Free Access CompTIA.CAS-003.v2022-08-15.q472 Practice Test (Page 68)

Question 331

A risk manager has decided to use likelihood and consequence to determine the risk of an event occurring to a company asset. Which of the following is a limitation of this approach to risk management?

A.Subjective and based on an individual's experience.

B.Requires a high degree of upfront work to gather environment details.

C.Difficult to differentiate between high, medium, and low risks.

D.Allows for cost and benefit analysis.

E.Calculations can be extremely complex to manage.

Question 332

A system engineer is reviewing output from a web application vulnerability scan. The engineer has determined data is entering the application from an untrusted source and is being used to construct a query dynamically.
Which of the following code snippets would BEST protect the application against an SQL injection attack?
A)

A.Option C

B.Option A

C.Option B

D.Option D

Question 333

A government contractor was the victim of a malicious attack that resulted in the theft of sensitive information. An analyst's subsequent investigation of sensitive systems led to the following discoveries:
* There was no indication of the data owner's or user's accounts being compromised.
* No database activity outside of previous baselines was discovered.
* All workstations and servers were fully patched for all known vulnerabilities at the time of the attack.
* It was likely not an insider threat, as all employees passed polygraph tests.
Given this scenario, which of the following is the MOST likely attack that occurred?

A.After successfully using a watering hole attack to deliver an exploit to a machine, which belongs to an employee of the contractor, an attacker gained access to a corporate laptop. With this access, the attacker then established a remote session over a VPN connection with the server hosting the database of sensitive information.

B.A shared workstation was physically accessible in a common area of the contractor's office space and was compromised by an attacker using a USB exploit, which resulted in gaining a local administrator account. Using the local administrator credentials, the attacker was able to move laterally to the server hosting the database with sensitive information.

C.An account, which belongs to an administrator of virtualization infrastructure, was compromised with a successful phishing attack. The attacker used these credentials to access the virtual machine manager and made a copy of the target virtual machine image. The attacker later accessed the image offline to obtain sensitive information.

D.The attacker harvested the hashed credentials of an account within the database administrators group after dumping the memory of a compromised machine. With these credentials, the attacker was able to access the database containing sensitive information directly.

Question 334

A company provides on-demand cloud computing resources for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two-factor authentication for customer access to the administrative website. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data from customer A was found on a hidden directory within the VM of company B.
Company B is not in the same industry as company A and the two are not competitors. Which of the following has MOST likely occurred?

A.Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to access each and move the data.

B.A stolen two factor token was used to move data from one virtual guest to another host on the same network segment.

C.A hypervisor server was left un-patched and an attacker was able to use a resource exhaustion attack to gain unauthorized access.

D.An employee with administrative access to the virtual guests was able to dump the guest memory onto a mapped disk.

Question 335

Which of the following is an external pressure that causes companies to hire security assessors and penetration testers?

A.Lack of adequate in-house testing skills.

B.Requirements for geographically based assessments

C.Cost reduction measures

D.Regulatory insistence on independent reviews.

Other Version: 7498CompTIA.CAS-003.v2022-09-22.q535; 4322CompTIA.CAS-003.v2022-05-05.q206; 2991CompTIA.CAS-003.v2022-04-30.q141; 84CompTIA.Actualtestpdf.CAS-003.v2022-01-19.by.morgan.327q.pdf

Latest Upload: 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 121Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 171TheSecOpsGroup.CNSP.v2025-09-08.q20; 238CFAInstitute.ESG-Investing.v2025-09-08.q173; 225PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 156Salesforce.Data-Architect.v2025-09-05.q216; 150Adobe.AD0-E605.v2025-09-05.q50

Question 331

Question 332

Question 333

Question 334

Question 335

Download PDF File