Free Access CompTIA.CAS-003.v2022-09-22.q535 Practice Test (Page 15)

Question 66

Following a recent network intrusion, a company wants to determine the current security awareness of all of its employees. Which of the following is the BEST way to test awareness?

A.Hire an external company to provide an independent audit of the network security posture

B.Send an email from a corporate account, requesting users to log onto a website with their enterprise account

C.Conduct a series of security training events with comprehensive tests at the end

D.Review the social media of all employees to see how much proprietary information is shared

Question 67

Lab Simulation
Company A has noticed abnormal behavior targeting their SQL server on the network from a rogue IP address.
The company uses the following internal IP address ranges:
192.10.1.0/24 for the corporate site and 192.10.2.0/24 for the remote site.
The Telco router interface uses the 192.10.5.0/30 IP range.
Instructions: Click on the simulation button to refer to the Network Diagram for Company A.
Click on Router 1, Router 2, and the Firewall to evaluate and configure each device.
Task 1: Display and examine the logs and status of Router 1, Router 2, and Firewall interfaces.
Task 2: Reconfigure the appropriate devices to prevent the attacks from continuing to target the SQL server and other servers on the corporate network.

Question 68

A large, multinational company currently has two separate databases One is used for ERP while the second is used for CRM To consolidate services and infrastructure, it is proposed to combine the databases The company's compliance manager is asked to review the proposal and is concerned about this integration Which of the following would pose the MOST concern to the compliance manager?

A.Auditing the combined database structure will require more short-term resources, as the new system will need to be learned by the auditing team to ensure all security controls are in

B.There are specific regulatory requirements the company might be violating by combining these two types of services into one shared platform.

C.By consolidating services in this manner, there is an increased risk posed to the organization due to the number of resources required to manage the larger data pool.

D.The attack surface of the combined database is lower than the previous separate systems, so there likely are wasted resources on additional security controls that will not be needed

Question 69

A critical system audit shows that the payroll system is not meeting security policy due to missing OS security patches. Upon further review, it appears that the system is not being patched at all. The vendor states that the system is only supported on the current OS patch level. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system?

A.Isolate the system on a secure network to limit its contact with other systems

B.Implement an application layer firewall to protect the payroll system interface

C.Monitor the system's security log for unauthorized access to the payroll application

D.Perform reconciliation of all payroll transactions on a daily basis

Question 70

Confidential information related to Application A.
Application B and Project X appears to have been leaked to a competitor. After consulting with the legal team, the IR team is advised to take immediate action to preserve evidence for possible litigation and criminal charges.
While reviewing the rights and group ownership of the data involved in the breach, the IR team inspects the following distribution group access lists:

Which of the following actions should the IR team take FIRST?

A.Implement a proxy server on the network to inspect all outbound SMTP traffic for the DevOps group

B.Install DLP software on all developer laptops to prevent data from leaving the network.

C.Place the mailbox for jsmith on legal hold

D.Remove all members from the distribution groups immediately

Other Version: 6507CompTIA.CAS-003.v2022-08-15.q472; 4321CompTIA.CAS-003.v2022-05-05.q206; 2985CompTIA.CAS-003.v2022-04-30.q141; 84CompTIA.Actualtestpdf.CAS-003.v2022-01-19.by.morgan.327q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 153Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 166TheSecOpsGroup.CNSP.v2025-09-08.q20; 229CFAInstitute.ESG-Investing.v2025-09-08.q173; 176PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 152Salesforce.Data-Architect.v2025-09-05.q216; 148Adobe.AD0-E605.v2025-09-05.q50

Question 66

Question 67

Question 68

Question 69

Question 70

Download PDF File