Instant Access CompTIA.CAS-003.v2022-02-23.q648 Actual Practice Test Engine for Free (Page 54)

40%off

CAS-003 Premium Dumps

Latest CAS-003 Exam Premium Dumps provide by TrainingQuiz.com to help you Passing CAS-003 Exam! TrainingQuiz.com offers the updated CAS-003 exam dumps, the TrainingQuiz.com CAS-003 exam questions has been updated to correct Answer. Get the latest TrainingQuiz.com CAS-003 pdf dumps with Exam Engine here:

(683 Q&As Dumps, 40%OFF Special Discount: DumpsDB)

Question 261

A newly hired Chief Information Security Officer (CISO) is reviewing the organization's security budget from the previous year. The CISO notices $100,000 worth of fines were paid for not properly encrypting outbound email messages. The CISO expects next year's costs associated with fines to double and the volume of messages to increase by 100%. The organization sent out approximately 25,000 messages per year over the last three years. Given the table below:

Which of the following would be BEST for the CISO to include in this year's budget?

A.A budget line for DLP Vendor B
B.A budget line for DLP Vendor D
C.A budget line for paying future fines
D.A budget line for DLP Vendor C
E.A budget line for DLP Vendor A

Question 262

A security engineer must establish a method to assess compliance with company security policies as they apply to the unique configuration of individual endpoints, as well as to the shared configuration policies of common devices.

Which of the following tools is the security engineer using to produce the above output?

A.SIEM
B.Vulnerability scanner
C.SCAP scanner
D.Port scanner

Question 263

A consultant is hired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessment will be considered successful if the consultant can discover the name of one of the IT administrators. Which of the following is MOST likely to produce the needed information?

A.Fingerprinting
B.Vulnerability scanner
C.DNS enumeration
D.Whois

Question 264

Which of the following represents important technical controls for securing a SAN storage infrastructure?
(Select TWO).

A.Synchronous copy of data
B.RAID configuration
C.Data de-duplication
D.Storage pool space allocation
E.Port scanning
F.LUN masking/mapping
G.Port mapping

Question 265

A penetration tester is inspecting traffic on a new mobile banking application and sends the following web request:
POST http://www.example.com/resources/NewBankAccount HTTP/1.1
Content-type: application/json
{
"account":
[
{ "creditAccount":"Credit Card Rewards account"}
{ "salesLeadRef":"www.example.com/badcontent/exploitme.exe"}
],
"customer":
[
{ "name":"Joe Citizen"}
{ "custRef":"3153151"}
]
}
The banking website responds with:
HTTP/1.1 200 OK
{
"newAccountDetails":
[
{ "cardNumber":"1234123412341234"}
{ "cardExpiry":"2020-12-31"}
{ "cardCVV":"909"}
],
"marketingCookieTracker":"JSESSIONID=000000001"
"returnCode":"Account added successfully"
}
Which of the following are security weaknesses in this example? (Select TWO).

A.Missing input validation on some fields
B.Vulnerable to SQL injection
C.Sensitive details communicated in clear-text
D.Vulnerable to XSS
E.Vulnerable to malware file uploads
F.JSON/REST is not as secure as XML