Question 1

A development team releases updates to an application regularly. The application is compiled with several standard, open-source security products that require a minimum version for compatibility. During the security review portion of the development cycle, which of the following should be done to minimize possible application vulnerabilities?
A) The developers should require an exact version of the open-source security products, preventing the introduction of new vulnerabilities.
B) The application development team should move to an Agile development approach to identify security concerns faster.
C) The change logs for the third-party libraries should be reviewed for security patches, which may need to be included in the release
D) The application should eliminate the use of open-source libraries and products to prevent known vulnerabilities from being included

Accepted Answer

Reviewing the change logs for third-party libraries helps identify and incorporate necessary security patches, minimizing vulnerabilities.

Question 2

An international e-commerce company has identified attack traffic originating from a whitelisted third party's IP address used to mask the third party's internal network. The security team needs to block the attack traffic without impacting the vendor's services. Which of the following is the BEST approach to identify the threat?
A) Ask the third-party vendor to block the attack traffic
B) Configure the third party's proxy to begin sending X-Forwarded-For headers
C) Configure the e-commerce company's IPS to inspect HTTP traffic
D) Perform a vulnerability scan against the network perimeter and remediate any issues identified

Accepted Answer

Configuring the third party's proxy to send X-Forwarded-For headers will help identify the original source of the traffic, allowing the e-commerce company to block only the malicious traffic without affecting legitimate vendor services.

Question 3

A hospital uses a legacy electronic medical record system that requires multicast for traffic between the application servers and databases on virtual hosts that support segments of the application. Following a switch upgrade, the electronic medical record is unavailable despite physical connectivity between the hypervisor and the storage being in place. The network team must enable multicast traffic to restore access to the electronic medical record. The ISM states that the network team must reduce the footprint of multicast traffic on the network.  Using the above information, on which VLANs should multicast be enabled?
A) VLAN201, VLAN202, VLAN400
B) VLAN201, VLAN202, VLAN700
C) VLAN201, VLAN202, VLAN400, VLAN680, VLAN700
D) VLAN400, VLAN680, VLAN700

Accepted Answer

The answer of A hospital uses a legacy electronic medical...

Question 4

A security analyst is reviewing the following pseudo-output snippet after running the command less /tmp/file.tmp .  The information above was obtained from a public-facing website and used to identify military assets. Which of the following should be implemented to reduce the risk of a similar compromise?
A) Deploy a solution to sanitize geotagging information
B) Install software to wipe data remnants on servers
C) Enforce proper input validation on mission-critical software
D) Implement a digital watermarking solution

Accepted Answer

The answer of A security analyst is reviewing the following...

Question 5

A Chief Information Security Officer (CISO) recently changed jobs into a new industry. The CISO's first task is to write a new, relevant risk assessment for the organization. Which of the following would BEST help the CISO find relevant risks to the organization? (Choose two.)
A) Perform a penetration test.
B) Conduct a regulatory audit.
C) Hire a third-party consultant.
D) Define the threat model.
E) Review the existing BIA.
F) Perform an attack path analysis.

Accepted Answer

The answer of A Chief Information Security Officer (CISO) recently...

Question 6

An organization is in the process of evaluating service providers for an upcoming migration to cloud-based services for the organization's ERP system. As part of the requirements defined by the project team, regulatory requirements specify segmentation and isolation of the organization's data. Which of the following should the vendor management team identify as a requirement during the procurement process?
A) Public cloud services with single-tenancy IaaS architectures
B) Private cloud services with single-tenancy PaaS services
C) Private cloud services with multitenancy in place for private SaaS environments
D) Public cloud services with private SaaS environments supported by private IaaS backbones

Accepted Answer

Private cloud services with single-tenancy PaaS services ensure data segmentation and isolation, meeting regulatory requirements.

Question 7

A company uses an enterprise desktop imaging solution to manage deployment of its desktop computers. Desktop computer users are only permitted to use software that is part of the baseline image. Which of the following technical solutions was MOST likely deployed by the company to ensure only known-good software can be installed on corporate desktops?
A) Network access control
B) Configuration Manager
C) Application whitelisting
D) File integrity checks

Accepted Answer

Application whitelisting is a security measure that allows only pre-approved software to run on a system, ensuring that only known-good software can be installed and executed on corporate desktops.

Question 8

A security engineer is assessing a new IoT product. The product interfaces with the ODBII port of a vehicle and uses a Bluetooth connection to relay data to an onboard data logger located in the vehicle. The data logger can only transfer data over a custom USB cable. The engineer suspects a replay attack is possible against the cryptographic implementation used to secure messages between segments of the system. Which of the following tools should the engineer use to confirm the analysis?
A) Vulnerability scanner
B) Wireless protocol analyzer
C) Log analysis and reduction tools
D) Network-based fuzzer

Accepted Answer

A wireless protocol analyzer can capture and analyze Bluetooth traffic, allowing the engineer to detect replay attacks by examining the cryptographic implementation and message patterns.

Question 9

A systems administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?
A) Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2
B) Take an MD5 hash of the server
C) Delete all PHI from the network until the legal department is consulted
D) Consult the legal department to determine the legal requirements

Accepted Answer

The administrator should consult the legal department to ensure compliance with legal and regulatory requirements regarding the handling of PHI.

