Free Access CompTIA.CAS-003.v2022-04-30.q141 Practice Test (Page 27)

Question 126

A Chief Financial Officer (CFO) has raised concerns with the Chief Information Security Officer (CISO) because money has been spent on IT security infrastructure, but corporate assets are still found to be vulnerable. The business recently funded a patch management product and SOE hardening initiative. A third party auditor reported findings against the business because some systems were missing patches. Which of the following statements BEST describes this situation?

A.The CFO is at fault because they are responsible for patching the systems and have already been given patch management and SOE hardening products.

B.The audit findings are invalid because remedial steps have already been applied to patch servers and the remediation takes time to complete.

C.The CISO has not selected the correct controls and the audit findings should be assigned to them instead of the CFO.

D.Security controls are generally never 100% effective and gaps should be explained to stakeholders and managed accordingly.

Question 127

The Chief Information Security Officer (CISO) of an organization is concerned with the transmission of cleartext authentication information across the enterprise. A security assessment has been performed and has identified the use of ports 80. 389. and 3268. Which of the following solutions would BEST address the CISO's concerns?

A.Proxy HTTP traffic and migrate to a more secure directory service

B.Deploy a VPN between networks that transmits authentication information via cleartext

C.Disable the ports that are determined to contain authentication information

D.Force HTTPS. enable LDAPS. and disable cleartext global catalog communication.

Question 128

A newly hired systems administrator is trying to connect a new and fully updated, but very customized,
Android device to access corporate resources. However, the MDM enrollment process continually fails.
The administrator asks a security team member to look into the issue. Which of the following is the MOST
likely reason the MDM is not allowing enrollment?

A.The device does not support FDE

B.The OS version is not compatible

C.The OEM is prohibited

D.The device is rooted

Question 129

A security appliance vendor is reviewing an RFP that is requesting solutions for the defense of a set of web-based applications. This RFP is from a financial institution with very strict performance requirements.
The vendor would like to respond with its solutions.
Before responding, which of the following factors is MOST likely to have an adverse effect on the vendor's qualifications?

A.The solution employs threat information-sharing capabilities using a proprietary data model.

B.The RFP is issued by a financial institution that is headquartered outside of the vendor's own country.

C.The overall solution proposed by the vendor comes in less that the TCO parameter in the RFP.

D.The vendor's proposed solution operates below the KPPs indicated in the RFP.

Question 130

When reviewing KRIs of the email security appliance with the Chief Information Security Officer (CISO) of an insurance company, the security engineer notices the following:

Which of the following measures should the security engineer take to ensure PII is not intercepted in transit while also preventing interruption to business?

A.Enable transport layer security on all outbound email communications and attachments.

B.Quarantine emails sent to external domains containing PII and release after inspection.

C.Prevent PII from being sent to domains that allow users to sign up for free webmail.

D.Provide security awareness training regarding transmission of PII.

Other Version: 7466CompTIA.CAS-003.v2022-09-22.q535; 6501CompTIA.CAS-003.v2022-08-15.q472; 4303CompTIA.CAS-003.v2022-05-05.q206; 84CompTIA.Actualtestpdf.CAS-003.v2022-01-19.by.morgan.327q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 158PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 149Salesforce.Data-Architect.v2025-09-05.q216; 144Adobe.AD0-E605.v2025-09-05.q50

Question 126

Question 127

Question 128

Question 129

Question 130

Download PDF File