March Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

Free CAS-003 CompTIA Updates

Page: 23 / 25
Question 92

A threat analyst notices the following URL while going through the HTTP logs.

Which of the following attack types is the threat analyst seeing?

Options:

A.

SQL injection

B.

CSRF

C.

Session hijacking

D.

XSS

Question 93

A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.

A security engineer is concerned about the security of the solution and notes the following.

* The critical devise send cleartext logs to the aggregator.

* The log aggregator utilize full disk encryption.

* The log aggregator sends to the analysis server via port 80.

* MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.

* The data is compressed and encrypted prior to being achieved in the cloud.

Which of the following should be the engineer’s GREATEST concern?

Options:

A.

Hardware vulnerabilities introduced by the log aggregate server

B.

Network bridging from a remote access VPN

C.

Encryption of data in transit

D.

Multinancy and data remnants in the cloud

Question 94

A developer needs to provide feedback on a peer’s work during the SDLC. While reviewing the code changes, the developers session ID tokens for a web application will be transmitted over an unsecure connection. Which of the following code snippets should the developer recommend implement to correct the vulnerability?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 95

A small firm's newly created website has several design flaws The developer created the website to be fully compatible with ActiveX scripts in order to use various digital certificates and trusting certificate authorities. However, vulnerability testing indicates sandboxes were enabled, which restricts the code's access to resources within the user's computer. Which of the following is the MOST likely cause of the error"?

Options:

A.

The developer inadvertently used Java applets.

B.

The developer established a corporate account with a non-reputable certification authority.

C.

The developer used fuzzy logic to determine how the web browser would respond once ports 80 and 443 were both open

D.

The developer did not consider that mobile code would be transmitted across the network.

Page: 23 / 25
Exam Code: CAS-003
Exam Name: CompTIA Advanced Security Practitioner (CASP) Exam
Last Update: Apr 14, 2023
Questions: 683
CAS-003 pdf

CAS-003 PDF

$28  $80
CAS-003 Engine

CAS-003 Testing Engine

$33.25  $95
CAS-003 PDF + Engine

CAS-003 PDF + Testing Engine

$45.5  $130