CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 44)

Page 44 of 137
PDF with 683 Questions

A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The Chief Information Security Officer (CISO) will then present this list to the board to request funding for controls in areas that have insufficient coverage.

Which of the following exercise types should the analyst perform?

  1. Summarize the most recently disclosed vulnerabilities.
  2. Research industry best practices and the latest RFCs.
  3. Undertake an external vulnerability scan and penetration test.
  4. Conduct a threat modeling exercise.

Answer(s): D



In the past, the risk committee at Company A has shown an aversion to even minimal amounts of risk acceptance. A security engineer is preparing recommendations regarding the risk of a proposed introducing legacy ICS equipment. The project will introduce a minor vulnerability into the enterprise. This vulnerability does not significantly expose the enterprise to risk and would be expensive against.

Which of the following strategies should the engineer recommended be approved FIRST?

  1. Avoid
  2. Mitigate
  3. Transfer
  4. Accept

Answer(s): B



A company has adopted and established a continuous-monitoring capability, which has proven to be effective in vulnerability management, diagnostics, and mitigation. The company wants to increase the likelihood that it is able to discover and therefore respond to emerging threats earlier in the life cycle.

Which of the following methodologies would BEST help the company to meet this objective? (Choose two.)

  1. Install and configure an IPS.
  2. Enforce routine GPO reviews.
  3. Form and deploy a hunt team.
  4. Institute heuristic anomaly detection.
  5. Use a protocol analyzer with appropriate connectors.

Answer(s): C,D



An organization has recently deployed an EDR solution across its laptops, desktops, and server infrastructure. The organization’s server infrastructure is deployed in an IaaS environment. A database within the non- production environment has been misconfigured with a routable IP and is communicating with a command and control server.

Which of the following procedures should the security responder apply to the situation? (Choose two.)

  1. Contain the server.
  2. Initiate a legal hold.
  3. Perform a risk assessment.
  4. Determine the data handling standard.
  5. Disclose the breach to customers.
  6. Perform an IOC sweep to determine the impact.

Answer(s): A,F



Page 44 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote