CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-003

Free CAS-003 Exam Braindumps (page: 75)

Page 75 of 137
PDF with 683 Questions

An infrastructure team within an energy organization is at the end of a procurement process and has selected a vendor’s SaaS platform to deliver services. As part of the legal negotiation, there are a number of outstanding risks, including:

1. There are clauses that confirm a data retention period in line with what is in the energy organization’s security policy.
2. The data will be hosted and managed outside of the energy organization’s geographical location.

The number of users accessing the system will be small, and no sensitive data will be hosted in the SaaS platform. Which of the following should the project’s security consultant recommend as the NEXT step?

  1. Develop a security exemption, as the solution does not meet the security policies of the energy organization.
  2. Require a solution owner within the energy organization to accept the identified risks and consequences.
  3. Mititgate the risks by asking the vendor to accept the in-country privacy principles and modify the retention period.
  4. Review the procurement process to determine the lessons learned in relation to discovering risks toward the end of the process.

Answer(s): B



A developer emails the following output to a security administrator for review:


Which of the following tools might the security administrator use to perform further security assessment of this issue?

  1. Port scanner
  2. Vulnerability scanner
  3. Fuzzer
  4. HTTP interceptor

Answer(s): D



A software development company lost customers recently because of a large number of software issues. These issues were related to integrity and availability defects, including buffer overflows, pointer dereferences, and others. Which of the following should the company implement to improve code quality? (Choose two.)

  1. Development environment access controls
  2. Continuous integration
  3. Code comments and documentation
  4. Static analysis tools
  5. Application containerization
  6. Code obfuscation

Answer(s): D,F



An enterprise is trying to secure a specific web-based application by forcing the use of multifactor authentication. Currently, the enterprise cannot change the application’s sign-in page to include an extra field. However, the web-based application supports SAML. Which of the following would BEST secure the application?

  1. Using an SSO application that supports mutlifactor authentication
  2. Enabling the web application to support LDAP integration
  3. Forcing higher-complexity passwords and frequent changes
  4. Deploying Shibboleth to all web-based applications in the enterprise

Answer(s): D



Page 75 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote