Free CAS-003 Exam Braindumps (page: 77)

Page 77 of 137

A security architect is reviewing the code for a company’s financial website. The architect suggests adding the following HTML element, along with a server-side function, to generate a random number on the page used to initiate a funds transfer:

<input type=”hidden” name=”token” value=generateRandomNumber()>

Which of the following attacks is the security architect attempting to prevent?

  1. SQL injection
  2. XSRF
  3. XSS
  4. Clickjacking

Answer(s): B



A security engineer is assessing the controls that are in place to secure the corporate-Internet-facing DNS server. The engineer notices that security ACLs exist but are not being used properly. The DNS server should respond to any source but only provide information about domains it has authority over. Additionally, the DNS administrator have identified some problematic IP addresses that should not be able to make DNS requests. Given the ACLs below:



Which of the following should the security administrator configure to meet the DNS security needs?





Answer(s): D



Following a recent and very large corporate merger, the number of log files an SOC needs to review has approximately tripled. The Chief Information Security Officer (CISO) has not been allowed to hire any more staff for the SOC, but is looking for other ways to automate the log review process so the SOC receives less noise. Which of the following would BEST reduce log noise for the SOC?

  1. SIEM filtering
  2. Machine learning
  3. Outsourcing
  4. Centralized IPS

Answer(s): A



An organization is deploying IoT locks, sensors, and cameras, which operate over 802.11, to replace legacy building access control systems. These devices are capable of triggering physical access changes, including locking and unlocking doors and gates. Unfortunately, the devices have known vulnerabilities for which the vendor has yet to provide firmware updates.

Which of the following would BEST mitigate this risk?

  1. Direct wire the IoT devices into physical switches and place them on an exclusive VLAN.
  2. Require sensors to sign all transmitted unlock control messages digitally.
  3. Associate the devices with an isolated wireless network configured for WPA2 and EAP-TLS.
  4. Implement an out-of-band monitoring solution to detect message injections and attempts.

Answer(s): C



Page 77 of 137



Post your Comments and Discuss CompTIA CAS-003 exam with other Community members:

Nathan commented on April 20, 2020
I appreicate that you provide the Xengine software for free. But are you planning to keep it free! I really hope so!
GERMANY
upvote