CAS-003 Real Exam Dumps Questions and answers 101-110

Get Full Version of the Exam

Question No.101

Which of the following is a feature of virtualization that can potentially create a single point of failure?

  1. Server consolidation

  2. Load balancing hypervisors

  3. Faster server provisioning

  4. Running multiple OS instances

Correct Answer: A

Question No.102

A medical facility wants to purchase mobile devices for doctors and nurses. To ensure accountability, each individual will be assigned a separate mobile device. Additionally, to protect patients#39; health information, management has identified the following requirements:


Data must be encrypted at rest



The device must be disabled if it leaves the facility The device must be disabled when tampered with

Which of the following technologies would BEST support these requirements? (Select two.)

  1. eFuse

  2. NFC

  3. GPS

  4. Biometric

  5. USB 4.1

  6. MicroSD

Correct Answer: CD

Question No.103

Asecurity administrator was informed that a server unexpectedly rebooted. The administrator received an export of syslog entries for analysis:


Which of the following does the log sample indicate? (Choose two.)

  1. A root user performed an injection attack via kernel module

  2. Encrypted payroll data was successfully decrypted by the attacker

  3. Jsmith successfully used a privilege escalation attack

  4. Payroll data was exfiltrated to an attacker-controlled host

  5. Buffer overflow in memory paging caused a kernel panic

  6. Syslog entries were lost due to the host being rebooted

Correct Answer: CE

Question No.104

A company hasdecided to lower costs by conducting an internal assessment on specific devices and various internal and external subnets. The assessment will be done during regular office hours, but it must not affect any production servers. Which of the following would MOST likely be used to complete the assessment? (Select two.)

  1. Agent-based vulnerability scan

  2. Black-box penetration testing

  3. Configuration review

  4. Social engineering

  5. Malware sandboxing

  6. Tabletop exercise

Correct Answer: AC

Question No.105

A technician receives the following security alert from the firewall#39;s automated system: Match_Time: 10/10/16 16:20:43

Serial: 002301028176


Scrusex: domain\samjones Scr:

Object_name: beacon detection Object_id: 6005

Category: compromised-host Severity: medium

Evidence: host repeatedly visited a dynamic DNS domain (17 time) After reviewing the alert, which of the following is the BEST analysis?

  1. the alert is a false positive because DNS is a normal network function.

  2. this alert indicates a user was attempting to bypass security measures usingdynamic DNS.

  3. this alert was generated by the SIEM because the user attempted too many invalid login attempts.

  4. this alert indicates an endpoint may be infected and is potentially contacting a suspect host.

Correct Answer: B

Question No.106

An organization has recently deployed an EDR solution across its laptops, desktops, and server infrastructure. The organization#39;s server infrastructure is deployed in an IaaS environment. A database within the non-production environment has been misconfigured with a routable IP and is communicating with a command and control server. Which of the following procedures should the security responder apply to the situation? (Choose two.)

  1. Contain the server.

  2. Initiate a legal hold.

  3. Perform a risk assessment.

  4. Determine the data handling standard.

  5. Disclose the breach to customers.

  6. Perform an IOC sweep to determine the impact.

Correct Answer: BF

Question No.107

As part of an organization#39;s compliance program, administrators must complete a hardening checklist and note any potential improvements. The process of noting improvements in the checklist is MOST likely driven by:

  1. the collection of data as part of the continuous monitoring program.

  2. adherence to policies associated with incident response.

  3. the organization#39;s software development life cycle.

  4. changes in operating systems or industry trends.

Correct Answer: A

Question No.108

A consulting firm was hired to conduct assessment for a company. During the first stage, a penetration tester used a tool that provided the following output:

TCP 80 open

TCP 443 open

TCP 1434 filtered

The penetration tester then used a different tool to make the following requests: GET / script/login.php?token=45$MHT000MND876

GET / script/login.php?token=@#984DCSPQ 1DF Which of the following tools did the penetration tester use?

  1. Protocol analyzer

  2. Port scanner

  3. Fuzzer

  4. Brute forcer

  5. Log analyzer

  6. HTTP interceptor

Correct Answer: C

Question No.109

A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities. The analyst inspects the following portions of different configuration files:

Configuration file 1: Operator ALL=/sbin/reboot Configuration file 2:

Command=quot;/sbin/shutdown nowquot;,no-x11-forwarding, no-pty, ssh-dss Configuration file 3:


Which of the following explains why an intended operator cannot perform the intended action?

  1. The sudoers file is locked down to an incorrect command

  2. SSH command shell restrictions are misconfigured

  3. The passwd file is misconfigured

  4. The SSH command is not allowing a pty session

Correct Answer: D

Question No.110

Given the following output from a local PC:


Which of the following ACLs on a stateful host-based firewall would allow the PC to serve an intranet website?

A. Allow -gt; ANY

B. Allow -gt; C. Allow -gt;

D. Allow -gt;

Correct Answer: B

Get Full Version of CAS-003 Dumps