CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 41)

Page 41 of 137
PDF with 683 Questions

The Chief Executive Officer (CEO) of a small startup company has an urgent need for a security policy and assessment to address governance, risk management, and compliance. The company has a resource- constrained IT department, but has no information security staff. The CEO has asked for this to be completed in three months.

Which of the following would be the MOST cost-effective solution to meet the company’s needs?

  1. Select one of the IT personnel to obtain information security training, and then develop all necessary policies and documents in-house.
  2. Accept all risks associated with information security, and then bring up the issue again at next year’s annual board meeting.
  3. Release an RFP to consultancy firms, and then select the most appropriate consultant who can fulfill the requirements.
  4. Hire an experienced, full-time information security team to run the startup company’s information security department.

Answer(s): C



As part of an organization’s compliance program, administrators must complete a hardening checklist and note any potential improvements. The process of noting improvements in the checklist is MOST likely driven by:

  1. the collection of data as part of the continuous monitoring program.
  2. adherence to policies associated with incident response.
  3. the organization’s software development life cycle.
  4. changes in operating systems or industry trends.

Answer(s): A



A security engineer has been hired to design a device that will enable the exfiltration of data from within a well- defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place, as well as allow for the upload of commands from a centralized command and control server. The total cost of the device must be kept to a minimum in case the device is discovered during an assessment.

Which of the following tools should the engineer load onto the device being designed?

  1. Custom firmware with rotating key generation
  2. Automatic MITM proxy
  3. TCP beacon broadcast software
  4. Reverse shell endpoint listener

Answer(s): B



A security consultant is improving the physical security of a sensitive site and takes pictures of the unbranded building to include in the report. Two weeks later, the security consultant misplaces the phone, which only has one hour of charge left on it. The person who finds the phone removes the MicroSD card in an attempt to discover the owner to return it.

The person extracts the following data from the phone and EXIF data from some files:
DCIM Images folder
Audio books folder
Torrentz
My TAX.xls
Consultancy HR Manual.doc
Camera: SM-G950F
Exposure time: 1/60s
Location: 3500 Lacey Road USA

Which of the following BEST describes the security problem?

  1. MicroSD in not encrypted and also contains personal data.
  2. MicroSD contains a mixture of personal and work data.
  3. MicroSD in not encrypted and contains geotagging information.
  4. MicroSD contains pirated software and is not encrypted.

Answer(s): C



Page 41 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote