March Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

Online CAS-003 Questions Video

Page: 11 / 25
Question 44

An application developer has been informed of a web application that is susceptible to a clickjacking vulnerability Which of the following code snippets would be MOST applicable to resolve this vulnerability?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 45

A company has launched a phishing awareness campaign that includes serving customized phishing email to employees Employees are encouraged to report all phishing attempts and/or delete the email without clicking on them The first phishing email asks employees to dick on a link that takes them to a website where they are asked to enter their credentials The management team wants metrics to determine the emails effectiveness Following is the initial report:

The management team wants to know how these results compare to those of other companies. They also want to improve the consistency of how the information is displayed Which of the following changes should be made to this report?

Options:

A.

Stop reporting department-level data and instead report for the company as a whole so as not to drive competitiveness among departments

B.

Color-code the data represented m the columns, with green being the best results in the company and red being the worst results

C.

Change the credentials harvested column to a percentage and introduce industry benchmarks for comparison

D.

Add a column showing which passwords were harvested to pen out bad practices in password creation and then force those passwords to expire immediately.

Question 46

An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

Options:

A.

Password cracker

B.

Port scanner

C.

Account enumerator

D.

Exploitation framework

Question 47

A network engineer is concerned about hosting web SFTP. and email services m a single DMZ that is hosted in the same security zone. This could potentially allow lateral movement within the environment Which of the following should the engineer implement to mitigate the risk?

Options:

A.

Put all the services on a single host to reduce the number of servers

B.

Create separate security zones for each service and use ACLs for segmentation

C.

Keep the web server in the DMZ and move the other server services to the internal network

D.

Deploy a switch and create VLANs for each service

Page: 11 / 25
Exam Code: CAS-003
Exam Name: CompTIA Advanced Security Practitioner (CASP) Exam
Last Update: Apr 14, 2023
Questions: 683
CAS-003 pdf

CAS-003 PDF

$28  $80
CAS-003 Engine

CAS-003 Testing Engine

$33.25  $95
CAS-003 PDF + Engine

CAS-003 PDF + Testing Engine

$45.5  $130