CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 66)

Page 66 of 137
PDF with 683 Questions

A Chief Information Security Officer (CISO) recently changed jobs into a new industry. The CISO’s first task is to write a new, relevant risk assessment for the organization. Which of the following would BEST help the CISO find relevant risks to the organization? (Choose two.)

  1. Perform a penetration test.
  2. Conduct a regulatory audit.
  3. Hire a third-party consultant.
  4. Define the threat model.
  5. Review the existing BIA.
  6. Perform an attack path analysis.

Answer(s): C,E



A security engineer is investigating a compromise that occurred between two internal computers. The engineer has determined during the investigation that one computer infected another. While reviewing the IDS logs, the engineer can view the outbound callback traffic, but sees no traffic between the two computers. Which of the following would BEST address the IDS visibility gap?

  1. Install network taps at the edge of the network.
  2. Send syslog from the IDS into the SIEM.
  3. Install HIDS on each computer.
  4. SPAN traffic form the network core into the IDS.

Answer(s): C



As part of incident response, a technician is taking an image of a compromised system and copying the image to a remote image server (192.168.45.82). The system drive is very large but does not contain the sensitive data. The technician has limited time to complete this task. Which of the following is the BEST command for the technician to run?

  1. tar cvf - / | ssh 192.168.45.82 “cat - > /images/image.tar”
  2. dd if=/dev/mem | scp - 192.168.45.82:/images/image.dd
  3. memdump /dev/sda1 | nc 192.168.45.82 3000
  4. dd if=/dev/sda | nc 192.168.45.82 3000

Answer(s): D



A network administrator is concerned about a particular server that is attacked occasionally from hosts on the Internet. The server is not critical; however, the attacks impact the rest of the network.

While the company’s current ISP is cost effective, the ISP is slow to respond to reported issues. The administrator needs to be able to mitigate the effects of an attack immediately without opening a trouble ticket with the ISP. The ISP is willing to accept a very small network route advertised with a particular BGP community string. Which of the following is the BEST way for the administrator to mitigate the effects of these attacks?

  1. Use the route protection offered by the ISP to accept only BGP routes from trusted hosts on the Internet, which will discard traffic from attacking hosts.
  2. Work with the ISP and subscribe to an IPS filter that can recognize the attack patterns of the attacking hosts, and block those hosts at the local IPS device.
  3. Advertise a /32 route to the ISP to initiate a remotely triggered black hole, which will discard traffic destined to the problem server at the upstream provider.
  4. Add a redundant connection to a second local ISP, so a redundant connection is available for use if the server is being attacked on one connection.

Answer(s): C



Page 66 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote