CAS-004 exam

A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack. Which of the following is t he NEXT step of the incident...

A company launched a new service and created a landing page within its website network for users to access the service. Per company policy, all websites must utilize encryption for any authentication pages. A junior network administrator proceeded to use an outdated procedure to order new certificates. Afterward, customers are...

A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following: The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:...

A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization. Which of the following actions would BEST resolve the issue? (Choose two.)A . Conduct input sanitization. B. Deploy...

A vulnerability assessment endpoint generated a report of the latest findings. A security analyst needs to review the report and create a priority list of items that must be addressed. Which of the following should the analyst use to create the list quickly?A . Business impact rating B. CVE dates...

A security analyst needs to recommend a remediation to the following threat: Which of the following actions should the security analyst propose to prevent this successful exploitation?A . Patch the system. B. Update the antivirus. C. Install a host-based firewall. D. Enable TLS 1.2.View AnswerAnswer: D

Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?A . Lattice-based cryptography B. Quantum computing C. Asymmetric cryptography D. Homomorphic encryptionView AnswerAnswer: D Explanation: Reference: https://searchsecurity.techtarget.com/definition/cryptanalysis

The Chief information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices. Which of the following should the CIO implement...

An organization is implementing a new identity and access management architecture with the following objectives: Supporting MFA against on-premises infrastructure Improving the user experience by integrating with SaaS applications Applying risk-based policies based on location Performing just-in-time provisioning Which of the following authentication protocols should the organization implement to support...

A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through...