CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 54)

Page 54 of 137
PDF with 683 Questions

An organization is improving its web services to enable better customer engagement and self-service. The organization has a native mobile application and a rewards portal provided by a third party. The business wants to provide customers with the ability to log in once and have SSO between each of the applications. The integrity of the identity is important so it can be propagated through to back-end systems to maintain a consistent audit trail. Which of the following authentication and authorization types BEST meet the requirements? (Choose two.)

  1. SAML
  2. Social login
  3. OpenID connect
  4. XACML
  5. SPML
  6. OAuth

Answer(s): A,F



After the departure of a developer under unpleasant circumstances, the company is concerned about the security of the software to which the developer has access. Which of the following is the BEST way to ensure security of the code following the incident?

  1. Hire an external red team to conduct black box testing
  2. Conduct a peer review and cross reference the SRTM
  3. Perform white-box testing on all impacted finished products
  4. Perform regression testing and search for suspicious code

Answer(s): A



A software company is releasing a new mobile application to a broad set of external customers. Because the software company is rapidly releasing new features, it has built in an over-the-air software update process that can automatically update the application at launch time. Which of the following security controls should be recommended by the company’s security architect to protect the integrity of the update process? (Choose two.)

  1. Validate cryptographic signatures applied to software updates
  2. Perform certificate pinning of the associated code signing key
  3. Require HTTPS connections for downloads of software updates
  4. Ensure there are multiple download mirrors for availability
  5. Enforce a click-through process with user opt-in for new features

Answer(s): A,B



A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate RTO and RPO for the organization’s ERP. Which of the following should the CISO interview as MOST qualified to provide RTO/RPO metrics?

  1. Data custodian
  2. Data owner
  3. Security analyst
  4. Business unit director
  5. Chief Executive Officer (CEO)

Answer(s): D



Page 54 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote