Free Access CompTIA.CAS-003.v2022-09-22.q535 Practice Test (Page 40)

Question 191

An enterprise is trying to secure a specific web-based application by forcing the use of multifactor authentication.
Currently, the enterprise cannot change the application's sign-in page to include an extra field.
However, the web-based application supports SAML. Which of the following would BEST secure the application?

A.Forcing higher-complexity passwords and frequent changes

B.Using an SSO application that supports mutlifactor authentication

C.Enabling the web application to support LDAP integration

D.Deploying Shibboleth to all web-based applications in the enterprise

Question 192

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality. Which of the following equipment MUST be deployed to guard against unknown threats?

A.Cloud-based antivirus solution, running as local admin, with push technology for definition updates.

B.Implementation of an offsite data center hosting all company data, as well as deployment of VDI for all client computing needs.

C.Host based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs.

D.Behavior based IPS with a communication link to a cloud based vulnerability and threat feed.

Question 193

A popular commercial virtualization platform allows for the creation of virtual hardware. To virtual machines, this virtual hardware is indistinguishable from real hardware. By implementing virtualized TPMs, which of the following trusted system concepts can be implemented?

A.Software-based root of trust

B.Continuous chain of trust

C.Chain of trust with a hardware root of trust

D.Software-based trust anchor with no root of trust

Question 194

A security engineer is attempting to convey the importance of including job rotation in a company's standard security policies. Which of the following would be the BEST justification?

A.Forcing different people to perform the same job minimizes the amount of time malicious actions go undetected by forcing malicious actors to attempt collusion between two or more people.

B.It eliminates the need to share administrative account passwords because employees gain administrative rights as they rotate into a new job area.

C.Administrators and engineers who perform multiple job functions throughout the day benefit from being cross-trained in new job areas.

D.Making employees rotate through jobs ensures succession plans can be implemented and prevents single point of failure.

Question 195

An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application is released to the public, report come In that a previously vulnerability has returned. Which of the following should the developer integrate into the process to BEST prevent this type of behavior?

A.Regression testing

B.Dynamic analysis

C.Peer review

D.User acceptance

Other Version: 6549CompTIA.CAS-003.v2022-08-15.q472; 4322CompTIA.CAS-003.v2022-05-05.q206; 2991CompTIA.CAS-003.v2022-04-30.q141; 84CompTIA.Actualtestpdf.CAS-003.v2022-01-19.by.morgan.327q.pdf

Latest Upload: 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 172TheSecOpsGroup.CNSP.v2025-09-08.q20; 240CFAInstitute.ESG-Investing.v2025-09-08.q173; 236PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 159Salesforce.Data-Architect.v2025-09-05.q216; 153Adobe.AD0-E605.v2025-09-05.q50

Question 191

Question 192

Question 193

Question 194

Question 195

Download PDF File