CompTIA CAS-003 CompTIA Advanced Security Practitioner (CASP) Online Training
CompTIA CAS-003 Online Training
The questions for CAS-003 were last updated at Jun 17,2025.
- Exam Code: CAS-003
- Exam Name: CompTIA Advanced Security Practitioner (CASP)
- Certification Provider: CompTIA
- Latest update: Jun 17,2025
An organization implemented a secure boot on its most critical application servers which produce content and capability for other consuming servers A recent incident, however led the organization to implement a centralized attestation service for these critical servers .
Which of the following MOST likely explains the nature of the incident that caused the organization to implement this remediation?
- A . An attacker masqueraded as an internal DNS server
- B . An attacker leveraged a heap overflow vulnerability in the OS
- C . An attacker was able to overwrite an OS integrity measurement register
- D . An attacker circumvented IEEE 802.1X network-level authentication requirements.
A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization’s vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to the organization. The CISO determines systems administrators need to participate in industry security events .
Which of the following is the CISO looking to improve?
- A . Vendor diversification
- B . System hardening standards
- C . Bounty programs
- D . Threat awareness
- E . Vulnerability signatures
An organization’s Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer (CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO’s inbox from a familiar name with an attachment .
Which of the following should the CISO task a security analyst with to determine whether or not the attachment is safe?
- A . Place it in a malware sandbox.
- B . Perform a code review of the attachment.
- C . Conduct a memory dump of the CFO’s PC.
- D . Run a vulnerability scan on the email server.
A company has gone through a round of phishing attacks. More than 200 users have had their workstation infected because they clicked on a link in an email. An incident analysis has determined an executable ran and compromised the administrator account on each workstation. Management is demanding the information security team prevent this from happening again .
Which of the following would BEST prevent this from happening again?
- A . Antivirus
- B . Patch management
- C . Log monitoring
- D . Application whitelisting
- E . Awareness training
An administrator has noticed mobile devices from an adjacent company on the corporate wireless network. Malicious activity is being reported from those devices. To add another layer of security in an enterprise environment, an administrator wants to add contextual authentication to allow users to access enterprise resources only while present in corporate buildings .
Which of the following technologies would accomplish this?
- A . Port security
- B . Rogue device detection
- C . Bluetooth
- D . GPS
During a criminal investigation, the prosecutor submitted the original hard drive from the suspect’s computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected .
Which of the following practices should the prosecutor’s forensics team have used to ensure the suspect’s data would be admissible as evidence? (Select TWO.)
- A . Follow chain of custody best practices
- B . Create an identical image of the original hard drive, store the original securely, and then perform forensics only on the imaged drive.
- C . Use forensics software on the original hard drive and present generated reports as evidence
- D . Create a tape backup of the original hard drive and present the backup as evidence
- E . Create an exact image of the original hard drive for forensics purposes, and then place the original back in service
During a criminal investigation, the prosecutor submitted the original hard drive from the suspect’s computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected .
Which of the following practices should the prosecutor’s forensics team have used to ensure the suspect’s data would be admissible as evidence? (Select TWO.)
- A . Follow chain of custody best practices
- B . Create an identical image of the original hard drive, store the original securely, and then perform forensics only on the imaged drive.
- C . Use forensics software on the original hard drive and present generated reports as evidence
- D . Create a tape backup of the original hard drive and present the backup as evidence
- E . Create an exact image of the original hard drive for forensics purposes, and then place the original back in service
During a criminal investigation, the prosecutor submitted the original hard drive from the suspect’s computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected .
Which of the following practices should the prosecutor’s forensics team have used to ensure the suspect’s data would be admissible as evidence? (Select TWO.)
- A . Follow chain of custody best practices
- B . Create an identical image of the original hard drive, store the original securely, and then perform forensics only on the imaged drive.
- C . Use forensics software on the original hard drive and present generated reports as evidence
- D . Create a tape backup of the original hard drive and present the backup as evidence
- E . Create an exact image of the original hard drive for forensics purposes, and then place the original back in service
During a criminal investigation, the prosecutor submitted the original hard drive from the suspect’s computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected .
Which of the following practices should the prosecutor’s forensics team have used to ensure the suspect’s data would be admissible as evidence? (Select TWO.)
- A . Follow chain of custody best practices
- B . Create an identical image of the original hard drive, store the original securely, and then perform forensics only on the imaged drive.
- C . Use forensics software on the original hard drive and present generated reports as evidence
- D . Create a tape backup of the original hard drive and present the backup as evidence
- E . Create an exact image of the original hard drive for forensics purposes, and then place the original back in service
During a criminal investigation, the prosecutor submitted the original hard drive from the suspect’s computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected .
Which of the following practices should the prosecutor’s forensics team have used to ensure the suspect’s data would be admissible as evidence? (Select TWO.)
- A . Follow chain of custody best practices
- B . Create an identical image of the original hard drive, store the original securely, and then perform forensics only on the imaged drive.
- C . Use forensics software on the original hard drive and present generated reports as evidence
- D . Create a tape backup of the original hard drive and present the backup as evidence
- E . Create an exact image of the original hard drive for forensics purposes, and then place the original back in service
Latest CAS-003 Dumps Valid Version with 509 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
ddd
nnn