Free Access CompTIA.CAS-003.v2022-09-22.q535 Practice Test (Page 67)

Question 326

Company policy requires that all unsupported operating systems be removed from the network. The security administrator is using a combination of network based tools to identify such systems for the purpose of disconnecting them from the network. Which of the following tools, or outputs from the tools in use, can be used to help the security administrator make an approximate determination of the operating system in use on the local company network? (Select THREE).

A.Passive banner grabbing

B.Password cracker

C.http://www.company.org/documents_private/index.php?search=string#&topic=windows&tcp=packet%20capture&cookie=wokdjwalkjcnie61lkasdf2aliser4

D.443/tcp open http

E.dig host.company.com

F.09:18:16.262743 IP (tos 0x0, ttl 64, id 9870, offset 0, flags [none], proto TCP (6), length 40)
192.168.1.3.1051 > 10.46.3.7.80: Flags [none], cksum 0x1800 (correct), win 512, length 0

G.Nmap

Question 327

An organization uses IP address block 203.0.113.0/24 on its internal network. At the border router, the network administrator sets up rules to deny packets with a source address in this subnet from entering the network, and to deny packets with a destination address in this subnet from leaving the network. Which of the following is the administrator attempting to prevent?

A.BGP route hijacking attacks

B.Bogon IP network traffic

C.IP spoofing attacks

D.Man-in-the-middle attacks

E.Amplified DDoS attacks

Correct Answer: C

The IP address block 203.0.113.0/24 is used on the internal network. Therefore, there should be no traffic coming into the network claiming to be from an address in the 203.0.113.0/24 range. Similarly, there should be no outbound traffic destined for an address in the 203.0.113.0/24 range. So this has been blocked at the firewall. This is to protect against IP spoofing attacks where an attacker external to the network sends data claiming to be from an internal computer with an address in the 203.0.113.0/24 range.
IP spoofing, also known as IP address forgery or a host file hijack, is a hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a Web site, hijack browsers, or gain access to a network. Here's how it works: The hijacker obtains the IP address of a legitimate host and alters packet headers so that the legitimate host appears to be the source.
When IP spoofing is used to hijack a browser, a visitor who types in the URL (Uniform Resource Locator) of a legitimate site is taken to a fraudulent Web page created by the hijacker. For example, if the hijacker spoofed the Library of Congress Web site, then any Internet user who typed in the URL www.loc.gov would see spoofed content created by the hijacker.
If a user interacts with dynamic content on a spoofed page, the hijacker can gain access to sensitive information or computer or network resources. He could steal or alter sensitive data, such as a credit card number or password, or install malware. The hijacker would also be able to take control of a compromised computer to use it as part of a zombie army in order to send out spam.
Incorrect Answers:
A: BGP is a protocol used to exchange routing information between networks on the Internet. BGP route hijacking is the process of using BGP to manipulate Internet routing paths. The firewall configuration in this question will not protect against BGP route hijacking attacks.
B: Bogon is an informal name for an IP packet on the public Internet that claims to be from an area of the IP address space reserved, but not yet allocated or delegated by the Internet Assigned Numbers Authority (IANA) or a delegated Regional Internet Registry (RIR). The firewall configuration in this question will not protect against Bogon IP network traffic.
D: A man-in-the-middle attack is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. The firewall configuration in this question will not protect against a man-in-the-middle attack.
E: A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Amplified DDoS attacks use more systems to 'amplify' the attack. The firewall configuration in this question will not protect against a DDoS attack.
References:
http://searchsecurity.techtarget.com/definition/IP-spoofing

Question 328

A large company with a very complex IT environment is considering a move from an on-premises, internally managed proxy to a cloud-based proxy solution managed by an external vendor. The current proxy provides caching, content filtering, malware analysis, and URL categorization for all staff connected behind the proxy.
Staff members connect directly to the Internet outside of the corporate network. The cloud-based version of the solution would provide content filtering, TLS decryption, malware analysis, and URL categorization. After migrating to the cloud solution, all internal proxies would be decommissioned. Which of the following would MOST likely change the company's risk profile?

A.1. Outages would be likely to occur for systems or applications with hard-coded proxy information.2.The service would provide some level of protection for staff members working from home.3. Malware detection times would decrease due to third-party management of the service.

B.1. The loss of local caching would dramatically increase ISP changes and impact existing bandwidth.2.There would be a greater likelihood of Internet access outages due to lower resilience of cloud gateways.3. There would be a loss of internal intellectual knowledge regarding proxy configurations and application data flows.

