CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 51)

Page 51 of 137
PDF with 683 Questions

Within the past six months, a company has experienced a series of attacks directed at various collaboration tools. Additionally, sensitive information was compromised during a recent security breach of a remote access session from an unsecure site. As a result, the company is requiring all collaboration tools to comply with the following:

-Secure messaging between internal users using digital signatures
-Secure sites for video-conferencing sessions
-Presence information for all office employees
-Restriction of certain types of messages to be allowed into the network.

Which of the following applications must be configured to meet the new requirements? (Choose two.)

  1. Remote desktop
  2. VoIP
  3. Remote assistance
  4. Email
  5. Instant messaging
  6. Social media websites

Answer(s): A,D



Following a recent data breach, a company has hired a new Chief Information Security Officer (CISO). The CISO is very concerned about the response time to the previous breach and wishes to know how the security team expects to react to a future attack. Which of the following is the BEST method to achieve this goal while minimizing disruption?

  1. Perform a black box assessment
  2. Hire an external red team audit
  3. Conduct a tabletop exercise.
  4. Recreate the previous breach.
  5. Conduct an external vulnerability assessment.

Answer(s): C



A technician is validating compliance with organizational policies. The user and machine accounts in the AD are not set to expire, which is non-compliant. Which of the following network tools would provide this type of information?

  1. SIEM server
  2. IDS appliance
  3. SCAP scanner
  4. HTTP interceptor

Answer(s): C



A Chief Security Officer (CSO) is reviewing the organization’s incident response report from a recent incident. The details of the event indicate:

1. A user received a phishing email that appeared to be a report from the organization’s CRM tool.
2. The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool.
3. The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials.
4. Several weeks later, the user reported anomalous activity within the CRM tool.
5. Following an investigation, it was determined the account was compromised and an attacker in another country has gained access to the CRM tool.
6. Following identification of corrupted data and successful recovery from the incident, a lessons learned activity was to be led by the CSO.

Which of the following would MOST likely have allowed the user to more quickly identify the unauthorized use of credentials by the attacker?

  1. Security awareness training
  2. Last login verification
  3. Log correlation
  4. Time-of-check controls
  5. Time-of-use controls
  6. WAYF-based authentication

Answer(s): A



Page 51 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote