CAS-003: CompTIA Advanced Security Practitioner (CASP) Exam | Practice Test / Quiz / MCQs

1. A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The Chief Information Security Officer (CISO) will then present this list to the board to request funding for controls in areas that have insufficient coverage. Which of the following exercise types should the analyst perform?

Conduct a threat modeling exercise.Summarize the most recently disclosed vulnerabilities.Research industry best practices and latest RFCs.Undertake an external vulnerability scan and penetration test.

2. A security technician is incorporating the following requirements in an RFP for a new SIEM: New security notifications must be dynamically implemented by the SIEM engine The SIEM must be able to identify traffic baseline anomalies Anonymous attack data from all customers must augment attack detection and risk scoring Based on the above requirements, which of the following should the SIEM support?

Cloud-based management F. Centralized log aggregationAutoscaling search capabilityMultisensor deploymentMachine learning - Big Data analytics

3. A business is growing and starting to branch out into other locations. In anticipation of opening an office in a different country, the Chief Information Security Officer (CISO) and legal team agree they need to meet the following criteria regarding data to open the new office: Store taxation-related documents for five years Store customer addresses in an encrypted format Destroy customer information after one year Keep data only in the customer

Data sovereignty policyLegal compliance policyData retention policy - Data classification standard - Encryption standarCapacity planning policy

4. A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security. The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises. Which of the following should the consultant recommend be performed to evaluate potential risks?

The company should conduct internal audits of access logs and employee social media feeds to identify potential insider threatsThe company should install a temporary CCTV system to detect unauthorized access to physical officesThe consultant should be granted access to all physical access control systems to review logs and evaluate the likelihood of the threatThe consultant should attempt to gain access to physical offices through social engineering and then attempt data exfiltration

5. The legal department has required that all traffic to and from a company

Latency when viewing videos and other online content may increase.Confidential or sensitive documents are inspected by the firewall before being logged.Reports generated from the firewall will take longer to produce due to more information from inspected traffic.Stored logs may contain non-encrypted usernames and passwords for personal websites.

6. A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes. Which of the following controls would BEST mitigate the identified vulnerability?

Federate with an existing PKI provider, and reject all non-signed emailsIssue digital certificates to all users, including owners of group mailboxes, and enable S/MIMEImplement two-factor email authentication, and require users to hash all email messages upon receiptProvide digital certificates to all systems, and eliminate the user group or shared mailboxes

7. After multiple service interruptions caused by an older datacenter design, a company decided to migrate away from its datacenter. The company has successfully completed the migration of all datacenter servers and services to a cloud provider. The migration project includes the following phases: Selection of a cloud provider Architectural design Microservice segmentation Virtual private cloud Geographic service redundancy Service migration The Chief Information Security Officer (CISO) is still concerned with the availability requirements of critical company applications. Which of the following should the company implement NEXT?

Cloud access security brokerMulticloud solutionHybrid cloud solutionSingle-tenancy private cloud

8. A company monitors the performance of all web servers using WMI. A network administrator informs the security engineer that web servers hosting the company

Install anti-DDoS protection in the DMZDisable SNMP on the web serversDisable inbound traffic from offending sourcesInstall a HIPS on the web servers

9. Given the following output from a local PC: Which of the following ACLs on a stateful host-based firewall would allow the PC to serve an intranet website?

Allow 172.30.0.28:80 -> 172.30.0.0/16Allow 172.30.0.28:80 -> 172.30.0.28:443Allow 172.30.0.28:80 -> 172.30.0.28:53Allow 172.30.0.28:80 -> ANY

10. A company has entered into a business agreement with a business partner for managed human resources services. The Chief Information Security Officer (CISO) has been asked to provide documentation that is required to set up a business-to-business VPN between the two organizations. Which of the following is required in this scenario?

ISARASLABIA

11. A security administrator was informed that a server unexpectedly rebooted. The administrator received an export of syslog entries for analysis: Which of the following does the log sample indicate?

Encrypted payroll data was successfully decrypted by the attackerJsmith successfully used a privilege escalation attack - Buffer overflow in memory paging caused a kernel panic A root user performed an injection attack via kernel modulePayroll data was exfiltrated to an attacker-controlled host

13. A newly hired security analyst has joined an established SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concerned about it. Which of the following is the MOST likely reason for the team lead

Corporate policy states that NIPS signatures must be updated every hour.The attack type does not meet the organization?s threat model.The organization has accepted the risks associated with web-based threats.Web-based applications are on isolated network segments.

14. A company contracts a security engineer to perform a penetration test of its client-facing web portal. Which of the following activities would be MOST appropriate?

