CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 17)

Page 17 of 137
PDF with 683 Questions

A security controls assessor intends to perform a holistic configuration compliance test of networked assets. The assessor has been handed a package of definitions provided in XML format, and many of the files have two common tags within them: “<object object_ref=… />” and “<state state_ref=… />”. Which of the following tools BEST supports the use of these definitions?

  1. HTTP interceptor
  2. Static code analyzer
  3. SCAP scanner
  4. XML fuzzer

Answer(s): D



Legal authorities notify a company that its network has been compromised for the second time in two years. The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks. Which of the following would have allowed the security team to use historical information to protect against the second attack?

  1. Key risk indicators
  2. Lessons learned
  3. Recovery point objectives
  4. Tabletop exercise

Answer(s): B



A web developer has implemented HTML5 optimizations into a legacy web application. One of the modifications the web developer made was the following client side optimization:
localStorage.setItem(“session-cookie”, document.cookie);

Which of the following should the security engineer recommend?

  1. SessionStorage should be used so authorized cookies expire after the session ends
  2. Cookies should be marked as “secure” and “HttpOnly”
  3. Cookies should be scoped to a relevant domain/path
  4. Client-side cookies should be replaced by server-side mechanisms

Answer(s): C



A hospital’s security team recently determined its network was breached and patient data was accessed by an external entity. The Chief Information Security Officer (CISO) of the hospital approaches the executive management team with this information, reports the vulnerability that led to the breach has already been remediated, and explains the team is continuing to follow the appropriate incident response plan. The executive team is concerned about the hospital’s brand reputation and asks the CISO when the incident should be disclosed to the affected patients. Which of the following is the MOST appropriate response?

  1. When it is mandated by their legal and regulatory requirements
  2. As soon as possible in the interest of the patients
  3. As soon as the public relations department is ready to be interviewed
  4. When all steps related to the incident response plan are completed
  5. Upon the approval of the Chief Executive Officer (CEO) to release information to the public

Answer(s): A



Page 17 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote