Free Access CompTIA.CAS-003.v2022-08-15.q472 Practice Test (Page 32)

Question 151

An internal penetration tester was assessing a recruiting page for potential issues before it was pushed to the production website. The penetration tester discovers an issue that must be corrected before the page goes live. The web host administrator collects the log files below and gives them to the development team so improvements can be made to the security design of the website.

Which of the following types of attack vectors did the penetration tester use?

A.XSS

B.SQL injection

C.Brute force

D.TOC/TOU

E.CSRF

Question 152

A systems administrator recently joined an organization and has been asked to perform a security assessment of controls on the organization's file servers, which contain client data from a number of sensitive systems. The administrator needs to compare documented access requirements to the access implemented within the file system.
Which of the following is MOST likely to be reviewed during the assessment? (Select two.)

A.Access control list

B.Security requirements traceability matrix

C.Data owner matrix

D.Roles matrix

E.Data design document

F.Data access policies

Question 153

A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three changes to deploy a new application onto the network before it is operational.
Security now has a significant effect on overall availability. Which of the following would be the FIRST process to perform as a result of these findings?

A.Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Reuse the firewall infrastructure on other projects.

B.Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Decrease the current SLA expectations to match the new solution.

C.Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. As part of the review ask them to review the control effectiveness.

D.Review to determine if control effectiveness is in line with the complexity of the solution.
Determine if the requirements can be met with a simpler solution.

Question 154

A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the following would MOST appropriately address Joe's concerns?

A.Ensure web services hosting the event use TCP cookies and deny_hosts.

B.Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions.

C.Contract and configure scrubbing services with third-party DDoS mitigation providers.

D.Purchase additional bandwidth from the company's Internet service provider.

Question 155

An analyst connects to a company web conference hosted on
www.webconference.com/meetingID#01234 and observes that numerous guests have been allowed to join, without providing identifying information. The topics covered during the web conference are considered proprietary to the company. Which of the following security concerns does the analyst present to management?

A.Guest users could present a risk to the integrity of the company's information.

B.Authenticated users could sponsor guest access that was previously approved by management.

C.Unauthenticated users could present a risk to the confidentiality of the company's information.

D.Meeting owners could sponsor guest access if they have passed a background check.

Other Version: 7511CompTIA.CAS-003.v2022-09-22.q535; 4322CompTIA.CAS-003.v2022-05-05.q206; 2991CompTIA.CAS-003.v2022-04-30.q141; 84CompTIA.Actualtestpdf.CAS-003.v2022-01-19.by.morgan.327q.pdf

Latest Upload: 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 172TheSecOpsGroup.CNSP.v2025-09-08.q20; 239CFAInstitute.ESG-Investing.v2025-09-08.q173; 234PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 157Salesforce.Data-Architect.v2025-09-05.q216; 152Adobe.AD0-E605.v2025-09-05.q50

Question 151

Question 152

Question 153

Question 154

Question 155

Download PDF File