무료 온라인 액세스 CompTIA.CAS-003.v2022-12-20.q589 모의 시험 (Page 84)

CAS-003 문제 411

개발자는 웹 페이지 로그인 화면에 사용자가 제공한 입력을 삭제하기 위해 클라이언트 측 JavaScript 코드를 구현했습니다. 이 코드는 사용자 이름 필드에 대문자와 소문자만 입력하고 비밀번호 필드에 6자리 PIN만 입력하도록 합니다. 보안 관리자는 다음 웹 서버 로그에 관심이 있습니다.
10.235.62.11 - - [02/Mar/2014:06:13:04] "GET
/site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1" 200 5724
이 로그가 주어지면 다음 중 보안 관리자와 관련이 있으며 개발자가 구현해야 하는 수정 사항은 무엇입니까?

A. 보안 관리자는 관리 액세스 권한을 얻기 위해 사용되는 인쇄할 수 없는 문자에 대해 우려하고 있으며 개발자는 인쇄할 수 없는 모든 문자를 제거해야 합니다.

B. 보안 관리자는 XSS에 관심이 있으며 개발자는 브라우저 측에서 유니코드 문자를 정규화해야 합니다.

C. 보안 관리자는 SQL 인젝션에 관심이 있으며 개발자는 서버 측 입력 유효성 검사를 구현해야 합니다.

D. 보안 관리자는 누군가가 관리자로 로그온할 수 있다는 점을 우려하고 있으며 개발자는 강력한 암호가 적용되도록 해야 합니다.

CAS-003 문제 412

A company has deployed MFA Some employees, however, report they ate not gelling a notification on their mobile device Other employees report they downloaded a common authenticates application but when they tap the code in the application it just copies the code to memory instead of confirming the authentication attempt Which of the following are the MOST likely explanations for these scenarios? (Select TWO)

A. The company does not allow an SMS authentication method

B. The WAYF method requires a third factor before the authentication process can complete

C. OpenID Connect requires at least one factor to be a biometric

D. These are symptoms of known compatibility issues with OAuth 1 0

E. The company is using a claims-based authentication system for MFA

F. A vendor-specific authenticator application is needed for push notifications

CAS-003 문제 413

A government contractor was the victim of a malicious attack that resulted in the theft of sensitive information.
An analyst's subsequent investigation of sensitive systems led to the following discoveries:
* There was no indication of the data owner's or user's accounts being compromised.
* No database activity outside of previous baselines was discovered.
* All workstations and servers were fully patched for all known vulnerabilities at the time of the attack.
* It was likely not an insider threat, as all employees passed polygraph tests.
Given this scenario, which of the following is the MOST likely attack that occurred?

A. After successfully using a watering hole attack to deliver an exploit to a machine, which belongs to an employee of the contractor, an attacker gained access to a corporate laptop. With this access, the attacker then established a remote session over a VPN connection with the server hosting the database of sensitive information.

B. A shared workstation was physically accessible in a common area of the contractor's office space and was compromised by an attacker using a USB exploit, which resulted in gaining a local administrator account.
Using the local administrator credentials, the attacker was able to move laterally to the server hosting the database with sensitive information.

C. The attacker harvested the hashed credentials of an account within the database administrators group after dumping the memory of a compromised machine. With these credentials, the attacker was able to access the database containing sensitive information directly.

D. An account, which belongs to an administrator of virtualization infrastructure, was compromised with a successful phishing attack. The attacker used these credentials to access the virtual machine manager and made a copy of the target virtual machine image. The attacker later accessed the image offline to obtain sensitive information.

CAS-003 문제 414

한 회사가 일련의 피싱 공격을 받았습니다. 200명 이상의 사용자가 이메일의 링크를 클릭하여 워크스테이션에 감염되었습니다. 사고 분석 결과 실행 파일이 실행되고 각 워크스테이션의 관리자 계정이 손상되었음을 확인했습니다. 경영진은 정보 보안 팀에 이러한 일이 다시 발생하지 않도록 요구하고 있습니다.
다음 중 이러한 일이 다시 발생하는 것을 가장 잘 방지할 수 있는 것은 무엇입니까?

A. 안티바이러스

B. 패치 관리

C. 로그 모니터링

D. 애플리케이션 허용 목록

E. 인식 교육

CAS-003 문제 415

A web developer has implemented HTML5 optimizations into a legacy web application. One of the
modifications the web developer made was the following client side optimization:
localStorage.setItem("session-cookie", document.cookie);
Which of the following should the security engineer recommend?

A. Cookies should be marked as "secure" and "HttpOnly"

B. Client-side cookies should be replaced by server-side mechanisms

C. SessionStorage should be used so authorized cookies expire after the session ends

D. Cookies should be scoped to a relevant domain/path

다른 버전: 5034CompTIA.CAS-003.v2022-07-04.q589; 2159CompTIA.CAS-003.v2022-05-09.q215

최근 업로드: 130Avaya.78201X.v2025-09-09.q135; 135CompTIA.220-1202.v2025-09-09.q57; 122CheckPoint.156-215.81.v2025-09-09.q391; 165ECCouncil.312-50v13.v2025-09-09.q347; 120Supermicro.SMI300XS.v2025-09-08.q15; 121Oracle.1z0-1104-25.v2025-09-08.q12; 129SAP.C-LIXEA-2404.v2025-09-08.q60; 150Cisco.300-730.v2025-09-08.q143; 128Huawei.H19-308_V4.0.v2025-09-08.q77; 128Nutanix.NCA-6.5.v2025-09-08.q56