C.1. The external vendor would have access to inbound and outbound gateway traffic.2. The service would provide some level of protection for staff working from home.3. Outages would be likely to occur for systems or applications with hard-coded proxy information.

D.1. There would be a loss of internal intellectual knowledge regarding proxy configurations and application data flows.2. There would be a greater likelihood of Internet access outages due to lower resilience of cloud gateways.3. There would be data sovereignty concerns due to changes required in routing and proxy PAC files.

Question 329

A vulnerability scan with the latest definitions was performed across Sites A and B.
Match each relevant finding to the affected host-After associating the finding with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Question 330

Compliance with company policy requires a quarterly review of firewall rules. You are asked to conduct a review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more secure. Given the following information perform the tasks listed below:
Untrusted zone: 0.0.0.0/0
User zone: USR 10.1.1.0/24
User zone: USR2 10.1.2.0/24
DB zone: 10.1.4.0/24
Web application zone: 10.1.5.0/24
Management zone: 10.1.10.0/24
Web server: 10.1.5.50
MS-SQL server: 10.1.4.70
MGMT platform: 10.1.10.250
Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Task 1) A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.
Task 2) The firewall must be configured so that the SQL server can only receive requests from the web server.
Task 3) The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.
Task 4) Ensure the final rule is an explicit deny.
Task 5) Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.
Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

A.Task 1: A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.
In Rule no. 1 edit the Action to Deny to block internet access from the management platform.
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
UNTRUST
10.1.10.250
ANY
MGMT
ANY
ANY
ANY
DENY
Task 2: The firewall must be configured so that the SQL server can only receive requests from the web server.
In Rule no. 6 from top, edit the Action to be Permit.
SRC Zone
Action
DB
10.1.4.70
ANY
WEBAPP
10.1.5.50
ANY
ANY
PERMIT
Task 3: The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.
In rule no. 5 from top, change the DST port to Any from 80 to allow all unencrypted traffic.
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
UNTRUST
ANY
ANY
WEBAPP
10.1.5.50
ANY
TCP
PERMIT
Task 4: Ensure the final rule is an explicit deny
Enter this at the bottom of the access list i.e. the line at the bottom of the rule:
ANY
ANY
ANY
ANY
ANY
TCP
DENY
Task 5: Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.
In Rule number 4 from top, edit the DST port to 443 from 80
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
USER
10.1.1.0/24 10.1.2.0/24
ANY
UNTRUST
ANY
443
TCP
PERMIT

B.Task 1: A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.
In Rule no. 1 edit the Action to Deny to block internet access from the management platform.
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
UNTRUST
10.1.10.250
ANY
MGMT
ANY
ANY
ANY
DENY
Task 2: The firewall must be configured so that the SQL server can only receive requests from the web server.
In Rule no. 6 from top, edit the Action to be Permit.
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
DB
10.1.4.70
ANY
WEBAPP
10.1.5.50
ANY
ANY
PERMIT
Task 3: The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.
In rule no. 5 from top, change the DST port to Any from 80 to allow all unencrypted traffic.
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
UNTRUST
ANY
ANY
WEBAPP
10.1.5.50
ANY
TCP
PERMIT
Task 4: Ensure the final rule is an explicit deny
Enter this at the bottom of the access list i.e. the line at the bottom of the rule:
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
ANY
ANY
ANY
ANY
ANY
ANY
TCP
DENY
Task 5: Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.
In Rule number 4 from top, edit the DST port to 443 from 80
SRC Zone
SRC
SRC Port
DST Zone
DST
DST Port
Protocol
Action
USER
10.1.1.0/24 10.1.2.0/24
ANY
UNTRUST
ANY
443
TCP
PERMIT

Other Version: 6563CompTIA.CAS-003.v2022-08-15.q472; 4322CompTIA.CAS-003.v2022-05-05.q206; 2991CompTIA.CAS-003.v2022-04-30.q141; 84CompTIA.Actualtestpdf.CAS-003.v2022-01-19.by.morgan.327q.pdf

Latest Upload: 105Oracle.1z0-1196-25.v2025-09-12.q18; 104NetworkAppliance.NS0-162.v2025-09-12.q86; 144OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 180TheSecOpsGroup.CNSP.v2025-09-08.q20; 257CFAInstitute.ESG-Investing.v2025-09-08.q173; 240PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Question 326

Question 327

Question 328

Question 329

Question 330

Download PDF File