무료 온라인 액세스 CompTIA.CAS-003.v2022-12-20.q589 모의 시험 (Page 114)

CAS-003 문제 561

A system worth $100,000 has an exposure factor of eight percent and an ARO of four. Which of the following figures is the system's SLE?

A. $2,000

B. $8,000

C. $12,000

D. $32,000

CAS-003 문제 562

A penetration tester is trying to gain access to a remote system. The tester is able to see the secure login page and knows one user account and email address, but has not yet discovered a password.
Which of the following would be the EASIEST method of obtaining a password for the known account?

A. Hash cracking

B. Social engineering

C. Man-in-the-middle

D. Reverse engineering

CAS-003 문제 563

취약점 스캐너 보고서에 따르면 신용 카드 회사 환경에서 작동하는 클라이언트-서버 호스트 모니터링 솔루션이 회사 정책에 맞지 않는 약한 알고리즘으로 SSL 세션을 관리하고 있습니다. 다음 중 맞는 설명은? (2개 선택).

A. X509 V3 인증서는 신뢰할 수 없는 공용 CA에서 발급했습니다.

B. 클라이언트-서버 핸드셰이크가 강력한 암호를 협상할 수 없습니다.

C. 클라이언트-서버 핸드셰이크가 잘못된 우선 순위로 구성되었습니다.

D. 클라이언트-서버 핸드셰이크는 TLS 인증을 기반으로 합니다.

E. X509 V3 인증서가 만료되었습니다.

F. 클라이언트-서버는 서로 다른 인증서를 사용하여 클라이언트-서버 상호 인증을 구현합니다.

CAS-003 문제 564

A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.
A security engineer is concerned about the security of the solution and notes the following.
* The critical devise send cleartext logs to the aggregator.
* The log aggregator utilize full disk encryption.
* The log aggregator sends to the analysis server via port 80.
* MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.
* The data is compressed and encrypted prior to being achieved in the cloud.
Which of the following should be the engineer's GREATEST concern?

A. Multinancy and data remnants in the cloud

B. Network bridging from a remote access VPN

C. Hardware vulnerabilities introduced by the log aggregate server

D. Encryption of data in transit

CAS-003 문제 565

The Chief Information Security Officer (CISO) developed a robust plan to address both internal and external vulnerabilities due to an increase in ransomware attacks on the networks However the number of successful attacks continues to increase. Which of the following is the MOST likely failure?

A. The company did not blacklist suspected websites properly

B. The IDS/IPS were not updated with the latest malware signatures

C. The threat model was not vetted property

D. The organization did not conduct a business impact analysis

다른 버전: 4977CompTIA.CAS-003.v2022-07-04.q589; 2129CompTIA.CAS-003.v2022-05-09.q215

최근 업로드: 108Oracle.1Z0-908.v2025-09-06.q68; 111Oracle.1Z0-1055-24.v2025-09-05.q29; 274VMware.2V0-13.24.v2025-09-04.q75; 119Qlik.QSBA2022.v2025-09-04.q17; 122Oracle.1Z0-1073-23.v2025-09-03.q29; 120Cisco.300-820.v2025-09-03.q187; 117Oracle.1z0-1060-25.v2025-09-03.q26; 127CIPS.L5M4.v2025-09-02.q13; 140Fortinet.FCP_ZCS-AD-7.4.v2025-09-02.q12; 117PECB.ISO-45001-Lead-Auditor.v2025-09-02.q14