CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 57)

Page 57 of 137
PDF with 683 Questions

A security engineer is assisting a developer with input validation, and they are studying the following code block:


The security engineer wants to ensure strong input validation is in place for customer-provided account identifiers. These identifiers are ten-digit numbers. The developer wants to ensure input validation is fast because a large number of people use the system.

Which of the following would be the BEST advice for the security engineer to give to the developer?

  1. Replace code with Java-based type checks
  2. Parse input into an array
  3. Use regular expressions
  4. Canonicalize input into string objects before validation

Answer(s): C



A project manager is working with a software development group to collect and evaluate user stories related to the organization’s internally designed CRM tool. After defining requirements, the project manager would like to validate the developer’s interpretation and understanding of the user’s request. Which of the following would

BEST support this objective?

  1. Peer review
  2. Design review
  3. Scrum
  4. User acceptance testing
  5. Unit testing

Answer(s): B



A network printer needs Internet access to function. Corporate policy states all devices allowed on the network must be authenticated. Which of the following is the MOST secure method to allow the printer on the network without violating policy?

  1. Request an exception to the corporate policy from the risk management committee
  2. Require anyone trying to use the printer to enter their username and password
  3. Have a help desk employee sign in to the printer every morning
  4. Issue a certificate to the printer and use certificate-based authentication

Answer(s): D



The Chief Information Security Officer (CISO) of an e-retailer, which has an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local authorities, and when they arrive on-site, the authorities ask a security engineer to create a point-in-time copy of the running database in their presence. This is an example of:

  1. creating a forensic image
  2. deploying fraud monitoring
  3. following a chain of custody
  4. analyzing the order of volatility

Answer(s): A



Page 57 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote