Free Access CompTIA.CAS-003.v2022-05-05.q206 Practice Test (Page 34)

Question 161

The Chief Executive Officer (CEO) of a small startup company has an urgent need for a security policy and assessment to address governance, risk management, and compliance. The company has a resource-constrained IT department, but has no information security staff. The CEO has asked for this to be completed in three months.
Which of the following would be the MOST cost-effective solution to meet the company's needs?

A.Release an RFP to consultancy firms, and then select the most appropriate consultant who can fulfill the requirements.

B.Accept all risks associated with information security, and then bring up the issue again at next year's annual board meeting.

C.Hire an experienced, full-time information security team to run the startup company's information security department.

D.Select one of the IT personnel to obtain information security training, and then develop all necessary policies and documents in-house.

Question 162

A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.

Which of the following should the security analyst perform?

A.Block the IP address for the business partner at the perimeter firewall.

B.Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.

C.Configure the email gateway to automatically quarantine all messages originating from the business partner.

D.Contact the security department at the business partner and alert them to the email event.

Question 163

A security engineer is assisting a developer with input validation, and they are studying the following code block:

The security engineer wants to ensure strong input validation is in place for customer-provided account identifiers. These identifiers are ten-digit numbers. The developer wants to ensure input validation is fast because a large number of people use the system.
Which of the following would be the BEST advice for the security engineer to give to the developer?

A.Replace code with Java-based type checks

B.Use regular expressions

C.Canonicalize input into string objects before validation

D.Parse input into an array

Question 164

A company is purchasing an application that will be used to manage all IT assets as well as provide an incident and problem management solution for IT activity The company narrows the search to two products. Application A and Application B; which meet all of its requirements. Application A is the most cost-effective product, but it is also the riskiest so the company purchases Application B.
Which of the following types of strategies did the company use when determining risk appetite?

A.Avoidance

B.Transfer

C.Acceptance

D.Mitigation

Question 165

A security administrator must configure the database server shown below to comply with the four requirements listed. Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement. Answer options may be used once or not at all.

Other Version: 7454CompTIA.CAS-003.v2022-09-22.q535; 6488CompTIA.CAS-003.v2022-08-15.q472; 2972CompTIA.CAS-003.v2022-04-30.q141; 84CompTIA.Actualtestpdf.CAS-003.v2022-01-19.by.morgan.327q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 158PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 148Salesforce.Data-Architect.v2025-09-05.q216; 143Adobe.AD0-E605.v2025-09-05.q50

Question 161

Question 162

Question 163

Question 164

Question 165

Download PDF File