무료 온라인 액세스 CompTIA.CAS-003.v2022-12-20.q589 모의 시험 (Page 86)

CAS-003 문제 421

At a meeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company's web servers can be obtained publicly and is not proprietary in any way. The next day the company's website is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website.
Which of the following is the FIRST action the company should take?

A. Refer to and follow procedures from the company's incident response plan.

B. Call a press conference to explain that the company has been hacked.

C. Establish chain of custody for all systems to which the systems administrator has access.

D. Conduct a detailed forensic analysis of the compromised system.

E. Inform the communications and marketing department of the attack details.

CAS-003 문제 422

The code snippet below controls all electronic door locks to a secure facility in which the doors should only fail open in an emergency. In the code, "criticalValue" indicates if an emergency is underway:

Which of the following is the BEST course of action for a security analyst to recommend to the software developer?

A. Add additional exception handling logic to the main program to prevent doors from being opened

B. Rewrite the software's exception handling routine to fail in a secure state

C. Rewrite the software to implement fine-grained, conditions-based testing

D. Apply for a life-safety-based risk exception allowing secure doors to fail open

CAS-003 문제 423

Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue. The security team needs to find a technical control mechanism that will meet the following requirements and aid in preventing these outbreaks:
* Stop malicious software that does not match a signature
* Report on instances of suspicious behavior
* Protect from previously unknown threats
* Augment existing security capabilities
Which of the following tools would BEST meet these requirements?

A. Patch management

B. EDR

C. HIPS

D. Host-based firewall

CAS-003 문제 424

A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet:

Which of the following should the penetration tester conclude about the command output?

A. The public/private views on the Comptia.org DNS servers are misconfigured

B. The DNS SPF records have not been updated for Comptia.org

C. Comptia.org is running an older mail server, which may be vulnerable to exploits

D. 192.168.102.67 is a backup mail server that may be more vulnerable to attack

CAS-003 문제 425

A security consultant is considering authentication options for a financial institution. The following authentication options are available security mechanism to the appropriate use case. Options may be used once.

다른 버전: 5034CompTIA.CAS-003.v2022-07-04.q589; 2159CompTIA.CAS-003.v2022-05-09.q215

최근 업로드: 130Avaya.78201X.v2025-09-09.q135; 134CompTIA.220-1202.v2025-09-09.q57; 121CheckPoint.156-215.81.v2025-09-09.q391; 162ECCouncil.312-50v13.v2025-09-09.q347; 120Supermicro.SMI300XS.v2025-09-08.q15; 121Oracle.1z0-1104-25.v2025-09-08.q12; 129SAP.C-LIXEA-2404.v2025-09-08.q60; 150Cisco.300-730.v2025-09-08.q143; 128Huawei.H19-308_V4.0.v2025-09-08.q77; 127Nutanix.NCA-6.5.v2025-09-08.q56