Free Access CompTIA.CAS-003.v2022-08-15.q472 Practice Test (Page 96)

Question 471

A software development team is conducting functional and user acceptance testing of internally developed web applications using a COTS solution. For automated testing, the solution uses valid user credentials from the enterprise directory to authenticate to each application. The solution stores the username in plain text and the corresponding password as an encoded string in a script within a file, located on a globally accessible network share. The account credentials used belong to the development team lead. To reduce the risks associated with this scenario while minimizing disruption to ongoing testing, which of the following are the BEST actions to take? (Choose two.)

A.Restrict access to the network share by adding a group only for developers to the share's ACL

B.Implement a new COTS solution that does not use hard-coded credentials and integrates with directory services

C.Obfuscate the username within the script file with encoding to prevent easy identification and the account used

D.Provision a new user account within the enterprise directory and enable its use for authentication to the target applications. Share the username and password with all developers for use in their individual scripts

E.Redesign the web applications to accept single-use, local account credentials for authentication

Question 472

Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology.
Which of the following would be the advantage of conducting this kind of penetration test?

A.The risk of unplanned server outages is reduced.

B.Using documentation provided to them, the pen-test organization can quickly determine areas to focus on.

C.The results will show an in-depth view of the network and should help pin-point areas of internal weakness.

D.The results should reflect what attackers may be able to learn about the company.

Other Version: 7451CompTIA.CAS-003.v2022-09-22.q535; 4289CompTIA.CAS-003.v2022-05-05.q206; 2963CompTIA.CAS-003.v2022-04-30.q141; 84CompTIA.Actualtestpdf.CAS-003.v2022-01-19.by.morgan.327q.pdf

Latest Upload: 102OCEG.GRCP.v2025-09-11.q211; 102HP.HPE0-V27.v2025-09-11.q78; 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 222CFAInstitute.ESG-Investing.v2025-09-08.q173; 157PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 147Salesforce.Data-Architect.v2025-09-05.q216; 141Adobe.AD0-E605.v2025-09-05.q50

Question 471

Question 472

Download PDF File