← Back to exam page

CAS-003 CompTIA Advanced Security Practitioner (CASP) CAS-003

Loading demo links...

Showing 13–15 of 20 questions

Question 13

A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregator and allows remote access to MSSP analysts. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregator to a public IP address in the MSSP’s datacenter for analysis.

A security engineer is concerned about the security of the solution and notes the following:

The critical devices send cleartext logs to the aggregator.

The log aggregator utilizes full disk encryption.

The log aggregator sends to the analysis server via port 80.

MSSP analysts utilize an SSL VPN with MFA to access the log aggregator remotely. The data is compressed and encrypted prior to being archived in the cloud.

Which of the following should be the security engineer’s GREATEST concern?

Select an option, then click Submit answer.

  • Hardware vulnerabilities introduced by the log aggregator server

  • Network bridging from a remote access VPN

  • Encryption of data in transit

  • Multitenancy and data remnants in the cloud
Question 14

An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes. The machine is running a very recent release of the Linux OS.

Which of the following technical approaches would be the MOST feasible way to accomplish this capture?

Select an option, then click Submit answer.

  • Run the memdump utility with the -k flag.

  • Use a loadable kernel module capture utility, such as LiME.

  • Run dd on/dev/mem.

  • Employ a stand-alone utility, such as FTK Imager.
Question 15

Following a merger, the number of remote sites for a company has doubled to 52. The company has decided to secure each remote site with an NGFW to provide web filtering, NIDS/NIPS, and network antivirus. The Chief Information Officer (CIO) has requested that the security engineer provide recommendations on sizing for the firewall with the requirements that it be easy to manage and provide capacity for growth.

The tables below provide information on a subset of remote sites and the firewall options:

Which of the following would be the BEST option to recommend to the CIO?

Select an option, then click Submit answer.

  • Vendor C for small remote sites, and Vendor B for large sites.

  • Vendor B for all remote sites

  • Vendor C for all remote sites

  • Vendor A for all remote sites

  • Vendor D for all remote sites