CAS-003 CompTIA Advanced Security Practitioner (CASP) Exam

Posted by

Exam Codes : CAS-003
Launch Date : April 2, 2018
Number of Questions : Maximum of 90 questions
Type of Questions : Multiple-choice and performance-based
Length of Test : 165 Minutes
Passing Score : This test has no scaled score; it’s pass/fail only.
Languages : English and Japanese
Testing Provider : Pearson VUE
Testing Centers : Online Testing

Exam Description
CASP+ covers the technical knowledge and skills required to conceptualize, engineer, integrate and implement secure solutions across complex environments to support a resilient enterprise.

Recommended Experience A minimum of ten years of experience in IT administration, including at least five years of hands-on technical security experience.

Official CompTIA Content (OCC) has been designed from the ground up to help you learn and master the material in your certification exam. Trust self-paced CompTIA study guides that are
Clearly written and structured.
Flexible so you can learn at any pace.
Focused on your exam success.

Save With a Bundle
CompTIA Training bundles are a great way to continue your learning process in every stage of your exam preparation. Complement a study guide with popular training options such as:

What You’ll Learn
The CASP+ Certification Study Guide was designed to help you acquire the knowledge and skills covered in the latest CAS-003 exam objectives and is packed with informative and accessible content.

After reading this text, you will be able to:
Support IT governance in the enterprise with an emphasis on managing risk
Leverage collaboration tools and technology to support enterprise security
Use research and analysis to secure the enterprise
Integrate advanced authentication and authorization techniques
Implement cryptographic techniques, security controls for hosts, security controls for mobile devices, implement network security, and security in the systems and software development lifecycle.
Integrate hosts, storage, networks, applications, virtual environments, and cloud technologies in a secure enterprise architecture
Conduct security assessments
Respond to and recover from security incidents.

Prerequisites
CompTIA CASP+ is aimed at IT Professionals with a minimum of ten years of experience in IT administration, including at least five years of hands-on technical security experience.

CAS-003 Domain Equivalency
2.0 Enterprise Security Architecture (25%)
3.0 Enterprise Security Operations (20%)
4.0 Technical Integration of Enterprise Security (23%)
1.0 Risk Management (19%)
5.0 Research, Development and Collaboration (13%)

CASP+ Exam Objectives
The new CASP+ (CAS-004) includes more exam objectives. In fact, CAS-004 has 28 exam objectives versus the 19 in CAS-003. The purpose of this update is to break down the larger objectives found on CAS-003 into multiple objectives to improve instructional design.

The new exam objectives focus on the most up-to-date and current skills needed for the following tasks:
Architect, engineer, integrate and implement secure solutions across complex environments to support a resilient enterprise
Use monitoring, detection, incident response and automation to proactively support ongoing security operations in an enterprise environment
Apply security practices to cloud, on-premises, endpoint and mobile infrastructure, while considering cryptographic technologies and techniques
Consider the impact of governance, risk and compliance requirements throughout the enterprise

This is equivalent to at least 10 years of general hands-on IT experience, with at least 5 of those years being broad hands-on security experience. CASP+ is recommended to follow CompTIA Security+, CompTIA PenTest+ and CompTIA CySA+ on the CompTIA Cybersecurity Career Pathway.

As you use the exam objectives to prepare for your test, note that they are not exhaustive of everything you may be tested on. Consider the exam objectives stem (the heading) as your item to study and the bulleted lists as examples of some of the things that might be covered. CompTIA is constantly reviewing exam content and updating questions to ensure relevance and exam integrity.


QUESTION 1
A company’s Chief Operating Officer (COO) is concerned about the potential for competitors to infer
proprietary information gathered from employees”’? social media accounts.
Which of the following methods should the company use to gauge its own social media threat level without
targeting individual employees?

A. Utilize insider threat consultants to provide expertise.
B. Require that employees divulge social media accounts.
C. Leverage Big Data analytical algorithms.
D. Perform social engineering tests to evaluate employee awareness.

Answer: A


QUESTION 2
A security administrator is hardening a TrustedSolaris server that processes sensitive data. The data owner
has established the following security requirements:
The data is for internal consumption only and shall not be distributed to outside individuals
The systems administrator should not have access to the data processed by the server
The integrity of the kernel image is maintained
Which of the following host-based security controls BEST enforce the data owner’s requirements? (Choose
three.)

A. SELinux
B. DLP
C. HIDS
D. Host-based firewall
E. Measured boot
F. Data encryption
G. Watermarking

Answer: C,E,F


QUESTION 3
An SQL database is no longer accessible online due to a recent security breach. An investigation reveals that
unauthorized access to the database was possible due to an SQL injection vulnerability. To prevent this type of
breach in the future, which of the following security controls should be put in place before bringing the
database back online? (Choose two.)

A. Secure storage policies
B. Browser security updates
C. Input validation
D. Web application firewall
E. Secure coding standards
F. Database activity monitoring

Answer: C,F


QUESTION 4
A company has entered into a business agreement with a business partner for managed human resources
services. The Chief Information Security Officer (CISO) has been asked to provide documentation that is
required to set up a business-to-business VPN between the two organizations. Which of the following is
required in this scenario?

A. ISA
B. BIA
C. SLA
D. RA

Answer: C

Examkingdom CompTIA CAS-003 Exam pdf, Certkingdom CompTIA CAS-003 PDF

MCTS Training, MCITP Trainnig

Best CompTIA CAS-003 Certification, CompTIA CAS-003 Training at certkingdom.com

Click to rate this post!
[Total: 0 Average: 0]