Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

CAS-003Free trial

By comptia

Verified

25Q per page

Question 76

A consulting firm was hired to conduct assessment for a company. During the first stage, a penetration tester used a tool that provided the following output:

TCP 80 open -

TCP 443 open -

TCP 1434 filtered -
The penetration tester then used a different tool to make the following requests:
GET / script/login.php?token=45$MHT000MND876
GET / script/login.php?token=@#984DCSPQ%091DF
Which of the following tools did the penetration tester use?

A: Protocol analyzer
B: Port scanner
C: Fuzzer
D: Brute forcer
E: Log analyzer
F: HTTP interceptor

—

Question 77

In the past, the risk committee at Company A has shown an aversion to even minimal amounts of risk acceptance. A security engineer is preparing recommendations regarding the risk of a proposed introducing legacy ICS equipment. The project will introduce a minor vulnerability into the enterprise. This vulnerability does not significantly expose the enterprise to risk and would be expensive against.
Which of the following strategies should the engineer recommended be approved FIRST?

A: Avoid
B: Mitigate
C: Transfer
D: Accept

—

Question 78

A company has adopted and established a continuous-monitoring capability, which has proven to be effective in vulnerability management, diagnostics, and mitigation. The company wants to increase the likelihood that it is able to discover and therefore respond to emerging threats earlier in the life cycle.
Which of the following methodologies would BEST help the company to meet this objective? (Choose two.)

A: Install and configure an IPS.
B: Enforce routine GPO reviews.
C: Form and deploy a hunt team.
D: Institute heuristic anomaly detection.
E: Use a protocol analyzer with appropriate connectors.

—

That’s the end of your free questions

You’ve reached the preview limit for CAS-003

Consider upgrading to gain full access!

Page 4 of 16 • Questions 76-100 of 389

←

2 3 4 5 6

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!