무료 온라인 액세스 CompTIA.CAS-003.v2022-12-20.q589 모의 시험 (Page 107)

CAS-003 문제 526

A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet:

Which of the following should the penetration tester conclude about the command output?

A. The public/private views on the Comptia.org DNS servers are misconfigured

B. 192.168.102.67 is a backup mail server that may be more vulnerable to attack

C. The DNS SPF records have not been updated for Comptia.org

D. Comptia.org is running an older mail server, which may be vulnerable to exploits

CAS-003 문제 527

A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes. Which of the following controls would BEST mitigate the identified vulnerability?

A. Provide digital certificates to all systems, and eliminate the user group or shared mailboxes

B. Issue digital certificates to all users, including owners of group mailboxes, and enable S/MIME

C. Implement two-factor email authentication, and require users to hash all email messages upon receipt

D. Federate with an existing PKI provider, and reject all non-signed emails

CAS-003 문제 528

While attending a meeting with the human resources department, an organization's information security officer sees an employee using a username and password written on a memo pad to log into a specific service. When the information security officer inquires further as to why passwords are being written down, the response is that there are too many passwords to remember for all the different services the human resources department is required to use.
Additionally, each password has specific complexity requirements and different expiration time frames. Which of the following would be the BEST solution for the information security officer to recommend?

A. Pushing SAML adoption

B. Implementing SSO

C. Utilizing MFA

D. Implementing TACACS

E. Deploying 802.1X

CAS-003 문제 529

As part of incident response, a technician is taking an image of a compromised system and copying the image to a remote image server (192.168.45.82). The system drive is very large but does not contain the sensitive data. The technician has limited time to complete this task. Which of the following is the BEST command for the technician to run?

A. tar cvf - / | ssh 192.168.45.82 ''cat - > /images/image.tar"

B. memdump /dev/sda1 | nc 192.168.45.82 3000

C. dd if=/dev/mem | scp - 192.168.45.82:/images/image.dd

D. dd if=/dev/sda | nc 192.168.45.82 3000

CAS-003 문제 530

해커인 Joe는 브라우저에서 볼 때 브라우저가 충돌하고 피해자의 권한 수준 컨텍스트에서 원격 코드 실행을 얻을 수 있는 웹 페이지를 특별히 제작할 수 있다는 것을 발견했습니다. 사용하지 않는 힙 메모리에 접근할 때 예외 오류로 인해 브라우저가 충돌합니다. 다음 중 애플리케이션 문제를 가장 잘 설명한 것은 무엇입니까?

A. 정수 오버플로

B. 클릭재킹

C. 레이스 컨디션

D. SQL 인젝션

E. 무료 후 사용

F. 입력 유효성 검사

다른 버전: 4990CompTIA.CAS-003.v2022-07-04.q589; 2144CompTIA.CAS-003.v2022-05-09.q215

최근 업로드: 109Oracle.1Z0-908.v2025-09-06.q68; 112Oracle.1Z0-1055-24.v2025-09-05.q29; 275VMware.2V0-13.24.v2025-09-04.q75; 120Qlik.QSBA2022.v2025-09-04.q17; 122Oracle.1Z0-1073-23.v2025-09-03.q29; 122Cisco.300-820.v2025-09-03.q187; 118Oracle.1z0-1060-25.v2025-09-03.q26; 129CIPS.L5M4.v2025-09-02.q13; 141Fortinet.FCP_ZCS-AD-7.4.v2025-09-02.q12; 119PECB.ISO-45001-Lead-Auditor.v2025-09-02.q14