Winter Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

  1. Home
  2. CompTIA
  3. CompTIA CASP
  4. CAS-003 - CompTIA Advanced Security Practitioner (CASP) Exam
Note! Following CAS-003 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is CAS-004

CAS-003 Exam Dumps - CompTIA Advanced Security Practitioner (CASP) Exam

Go to page:
Question # 49

An application developer has been informed of a web application that is susceptible to a clickjacking vulnerability Which of the following code snippets would be MOST applicable to resolve this vulnerability?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 50

The latest security scan of a web application reported multiple high vulnerabilities in session management Which of the following is the BEST way to mitigate the issue?

A.

Prohibiting session hijacking of cookies

B.

Using secure cookie storage and transmission

C.

Performing state management on the server

D.

Using secure and HttpOnly settings on cookies

Full Access
Question # 51

A penetration tester is given an assignment lo gain physical access to a secure facility with perimeter cameras. The secure facility does not accept visitors and entry is available only through a door protected by an RFID key and a guard stationed inside the door Which of the following would be BEST for the penetration tester to attempt?

A.

Gam entry into the building by posing as a contractor who is performing routine building maintenance.

B.

Tailgate into the facility with an employee who has a valid RFID badge to enter

C.

Duplicate an employees RFID badge and use an IR camera to see when the guard leaves the post.

D.

Look for an open window that can be used to gain unauthorized entry into the facility

Full Access
Question # 52

A security analyst discovers what is believed to be evidence of a compromise due to a watering-note attack After an initial review of the incident the analyst notes there is ongoing web traffic to the same site. Which of the Mowing command-line tools would BEST allow the incident to be investigated?

A.

nc

B.

dd

C.

netatat

D.

tcpdump

Full Access
Question # 53

A company s design team is increasingly concerned about intellectual property theft Members of the team often travel to suppliers' offices where they collaborate and share access to their sensitive data. Which of the following should be implemented?

A.

Apply MOM and enforce full disk encryption on all design team laptops

B.

Allow access to sensitive data only through a multifactor-authenticated VDI environment

C.

Require all sensitive files be saved only on company fileshares accessible only through multifactor-authenticated VPN

D.

Store all sensitive data on geographically/ restricted, public-facing SFTP servers authenticated using TOTP

Full Access
Question # 54

A company deploys a system to use device and user certificates for network authentication Previously, the company only used separate certificates to send receive encrypted email. Users have begun notifying the help desk because they cannot read encrypted email Which of the following is the MOST likely cause of the issues7

A.

The attestation service is not configured to accept the new certificates.

B.

The device certificates have the S/MIME attribute selected

C.

The sending mail client is selecting the wrong public key to encrypt messages

D.

Multiple device certificates are associated with the same network port

Full Access
Question # 55

A small firm's newly created website has several design flaws The developer created the website to be fully compatible with ActiveX scripts in order to use various digital certificates and trusting certificate authorities. However, vulnerability testing indicates sandboxes were enabled, which restricts the code's access to resources within the user's computer. Which of the following is the MOST likely cause of the error"?

A.

The developer inadvertently used Java applets.

B.

The developer established a corporate account with a non-reputable certification authority.

C.

The developer used fuzzy logic to determine how the web browser would respond once ports 80 and 443 were both open

D.

The developer did not consider that mobile code would be transmitted across the network.

Full Access
Question # 56

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should the analyst use NEXT?

A.

Software Decomplier

B.

Network enurrerator

C.

Log reduction and analysis tool

D.

Static code analysis

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps