CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 31)

Page 31 of 137
PDF with 683 Questions

An organization is considering the use of a thin client architecture as it moves to a cloud-hosted environment. A security analyst is asked to provide thoughts on the security advantages of using thin clients and virtual workstations.

Which of the following are security advantages of the use of this combination of thin clients and virtual workstations?

  1. Malicious insiders will not have the opportunity to tamper with data at rest and affect the integrity of the system.
  2. Thin client workstations require much less security because they lack storage and peripherals that can be easily compromised, and the virtual workstations are protected in the cloud where security is outsourced.
  3. All thin clients use TPM for core protection, and virtual workstations use vTPM for core protection with both equally ensuring a greater security advantage for a cloud-hosted environment.
  4. Malicious users will have reduced opportunities for data extractions from their physical thin client workstations, this reducing the effectiveness of local attacks.

Answer(s): B



A security analyst is attempting to break into a client’s secure network. The analyst was not given prior information about the client, except for a block of public IP addresses that are currently in use.

After network enumeration, the analyst’s NEXT step is to perform:

  1. a gray-box penetration test
  2. a risk analysis
  3. a vulnerability assessment
  4. an external security audit
  5. a red team exercise

Answer(s): A



A security architect is determining the best solution for a new project. The project is developing a new intranet with advanced authentication capabilities, SSO for users, and automated provisioning to streamline Day 1 access to systems. The security architect has identified the following requirements:

1. Information should be sourced from the trusted master data source.
2. There must be future requirements for identity proofing of devices and users.
3. A generic identity connector that can be reused must be developed.
4. The current project scope is for internally hosted applications only.

Which of the following solution building blocks should the security architect use to BEST meet the requirements?

  1. LDAP, multifactor authentication, OAuth, XACML
  2. AD, certificate-based authentication, Kerberos, SPML
  3. SAML, context-aware authentication, OAuth, WAYF
  4. NAC, radius, 802.1x, centralized active directory

Answer(s): B



Which of the following is an external pressure that causes companies to hire security assessors and penetration testers?

  1. Lack of adequate in-house testing skills.
  2. Requirements for geographically based assessments
  3. Cost reduction measures
  4. Regulatory insistence on independent reviews.

Answer(s): D



Page 31 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote