CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 70)

Page 70 of 137
PDF with 683 Questions

An analyst is investigating anomalous behavior on a corporate-owned, corporate-managed mobile device with application whitelisting enabled, based on a name string. The employee to whom the device is assigned reports the approved email client is displaying warning messages that can launch browser windows and is adding unrecognized email addresses to the “compose” window.

Which of the following would provide the analyst the BEST chance of understanding and characterizing the malicious behavior?

  1. Reverse engineer the application binary.
  2. Perform static code analysis on the source code.
  3. Analyze the device firmware via the JTAG interface.
  4. Change to a whitelist that uses cryptographic hashing.
  5. Penetration test the mobile application.

Answer(s): A



A security appliance vendor is reviewing an RFP that is requesting solutions for the defense of a set of web- based applications. This RFP is from a financial institution with very strict performance requirements. The vendor would like to respond with its solutions.

Before responding, which of the following factors is MOST likely to have an adverse effect on the vendor’s qualifications?

  1. The solution employs threat information-sharing capabilities using a proprietary data model.
  2. The RFP is issued by a financial institution that is headquartered outside of the vendor’s own country.
  3. The overall solution proposed by the vendor comes in less that the TCO parameter in the RFP.
  4. The vendor’s proposed solution operates below the KPPs indicated in the RFP.

Answer(s): D



A vulnerability was recently announced that allows a malicious user to gain root privileges on other virtual machines running within the same hardware cluster. Customers of which of the following cloud-based solutions should be MOST concerned about this vulnerability?

  1. Single-tenant private cloud
  2. Multitenant SaaS cloud
  3. Single-tenant hybrid cloud
  4. Multitenant IaaS cloud
  5. Multitenant PaaS cloud
  6. Single-tenant public cloud

Answer(s): D



Company leadership believes employees are experiencing an increased number of cyber attacks; however, the metrics do not show this. Currently, the company uses “Number of successful phishing attacks” as a KRI, but it does not show an increase.

Which of the following additional information should be the Chief Information Security Officer (CISO) include in the report?

  1. The ratio of phishing emails to non-phishing emails
  2. The number of phishing attacks per employee
  3. The number of unsuccessful phishing attacks
  4. The percent of successful phishing attacks

Answer(s): C



Page 70 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote