CompTIA CAS-003 CompTIA Advanced Security Practitioner (CASP) Online Training
CompTIA CAS-003 Online Training
The questions for CAS-003 were last updated at Jun 17,2025.
- Exam Code: CAS-003
- Exam Name: CompTIA Advanced Security Practitioner (CASP)
- Certification Provider: CompTIA
- Latest update: Jun 17,2025
An information security manager conducted a gap analysis, which revealed a 75% implementation of security controls for high-risk vulnerabilities, 90% for medium vulnerabilities, and 10% for low-risk vulnerabilities. To create a road map to close the identified gaps, the assurance team reviewed the likelihood of exploitation of each vulnerability and the business impact of each associated control.
To determine which controls to implement, which of the following is the MOST important to consider?
- A . KPI
- B . KRI
- C . GRC
- D . BIA
Developers are working on anew feature to add to a social media platform. Thew new feature involves users uploading pictures of what they are currently doing. The data privacy officer (DPO) is concerned about various types of abuse that might occur due to this new feature. The DPO state the new feature cannot be released without addressing the physical safety concerns of the platform’s users .
Which of the following controls would BEST address the DPO’s concerns?
- A . Increasing blocking options available to the uploader
- B . Adding a one-hour delay of all uploaded photos
- C . Removing all metadata in the uploaded photo file
- D . Not displaying to the public who uploaded the photo
- E . Forcing TLS for all connections on the platform
The Chief Information Officer (CISO) is concerned that certain systems administrators will privileged access may be reading other users’ emails. Review of a tool’s output shows the administrators have used web mail to log into other users’ inboxes.
Which of the following tools would show this type of output?
- A . Log analysis tool
- B . Password cracker
- C . Command-line tool
- D . File integrity monitoring tool
An engineer needs to provide access to company resources for several offshore contractors.
The contractors require:
✑ Access to a number of applications, including internal websites
✑ Access to database data and the ability to manipulate it
✑ The ability to log into Linux and Windows servers remotely
Which of the following remote access technologies are the BEST choices to provide all of this access securely? (Choose two.)
- A . VTC
- B . VRRP
- C . VLAN
- D . VDI
- E . VPN
- F . Telnet
While conducting online research about a company to prepare for an upcoming penetration test, a security analyst discovers detailed financial information on an investor website the company did not make public. The analyst shares this information with the Chief Financial Officer (CFO), who confirms the information is accurate, as it was recently discussed at a board of directors meeting. Many of the details are verbatim discussion comments captured by the board secretary for purposes of transcription on a mobile device .
Which of the following would MOST likely prevent a similar breach in the future?
- A . Remote wipe
- B . FDE
- C . Geolocation
- D . eFuse
- E . VPN
The code snippet below controls all electronic door locks to a secure facility in which the doors should only fail open in an emergency.
In the code, “criticalValue” indicates if an emergency is underway:
Which of the following is the BEST course of action for a security analyst to recommend to the software developer?
- A . Rewrite the software to implement fine-grained, conditions-based testing
- B . Add additional exception handling logic to the main program to prevent doors from being opened
- C . Apply for a life-safety-based risk exception allowing secure doors to fail open
- D . Rewrite the software’s exception handling routine to fail in a secure state
The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation. The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board meeting .
Which of the following would be the BEST methods to prepare this report? (Choose two.)
- A . Review the CVE database for critical exploits over the past year
- B . Use social media to contact industry analysts
- C . Use intelligence gathered from the Internet relay chat channels
- D . Request information from security vendors and government agencies
- E . Perform a penetration test of the competitor’s network and share the results with the board
A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior.
The company must deploy a host solution to meet the following requirements:
✑ Detect administrative actions
✑ Block unwanted MD5 hashes
✑ Provide alerts
✑ Stop exfiltration of cardholder data
Which of the following solutions would BEST meet these requirements? (Choose two.)
- A . AV
- B . EDR
- C . HIDS
- D . DLP
- E . HIPS
- F . EFS
A software development company lost customers recently because of a large number of software issues. These issues were related to integrity and availability defects, including buffer overflows, pointer deferences, and others .
Which of the following should the company implement to improve code quality? (Select two).
- A . Development environment access controls
- B . Continuous integration
- C . Code comments and documentation
- D . Static analysis tools
- E . Application containerization
- F . Code obfuscation
The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review.
Which of the following BEST meets the needs of the board?
- A . KRI: – Compliance with regulations- Backlog of unresolved security investigations-Severity of threats and vulnerabilities reported by sensors- Time to patch critical issues on a monthly basis
KPI: – Time to resolve open security items- % of suppliers with approved security control frameworks- EDR coverage across the fleet- Threat landscape rating - B . KRI: – EDR coverage across the fleet- Backlog of unresolved security investigations-
Time to patch critical issues on a monthly basis- Threat landscape rating
KPI: – Time to resolve open security items- Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors - C . KRI: – EDR coverage across the fleet- % of suppliers with approved security control framework- Backlog of unresolved security investigations- Threat landscape rating
KPI: -Time to resolve open security items- Compliance with regulations- Time to patch critical issues on a monthly basis- Severity of threats and vulnerabilities reported by sensors - D . KPI: – Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors- Threat landscape rating
KRI: – Time to resolve open security items- Backlog of unresolved security investigations- EDR coverage across the fleet- Time to patch critical issues on a monthly basis
Latest CAS-003 Dumps Valid Version with 509 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
ddd
nnn