, generator, and context-based authentication.

Answer(s): A



A company’s existing forward proxies support software-based TLS decryption, but are currently at 60% load just dealing with AV scanning and content analysis for HTTP traffic. More than 70% outbound web traffic is currently encrypted. The switching and routing network infrastructure precludes adding capacity, preventing the installation of a dedicated TLS decryption system. The network firewall infrastructure is currently at 30% load and has software decryption modules that can be activated by purchasing additional license keys. An existing project is rolling out agent updates to end-user desktops as part of an endpoint security refresh.

Which of the following is the BEST way to address these issues and mitigate risks to the organization?

  1. Purchase the SSL, decryption license for the firewalls and route traffic back to the proxies for end-user categorization and malware analysis.
  2. Roll out application whitelisting to end-user desktops and decommission the existing proxies, freeing up network ports.
  3. Use an EDP solution to address the malware issue and accept the diminishing role of the proxy for URL categorization in the short team.
  4. Accept the current risk and seek possible funding approval in the next budget cycle to replace the existing proxies with ones with more capacity.

Answer(s): A



A recent CRM upgrade at a branch office was completed after the desired deadline. Several technical issues were found during the upgrade and need to be discussed in depth before the next branch office is upgraded.

Which of the following should be used to identify weak processes and other vulnerabilities?

  1. Gap analysis
  2. Benchmarks and baseline results
  3. Risk assessment
  4. Lessons learned report

Answer(s): D



A threat advisory alert was just emailed to the IT security staff. The alert references specific types of host operating systems that can allow an unauthorized person to access files on a system remotely. A fix was recently published, but it requires a recent endpoint protection engine to be installed prior to running the fix.

Which of the following MOST likely need to be configured to ensure the system are mitigated accordingly? (Choose two.)

  1. Antivirus
  2. HIPS
  3. Application whitelisting
  4. Patch management
  5. Group policy implementation
  6. Firmware updates

Answer(s): A,D



Page 22 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote