CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 25)

Page 25 of 137
PDF with 683 Questions

A consultant is hired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessment will be considered successful if the consultant can discover the name of one of the IT administrators.

Which of the following is MOST likely to produce the needed information?

  1. Whois
  2. DNS enumeration
  3. Vulnerability scanner
  4. Fingerprinting

Answer(s): A



A breach was caused by an insider threat in which customer PII was compromised. Following the breach, a lead security analyst is asked to determine which vulnerabilities the attacker used to access company resources.

Which of the following should the analyst use to remediate the vulnerabilities?

  1. Protocol analyzer
  2. Root cause analysis
  3. Behavioral analytics
  4. Data leak prevention

Answer(s): D



A security analyst has requested network engineers integrate sFlow into the SOC’s overall monitoring picture. For this to be a useful addition to the monitoring capabilities, which of the following must be considered by the engineering team?

  1. Effective deployment of network taps
  2. Overall bandwidth available at Internet PoP
  3. Optimal placement of log aggregators
  4. Availability of application layer visualizers

Answer(s): D



Ann, a member of the finance department at a large corporation, has submitted a suspicious email she received to the information security team. The team was not expecting an email from Ann, and it contains a PDF file inside a ZIP compressed archive. The information security team is not sure which files were opened. A security team member uses an air-gapped PC to open the ZIP and PDF, and it appears to be a social engineering attempt to deliver an exploit.

Which of the following would provide greater insight on the potential impact of this attempted attack?

  1. Run an antivirus scan on the finance PC.
  2. Use a protocol analyzer on the air-gapped PC.
  3. Perform reverse engineering on the document.
  4. Analyze network logs for unusual traffic.
  5. Run a baseline analyzer against the user’s computer.

Answer(s): C



Page 25 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote