무료 온라인 액세스 CompTIA.CAS-003.v2022-12-20.q589 모의 시험 (Page 22)

CAS-003 문제 101

An organization has recently deployed an EDR solution across its laptops, desktops, and server infrastructure.
The organization's server infrastructure is deployed in an IaaS environment. A database within the non-production environment has been misconfigured with a routable IP and is communicating with a command and control server.
Which of the following procedures should the security responder apply to the situation? (Choose two.)

A. Disclose the breach to customers.

B. Contain the server.

C. Initiate a legal hold.

D. Perform a risk assessment.

E. Determine the data handling standard.

F. Perform an IOC sweep to determine the impact.

CAS-003 문제 102

An organization is concerned with potential data loss in the event of a disaster, and created a backup datacenter as a mitigation strategy. The current storage method is a single NAS used by all servers in both datacenters. Which of the following options increases data availability in the event of a datacenter failure?

A. Replicate NAS changes to the tape backups at the other datacenter.

B. Ensure each server has two HBAs connected through two routes to the NAS.

C. Establish deduplication across diverse storage paths.

D. Establish a SAN that replicates between datacenters.

CAS-003 문제 103

보안 테스터가 RFID 액세스 제어 시스템의 Mack-box 평가를 수행하고 있습니다. 테스터는 소수의 RFID 태그를 가지고 있어 리더기에 접근할 수 있지만 테스터는 회사에서 사용하기 때문에 리더기를 분해할 수 없습니다. 다음 중 테스터가 올바른 순서로 RFID 액세스 제어 시스템을 평가하기 위해 취해야 하는 단계를 보여 주는 것은 무엇입니까?

A. 1. RFID lag를 없애고 칩을 분석한다.
2. RFO 태그 식별자 및 제조업체 세부 정보 검색
3. 태그와 리더 간에 사용되는 프로토콜을 결정합니다.
4. RFID 통신 도청 및 재생 시도

B. 1. RFID 통신 도청 및 재생 시도
2. 태그와 리더 사이에 사용되는 프로토콜을 결정합니다.
3. RFID 태그 식별자 및 제조업체 세부 정보 검색
4. RFID 태그를 분리하여 칩을 분석

C. 1. RFID 태그 식별자 및 제조업체 세부 정보 검색
2. 태그와 리더 사이에 사용되는 프로토콜을 결정합니다.
3. RFID 통신 도청 및 재생 시도
4. RFID 태그를 분리하여 칩을 분석

D. 1. 태그와 리더 간에 사용되는 프로토콜을 확인합니다.
2. RFID 태그를 분리하여 칩 분석
3. RFID 태그 식별자 및 제조업체 세부 정보 검색
4. RFID 통신 도청 및 재생 시도

CAS-003 문제 104

A security analyst sees some suspicious entries in a log file from a web server website, which has a form that allows customers to leave feedback on the company's products. The analyst believes a malicious actor is scanning the web form. To know which security controls to put in place, the analyst first needs to determine the type of activity occurring to design a control. Given the log below:

Which of the following is the MOST likely type of activity occurring?

A. SQL injection

B. Fuzzing

C. XSS scanning

D. Brute forcing

CAS-003 문제 105

An insurance company has two million customers and is researching the top transactions on its customer portal. It identifies that the top transaction is currently password reset. Due to users not remembering their secret questions, a large number of calls are consequently routed to the contact center for manual password resets. The business wants to develop a mobile application to improve customer engagement in the future, continue with a single factor of authentication, minimize management overhead of the solution, remove passwords, and eliminate to the contact center. Which of the following techniques would BEST meet the requirements? (Choose two.)

A. Magic link sent to an email address

B. Customer ID sent via push notification

C. SMS with OTP sent to a mobile number

D. Third-party social login

E. Certificate sent to be installed on a device

F. Hardware tokens sent to customers

다른 버전: 4999CompTIA.CAS-003.v2022-07-04.q589; 2159CompTIA.CAS-003.v2022-05-09.q215

최근 업로드: 108Supermicro.SMI300XS.v2025-09-08.q15; 111Oracle.1z0-1104-25.v2025-09-08.q12; 103SAP.C-LIXEA-2404.v2025-09-08.q60; 106Cisco.300-730.v2025-09-08.q143; 104Huawei.H19-308_V4.0.v2025-09-08.q77; 107Nutanix.NCA-6.5.v2025-09-08.q56; 106CompTIA.CV0-003.v2025-09-08.q131; 116SAP.C-TS470-2412.v2025-09-08.q27; 107Oracle.1Z0-1122-25.v2025-09-08.q15; 107ATLASSIAN.ACP-620.v2025-09-08.q60