무료 온라인 액세스 CompTIA.CAS-003.v2022-12-20.q589 모의 시험 (Page 94)

CAS-003 문제 461

An information security manager conducted a gap analysis, which revealed a 75% implementation of security controls for high-risk vulnerabilities, 90% for medium vulnerabilities, and 10% for low-risk vulnerabilities. To create a road map to close the identified gaps, the assurance team reviewed the likelihood of exploitation of each vulnerability and the business impact of each associated control. To determine which controls to implement, which of the following is the MOST important to consider?

A. KPI

B. KRI

C. GRC

D. BIA

CAS-003 문제 462

A company has completed the implementation of technical and management controls as required by its adopted security, ponies and standards. The implementation took two years and consumed s the budget approved to security projects. The board has denied any further requests for additional budget. Which of the following should the company do to address the residual risk?

A. Transfer the risk

B. Remove the risk

C. Accept the risk

D. Baseline the risk.

CAS-003 문제 463

A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool?

A. The tool could show that input validation was only enabled on the client side

B. The tool could enumerate backend SQL database table and column names

C. The tool could force HTTP methods such as DELETE that the server has denied

D. The tool could fuzz the application to determine where memory leaks occur

CAS-003 문제 464

After several industry comnpetitors suffered data loss as a result of cyebrattacks, the Chief Operating Officer (COO) of a company reached out to the information security manager to review the organization's security stance. As a result of the discussion, the COO wants the organization to meet the following criteria:
- Blocking of suspicious websites
- Prevention of attacks based on threat intelligence
- Reduction in spam
- Identity-based reporting to meet regulatory compliance
- Prevention of viruses based on signature
- Project applications from web-based threats
Which of the following would be the BEST recommendation the information security manager could make?

A. Reconfigure existing IPS resources

B. Deploy a UTM solution

C. Implement a WAF

D. Deploy a SIEM solution

E. Implement an EDR platform

CAS-003 문제 465

Which of the following provides the BEST risk calculation methodology?

A. Annual Loss Expectancy (ALE) x Value of Asset

B. Potential Loss x Event Probability x Control Failure Probability

C. Impact x Threat x Vulnerability

D. Risk Likelihood x Annual Loss Expectancy (ALE)

다른 버전: 5016CompTIA.CAS-003.v2022-07-04.q589; 2159CompTIA.CAS-003.v2022-05-09.q215

최근 업로드: 108Avaya.78201X.v2025-09-09.q135; 110CompTIA.220-1202.v2025-09-09.q57; 106CheckPoint.156-215.81.v2025-09-09.q391; 113ECCouncil.312-50v13.v2025-09-09.q347; 119Supermicro.SMI300XS.v2025-09-08.q15; 119Oracle.1z0-1104-25.v2025-09-08.q12; 117SAP.C-LIXEA-2404.v2025-09-08.q60; 129Cisco.300-730.v2025-09-08.q143; 108Huawei.H19-308_V4.0.v2025-09-08.q77; 122Nutanix.NCA-6.5.v2025-09-08.q56