CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 45)

Page 45 of 137
PDF with 683 Questions

An administrator wants to install a patch to an application.

INSTRUCTIONS
Given the scenario, download, verify, and install the patch in the most secure manner. The last install that is completed will be the final submission.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.






  1. Please refer to Explanation below for the answer.

Answer(s): A

Explanation:

In this case the second link should be used (This may vary in actual exam). The first link showed the following error so it should not be used.


Also, Two of the link choices used HTTP and not HTTPS as shown when hovering over the links as shown:



Since we need to do this in the most secure manner possible, they should not be used.
Finally, the second link was used and the MD5 utility of MD5sum should be used on the install.exe file as shown. Make sure that the hash matches.


Finally, type in install.exe to install it and make sure there are no signature verification errors.



An organization, which handles large volumes of PII, allows mobile devices that can process, store, and transmit PII and other sensitive data to be issued to employees. Security assessors can demonstrate recovery and decryption of remnant sensitive data from device storage after MDM issues a successful wipe command. Assuming availability of the controls, which of the following would BEST protect against the loss of sensitive data in the future?

  1. Implement a container that wraps PII data and stores keying material directly in the container’s encrypted application space.
  2. Use encryption keys for sensitive data stored in an eFuse-backed memory space that is blown during remote wipe.
  3. Issue devices that employ a stronger algorithm for the authentication of sensitive data stored on them.
  4. Procure devices that remove the bootloader binaries upon receipt of an MDM-issued remote wipe command.

Answer(s): A



A large company with a very complex IT environment is considering a move from an on-premises, internally managed proxy to a cloud-based proxy solution managed by an external vendor. The current proxy provides caching, content filtering, malware analysis, and URL categorization for all staff connected behind the proxy.

Staff members connect directly to the Internet outside of the corporate network. The cloud-based version of the solution would provide content filtering, TLS decryption, malware analysis, and URL categorization. After migrating to the cloud solution, all internal proxies would be decommissioned. Which of the following would MOST likely change the company’s risk profile?


  1. 1. There would be a loss of internal intellectual knowledge regarding proxy configurations and application data flows.
    2. There would be a greater likelihood of Internet access outages due to lower resilience of cloud gateways.
    3. There would be data sovereignty concerns due to changes required in routing and proxy PAC files.

  2. 1. The external vendor would have access to inbound and outbound gateway traffic.
    2. The service would provide some level of protection for staff working from home.
    3. Outages would be likely to occur for systems or applications with hard-coded proxy information.

  3. 1. The loss of local caching would dramatically increase ISP charges and impact existing bandwidth.
    2. There would be a greater likelihood of Internet access outages due to lower resilience of cloud gateways.
    3. There would be a loss of internal intellectual knowledge regarding proxy configurations and application data flows.

  4. 1. Outages would be likely to occur for systems or applications with hard-coded proxy information.
    2. The service would provide some level of protection for staff members working from home.
    3. Malware detection times would decrease due to third-party management of the service.

Answer(s): B



A security engineer is deploying an IdP to broker authentication between applications. These applications all utilize SAML 2.0 for authentication. Users log into the IdP with their credentials and are given a list of applications they may access. One of the application’s authentications is not functional when a user initiates an authentication attempt from the IdP. The engineer modifies the configuration so users browse to the application first, which corrects the issue. Which of the following BEST describes the root cause?

  1. The application only supports SP-initiated authentication.
  2. The IdP only supports SAML 1.0
  3. There is an SSL certificate mismatch between the IdP and the SaaS application.
  4. The user is not provisioned correctly on the IdP.

Answer(s): A



Page 45 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote