Free Access CompTIA.CAS-003.v2022-05-05.q206 Practice Test (Page 13)

Question 56

The Chief Information Security Officer (CISO) of an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local authorities, and when they arrive on-site, the authorities ask a security engineer to create a point-in-time copy of the running database in their presence. This is an example of:

A.deploying fraud monitoring

B.creating a forensic image

C.following a chain of custody

D.analyzing the order of volatility

Question 57

A PaaS provider deployed a new product using a DevOps methodology Because DevOps is used to support both development and production assets inherent separation of duties is limited To ensure compliance with security frameworks that require a specific set of controls relating to separation of duties the organization must design and implement an appropriate compensating control Which of the following would be MOST suitable in this scenario?

A.Implementation of peer review, static code analysis and web application penetration testing against the staging environment

B.Configuration of increased levels of logging, monitoring and alerting on production access

C.Development of standard code libraries and usage of the WS-security module on all web servers

D.Configuration of MFA and context-based login restrictions for all DevOps personnel

Question 58

An insurance company has two million customers and is researching the top transactions on its customer portal. It identifies that the top transaction is currently password reset. Due to users not remembering their secret questions, a large number of calls are consequently routed to the contact center for manual password resets. The business wants to develop a mobile application to improve customer engagement in the future, continue with a single factor of authentication, minimize management overhead of the solution, remove passwords, and eliminate to the contact center.
Which of the following techniques would BEST meet the requirements? (Choose two.)

A.Magic link sent to an email address

B.Third-party social login

C.Certificate sent to be installed on a device

D.Customer ID sent via push notification

E.Hardware tokens sent to customers

F.SMS with OTP sent to a mobile number

Question 59

A project manager is working with a software development group to collect and evaluate user stories related to the organization's internally designed CRM tool. After defining requirements, the project manager would like to validate the developer's interpretation and understanding of the user's request. Which of the following would BEST support this objective?

A.Unit testing

B.User acceptance testing

C.Scrum

D.Peer review

E.Design review

Question 60

Joe an application security engineer is performing an audit of an environmental control application He has implemented a robust SDLC process and is reviewing API calls available to the application During the review. Joe finds the following in a log file.

Which of the following would BEST mitigate the issue Joe has found?

A.Verify the API uses HTTP GET instead of POST

B.Perform authentication via a secure channel

C.Ensure the API uses SNMPv1.

D.Deploy a WAF in front of the API and implement rate limiting

Other Version: 7454CompTIA.CAS-003.v2022-09-22.q535; 6488CompTIA.CAS-003.v2022-08-15.q472; 2972CompTIA.CAS-003.v2022-04-30.q141; 84CompTIA.Actualtestpdf.CAS-003.v2022-01-19.by.morgan.327q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 158PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 148Salesforce.Data-Architect.v2025-09-05.q216; 143Adobe.AD0-E605.v2025-09-05.q50

Question 56

Question 57

Question 58

Question 59

Question 60

Download PDF File