Free Access CompTIA.CAS-003.v2022-08-15.q472 Practice Test (Page 52)

Question 251

An administrator has noticed mobile devices from an adjacent company on the corporate wireless network. Malicious activity is being reported from those devices. To add another layer of security in an enterprise environment, an administrator wants to add contextual authentication to allow users to access enterprise resources only while present in corporate buildings. Which of the following technologies would accomplish this?

A.Bluetooth

B.Rogue device detection

C.Port security

D.GPS

Question 252

Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser crashes the browser and then allows him to gain remote code execution in the context of the victim's privilege level. The browser crashes due to an exception error when a heap memory that is unused is accessed. Which of the following BEST describes the application issue?

A.Integer overflow

B.Click-jacking

C.Race condition

D.SQL injection

E.Use after free

F.Input validation

Correct Answer: E

Use-After-Free vulnerabilities are a type of memory corruption flaw that can be leveraged by hackers to execute arbitrary code.
Use After Free specifically refers to the attempt to access memory after it has been freed, which can cause a program to crash or, in the case of a Use-After-Free flaw, can potentially result in the execution of arbitrary code or even enable full remote code execution capabilities.
According to the Use After Free definition on the Common Weakness Enumeration (CWE) website, a Use After Free scenario can occur when "the memory in question is allocated to another pointer validly at some point after it has been freed. The original pointer to the freed memory is used again and points to somewhere within the new allocation. As the data is changed, it corrupts the validly used memory; this induces undefined behavior in the process." Incorrect Answers:
A: Integer overflow is the result of an attempt by a CPU to arithmetically generate a number larger than what can fit in the devoted memory storage space. Arithmetic operations always have the potential of returning unexpected values, which may cause an error that forces the whole program to shut down. This is not what is described in this question.
B: Clickjacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. This is not what is described in this question.
C: A race condition is an undesirable situation that occurs when a device or system attempts to perform two or more operations at the same time, but because of the nature of the device or system, the operations must be done in the proper sequence to be done correctly. This is not what is described in this question.
D: SQL injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data. This is not what is described in this question.
F: Input validation is used to ensure that the correct data is entered into a field. For example, input validation would prevent letters typed into a field that expects number from being accepted. This is not what is described in this question.
References:
http://www.webopedia.com/TERM/U/use-after-free.html
https://en.wikipedia.org/wiki/Clickjacking
http://searchstorage.techtarget.com/definition/race-condition

Question 253

An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the final negotiations, there are a number of outstanding issues, including:
1. Indemnity clauses have identified the maximum liability
2. The data will be hosted and managed outside of the company's geographical location
The number of users accessing the system will be small, and no sensitive data will be hosted in the solution. As the security consultant on the project, which of the following should the project's security consultant recommend as the NEXT step?

A.Develop a security exemption, as it does not meet the security policies

B.Review the entire procurement process to determine the lessons learned

C.Mitigate the risk by asking the vendor to accept the in-country privacy principles

D.Require the solution owner to accept the identified risks and consequences

Question 254

An administrator is working with management to develop policies related to the use of cloud- based resources that contain corporate data Management plans to require some control offer organizational data stored on personal devices such as tablets.
Which of the following controls would BEST support managements policy?

A.Sandboxing

B.MDM

C.FDE

D.Mobile tokenization

E.MFA

Question 255

A user has a laptop configured with multiple operating system installations. The operating systems are all installed on a single SSD, but each has its own partition and logical volume. Which of the following is the BEST way to ensure confidentiality of individual operating system data?

A.Encryption of each individual partition

B.Encryption of the SSD at the file level

C.FDE of each logical volume on the SSD

D.FDE of the entire SSD as a single disk

Other Version: 7528CompTIA.CAS-003.v2022-09-22.q535; 4322CompTIA.CAS-003.v2022-05-05.q206; 2991CompTIA.CAS-003.v2022-04-30.q141; 84CompTIA.Actualtestpdf.CAS-003.v2022-01-19.by.morgan.327q.pdf

Latest Upload: 106Oracle.1z0-1196-25.v2025-09-12.q18; 104NetworkAppliance.NS0-162.v2025-09-12.q86; 144OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 180TheSecOpsGroup.CNSP.v2025-09-08.q20; 259CFAInstitute.ESG-Investing.v2025-09-08.q173; 243PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Question 251

Question 252

Question 253

Question 254

Question 255

Download PDF File