CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 36)

Page 36 of 137
PDF with 683 Questions

A penetration tester noticed special characters in a database table. The penetration tester configured the browser to use an HTTP interceptor to verify that the front-end user registration web form accepts invalid input in the user’s age field. The developer was notified and asked to fix the issue.
Which of the following is the MOST secure solution for the developer to implement?

  1. IF $AGE == “!@#$%^&*()_+<>?”:{}[]” THEN ERROR
  2. IF $AGE == [1234567890] {1,3} THEN CONTINUE
  3. IF $AGE != “a-bA-Z!@#$%^&*()_+<>?”:{}[]” THEN CONTINUE
  4. IF $AGE == [1-0] {0,2} THEN CONTINUE

Answer(s): B



A managed service provider is designing a log aggregation service for customers who no longer want to manage an internal SIEM infrastructure. The provider expects that customers will send all types of logs to them, and that log files could contain very sensitive entries. Customers have indicated they want on-premises and cloud-based infrastructure logs to be stored in this new service. An engineer, who is designing the new service, is deciding how to segment customers.

Which of the following is the BEST statement for the engineer to take into consideration?

  1. Single-tenancy is often more expensive and has less efficient resource utilization. Multitenancy may increase the risk of cross-customer exposure in the event of service vulnerabilities.
  2. The managed service provider should outsource security of the platform to an existing cloud company. This will allow the new log service to be launched faster and with well-tested security controls.
  3. Due to the likelihood of large log volumes, the service provider should use a multitenancy model for the data storage tier, enable data deduplication for storage cost efficiencies, and encrypt data at rest.
  4. The most secure design approach would be to give customers on-premises appliances, install agents on endpoints, and then remotely manage the service via a VPN.

Answer(s): C



At a meeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company’s web servers can be obtained publicly and is not proprietary in any way. The next day the company’s website is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website.

Which of the following is the FIRST action the company should take?

  1. Refer to and follow procedures from the company’s incident response plan.
  2. Call a press conference to explain that the company has been hacked.
  3. Establish chain of custody for all systems to which the systems administrator has access.
  4. Conduct a detailed forensic analysis of the compromised system.
  5. Inform the communications and marketing department of the attack details.

Answer(s): A



Click on the exhibit buttons to view the four messages.






A security architect is working with a project team to deliver an important service that stores and processes customer banking details. The project, internally known as ProjectX, is due to launch its first set of features publicly within a week, but the team has not been able to implement encryption-at-rest of the customer records. The security architect is drafting an escalation email to senior leadership.

Which of the following BEST conveys the business impact for senior leadership?

  1. Message 1
  2. Message 2
  3. Message 3
  4. Message 4

Answer(s): A



Page 36 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote