Winter Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

  1. Home
  2. CompTIA
  3. CompTIA CASP
  4. CAS-003 - CompTIA Advanced Security Practitioner (CASP) Exam
Note! Following CAS-003 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is CAS-004

CAS-003 Exam Dumps - CompTIA Advanced Security Practitioner (CASP) Exam

Go to page:
Question # 73

During an audit, an information security analyst discovers accounts that are stil assigned to employees who no longer work for the company and new accounts that need to be verified against a list of authorized users. This type of auditing supports the development of:

A.

information classification

B.

continuous monitoring

C.

employment and termination procedures

D.

least privilege

Full Access
Question # 74

An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:

* Be based on open-source Android for user familiarity and ease.

* Provide a single application for inventory management of physical assets.

* Permit use of the camera be only the inventory application for the purposes of scanning

* Disallow any and all configuration baseline modifications.

* Restrict all access to any device resource other than those requirement ?

A.

Set an application wrapping policy, wrap the application, distributes the inventory APK via the MAM tool, and test the application restrictions.

B.

Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode.

C.

Swap out Android Linux kernel version for >2,4,0, but the internet build Android, remove unnecessary functions via MDL, configure to block network access, and perform integration testing

D.

Build and install an Android middleware policy with requirements added, copy the file into/ user/init, and then built the inventory application.

Full Access
Question # 75

A project manager is working with system owners to develop maintenance windows for system pathing and upgrades in a cloud-based PaaS environment. Management has indicated one maintenance windows will be authorized per month, but clients have stated they require quarterly maintenance windows to meet their obligations. Which of the following documents should the project manager review?

A.

MOU

B.

SOW

C.

SRTM

D.

SLA

Full Access
Question # 76

The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

A.

Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier’s post-contract renewal with a dedicated risk management team.

B.

Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.

C.

Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.

D.

Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier’s rating. Report finding units that rely on the suppliers and the various risk teams.

Full Access
Question # 77

An organization is struggling to differentiate threats from normal traffic and access to systems. A security

engineer has been asked to recommend a system that will aggregate data and provide metrics that will assist in identifying malicious actors or other anomalous activity throughout the environment. Which of the following solutions should the engineer recommend?

A.

Web application firewall

B.

SIEM

C.

IPS

D.

UTM

E.

File integrity monitor

Full Access
Question # 78

A company recently experienced a period of rapid growth, and it now needs to move to a more scalable cloud-based solution Historically. salespeople have maintained separate systems for information on competing customers to prevent the inadvertent disclosure of one customer's information to another customer Which of the following would be the BEST method to provide secure data separation?

A.

Use a CRM tool to separate data stores

B.

Migrate to a single-tenancy cloud infrastructure

C.

Employ network segmentation to provide isolation among salespeople

D.

Implement an open-source public cloud CRM

Full Access
Question # 79

Ann, a user' brings her laptop to an analyst after noticing it has been operating very slowly. The security analyst examines the laptop and obtains the following output.

Which of the following will the analyst most likely use NEXT?

A.

Process explorer

B.

Vulnerability scanner

C.

Antivirus

D.

Network enumerator

Full Access
Question # 80

A healthcare company wants to increase the value of the data it collects on its patients by making the data available to third-party researchers for a fee Which of the following BEST mitigates the risk to the company?

A.

Log all access to the data and correlate with the researcher

B.

Anonymize identifiable information using keyed strings

C.

Ensure all data is encrypted in transit to the researcher

D.

Ensure all researchers sign and abide by non-disclosure agreements

E.

Sanitize date and time stamp information in the records.

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps