무료 온라인 액세스 CompTIA.CAS-003.v2022-12-20.q589 모의 시험 (Page 109)

CAS-003 문제 536

Joe, a penetration tester, is assessing the security of an application binary provided to him by his client. Which of the following methods would be the MOST effective in reaching this objective?

A. Use a static code analyzer

B. Run the binary in an application sandbox

C. Employ a fuzzing utility

D. Manually review the binary in a text editor

CAS-003 문제 537

A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs. The program has highlighted the following requirements:
1. Long-lived sessions are required, as users do not log in very often.
2. The solution has multiple SPs, which include mobile and web applications.
3. A centralized IdP is utilized for all customer digital channels.
4. The applications provide different functionality types such as forums and customer portals.
5. The user experience needs to be the same across both mobile and web-based applications.
Which of the following would BEST improve security while meeting these requirements?

A. Create-based authentication to IdP, securely store access tokens, and implement secure push notifications.

B. Social login to IdP, securely store the session cookies, and implement one-time passwords sent to the mobile device

C. Username and password authentication to SP, securely store Java web tokens, and implement SMS OTPs.

D. Username and password authentication to IdP, securely store refresh tokens, and implement context- aware authentication.

CAS-003 문제 538

Which of the following technologies prevents an unauthorized HBA fromviewing iSCSI target information?

A. Deduplication

B. Data snapshots

C. LUN masking

D. Storage multipaths

CAS-003 문제 539

A new employee is plugged into the network on a BYOD machine but cannot access the network Which of the following must be configured so the employee can connect to the network?

A. Port security

B. Firewall

C. Remote access

D. VPN

CAS-003 문제 540

A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization's customer database. The database will be accessed by both the company's users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed.
Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO).

A. Physical penetration test of the datacenter to ensure there are appropriate controls.

B. Penetration testing of the solution to ensure that the customer data is well protected.

C. Security clauses are implemented into the contract such as the right to audit.

D. Review of the organizations security policies, procedures and relevant hosting certifications.

E. Code review of the solution to ensure that there are no back doors located in the software.

다른 버전: 4990CompTIA.CAS-003.v2022-07-04.q589; 2139CompTIA.CAS-003.v2022-05-09.q215

최근 업로드: 109Oracle.1Z0-908.v2025-09-06.q68; 112Oracle.1Z0-1055-24.v2025-09-05.q29; 275VMware.2V0-13.24.v2025-09-04.q75; 120Qlik.QSBA2022.v2025-09-04.q17; 122Oracle.1Z0-1073-23.v2025-09-03.q29; 120Cisco.300-820.v2025-09-03.q187; 118Oracle.1z0-1060-25.v2025-09-03.q26; 129CIPS.L5M4.v2025-09-02.q13; 141Fortinet.FCP_ZCS-AD-7.4.v2025-09-02.q12; 119PECB.ISO-45001-Lead-Auditor.v2025-09-02.q14