CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 61)

Page 61 of 137
PDF with 683 Questions

A security analyst is classifying data based on input from data owners and other stakeholders. The analyst has identified three data types:
1. Financially sensitive data
2. Project data
3. Sensitive project data

The analyst proposes that the data be protected in two major groups, with further access control separating the financially sensitive data from the sensitive project data. The normal project data will be stored in a separate, less secure location. Some stakeholders are concerned about the recommended approach and insist that commingling data from different sensitive projects would leave them vulnerable to industrial espionage.

Which of the following is the BEST course of action for the analyst to recommend?

  1. Conduct a quantitative evaluation of the risks associated with commingling the data and reject or accept the concerns raised by the stakeholders.
  2. Meet with the affected stakeholders and determine which security controls would be sufficient to address the newly raised risks.
  3. Use qualitative methods to determine aggregate risk scores for each project and use the derived scores to more finely segregate the data.
  4. Increase the number of available data storage devices to provide enough capacity for physical separation of non-sensitive project data.

Answer(s): B



A government contractor was the victim of a malicious attack that resulted in the theft of sensitive information. An analyst’s subsequent investigation of sensitive systems led to the following discoveries:

-There was no indication of the data owner’s or user’s accounts being compromised.
-No database activity outside of previous baselines was discovered.
-All workstations and servers were fully patched for all known vulnerabilities at the time of the attack.
-It was likely not an insider threat, as all employees passed polygraph tests.

Given this scenario, which of the following is the MOST likely attack that occurred?

  1. The attacker harvested the hashed credentials of an account within the database administrators group after dumping the memory of a compromised machine. With these credentials, the attacker was able to access the database containing sensitive information directly.
  2. An account, which belongs to an administrator of virtualization infrastructure, was compromised with a successful phishing attack. The attacker used these credentials to access the virtual machine manager and made a copy of the target virtual machine image. The attacker later accessed the image offline to obtain sensitive information.
  3. A shared workstation was physically accessible in a common area of the contractor’s office space and was compromised by an attacker using a USB exploit, which resulted in gaining a local administrator account. Using the local administrator credentials, the attacker was able to move laterally to the server hosting the database with sensitive information.
  4. After successfully using a watering hole attack to deliver an exploit to a machine, which belongs to an employee of the contractor, an attacker gained access to a corporate laptop. With this access, the attacker then established a remote session over a VPN connection with the server hosting the database of sensitive information.

Answer(s): B



A networking administrator was recently promoted to security administrator in an organization that handles highly sensitive data. The Chief Information Security Officer (CISO) has just asked for all IT security personnel to review a zero-day vulnerability and exploit for specific application servers to help mitigate the organization’s exposure to that risk. Which of the following should the new security administrator review to gain more information? (Choose three.)

  1. CVE database
  2. Recent security industry conferences
  3. Security vendor pages
  4. Known vendor threat models
  5. Secure routing metrics
  6. Server’s vendor documentation
  7. Verified security forums
  8. NetFlow analytics

Answer(s): A,C,G



A company has decided to replace all the T-1 uplinks at each regional office and move away from using the existing MPLS network. All regional sites will use high-speed connections and VPNs to connect back to the main campus. Which of the following devices would MOST likely be added at each location?

  1. SIEM
  2. IDS/IPS
  3. Proxy server
  4. Firewall
  5. Router

Answer(s): D



Page 61 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote