A company wants to secure a newly developed application that is used to access sensitive information and data from corporate resources The application was developed by a third- party organization, and it is now being used heavily despite lacking the following controls:
1.
Certificate pinning
2.
Tokenization
3.
Biometric authentication
The company has already implemented the following controls:
1.
Full device encryption
2.
Screen lock
3.
Device password
4.
Remote wipe
The company wants to defend against interception of data attacks Which of the following compensating controls should the company implement NEXT?
A. Enforce the use of a VPN when using the newly developed application.Following a recent outage, a systems administrator is conducting a study to determine a suitable bench stock on server hard drives.
Which of the following metrics is MOST valuable to the administrator in determining how many hard drives to keep-on hand?
A. TTRWhile investigating suspicious activity on a server, a security administrator runs the following report: In addition, the administrator notices changes to the /etc/shadow file that were not listed in the report. Which of the following BEST describe this scenario? (Choose two.)

A user is suspected of engaging in potentially illegal activities. Law enforcement has requested that the user continue to operate on the network as normal. However, they would like to have a copy of any communications from the user involving certain key terms. Additionally, the law enforcement agency has requested that the user's ongoing communication be retained in the user's account for future investigations. Which of the following will BEST meet the goals of law enforcement?
A. Begin a chain-of-custody on for the user's communication. Next, place a legal hold on the user's email account.A systems administrator recently joined an organization and has been asked to perform a security assessment of controls on the organization's file servers, which contain client data from a number of sensitive systems. The administrator needs to compare documented access requirements to the access implemented within the file system.
Which of the following is MOST likely to be reviewed during the assessment? (Select two.)
A. Access control listA security tester is testing a website and performs the following manual query:
https://www.comptia.com/cookies.jsp?products=5%20and%201=1
The following response is received in the payload:
"ORA-000001: SQL command not properly ended"
Which of the following is the response an example of?
A. FingerprintingA large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares. Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two.)
A. Conduct role-based training for privileged users that highlights common threats against them and covers best practices to thwart attacksTwo competing companies experienced similar attacks on their networks from various threat actors. To improve response times, the companies wish to share some threat intelligence about the sources and methods of attack.
Which of the following business documents would be BEST to document this engagement?
A. Business partnership agreementA security analyst is attempting to break into a client's secure network. The analyst was not given prior information about the client, except for a block of public IP addresses that are currently in use. After network enumeration, the analyst's NEXT step is to perform:
A. a gray-box penetration testOver the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.
Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?
A. Compile a list of firewall requests and compare than against interesting cloud services.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-003 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.