Practice CompTIA CAS-003 Exam Questions

An attacker exploited an unpatched vulnerability in a web framework, and then used an application service account that had an insecure configuration to download a rootkit The attacker was unable to obtain root privileges Instead the attacker then downloaded a crypto - currency mining program and subsequently was discovered The server was taken offline, rebuilt, and patched. Which of the following should the security engineer suggest to help prevent a similar scenario in the future?

An engineer wants to assess the OS security configurations on a company's servers. The engineer has downloaded some files to orchestrate configuration checks When the engineer opens a file in a text editor, the following excerpt appears: Which of the following capabilities would a configuration compliance checker need to support to interpret this file?

A Chief Information Security Officer (CISO) has created a survey that will be distributed to managers of mission - critical functions across the organization The survey requires the managers to determine how long their respective units can operate in the event of an extended IT outage before the organization suffers monetary losses from the outage To which of the following is the survey question related? (Select TWO)

Following a recent security incident on a web server the security analyst takes HTTP traffic captures for further investigation The analyst suspects certain jpg files have important data hidden within them. Which of the following tools will help get all the pictures from within the HTTP traffic captured to a specified folder?

A large, multinational company currently has two separate databases One is used for ERP while the second is used for CRM To consolidate services and infrastructure, it is proposed to combine the databases The company's compliance manager is asked to review the proposal and is concerned about this integration Which of the following would pose the MOST concern to the compliance manager?