Exam Logo

Comptia (CAS-003) Exam Questions And Answers page 2

A security consultant is considering authentication options for a financial institution. The following authentication options are available. Drag and drop the security mechanism to the appropriate use case. Options may be used once.

Risk Management Enterprise Security Architecture
A security consultant is improving the physical security of a sensitive site and takes pictures of the unbranded building to include in the report. Two weeks later, the security consultant misplaces the phone, which only has one hour of charge left on it. The person who finds the phone removes the MicroSD card in an attempt to discover the owner to return it.

The person extracts the following data from the phone and EXIF data from some files:

DCIM Images folder
Audio books folder
My TAX.xls
Consultancy HR Manual.doc
Camera: SM-G950F
Exposure time: 1/60s
Location: 3500 Lacey Road USA

Which of the following BEST describes the security problem?
Risk Management Enterprise Security Architecture
An organization is currently working with a client to migrate data between a legacy ERP system and a cloud-based ERP tool using a global PaaS provider. As part of the engagement, the organization is performing data deduplication and sanitization of client data to ensure compliance with regulatory requirements. Which of the following is the MOST likely reason for the need to sanitize the client data? (Choose two.)
Risk Management Enterprise Security Operations
During a security assessment, an organization is advised of inadequate control over network segmentation. The assessor explains that the organization s reliance on VLANs to segment traffic is insufficient to provide segmentation based on regulatory standards. Which of the following should the organization consider implementing along with VLANs to provide a greater level of segmentation?
Risk Management Enterprise Security Operations
A large, multinational company currently has two separate databases. One is used for ERP, while the second is used for CRM. To consolidate services and infrastructure, it is proposed to combine the databases. The company s compliance manager is asked to review the proposal and is concerned about this integration. Which of the following would pose the MOST concern to the compliance manager?
Risk Management Enterprise Security Operations
A security engineer has just been embedded in an agile development team to ensure security practices are maintained during frequent release cycles. A new web application includes an input form. Which of the following would work BEST to allow the security engineer to test how the application handles error conditions?
Enterprise Security Operations Enterprise Security Operations
An engineer needs to provide access to company resources for several offshore contractors. The contractors require:

• Access to a number of applications, including internal websites
• Access to database data and the ability to manipulate it
• The ability to log into Linux and Windows servers remotely

Which of the following remote access technologies are the BEST choices to provide all of this access securely? (Choose two.)
Risk Management Enterprise Security Operations
A security architect is reviewing the code for a company s financial website. The architect suggests adding the following HTML element, along with a server-side function, to generate a random number on the page used to initiate a funds transfer:

Which of the following attacks is the security architect attempting to prevent?
Enterprise Security Architecture Enterprise Security Architecture
A security analyst is reviewing the following pseudo-output snippet after running the command less /tmp/file.tmp.

The information above was obtained from a public-facing website and used to identify military assets. Which of the following should be implemented to reduce the risk of a similar compromise?
Risk Management Enterprise Security Architecture
A company s security policy states any remote connections must be validated using two forms of network-based authentication. It also states local administrative accounts should not be used for any remote access. PKI currently is not configured within the network. RSA tokens have been provided to all employees, as well as a mobile application that can be used for 2FA authentication. A new NGFW has been installed within the network to provide security for external connections, and the company has decided to use it for VPN connections as well. Which of the following should be configured? (Choose two.)
Risk Management Enterprise Security Operations