Free Access CompTIA.CAS-003.v2022-04-30.q141 Practice Test (Page 7)

Question 26

An administrator believes that the web servers are being flooded with excessive traffic from time to time. The administrator suspects that these traffic floods correspond to when a competitor makes major announcements. Which of the following should the administrator do to prove this theory?

A.Implement data analytics to try and correlate the occurrence times.

B.Implement a honey pot to capture traffic during the next attack.

C.Configure the servers for high availability to handle the additional bandwidth.

D.Log all traffic coming from the competitor's public IP addresses.

Question 27

Some mobile devices are jail-broken by connecting via USB cable and then exploiting software vulnerabilities to get kernel-level access.
Which of the following attack types represents this scenario? (Select TWO).

A.Privilege escalation

B.Physical attack

C.Man-in-the-middle

D.Session management attack

E.Protocol fuzzing

F.Root-kit compromise

Question 28

A small company's Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company's security posture quickly with regard to targeted attacks. Which of the following should the CSO conduct FIRST?

A.Survey threat feeds from services inside the same industry.

B.Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic.

C.Conduct an internal audit against industry best practices to perform a qualitative analysis.

D.Deploy a UTM solution that receives frequent updates from a trusted industry vendor.

Question 29

A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place, as well as allow for the upload of commands from a centralized command and control answer.
The total cost of the device must be kept to a minimum in case the device is discovered during an assessment. Which of the following tools should the engineer load onto the device being designed?

A.TCP beacon broadcast software

B.Custom firmware with rotating key generation

C.Automatic MITM proxy

D.Reverse shell endpoint listener

Question 30

An internal penetration tester was assessing a recruiting page for potential issues before it was pushed to the production website. The penetration tester discovers an issue that must be corrected before the page goes live. The web host administrator collects the log files below and gives them to the development team so improvements can be made to the security design of the website.

Which of the following types of attack vector did the penetration tester use?

A.SQLi

B.CSRF

C.Brute force

D.XSS

E.TOC/TOU

Other Version: 7453CompTIA.CAS-003.v2022-09-22.q535; 6479CompTIA.CAS-003.v2022-08-15.q472; 4289CompTIA.CAS-003.v2022-05-05.q206; 84CompTIA.Actualtestpdf.CAS-003.v2022-01-19.by.morgan.327q.pdf

Latest Upload: 102OCEG.GRCP.v2025-09-11.q211; 102HP.HPE0-V27.v2025-09-11.q78; 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 222CFAInstitute.ESG-Investing.v2025-09-08.q173; 157PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 147Salesforce.Data-Architect.v2025-09-05.q216; 141Adobe.AD0-E605.v2025-09-05.q50

Question 26

Question 27

Question 28

Question 29

Question 30

Download PDF File