← Back to exam page

CAS-003 CompTIA Advanced Security Practitioner (CASP) CAS-003

Loading demo links...

Showing 4–6 of 20 questions

Question 4

First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss. In a rush to isolate the three hosts that were calling out to the NAS to encrypt whole directories, the hosts were shut down immediately without investigation and then isolated. Which of the following were missed? (Choose two.)

Select all that apply, then click Submit answer.

  • CPU, process state tables, and main memory dumps

  • Essential information needed to perform data restoration to a known clean state

  • Temporary file system and swap space

  • Indicators of compromise to determine ransomware encryption

  • Chain of custody information needed for investigation
Question 5

A business is growing and starting to branch out into other locations. In anticipation of opening an office in a different country, the Chief Information Security Officer (CISO) and legal team agree they need to meet the following criteria regarding data to open the new office:

Store taxation-related documents for five years

Store customer addresses in an encrypted format

Destroy customer information after one year

Keep data only in the customer’s home country

Which of the following should the CISO implement to BEST meet these requirements? (Choose three.)

Select all that apply, then click Submit answer.

  • Capacity planning policy

  • Data retention policy

  • Data classification standard

  • Legal compliance policy

  • Data sovereignty policy

  • Backup policy

  • Acceptable use policy

  • Encryption standard
Question 6

A factory-floor system uses critical, legacy, and unsupported application software to enable factory operations. A latent vulnerability was recently exposed, which permitted attackers to send a specific string of characters followed by arbitrary code for execution. Patches are unavailable, as the manufacturer is no longer in business. Which of the following would be the BEST approach the company should take to mitigate the risk of this vulnerability and other latent vulnerability exploits? (Choose two.)

Select all that apply, then click Submit answer.

  • Configure a host-based firewall on the application server and restrict access to necessary ports and services.

  • Create a factory-floor enclave segregated from direct LAN/WAN reachability.

  • Implement a proxy that will sanitize input provided to the application.

  • Install server-side X.509 certificates and enable TLS 1.0 or later for client access.

  • Install network and host-based IDS, feeding logs to SIEM, and alerts to SOC operators.

  • Create a hunt team focused on the factory-floor operations.