Question 10

An organization's mobile device inventory recently provided notification that a zero-day vulnerability was identified in the code used to control the baseband of the devices. The device manufacturer is expediting a patch, but the rollout will take several months. Additionally, several mobile users recently returned from an overseas trip and report their phones now contain unknown applications, slowing device performance. Users have been unable to uninstall these applications, which persist after wiping the devices. Which of the following MOST likely occurred and provides mitigation until the patches are released?
A) Unauthentic firmware was installed; disable OTA updates and carrier roaming via MDM
B) Users opened a spear-phishing email; disable third-party application stores and validate all signed code prior to execution
C) An attacker downloaded monitoring applications; perform a full factory reset of the affected devices
D) Users received an improperly encoded emergency broadcast message, leading to an integrity loss condition; disable emergency broadcast messages

Accepted Answer

The scenario suggests that unauthorized firmware was installed on the devices, likely through a compromised baseband vulnerability. Disabling OTA updates and carrier roaming via MDM can help mitigate further unauthorized changes until the patch is available.

Question 11

A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?
A) Asymmetric
B) Symmetric
C) Homomorphic
D) Ephemeral

Accepted Answer

The answer of A financial institution would like to store...

Question 12

A manufacturing company's security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently proposed some techniques to reduce the attack surface of the ICS to the Chief Information Security Officer (CISO). Which of the following would BEST track the reductions to show the CISO the engineer's plan is successful during each phase?
A) Conducting tabletop exercises to evaluate system risk
B) Contracting a third-party auditor after the project is finished
C) Performing pre- and post-implementation penetration tests
D) Running frequent vulnerability scans during the project

Accepted Answer

The answer of A manufacturing company's security engineer is concerned...

Question 13

A company uses an application in its warehouse that works with several commercially available tablets and can only be accessed inside the warehouse. The support department would like the selection of tablets to be limited to three models to provide better support and ensure spares are on hand. Users often keep the tablets after they leave the department, as many of them store personal media items. Which of the following should the security engineer recommend to meet these requirements?
A) COPE with geofencing
B) BYOD with containerization
C) MDM with remote wipe
D) CYOD with VPN

Accepted Answer

COPE (Corporate Owned, Personally Enabled) with geofencing allows the company to provide specific tablet models, ensuring better support and spares availability. Geofencing ensures the application is only accessible within the warehouse, and COPE allows personal use, addressing the issue of users keeping tablets.

Question 14

A company wants to configure its wireless network to require username and password authentication. Which of the following should the system administrator implement?
A) WPS
B) PEAP
C) TKIP
D) PKI

Accepted Answer

PEAP (Protected Extensible Authentication Protocol) is a security protocol used in wireless networks to provide username and password authentication.

Question 15

Two new technical SMB security settings have been enforced and have also become policies that increase secure communications. Network Client: Digitally sign communication Network Server: Digitally sign communication A storage administrator in a remote location with a legacy storage array, which contains time-sensitive data, reports employees can no longer connect to their department shares. Which of the following mitigation strategies should an information security manager recommend to the data owner?
A) Accept the risk, reverse the settings for the remote location, and have the remote location file a risk exception until the legacy storage device can be upgraded
B) Accept the risk for the remote location, and reverse the settings indefinitely since the legacy storage device will not be upgraded
C) Mitigate the risk for the remote location by suggesting a move to a cloud service provider. Have the remote location request an indefinite risk exception for the use of cloud storage
D) Avoid the risk, leave the settings alone, and decommission the legacy storage device

Accepted Answer

Reversing the settings temporarily and filing a risk exception allows continued access while planning for an upgrade, balancing security and operational needs.

Question 16

An organization is concerned that its hosted web servers are not running the most updated version of software. Which of the following would work BEST to help identify potential vulnerabilities?
A) hping3 -S comptia.org -p 80
B) nc -1 -v comptia.org -p 80
C) nmap comptia.org -p 80 -sV
D) nslookup -port=80 comptia.org

Accepted Answer

Nmap with the -sV option is used to detect versions of services running on open ports, helping to identify outdated software and potential vulnerabilities.

Question 17

Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company's final software releases? (Choose two.)
A) Unsecure protocols
B) Use of penetration-testing utilities
C) Weak passwords
D) Included third-party libraries
E) Vendors/supply chain
F) Outdated anti-malware software

Accepted Answer

The answer of Which of the following are the MOST...

Question 18

A technician is reviewing the following log:  Which of the following tools should the organization implement to reduce the highest risk identified in this log?
A) NIPS
B) DLP
C) NGFW
D) SIEM

Accepted Answer

The answer of A technician is reviewing the following log:...

Question 19

A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch?
A) Set up an air gap for the switch.
B) Change the default password for the switch.
C) Place the switch in a Faraday cage.
D) Install a cable lock on the switch.

Accepted Answer

Changing the default password for the switch is a basic security measure to prevent unauthorized access.

Question 20

A company has made it a spending priority to implement security architectures that will be resilient during an attack. Recent incidents have involved attackers leveraging latent vulnerabilities in cryptographic implementations and VPN concentrators to be able to compromise sensitive information. Patches have been slowly released for these emergent vulnerabilities, leaving weeks to months of exposed and vulnerable attack surface. Which of the following approaches would be BEST to increase enterprise resilience during similar future attacks?
A) Implement appliances and software from diverse manufacturers
B) Segment remote VPN users logically from the production LAN
C) Maximize open-source software to benefit from swifter patch releases
D) Upgrade the cryptographic ciphers used on the VPN concentrators

Accepted Answer

The answer of A company has made it a spending...

Exam 3: CompTIA Advanced Security Practitioner (CASP+) CAS-003

A Chief Information Security Officer (CISO) recently changed jobs into a new industry. The CISO's first task is to write a new, relevant risk assessment for the organization. Which of the following would BEST help the CISO find relevant risks to the organization? (Choose two.)

A systems administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?

A company wants to configure its wireless network to require username and password authentication. Which of the following should the system administrator implement?

An organization is concerned that its hosted web servers are not running the most updated version of software. Which of the following would work BEST to help identify potential vulnerabilities?

Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company's final software releases? (Choose two.)

A technician is reviewing the following log: Which of the following tools should the organization implement to reduce the highest risk identified in this log?