무료 온라인 액세스 CompTIA.CAS-003.v2022-12-20.q589 모의 시험 (Page 64)

CAS-003 문제 311

A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP. Block is an except of output from the troubleshooting session:

Which of the following BEST explains why secure LDAP is not working? (Select TWO.)

A. The company is using the wrong port. It should be using port 389 for secure LDAP.

B. The clients may not trust idapt by default.

C. Secure LDAP does not support wildcard certificates.

D. Danvills.com is under a DDoS-inator attack and cannot respond to OCSP requests.

E. The clients may not trust Chicago by default.

F. The secure LDAP service is not started, so no connections can be made.

G. Secure LDAP should be running on UDP rather than TCP.

CAS-003 문제 312

The HVAC and fire suppression systems that were recently deployed at multiple locations are susceptible to a new vulnerability A security engineer needs to ensure the vulnerability is not exploited The devices are directly managed by a smart controller and do not need access to other pans of the network Signatures are available to detect this vulnerability Which of the following should be the FIRST step mi completing the request?

A. Create a segmented subnet for all HVAC devices and the smart controller

B. Deploy a NAC solution that disables devices with unknown MACs

C. Create an IPS profile for the HVAC devices that includes the signatures

D. Create a firewall policy with access to the smart controller from the internal network only.

CAS-003 문제 313

A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. Where would the consultant find this information and why would it be valuable?

A. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection.

B. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network.

C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections.

D. This information can be found by querying the network's DNS servers, and is valuable because backup DNS servers typically allow recursive queries from Internet hosts.

CAS-003 문제 314

An engineer is assisting with the design of a new virtualized environment that will house critical company services and reduce the datacenter's physical footprint. The company has expressed concern about the integrity of operating systems and wants to ensure a vulnerability exploited in one datacenter segment would not lead to the compromise of all others. Which of the following design objectives should the engineer complete to BEST mitigate the company's concerns? (Choose two.)

A. Deploy virtual desktop infrastructure with an OOB management network

B. Deploy to a private cloud with hosted hypervisors on each physical machine

C. Use a community CSP with independently managed security services

D. Employ the use of vTPM with boot attestation

E. Leverage separate physical hardware for sensitive services and data

CAS-003 문제 315

The Chief Information Security Officer (CISO) has asked the security team to determine whether the organization is susceptible to a zero-day exploit utilized in the banking industry and whether attribution is possible. The CISO has asked what process would be utilized to gather the information, and then wants to apply signatureless controls to stop these kinds of attacks in the future. Which of the following are the MOST appropriate ordered steps to take to meet the CISO's request?

A. 1. Apply artificial intelligence algorithms for detection2. Inform the CERT team3. Research threat intelligence and potential adversaries4. Utilize threat intelligence to apply Big Data techniques

B. 1. Perform the ongoing research of the best practices2. Determine current vulnerabilities and threats3.
Apply Big Data techniques4. Use antivirus control

C. 1. Analyze the current threat intelligence2. Utilize information sharing to obtain the latest industry IOCs3. Perform a sweep across the network to identify positive matches4. Apply machine learning algorithms

D. 1. Obtain the latest IOCs from the open source repositories2. Perform a sweep across the network to identify positive matches3. Sandbox any suspicious files4. Notify the CERT team to apply a future proof threat model

다른 버전: 5039CompTIA.CAS-003.v2022-07-04.q589; 2159CompTIA.CAS-003.v2022-05-09.q215

최근 업로드: 108Oracle.1Z0-1160-1.v2025-09-10.q18; 107Oracle.1z0-1054-25.v2025-09-10.q50; 104Cisco.300-710.v2025-09-10.q297; 106VMware.2V0-41.24.v2025-09-10.q104; 152Avaya.78201X.v2025-09-09.q135; 141CompTIA.220-1202.v2025-09-09.q57; 174CheckPoint.156-215.81.v2025-09-09.q391; 207ECCouncil.312-50v13.v2025-09-09.q347; 133Supermicro.SMI300XS.v2025-09-08.q15; 125Oracle.1z0-1104-25.v2025-09-08.q12