Free Access CompTIA.CAS-003.v2022-09-22.q535 Practice Test (Page 65)

Question 316

Given the code snippet below:

Which of the following vulnerability types in the MOST concerning?

A.Only short usernames are supported, which could result in brute forcing of credentials.

B.Buffer overflow in the username parameter could lead to a memory corruption vulnerability.

C.Hardcoded usernames with different code paths taken depend on which user is entered.

D.Format string vulnerability is present for admin users but not for standard users.

Question 317

The technology steering committee is struggling with increased requirements stemming from an increase in telecommuting. The organization has not addressed telecommuting in the past. The implementation of a new SSL-VPN and a VOIP phone solution enables personnel to work from remote locations with corporate assets. Which of the following steps must the committee take FIRST to outline senior management's directives?

A.Develop an information classification scheme that will properly secure data on corporate systems.

B.Implement database views and constrained interfaces so remote users will be unable to access PII from personal equipment.

C.Publish a policy that addresses the security requirements for working remotely with company equipment.

D.Work with mid-level managers to identify and document the proper procedures for telecommuting.

Question 318

A security manager looked at various logs while investigating a recent security breach in the data center from an external source. Each log below was collected from various security devices compiled from a report through the company's security information and event management server.
Logs:
Log 1:
Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.2.5.81 3 packets Log 2:
HTTP://www.company.com/index.php?user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Log 3:
Security Error Alert
Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client Log 4:
Encoder oe = new OracleEncoder ();
String query = "Select user_id FROM user_data WHERE user_name = ' "
+ oe.encode ( req.getParameter("userID") ) + " ' and user_password = ' "
+ oe.encode ( req.getParameter("pwd") ) +" ' ";
Vulnerabilities
Buffer overflow
SQL injection
ACL
XSS
Which of the following logs and vulnerabilities would MOST likely be related to the security breach? (Select TWO).

A.Log 1

B.Log 2

C.Log 3

D.Log 4

E.Buffer overflow

F.ACL

G.XSS

H.SQL injection

Question 319

A security researches is gathering information about a recent spoke in the number of targeted attacks against multinational banks. The spike is on top of already sustained attacks against the banks. Some of the previous attacks have resulted in the loss of sensitive data, but as of yet the attackers have not successfully stolen any funds.
Based on the information available to the researcher, which of the following is the MOST likely threat profile?

A.Opportunists seeking notoriety and fame for personal gain.

B.Hacktivists seeking to make a political statement because of socio-economic factors.

C.Nation-state-sponsored attackers conducting espionage for strategic gain.

D.Insiders seeking to gain access to funds for illicit purposes.

Question 320

An external red team is brought into an organization to perform a penetration test of a new network-based application. The organization deploying the network application wants the red team to act like remote, external attackers, and instructs the team to use a black-box approach. Which of the following is the BEST methodology for the red team to follow?

A.Askfor moredetailsregardingthe engagementusingsocial engineering tacticsinan attempttogetthe organization to disclose more information about the network application to make attacks easier.

B.Examinethe application using a portscanner, thenrun a vulnerabilityscanner againstopenports looking for known, exploitable weaknesses the application and related services may have.

C.Runa protocolanalyzertodetermine whattrafficis flowingin and outof theserver,andlookforways to alter the data stream that will result in information leakage or a system failure.

D.Sendoutspear-phishingemailsagainstuserswhoare known to have accesstothenetwork-based application, so the red team can go on-site with valid credentials and use the software.

Other Version: 6565CompTIA.CAS-003.v2022-08-15.q472; 4322CompTIA.CAS-003.v2022-05-05.q206; 2991CompTIA.CAS-003.v2022-04-30.q141; 84CompTIA.Actualtestpdf.CAS-003.v2022-01-19.by.morgan.327q.pdf

Latest Upload: 106Oracle.1z0-1196-25.v2025-09-12.q18; 104NetworkAppliance.NS0-162.v2025-09-12.q86; 144OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 180TheSecOpsGroup.CNSP.v2025-09-08.q20; 259CFAInstitute.ESG-Investing.v2025-09-08.q173; 244PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Question 316

Question 317

Question 318

Question 319

Question 320

Download PDF File