March Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

Changed CAS-003 Exam Questions

Page: 7 / 25
Question 28

A software company tripled its workforce by hiring numerous early career developers out of college. The senior development team has a long-running history of secure coring mostly through experience and extensive peer review and recognizes it would be ^feasible to train the new staff without halting development operations Therefore the company needs a strategy that will integrate training on secure code writing while reducing the impact to operations Which of the following will BEST achieve this goal?

Options:

A.

Give employees a book on the company coring standards

B.

Enroll new employees in a certification course on software assurance

C.

Roll out an automated testing and retesting framework

D.

Deploy static analysis and quality plugins into IDEs

Question 29

Following a major security modem that resulted in a significant loss of revenue and extended loss of server availability, a new Chief Information Security Officer (CISO) conducts a root cause analysis. Which of the following additional steps should the CISO take to mitigate the chance of a recurrence?

Options:

A.

Capture recommendations from a lessons-learned session with key management

B.

Install additional detective controls to facilitate a better root cause analysts in future incidents

C.

Purchase cyber-incident insurance specifically covering the root cause

D.

Compile a report containing all help desk tickets received during the incident

Question 30

A company provides guest WiFi access to the internet and physically separates the guest network from the company’s internal WIFI. Due to a recent incident in which an attacker gained access to the compay’s intend WIFI, the company plans to configure WPA2 Enterprise in an EAP- TLS configuration. Which of the following must be installed on authorized hosts for this new configuration to work properly?

Options:

A.

Active Directory GPOs

B.

PKI certificates

C.

Host-based firewall

D.

NAC persistent agent

Question 31

An organization uses an internal, web-based chat service that is served by an Apache HTTP daemon. A vulnerability scanner has identified this service is susceptible to a POODLE attack. Which of the following strings within me server's virtual-host configuration block is at fault and needs to be changed?

Options:

A.

AccessFileName /vac/http/.acl

B.

SSLProtocol -all +SSLv3

C.

AllowEncodedSlashes on

D.

SSLCertificateFile /var/certs/home.pem

E.

AllowOverride Nonfatal-All AuthConfig

Page: 7 / 25
Exam Code: CAS-003
Exam Name: CompTIA Advanced Security Practitioner (CASP) Exam
Last Update: Apr 14, 2023
Questions: 683
CAS-003 pdf

CAS-003 PDF

$28  $80
CAS-003 Engine

CAS-003 Testing Engine

$33.25  $95
CAS-003 PDF + Engine

CAS-003 PDF + Testing Engine

$45.5  $130