Free Access CompTIA.CAS-003.v2022-09-22.q535 Practice Test (Page 10)

Question 41

The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the Chief Security Officer's (CSO) request to harden the corporate network's perimeter. The CEO argues that the company cannot protect its employees at home, so the risk at work is no different.
Which of the following BEST explains why this company should proceed with protecting its corporate network boundary?

A.The corporate network is the only network that is audited by regulators and customers.

B.The aggregation of employees on a corporate network makes it a more valuable target for attackers.

C.Home networks are unknown to attackers and less likely to be targeted directly.

D.Employees are more likely to be using personal computers for general web browsing when they are at home.

Question 42

A medical device company is implementing a new COTS antivirus solution in its manufacturing plant. All
validated machines and instruments must be retested for interoperability with the new software.
Which of the following would BEST ensure the software and instruments are working as designed?

A.System design documentation

B.User acceptance testing

C.Static code analysis testing

D.Change control documentation

E.Peer review

Question 43

A medical device company is implementing a new COTS antivirus solution in its manufacturing plant. All validated machines and instruments must be retested for interoperability with the new software. Which of the following would BEST ensure the software and instruments are working as designed?

A.System design documentation

B.User acceptance testing

C.Peer review

D.Change control documentation

E.Static code analysis testing

Question 44

A penetration tester is inspecting traffic on a new mobile banking application and sends the following web request:
POSThttp://www.example.com/resources/NewBankAccount
HTTP/1.1
Content-type: application/json
{
"account":
[
{ "creditAccount":"Credit Card Rewards account"}
{ "salesLeadRef":"www.example.com/badcontent/exploitme.exe"}
],
"customer":
[
{ "name":"Joe Citizen"}
{ "custRef":"3153151"}
]
}
The banking website responds with:
HTTP/1.1 200 OK
{
"newAccountDetails":
[
{ "cardNumber":"1234123412341234"}
{ "cardExpiry":"2020-12-31"}
{ "cardCVV":"909"}
],
"marketingCookieTracker":"JSESSIONID=000000001"
"returnCode":"Account added successfully"
}
Which of the following are security weaknesses in this example? (Select TWO).

A.Missing input validation on some fields

B.Vulnerable to SQL injection

C.Sensitive details communicated in clear-text

D.Vulnerable to XSS

E.Vulnerable to malware file uploads

F.JSON/REST is not as secure as XML

Question 45

A forensics analyst suspects that a breach has occurred. Security logs show the company's OS patch system may be compromised, and it is serving patches that contain a zero-day exploit and backdoor. The analyst extracts an executable file from a packet capture of communication between a client computer and the patch server. Which of the following should the analyst use to confirm this suspicion?

A.File size

B.Digital signature

C.Checksums

D.Anti-malware software

E.Sandboxing

Other Version: 6478CompTIA.CAS-003.v2022-08-15.q472; 4289CompTIA.CAS-003.v2022-05-05.q206; 2963CompTIA.CAS-003.v2022-04-30.q141; 84CompTIA.Actualtestpdf.CAS-003.v2022-01-19.by.morgan.327q.pdf

Latest Upload: 102OCEG.GRCP.v2025-09-11.q211; 102HP.HPE0-V27.v2025-09-11.q78; 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 222CFAInstitute.ESG-Investing.v2025-09-08.q173; 157PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 147Salesforce.Data-Architect.v2025-09-05.q216; 141Adobe.AD0-E605.v2025-09-05.q50

Question 41

Question 42

Question 43

Question 44

Question 45

Download PDF File