CAS-004 exam

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements: Only users with corporate-owned devices can directly access servers hosted by the cloud provider. The company can control what...

A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company’s Chief Financial Officer loses a phone multiple times a year. Which of...

A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following. * Transactions being required by...

An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment. Which of the following BEST describes the reason why traditional...

An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports. Which of the following historian server locations will allow the business to get the required reports in an ОТ...

A threat analyst notices the following URL while going through the HTTP logs. Which of the following attack types is the threat analyst seeing?A . SQL injectionB . CSRFC . Session hijackingD . XSSView AnswerAnswer: D Explanation: XSS stands for cross-site scripting, which is a type of attack that injects...

UESTION NO: 36 Which of the following is a benefit of using steganalysis techniques in forensic response?A . Breaking a symmetric cipher used in secure voice communicationsB . Determining the frequency of unique attacks against DRM-protected mediaC . Maintaining chain of custody for acquired evidenceD . Identifying least significant bit...

Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?A . Lattice-based cryptographyB . Quantum computingC . Asymmetric cryptographyD . Homomorphic encryptionView AnswerAnswer: D Explanation: Reference: https://searchsecurity.techtarget.com/definition/cryptanalysis Homomorphic encryption is a type of encryption that allows computation and analysis of data within...

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have...

A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites. The technician will define...