Free Access CompTIA.CAS-003.v2022-09-22.q535 Practice Test (Page 90)

Question 441

Which of the following types of attacks is the user attempting?
select id, firstname, lastname from authors
User input= firstname= Hack;man
lastname=Johnson

A.XML injection

B.Command injection

C.Cross-site scripting

D.SQL injection

Question 442

A security consultant is considering authentication options for a financial institution. The following authentication options are available. Drag and drop the security mechanism to the appropriate use case. Options may be used once.

Question 443

After an employee was terminated, the company discovered the employee still had access to emails and attached content that should have been destroyed during the off-boarding. The employee's laptop and cell phone were confiscated and accounts were disabled promptly.
Forensic investigation suggests the company's DLP was effective, and the content in QUESTION
5was not sent outside of work or transferred to removable media. Personality owned devices are not permitted to access company systems or information.
Which of the following would be the MOST efficient control to prevent this from occurring in the future?

A.Perform unannounced insider threat testing on high-risk employees.

B.Prevent backup of mobile devices to personally owned computers.

C.Install application whitelist on mobile devices.

D.Disallow side loading of applications on mobile devices.

E.Restrict access to company systems to expected times of day and geographic locations.

Question 444

Joe is a security architect who is tasked with choosing a new NIPS platform that has the ability to perform SSL inspection, analyze up to 10Gbps of traffic, can be centrally managed and only reveals inspected application payload data to specified internal security employees. Which of the following steps should Joe take to reach the desired outcome?

A.Research new technology vendors to look for potential products. Contribute to an RFP and then evaluate RFP responses to ensure that the vendor product meets all mandatory requirements. Test the product and make a product recommendation.

B.Evaluate relevant RFC and ISO standards to choose an appropriate vendor product.
Research industry surveys, interview existing customers of the product and then recommend that the product be purchased.

C.Consider outsourcing the product evaluation and ongoing management to an outsourced provider on the basis that each of the requirements are met and a lower total cost of ownership (TCO) is achieved.

D.Choose a popular NIPS product and then consider outsourcing the ongoing device management to a cloud provider. Give access to internal security employees so that they can inspect the application payload data.

E.Ensure that the NIPS platform can also deal with recent technological advancements, such as threats emerging from social media, BYOD and cloud storage prior to purchasing the product.

Question 445

A company's user community is being adversely affected by various types of emails whose authenticity cannot be trusted. The Chief Information Security Officer (CISO) must address the problem.
Which of the following solutions would BEST support trustworthy communication solutions?

A.Enabling SPF and DKIM on company servers.

B.Enforcing HTTPS everywhere so web traffic, including email, is secure.

C.Enforcing data classification labels before an email is sent to an outside party.

D.Enabling spam filtering and DMARC.

E.Using MFA when logging into email clients and the domain.

Other Version: 6507CompTIA.CAS-003.v2022-08-15.q472; 4313CompTIA.CAS-003.v2022-05-05.q206; 2985CompTIA.CAS-003.v2022-04-30.q141; 84CompTIA.Actualtestpdf.CAS-003.v2022-01-19.by.morgan.327q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 153Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 166TheSecOpsGroup.CNSP.v2025-09-08.q20; 226CFAInstitute.ESG-Investing.v2025-09-08.q173; 176PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 152Salesforce.Data-Architect.v2025-09-05.q216; 148Adobe.AD0-E605.v2025-09-05.q50

Question 441

Question 442

Question 443

Question 444

Question 445

Download PDF File