CAS-003 Exam Questions Answers Samples

Question No : 1

A security analyst is reviewing the corporate MDM settings and notices some disabled settings, which consequently permit users to download programs from untrusted developers and manually install them. After some conversations, it is confirmed that these settings were disabled to support the internal development of mobile applications. The security analyst is now recommending that developers and testers have a separate device profile allowing this, and that the rest of the organization’s users do not have the ability to manually download and install untrusted applications. Which of the following settings should be toggled to achieve the goal? (Choose two.)

A. OTA updates

B. Remote wiping

C. Side loading

D. Sand boxing

E. Containerization

F. Signed applications

Answer: E,F

Questions # 2:

At a meeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company’s web servers ca be obtained publicly and is not proprietary in any way. The next day the company’s website is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website. Which of the following is the FIRST action the company should take?

A. Refer to and follow procedures from the company’s incident response plan.

B. Call a press conference to explain that the company has been hacked.

C. Establish chain of custody for all systems to which the systems administrator has


D. Conduct a detailed forensic analysis of the compromised system.

E. Inform the communications and marketing department of the attack details.

Answer: A

Question # 3:

An advanced threat emulation engineer is conducting testing against a client’s network. The engineer conducts the testing in as realistic a manner as possible. Consequently, the engineer has been gradually ramping upthe volume of attacks over a long period of time. Which of the following combinations of techniques would the engineer MOST likely use in this testing?(Choose three.)

A. Black box testing

B. Gray box testing

C. Code review

D. Social engineering

E. Vulnerability assessment

F. Pivoting

G. Self-assessment

H. White teaming

I. External auditing

Answer: A,E,F

Question # 4:

An application present on the majority of an organization’s1,000 systems is vulnerable to a buffer overflow attack. Which of the following is the MOST comprehensive way to resolve the issue?

A. Deploy custom HIPS signatures to detect and block the attacks.

B. Validate and deploy the appropriate patch.

C. Run the application in terminal services to reduce the threat landscape.

D. Deploy custom NIPS signatures to detect and block the attacks.

Answer: B


If an application has a known issue (such as susceptibility to buffer overflow attacks) and a patch is released to resolve the specific issue, then the best solution is always to deploy the patch.

A buffer overflow occurs when a program or process tries to store more data in a buffer(temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity.

In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

Question # 5:

Which of the following technologies prevents an unauthorized HBA from viewing iSCSI target information?

A. Deduplication

B. Data snapshots

C. LUN masking

D. Storage multipaths

Answer: C


 A logical unit number (LUN) is a unique identifier that designates individual hard disk devices or grouped devices for address by a protocol associated with a SCSI, iSCSI, Fibre Channel (FC) or similar interface.LUNs are central to the management of block storage arrays shared over a storage area network (SAN).

LUN masking subdivides access to a given port. Then, even if several LUNs are accessed through the same port, the server masks can be set to limit each server’s access to the appropriate LUNs. LUN masking is typically conducted at the host bus adapter (HBA) or switch level.

Question # 6:

A new piece of ransomware got installed on a company’s backup server which encrypted the hard drives containing the OS and backup application configuration but did not affect the de duplication data hard drives. During the incident response, the company finds that all backup tapes for this server are also corrupt. Which of the following is the PRIMARY concern?

 A. Determining how to install HIPS across all serverplatforms to prevent future incidents

 B. Preventing the ransomware from re-infecting the serverupon restore

C. Validating the integrity of the de duplicated data

 D. Restoring the data will be difficult without theapplication configuration

Answer: D


Ransomware is a type of malware that restricts access to a computer system that it infects in some way, and demands that the user pay aransom to the operators of the malware to remove the restriction. Since the backup application configuration is not accessible, it will require more effort to recover the data. Eradication and Recovery is the fourth step of the incident response. It occurs before preventing future problems.

More CAS-003 exam dumps questions answers are available at

Leave a comment

Your email address will not be published.