CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 26)

Page 26 of 137
PDF with 683 Questions

A new cluster of virtual servers has been set up in a lab environment and must be audited before being allowed on the production network. The security manager needs to ensure unnecessary services are disabled and all system accounts are using strong credentials.

Which of the following tools should be used? (Choose two.)

  1. Fuzzer
  2. SCAP scanner
  3. Packet analyzer
  4. Password cracker
  5. Network enumerator
  6. SIEM

Answer(s): B,F



A security engineer is embedded with a development team to ensure security is built into products being developed. The security engineer wants to ensure developers are not blocked by a large number of security requirements applied at specific schedule points.

Which of the following solutions BEST meets the engineer’s goal?

  1. Schedule weekly reviews of al unit test results with the entire development team and follow up between meetings with surprise code inspections.
  2. Develop and implement a set of automated security tests to be installed on each development team leader’s workstation.
  3. Enforce code quality and reuse standards into the requirements definition phase of the waterfall development process.
  4. Deploy an integrated software tool that builds and tests each portion of code committed by developers and provides feedback.

Answer(s): C



A security engineer is working with a software development team. The engineer is tasked with ensuring all security requirements are adhered to by the developers.

Which of the following BEST describes the contents of the supporting document the engineer is creating?

  1. A series of ad-hoc tests that each verify security control functionality of the entire system at once.
  2. A series of discrete tasks that, when viewed in total, can be used to verify and document each individual constraint from the SRTM.
  3. A set of formal methods that apply to one or more of the programing languages used on the development project.
  4. A methodology to verify each security control in each unit of developed code prior to committing the code.

Answer(s): D



A security technician is incorporating the following requirements in an RFP for a new SIEM:

-New security notifications must be dynamically implemented by the SIEM engine
-The SIEM must be able to identify traffic baseline anomalies
-Anonymous attack data from all customers must augment attack detection and risk scorin

Based on the above requirements, which of the following should the SIEM support? (Choose two.)

  1. Autoscaling search capability
  2. Machine learning
  3. Multisensor deployment
  4. Big Data analytics
  5. Cloud-based management
  6. Centralized log aggregation

Answer(s): B,D



Page 26 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote