CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 74)

Page 74 of 137
PDF with 683 Questions

An online bank has contracted with a consultant to perform a security assessment of the bank’s web portal. The consultant notices the login page is linked from the main page with HTTPS, but when the URL is changed to HTTP, the browser is automatically redirected back to the HTTPS site. Which of the following is a concern for the consultant, and how can it be mitigated?

  1. XSS could be used to inject code into the login page during the redirect to the HTTPS site. The consultant should implement a WAF to prevent this.
  2. The consultant is concerned the site is using an older version of the SSL 3.0 protocol that is vulnerable to a variety of attacks. Upgrading the site to TLS 1.0 would mitigate this issue.
  3. The HTTP traffic is vulnerable to network sniffing, which could disclose usernames and passwords to an attacker. The consultant should recommend disabling HTTP on the web server.
  4. A successful MITM attack Could intercept the redirect and use sslstrip to decrypt further HTTPS traffic. Implementing HSTS on the web server would prevent this.

Answer(s): D



A security administrator wants to implement controls to harden company-owned mobile devices. Company policy specifies the following requirements:

-Mandatory access control must be enforced by the OS.
-Devices must only use the mobile carrier data transport.

Which of the following controls should the security administrator implement? (Choose three.)

  1. Enable DLP
  2. Enable SEAndroid
  3. Enable EDR
  4. Enable secure boot
  5. Enable remote wipe
  6. Disable Bluetooth
  7. Disable 802.11
  8. Disable geotagging

Answer(s): B,F,G



While conducting online research about a company to prepare for an upcoming penetration test, a security analyst discovers detailed financial information on an investor website the company did not make public. The analyst shares this information with the Chief Financial Officer (CFO), who confirms the information is accurate, as it was recently discussed at a board of directors meeting. Many of the details are verbatim discussion comments captured by the board secretary for purposes of transcription on a mobile device. Which of the following would MOST likely prevent a similar breach in the future?

  1. Remote wipe
  2. FDE
  3. Geolocation
  4. eFuse
  5. VPN

Answer(s): B



An organization wants to allow its employees to receive corporate email on their own smartphones. A security analyst is reviewing the following information contained within the file system of an employee’s smartphone:

FamilyPix.jpg
Taxreturn.tax
paystub.pdf
employeesinfo.xls
SoccerSchedule.doc
RecruitmentPlan.xls

Based on the above findings, which of the following should the organization implement to prevent further exposure? (Choose two.)

  1. Remote wiping
  2. Side loading
  3. VPN
  4. Containerization
  5. Rooting
  6. Geofencing
  7. Jailbreaking

Answer(s): A,D



Page 74 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote