무료 온라인 액세스 CompTIA.CAS-003.v2022-12-20.q589 모의 시험 (Page 4)

CAS-003 문제 11

Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatment strategies. As part of the CISO's evaluation, a judgment of potential impact based on the identified risk is performed. To prioritize response actions, the CISO uses past experience to take into account the exposure factor as well as the external accessibility of the weakness identified.
Which of the following is the CISO performing?

A. Threat modeling

B. Business impact scoring

C. Quantitative risk assessment

D. Qualitative assessment of risk

E. Documentation of lessons learned

CAS-003 문제 12

The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics.
The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review.
Which of the following BEST meets the needs of the board?

A. KRI:- EDR coverage across the fleet- % of suppliers with approved security control framework- Backlog of unresolved security investigations- Threat landscape ratingKPI:- Time to resolve open security items- Compliance with regulations- Time to patch critical issues on a monthly basis- Severity of threats and vulnerabilities reported by sensors

B. KPI:- Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors- Threat landscape ratingKRI:- Time to resolve open security items- Backlog of unresolved security investigations- EDR coverage across the fleet- Time to patch critical issues on a monthly basis

C. KRI:- EDR coverage across the fleet- Backlog of unresolved security investigations- Time to patch critical issues on a monthly basis- Threat landscape ratingKPI:- Time to resolve open security items- Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors

D. KRI:- Compliance with regulations- Backlog of unresolved security investigations- Severity of threats and vulnerabilities reported by sensors- Time to patch critical issues on a monthly basisKPI:- Time to resolve open security items- % of suppliers with approved security control frameworks- EDR coverage across the fleet- Threat landscape rating

CAS-003 문제 13

The following has been discovered in an internally developed application:
Error - Memory allocated but not freed:
char *myBuffer = malloc(BUFFER_SIZE);
if (myBuffer != NULL) {
*myBuffer = STRING_WELCOME_MESSAGE;
printf("Welcome to: %s\n", myBuffer);
}
exit(0);
Which of the following security assessment methods are likely to reveal this security weakness?
(Select TWO).

A. Static code analysis

B. Memory dumping

C. Manual code review

D. Application sandboxing

E. Penetration testing

F. Black box testing

CAS-003 문제 14

The computing to host critical corporate data for protection from natural disasters. The recommended solution is to adopt the public cloud for its cost savings If the CEO insists on adopting the public cloud model, which of the following would be the BEST advice?

A. Ensure the colocation facility implements a robust DRP to help with business continuity planning.

B. Ensure the on-premises datacenter employs fault tolerance and load balancing capabilities.

C. Ensure the ISP is using a standard help-desk ticketing system to respond to any system outages

D. Ensure the cloud provider supports a secure virtual desktop infrastructure

CAS-003 문제 15

A system owner has requested support from data owners to evaluate options for the disposal of equipment
containing sensitive data. Regulatory requirements state the data must be rendered unrecoverable via
logical means or physically destroyed. Which of the following factors is the regulation intended to address?

A. E-waste

B. Remanence

C. Sovereignty

D. Deduplication

다른 버전: 4967CompTIA.CAS-003.v2022-07-04.q589; 2126CompTIA.CAS-003.v2022-05-09.q215

최근 업로드: 108Oracle.1Z0-908.v2025-09-06.q68; 111Oracle.1Z0-1055-24.v2025-09-05.q29; 273VMware.2V0-13.24.v2025-09-04.q75; 119Qlik.QSBA2022.v2025-09-04.q17; 121Oracle.1Z0-1073-23.v2025-09-03.q29; 120Cisco.300-820.v2025-09-03.q187; 117Oracle.1z0-1060-25.v2025-09-03.q26; 127CIPS.L5M4.v2025-09-02.q13; 140Fortinet.FCP_ZCS-AD-7.4.v2025-09-02.q12; 117PECB.ISO-45001-Lead-Auditor.v2025-09-02.q14