Instant Access CompTIA.CAS-003.v2022-06-25.q354 Actual Practice Test Engine for Free (Page 63)

40%off

CAS-003 Premium Dumps

Latest CAS-003 Exam Premium Dumps provide by TrainingQuiz.com to help you Passing CAS-003 Exam! TrainingQuiz.com offers the updated CAS-003 exam dumps, the TrainingQuiz.com CAS-003 exam questions has been updated to correct Answer. Get the latest TrainingQuiz.com CAS-003 pdf dumps with Exam Engine here:

(683 Q&As Dumps, 40%OFF Special Discount: DumpsDB)

Question 306

Ann, a Physical Security Manager, is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management.
Ann has several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well.
The selected IP camera vendor does not have the ability to authenticate users at the camera level.
Which of the following should Ann suggest to BEST secure this environment?

A.Create an IP camera network and only allow SSL access to the cameras.
B.Create an IP camera network and restrict access to cameras from a single management host.
C.Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.
D.Create an IP camera network and deploy NIPS to prevent unauthorized access.

Question 307

Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology.
Which of the following would be the advantage of conducting this kind of penetration test?

A.The risk of unplanned server outages is reduced.
B.Using documentation provided to them, the pen-test organization can quickly determine areas to focus on.
C.The results will show an in-depth view of the network and should help pin-point areas of internal weakness.
D.The results should reflect what attackers may be able to learn about the company.

Question 308

A company provides on-demand cloud computing resources for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two- factor authentication for customer access to the administrative website. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data from customer A was found on a hidden directory within the VM of company B.
Company B is not in the same industry as company A and the two are not competitors. Which of the following has MOST likely occurred?

A.Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to access each and move the data.
B.A stolen two factor token was used to move data from one virtual guest to another host on the same network segment.
C.A hypervisor server was left un-patched and an attacker was able to use a resource exhaustion attack to gain unauthorized access.
D.An employee with administrative access to the virtual guests was able to dump the guest memory onto a mapped disk.

Question 309

Ann, a software developer, wants to publish her newly developed software to an online store.
Ann wants to ensure that the software will not be modified by a third party or end users before being installed on mobile devices.
Which of the following should Ann implement to stop modified copies of her software form running on mobile devices?

A.Remote attestation
B.Identity propagation
C.Single sign-on
D.Secure code review

Question 310

IT staff within a company often conduct remote desktop sharing sessions with vendors to troubleshoot vendor product-related issues. Drag and drop the following security controls to match the associated security concern.
Options may be used once or not at all.