Free CompTIA Advanced Security Practitioner CAS-003 Exam Practice Test

Due to a recent breach, the Chief Executive Officer (CEO) has requested the following activities be conducted during incident response planning:Involve business owners and stakeholdersCreate an applicable scenarioConduct a biannual verbal review of the incident response planReport on the lessons learned and gaps identifiedWhich of the following exercises has the CEO requested?

• Parallel operations
• Full transition
• Internal review
• Tabletop
• Partial simulation

An online bank has contracted with a consultant to perform a security assessment of the bank's web portal. The consultant notices the login page is linked from the main page with HTTPS, but when the URL is changed to HTTP, the browser is automatically redirected back to the HTTPS site. Which of the following is a concern for the consultant, and how can it be mitigated?

• XSS could be used to inject code into the login page during the redirect to the HTTPS site. The consultant should implement a WAF to prevent this.
• The consultant is concerned the site is using an older version of the SSL 3.0 protocol that is vulnerable to a variety of attacks. Upgrading the site to TLS 1.0 would mitigate this issue.
• The HTTP traffic is vulnerable to network sniffing, which could disclose usernames and passwords to an attacker. The consultant should recommend disabling HTTP on the web server.
• A successful MITM attack Could intercept the redirect and use sslstrip to decrypt further HTTPS traffic. Implementing HSTS on the web server would prevent this.

Following a complete outage of the electronic medical record system for more than 18 hours, the hospital's Chief Executive Officer (CEO) has requested that the Chief Information Security Officer (CISO) perform an investigation into the possibility of a disgruntled employee causing the outage maliciously. To begin the investigation, the CISO pulls all event logs and device configurations from the time of the outage. The CISO immediately notices the configuration of a top-of-rack switch from one day prior to the outage does not match the configuration that was in place at the time of the outage. However, none of the event logs show who changed the switch configuration, and seven people have the ability to change it. Because of this, the investigation is inconclusive.Which of the following processes should be implemented to ensure this information is available for future investigations?

• Asset inventory management
• Incident response plan
• Test and evaluation
• Configuration and change management

A DevOps team wants to move production data into the QA environment for testing. This data contains credit card numbers and expiration dates that are not tied to any individuals The security analyst wants to reduce risk. Which of the following will lower the risk before moving the data''

• Redacting all but the last four numbers of the cards
• Hashing the card numbers
• Scrambling card and expiration data
• Encrypting card and expiration numbers

A breach was caused by an insider threat in which customer PII was compromised. Following the breach, a lead security analyst is asked to determine which vulnerabilities the attacker used to access company resources. Which of the following should the analyst use to remediate the vulnerabilities?

• Protocol analyzer
• Root cause analysis
• Behavioral analytics
• Data leak prevention

The Chief Executive Officer (CEO) instructed the new Chief Information Security Officer (CISO) to provide a list of enhancements to the company's cybersecurity operation. As a result, the CISO has identified the need to align security operations with industry best practices. Which of the following industry references is appropriate to accomplish this?

• OSSM
• NIST
• PCI
• OWASP

A penetration tester is given an assignment lo gain physical access to a secure facility with perimeter cameras. The secure facility does not accept visitors and entry is available only through a door protected by an RFID key and a guard stationed inside the door Which of the following would be BEST for the penetration tester to attempt?

• Gam entry into the building by posing as a contractor who is performing routine building maintenance.
• Tailgate into the facility with an employee who has a valid RFID badge to enter
• Duplicate an employees RFID badge and use an IR camera to see when the guard leaves the post.
• Look for an open window that can be used to gain unauthorized entry into the facility

A consulting firm was hired to conduct assessment for a company. During the first stage, a penetration tester used a tool that provided the following output:TCP 80 openTCP 443 openTCP 1434 filteredThe penetration tester then used a different tool to make the following requests:GET / script/login.php?token=45$MHT000MND876GET / script/login.php?token=@#984DCSPQ%091DFWhich of the following tools did the penetration tester use?

• Protocol analyzer
• Port scanner
• Fuzzer
• Brute forcer
• Log analyzer
• HTTP interceptor

Which of the following vulnerabilities did the analyst uncover?

• A memory leak when executing exit (0);
• A race condition when switching variables in stropy(variable2) variable[1]);
• A buffer overflow when using the command stropy(variable2) variable1[1]);
• Error handling when executing principle ('stropy () failed. \n.' >;

A software development company recently implemented a new policy and control ruleset. The control ruleset defines the following:* Account naming standards* Password complexity standards* SOLC practices* Encryption baselines and standardsA review of the current applications used and developed by the company shows many production and mission-critical applications are not compliant with the new policies and control ruleset. Which of the following actions should be performed''

• Perform a review of the new policies and control ruleset, and update it to reflect the current production baselines and configurations.
• Remove the non-compliant applications from the production environment until they are compliant
• Document the non-compliant applications and track compliance activities and progress
• Prevent application code changes from being promoted to the production environment until the compliance issues are addressed