← Back to exam page

CAS-003 CompTIA Advanced Security Practitioner (CASP) CAS-003

Loading demo links...

Showing 10–12 of 20 questions

Question 10

The results of an external penetration test for a software development company show a small number of applications account for the largest number of findings. While analyzing the content and purpose of the applications, the following matrix is created:

The findings are then categorized according to the following chart:

Which of the following would BEST reduce the amount of immediate risk incurred by the organization from a compliance and legal standpoint? (Choose two.)

Select all that apply, then click Submit answer.

  • Place a WAF in line with Application 2

  • Move Application 3 to a secure VLAN and require employees to use a jump server for access

  • Apply the missing OS and software patches to the server hosting Application 4

  • Use network segmentation and ACLs to control access to Application 5

  • Implement an IDS/IPS on the same network segment as Application 3

  • Install a FIM on the server hosting Application 4

  • Enforce Group Policy password complexity rules on the server hosting Application 1
Question 11

A security analyst is reviewing the corporate MDM settings and notices some disabled settings, which consequently permit users to download programs from untrusted developers and manually install them. After some conversations, it is confirmed that these settings were disabled to support the internal development of mobile applications. The security analyst is now recommending that developers and testers have a separate device profile allowing this, and that the rest of the organization’s users do not have the ability to manually download and install untrusted applications. Which of the following settings should be toggled to achieve the goal? (Choose two.)

Select all that apply, then click Submit answer.

  • OTA updates

  • Remote wiping

  • Side loading

  • Sandboxing

  • Containerization

  • Signed applications
Question 12

A systems analyst is concerned that the current authentication system may not provide the appropriate level of security. The company has integrated WAYF within its federation system and implemented a mandatory two-step authentication system. Some accounts are still becoming compromised via phishing attacks that redirect users to a fake portal, which is automatically collecting and replaying the stolen credentials. Which of the following is a technical solution that would BEST reduce the risk of similar compromises?

Select an option, then click Submit answer.

  • Security awareness training

  • Push-based authentication

  • Software-based TOTP

  • OAuth tokens

  • Shibboleth