Winter Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

  1. Home
  2. CompTIA
  3. CompTIA CASP
  4. CAS-003 - CompTIA Advanced Security Practitioner (CASP) Exam
Note! Following CAS-003 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is CAS-004

CAS-003 Exam Dumps - CompTIA Advanced Security Practitioner (CASP) Exam

Go to page:
Question # 17

To meet a SLA, which of the following documents should be drafted, defining the company’s internal interdependent unit responsibilities and delivery timelines.

A.

BPA

B.

OLA

C.

MSA

D.

MOU

Full Access
Question # 18

At a meeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company’s web servers can be obtained publicly and is not proprietary in any way. The next day the company’s website is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website.

Which of the following is the FIRST action the company should take?

A.

Refer to and follow procedures from the company’s incident response plan.

B.

Call a press conference to explain that the company has been hacked.

C.

Establish chain of custody for all systems to which the systems administrator has access.

D.

Conduct a detailed forensic analysis of the compromised system.

E.

Inform the communications and marketing department of the attack details.

Full Access
Question # 19

A database administrator is required to adhere to and implement privacy principles when executing daily tasks. A manager directs the administrator to reduce the number of unique instances of PII stored within an organization’s systems to the greatest extent possible. Which of the following principles is being demonstrated?

A.

Administrator accountability

B.

PII security

C.

Record transparency

D.

Data minimization

Full Access
Question # 20

A project manager is working with a software development group to collect and evaluate user stories related to the organization’s internally designed CRM tool. After defining requirements, the project manager would like to validate the developer’s interpretation and understanding of the user’s request. Which of the following would BEST support this objective?

A.

Peer review

B.

Design review

C.

Scrum

D.

User acceptance testing

E.

Unit testing

Full Access
Question # 21

An organization is currently performing a market scan for managed security services and EDR capability. Which of the following business documents should be released to the prospective vendors in the first step of the process? (Select TWO).

A.

MSA

B.

RFP

C.

NDA

D.

RFI

E.

MOU

F.

RFQ

Full Access
Question # 22

Developers are working on anew feature to add to a social media platform. Thew new feature involves users uploading pictures of what they are currently doing. The data privacy officer (DPO) is concerned about various types of abuse that might occur due to this new feature. The DPO state the new feature cannot be released without addressing the physical safety concerns of the platform’s users. Which of the following controls would BEST address the DPO’s concerns?

A.

Increasing blocking options available to the uploader

B.

Adding a one-hour delay of all uploaded photos

C.

Removing all metadata in the uploaded photo file

D.

Not displaying to the public who uploaded the photo

E.

Forcing TLS for all connections on the platform

Full Access
Question # 23

A global company has decided to implement a cross-platform baseline of security settings for all company laptops. A security engineer is planning and executing the project. Which of the following should the security engineer recommend?

A.

Replace each laptop in the company's environment with a standardized laptop that is preconfigured to match the baseline settings

B.

Create batch script files that will enable the baseline security settings and distribute them to global employees for execution

C.

Send each laptop to a regional IT office to be reimaged with the new baseline security settings enabled and then redeployed

D.

Establish GPO configurations for each baseline setting, test that each works as expected, and have each setting deployed to the laptops.

E.

Leverage an MDM solution to apply the baseline settings and deploy continuous monitoring of security configurations.

Full Access
Question # 24

An organization is evaluating options related to moving organizational assets to a cloud-based environment using an IaaS provider. One engineer has suggested connecting a second cloud environment within the organization’s existing facilities to capitalize on available datacenter space and resources. Other project team members are concerned about such a commitment of organizational assets, and ask the Chief Security Officer (CSO) for input. The CSO explains that the project team should work with the engineer to evaluate the risks associated with using the datacenter to implement:

A.

a hybrid cloud.

B.

an on-premises private cloud.

C.

a hosted hybrid cloud.

D.

a private cloud.

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps