무료 온라인 액세스 CompTIA.CAS-003.v2022-12-20.q589 모의 시험 (Page 3)

CAS-003 문제 6

A Chief Information Security Officer (CISO) is creating a security committee involving multiple business units of the corporation.
Which of the following is the BEST justification to ensure collaboration across business units?

A. A single point of coordination is required to ensure cybersecurity issues are addressed in protected, compartmentalized groups.

B. A risk to one business unit is a risk avoided by all business units, and liberal BYOD policies create new and unexpected avenues for attackers to exploit enterprises.

C. The CISO is uniquely positioned to control the flow of vulnerability information between business units.

D. Without business unit collaboration, risks introduced by one unit that affect another unit may go without compensating controls.

CAS-003 문제 7

아래 코드 스니펫이 제공됩니다.

다음 중 가장 관련된 취약점 유형은 무엇입니까?

A. 사용자 이름 매개변수의 버퍼 오버플로로 인해 메모리 손상 취약점이 발생할 수 있습니다.

B. 짧은 사용자 이름만 지원되므로 무차별 대입 자격 증명이 발생할 수 있습니다.

C. 포맷 스트링 취약점은 admin 사용자에게는 존재하지만 표준 사용자에게는 존재하지 않습니다.

D. 다른 코드 경로를 사용하여 하드코딩된 사용자 이름은 입력한 사용자에 따라 다릅니다.

CAS-003 문제 8

A security administrator wants to allow external organizations to cryptographically validate the company's domain name in email messages sent by employees. Which of the following should the security administrator implement?

A. SPF

B. S/MIME

C. TLS

D. DKIM

CAS-003 문제 9

A university's help desk is receiving reports that Internet access on campus is not functioning. The network administrator looks at the management tools and sees the 1Gbps Internet is completely saturated with ingress traffic. The administrator sees the following output on the Internet router:

The administrator calls the university's ISP for assistance, but it takes more than four hours to speak to a network engineer who can resolve the problem. Based on the information above, which of the following should the ISP engineer do to resolve the issue?

A. The ISP engineer should immediately begin blocking IP addresses that are attacking the web server to restore Internet connectivity. In the future, the university should install a WAF to prevent this attack from happening again.

B. The ISP engineer should begin refusing network connections to the web server immediately to restore Internet connectivity on campus. The university should purchase an IPS device to stop DDoS attacks in the future.

C. The ISP engineer should null route traffic to the web server immediately to restore Internet connectivity.
The university should implement a remotely triggered black hole with the ISP to resolve this more quickly in the future.

D. A university web server is under increased load during enrollment. The ISP engineer should immediately increase bandwidth to 2Gbps to restore Internet connectivity. In the future, the university should pay for more bandwidth to handle spikes in web server traffic.

CAS-003 문제 10

An organization has implemented an Agile development process for front end web application development. A new security architect has just joined the company and wants to integrate security activities into the SDLC.
Which of the following activities MUST be mandated to ensure code quality from a security perspective? (Select TWO).

A. Static and dynamic analysis is run as part of integration

B. Security standards and training is performed as part of the project

C. Daily stand-up meetings are held to ensure security requirements are understood

D. For each major iteration penetration testing is performed

E. Security requirements are story boarded and make it into the build

F. A security design is performed at the end of the requirements phase

다른 버전: 4967CompTIA.CAS-003.v2022-07-04.q589; 2120CompTIA.CAS-003.v2022-05-09.q215

최근 업로드: 108Oracle.1Z0-908.v2025-09-06.q68; 111Oracle.1Z0-1055-24.v2025-09-05.q29; 273VMware.2V0-13.24.v2025-09-04.q75; 119Qlik.QSBA2022.v2025-09-04.q17; 121Oracle.1Z0-1073-23.v2025-09-03.q29; 120Cisco.300-820.v2025-09-03.q187; 117Oracle.1z0-1060-25.v2025-09-03.q26; 127CIPS.L5M4.v2025-09-02.q13; 140Fortinet.FCP_ZCS-AD-7.4.v2025-09-02.q12; 117PECB.ISO-45001-Lead-Auditor.v2025-09-02.q14