CAS-004 exam

An organization is implementing a new identity and access management architecture with the following objectives: Supporting MFA against on-premises infrastructure Improving the user experience by integrating with SaaS applications Applying risk-based policies based on location Performing just-in-time provisioning Which of the following authentication protocols should the organization implement to support...

A threat hunting team receives a report about possible APT activity in the network. Which of the following threat management frameworks should the team implement?A . NIST SP 800-53B . MITRE ATT&CKC . The Cyber Kill ChainD . The Diamond Model of Intrusion AnalysisView AnswerAnswer: B Explanation: MITRE ATT&CK is...

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times. Which of the following should the engineer report as the ARO for successful breaches?A . 0.5B . 8C . 50D . 36,500View...

A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS and requires...

A developer implement the following code snippet. Which of the following vulnerabilities does the code snippet resolve?A . SQL injectB . Buffer overflowC . Missing session limitD . Information leakageView AnswerAnswer: A Explanation: SQL injection is a type of vulnerability that allows an attacker to execute malicious SQL commands on...

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times. Which of the following should the engineer report as the ARO for successful breaches?A . 0.5B . 8C . 50D . 36,500View...

A company’s SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign. Which of the following should the company use to make this determination?A . Threat huntingB . A system penetration testC ....

Company A is establishing a contractual with Company B. The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights. Which of the following documents will MOST likely contain these elementsA . Company A-B SLA v2.docxB . Company A OLA...

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times. Which of the following should the engineer report as the ARO for successful breaches?A . 0.5B . 8C . 50D . 36,500View...

A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic. When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the network?A . Packets that are the wrong size or length B....