무료 온라인 액세스 CompTIA.CAS-003.v2022-12-20.q589 모의 시험 (Page 53)

CAS-003 문제 256

Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology.
Which of the following would be the advantage of conducting this kind of penetration test?

A. The risk of unplanned server outages is reduced.

B. Using documentation provided to them, the pen-test organization can quickly determine areas to focus on.

C. The results will show an in-depth view of the network and should help pin-point areas of internal weakness.

D. The results should reflect what attackers may be able to learn about the company.

CAS-003 문제 257

After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees' devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees' devices into the network securely?

A. Install a self-signed SSL certificate on the company's RADIUS server and distribute the certificate's public key to all new client devices.

B. Distribute a NAC client and use the client to push the company's private key to all the new devices.

C. Install an 802.1X supplicant on all new devices and let each device generate a self-signed certificate to use for network access.

D. Distribute the device connection policy and a unique public/private key pair to each new employee's device.

CAS-003 문제 258

A network administrator with a company's NSP has received a CERT alert for targeted adversarial behavior at the company. In addition to the company's physical security, which of the following can the network administrator use to detect the presence of a malicious actor physically accessing the company's network or information systems from within? (Select TWO).

A. RAS

B. Vulnerability scanner

C. HTTP intercept

D. HIDS

E. Port scanner

F. Protocol analyzer

CAS-003 문제 259

A system worth $100,000 has an exposure factor of eight percent and an ARO of four. Which of the following figures is the system's SLE?

A. $2,000

B. $8,000

C. $12,000

D. $32,000

CAS-003 문제 260

Following a recent and very large corporate merger, the number of log files an SOC needs to review has approximately tripled. The Chief Information Security Officer (CISO) has not been allowed to hire any more staff for the SOC, but is looking for other ways to automate the log review process so the SOC receives less noise. Which of the following would BEST reduce log noise for the SOC?

A. Centralized IPS

B. Outsourcing

C. Machine learning

D. SIEM filtering

다른 버전: 5039CompTIA.CAS-003.v2022-07-04.q589; 2159CompTIA.CAS-003.v2022-05-09.q215

최근 업로드: 102Juniper.JN0-664.v2025-09-11.q101; 103IAPP.CIPM.v2025-09-11.q242; 110Oracle.1Z0-1160-1.v2025-09-10.q18; 107Oracle.1z0-1054-25.v2025-09-10.q50; 104Cisco.300-710.v2025-09-10.q297; 118VMware.2V0-41.24.v2025-09-10.q104; 156Avaya.78201X.v2025-09-09.q135; 142CompTIA.220-1202.v2025-09-09.q57; 178CheckPoint.156-215.81.v2025-09-09.q391; 217ECCouncil.312-50v13.v2025-09-09.q347