Winter Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

  1. Home
  2. CompTIA
  3. CompTIA CASP
  4. CAS-003 - CompTIA Advanced Security Practitioner (CASP) Exam
Note! Following CAS-003 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is CAS-004

CAS-003 Exam Dumps - CompTIA Advanced Security Practitioner (CASP) Exam

Go to page:
Question # 81

A legal services company wants to ensure emails to clients maintain integrity in transit Which of the following would BEST meet this requirement? (Select TWO)

A.

Signing emails to clients with the organization's public key

B.

Using the organization's private key to encrypt all communication

C.

Implementing a public key infrastructure

D.

Signing emails to clients with the organization's private key

E.

Using shared secret keys

F.

Hashing all outgoing emails

Full Access
Question # 82

Confidential information related to Application A. Application B and Project X appears to have been leaked to a competitor. After consulting with the legal team, the IR team is advised to take immediate action to preserve evidence for possible litigation and criminal charges.

While reviewing the rights and group ownership of the data involved in the breach, the IR team inspects the following distribution group access lists:

Which of the following actions should the IR team take FIRST?

A.

Remove all members from the distribution groups immediately

B.

Place the mailbox for jsmith on legal hold

C.

Implement a proxy server on the network to inspect all outbound SMTP traffic for the DevOps group

D.

Install DLP software on all developer laptops to prevent data from leaving the network.

Full Access
Question # 83

A security administrator is confirming specific ports and IP addresses that are monitored by the IPS-IDS system as well as the firewall placement on the perimeter network between the company and a new business partner Which of the following business documents defines the parameters the security administrator must confirm?

A.

BIA

B.

ISA

C.

NDA

D.

MOU

Full Access
Question # 84

A company is deploying a DIP solution and scanning workstations and network drives for documents that contain potential Pll and payment card data. The results of the first scan are as follows:

The security learn is unable to identify the data owners for the specific files in a timely manner and does not suspect malicious activity with any of the detected files. Which of the following would address the inherent risk until the data owners can be formally identified?

A.

Move the files from the marketing share to a secured drive.

B.

Search the metadata for each file to locate the file's creator and transfer the files to the personal drive of the listed creator.

C.

Configure the DLP tool to delete the files on the shared drives

D.

Remove the access for the internal audit group from the accounts payable and payroll shares

Full Access
Question # 85

A company is migrating systems from an on-premises facility to a third-party managed datacenter. For continuity of operations and business agility, remote access to all hardware platforms must be available at all times. Access controls need to be very robust and provide an audit trail. Which of the following security controls will meet the company’s objectives? (Select two.)

A.

Integrated platform management interfaces are configured to allow access only via SSH

B.

Access to hardware platforms is restricted to the systems administrator’s IP address

C.

Access is captured in event logs that include source address, time stamp, and outcome

D.

The IP addresses of server management interfaces are located within the company’s extranet

E.

Access is limited to interactive logins on the VDi

F.

Application logs are hashed cryptographically and sent to the SIEM

Full Access
Question # 86

An organization is currently working with a client to migrate data between a legacy ERP system and a cloud-based ERP tool using a global PaaS provider. As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements. Which of the following is the MOST likely reason for the need to sanitize the client data? (Choose two.)

A.

Data aggregation

B.

Data sovereignty

C.

Data isolation

D.

Data volume

E.

Data analytics

F.

Data precision

Full Access
Question # 87

An external red team member conducts a penetration test, attempting to gain physical access to a large organization's server room in a branch office. During reconnaissance, the red team member sees a clearly marked door to the server room, located next to the lobby, with a tumbler lock.

Which of the following is BEST for the red team member to bring on site to open the locked door as quickly as possible without causing significant damage?

A.

Screwdriver set

B.

Bump key

C.

RFID duplicator

D.

Rake picking

Full Access
Question # 88

Designing a system in which only information that is essential for a particular job task is allowed to be viewed can be accomplished successfully by using:

A.

mandatory vacations.

B.

job rotations

C.

role-based access control

D.

discretionary access

E.

separation of duties

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps