CAS-004 exam

A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?A . Increased network latencyB . Unavailable of key...

A company publishes several APIs for customers and is required to use keys to segregate customer data sets. Which of the following would be BEST to use to store customer keys?A . A trusted platform moduleB . A hardware security moduleC . A localized key storeD . A public key...

An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access. Which of the following describes the administrator’s discovery?A . A vulnerabilityB . A threatC . A breachD . A riskView AnswerAnswer:...

A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization. Which of the following actions would BEST resolve the issue? (Choose two.)A . Conduct input sanitization.B . Deploy...

A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements: https://i.postimg.cc/8P9sB3zx/image.png The credentials used to publish production software to the container registry should be stored in a secure location. Access should be restricted to...

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location. Which of the following technologies can the developer enable...

A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking. After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to...

Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs. Which of the following should a security engineer...

A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users...

A security analyst is reviewing the following output: Which of the following would BEST mitigate this type of attack?A . Installing a network firewallB . Placing a WAF inlineC . Implementing an IDSD . Deploying a honeypotView AnswerAnswer: B Explanation: The output shows a SQL injection attack that is trying...