A developer emails the following output to a security administrator for review:
Which of the following tools might the security administrator use to perform further security assessment of this issue?
A. Port scanner
B. Vulnerability scanner
C. Fuzzer
D. HTTP interceptor
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Right on what Pablo said. I believe the nMap sim they were FTP Server, email server, Web server, and UTM appliance. then you had to DISABLE the protocols that were not useful for that sim.
The CVSS sim was tough. Its a SCADA one with 2 sites. Vulnerability 1 goes to the VPN concentrators on both sites and vulnerabiltty 2 goes to the DNS application on site 1.
How accurate is this question set vs your test Masta?
It is pretty spot on
The forum comments are gold as you can learn/research so much from the comments. Even for questions that i saw the first time they were easier to understand BC i got the concepts down from researching other comments and questions
It is also nice to read through these to help understand the thought process you need to be in when answering Comptia questions. Good luck.
Masta is dead on about the sims, but lots of new questions.
Passed today!! The information on this site was invaluable. Study each question with care. Like Pablo said do some research, read the debate, ask proffessionals for advice if possible and you will be prepared.
Great!
I passed the exam today on a first time go. Honestly, the information on this site was far more useful than the two test preps that I purchased. I got the test preps and then did a look up of each question on this site, read the debate, researched, and it prepared me.
There were a number of new questions to be sure. Make sure you understand what AXFR is and what type of system it belongs–simulation. Know what ports belong to specific servers–Web server, FTP server, SFTP server, cant remember the other.
One important note: The first five questions are simulations of some kind. 1 Drag Drop and four simulations (2 on this site right now). Do not use your time on these at first. It puts you behind before you begin. Mark these as review and move past. Do the other 74 multiple choice questions first. When you have completed, go back and do the simulations. I do not know what the breakdown is but we all end up spending an inordinate amount of time on the simulations. Even doing it this way, I spent too much time on the unnecessary services simulations. If you kill the wrong process, it makes you redo the entire simulation. Took me a couple of tries before I realized it was the simulation and not some communication problem with my computer. Cost me about 10 minutes. By the way, go through, pull up the whiteboard, jot down what processes you kill first. If you kill the wrong one, you will end up having to kill them again but at least you know what cannot be killed. Next turn those valid ones off, and lastly, turn off the service.
Again, this site was the key to success.
just to add, know you basic nmap commands and how to read ouputs, as well as understanding cvss vulnerability readings and interpreting these! – key for new sims 🙂
CVSS SIM pics at: https://media.cheggcdn.com/study/cd4/cd4cbb8b-7a5b-45b2-ab4e-72eb8fc92df1/image.png
and https://media.cheggcdn.com/study/8c6/8c620d9c-8433-4cec-87ff-b079be95f559/image.png
does anyone have additional insight?
I just took the CASP 3 exam and pass it after 3rd attempts. Thank you to this board’s help. There are many new questions as of November 2020. But the questions built on similar concepts. All the Simulation questions are still there with 2 new ones. One simulation for Nmap; you need to identify the role of the server base on the Nmap scan… example: port 80, 443 on server 10.1.1.1. This is a Web Server. Other simulation includes CVSS vulnerability identification. If I have to start again, I would read the book and watch CASP videos and do practice exams. Good luck everyone.
Could you explain a bit the CVSS SIM ? thx (exam on 12/1….)
Did you pass? How was the exam?
Agree with D.