Instant Access CompTIA.CAS-003.v2022-06-25.q354 Actual Practice Test Engine for Free (Page 6)

Question 21

Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser crashes the browser and then allows him to gain remote code execution in the context of the victim's privilege level. The browser crashes due to an exception error when a heap memory that is unused is accessed. Which of the following BEST describes the application issue?

A.Integer overflow
B.Click-jacking
C.Race condition
D.SQL injection
E.Use after free
F.Input validation

Question 22

The security administrator finds unauthorized tables and records, which were not present before, on a Linux database server. The database server communicates only with one web server, which connects to the database server via an account with SELECT only privileges. Web server logs show the following:
90.76.165.40 - - [08/Mar/2014:10:54:04] "GET calendar.php?create%20table%20hidden HTTP/1.1" 200 5724
90.76.165.40 - - [08/Mar/2014:10:54:05] "GET ../../../root/.bash_history HTTP/1.1" 200 5724
90.76.165.40 - - [08/Mar/2014:10:54:04] "GET index.php?user=<script>Create</script> HTTP/1.1" 200 5724 The security administrator also inspects the following file system locations on the database server using the command 'ls -al /root' drwxrwxrwx 11 root root 4096 Sep 28 22:45 .
drwxr-xr-x 25 root root 4096 Mar 8 09:30 ..
-rws------ 25 root root 4096 Mar 8 09:30 .bash_history
-rw------- 25 root root 4096 Mar 8 09:30 .bash_history
-rw------- 25 root root 4096 Mar 8 09:30 .profile
-rw------- 25 root root 4096 Mar 8 09:30 .ssh
Which of the following attacks was used to compromise the database server and what can the security administrator implement to detect such attacks in the future? (Select TWO).

A.Privilege escalation
B.Brute force attack
C.SQL injection
D.Cross-site scripting
E.Using input validation, ensure the following characters are sanitized: <>
F.Update crontab with: find / $ -perm -4000 $ -type f -print0 | xargs -0 ls -l | email.sh
G.Implement the following PHP directive: $clean_user_input = addslashes($user_input)
H.Set an account lockout policy

Question 23

Joe is a security architect who is tasked with choosing a new NIPS platform that has the ability to perform SSL inspection, analyze up to 10Gbps of traffic, can be centrally managed and only reveals inspected application payload data to specified internal security employees. Which of the following steps should Joe take to reach the desired outcome?

A.Research new technology vendors to look for potential products. Contribute to an RFP and then evaluate RFP responses to ensure that the vendor product meets all mandatory requirements. Test the product and make a product recommendation.
B.Evaluate relevant RFC and ISO standards to choose an appropriate vendor product. Research industry surveys, interview existing customers of the product and then recommend that the product be purchased.
C.Consider outsourcing the product evaluation and ongoing management to an outsourced provider on the basis that each of the requirements are met and a lower total cost of ownership (TCO) is achieved.
D.Choose a popular NIPS product and then consider outsourcing the ongoing device management to a cloud provider. Give access to internal security employees so that they can inspect the application payload data.
E.Ensure that the NIPS platform can also deal with recent technological advancements, such as threats emerging from social media, BYOD and cloud storage prior to purchasing the product.

Question 24

The finance department has started to use a new payment system that requires strict Pll security restrictions on various network devices. The company decides to enforce the restrictions and configure all devices appropriately.
Which of the following risk response strategies is being used?

A.Transfer
B.Accept
C.Avoid
D.Mitigate

Question 25

Drag and drop the cloud deployment model to the associated use-case scenario. Options may be used only once or not at all.

Question 21

Question 22

Question 23

Question 24

Question 25

Download PDF File