Use network enumeration tools to identify if the server is running behind a load balancerUse a protocol analyzer against the site to see if data input can be replayed from the browserScan the website through an interception proxy and identify areas for the code injectionScan the site with a port scanner to identify vulnerable services running on the web server

15. Given the following code snippet: Of which of the following is this snippet an example?

Data execution preventionBuffer overflowImproper filed usageFailure to use standard libraries

16. A company has entered into a business agreement with a business partner for managed human resources services. The Chief Information Security Officer (CISO) has been asked to provide documentation that is required to set up a business-to-business VPN between the two organizations. Which of the following is required in this scenario?

RASLAISABIA

17. A systems administrator at a medical imaging company discovers protected health information (PHI) on a general purpose file server. Which of the following steps should the administrator take NEXT?

Delete all PHI from the network until the legal department is consultedImmediately encrypt all PHI with AES 256Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2Consult the legal department to determine legal requirements

18. A systems security engineer is assisting an organization

The associated firmware is more likely to remain out of date and potentially vulnerableThe organization will be unable to restrict the use of NFC, electromagnetic induction, and Bluetooth technologiesThese devices can communicate over networks older than HSPA+ and LTE standards, exposing device communications to poor encryptions routinesThe manufacturers of the baseband radios are unable to enforce mandatory access controls within their driver set

19. A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet: Which of the following should the penetration tester conclude about the command output?

Comptia.org is running an older mail server, which may be vulnerable to exploitsThe DNS SPF records have not been updated for Comptia.org192.168.102.67 is a backup mail server that may be more vulnerable to attackThe public/private views on the Comptia.org DNS servers are misconfigured

20. A company is developing requirements for a customized OS build that will be used in an embedded environment. The company procured hardware that is capable of reducing the likelihood of successful buffer overruns while executables are processing. Which of the following capabilities must be included for the OS to take advantage of this critical hardware-based countermeasure?

ASLRNX/XN bitApplication whitelistingTrustZone

21. A company has adopted and established a continuous-monitoring capability, which has proven to be effective in vulnerability management, diagnostics, and mitigation. The company wants to increase the likelihood that it is able to discover and therefore respond to emerging threats earlier in the life cycle. Which of the following methodologies would BEST help the company to meet this objective?

AcceptAvoidMitigateTransfer

22. A security engineer is embedded with a development team to ensure security is built into products being developed. The security engineer wants to ensure developers are not blocked by a large number of security requirements applied at specific schedule points. Which of the following solutions BEST meets the engineer

Schedule weekly reviews of al unit test results with the entire development team and follow up between meetings with surprise code inspections.Develop and implement a set of automated security tests to be installed on each development team leader?s workstation.Enforce code quality and reuse standards into the requirements definition phase of the waterfall development process.Deploy an integrated software tool that builds and tests each portion of code committed by developers and provides feedback.

23. A team is at the beginning stages of designing a new enterprise-wide application. The new application will have a large database and require a capital investment in hardware. The Chief Information Officer (.IO) has directed the team to save money and reduce the reliance on the datacenter, and the vendor must specialize in hosting large databases in the cloud. Which of the following cloud-hosting options would BEST meet these needs?

Multi-tenancy SaaSSingle-tenancy PaaSCommunity IaaSHybrid IaaS

24. A security engineer is designing a system in which offshore, outsourced staff can push code from the development environment to the production environment securely. The security engineer is concerned with data loss, while the business does not want to slow down its development process. Which of the following solutions BEST balances security requirements with business need?

Use online collaboration tools to initiate workstation-sharing sessions with local staff who have access to the development networkCreate an IPSec VPN tunnel from the development network to the office of the outsourced staffInstall a client-side VPN on the staff laptops and limit access to the development networkSet up a VDI environment that prevents copying and pasting to the local workstations of outsourced staff members

25. Users have been reporting unusual automated phone calls, including names and phone numbers, that appear to come from devices internal to the company. Which of the following should the systems administrator do to BEST address this problem?

Have the phones download new configurations over TFTP.Change the settings on the phone system to use SIP-TLS.Add an ACL to the firewall to block VoIP.Enable QoS configuration on the phone VLAN.

25 Questions

❤ If you liked Fatskills, consider supporting us by checking out The Life Manuals You Never Got.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know?
Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson
© 2026 Fatskills.com

All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.

25 Questions

❤ If you liked Fatskills, consider supporting us by checking out The Life Manuals You Never Got.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know? Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson© 2026 Fatskills.com

All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know?
Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson
© 2026 Fatskills.com