CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 52)

Page 52 of 137
PDF with 683 Questions

An organization’s Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer (CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO’s inbox from a familiar name with an attachment. Which of the following should the CISO task a security analyst with to determine whether or not the attachment is safe?

  1. Place it in a malware sandbox.
  2. Perform a code review of the attachment.
  3. Conduct a memory dump of the CFO’s P
  4. Run a vulnerability scan on the email server.

Answer(s): A



A Chief Information Security Officer (CISO) is reviewing technical documentation from various regional offices and notices some key differences between these groups. The CISO has not discovered any governance documentation. The CISO creates the following chart to visualize the differences among the networking used:


Which of the following would be the CISO’s MOST immediate concern?

  1. There are open standards in use on the network.
  2. Network engineers have ignored defacto standards.
  3. Network engineers are not following SOPs.
  4. The network has competing standards in use.

Answer(s): D



A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs. The program has highlighted the following requirements:

1. Long-lived sessions are required, as users do not log in very often.
2. The solution has multiple SPs, which include mobile and web applications.
3. A centralized IdP is utilized for all customer digital channels.
4. The applications provide different functionality types such as forums and customer portals.
5. The user experience needs to be the same across both mobile and web-based applications.

Which of the following would BEST improve security while meeting these requirements?

  1. Social login to IdP, securely store the session cookies, and implement one-time passwords sent to the mobile device
  2. Certificate-based authentication to IdP, securely store access tokens, and implement secure push notifications.
  3. Username and password authentication to IdP, securely store refresh tokens, and implement context-aware authentication.
  4. Username and password authentication to SP, securely store Java web tokens, and implement SMS OTPs.

Answer(s): A



Given the following:


Which of the following vulnerabilities is present in the above code snippet?

  1. Disclosure of database credential
  2. SQL-based string concatenation
  3. DOM-based injection
  4. Information disclosure in comments

Answer(s): C



Page 52 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote