CAS-004 exam

An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment. Which of the following BEST describes the reason why traditional...

A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services. Which of the following should be modified to prevent the issue from reoccurring?A . Recovery point objective B. Recovery time objective...

A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking. After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to...

A security analyst observes the following while looking through network traffic in a company's cloud log: Which of the following steps should the security analyst take FIRST?A . Quarantine 10.0.5.52 and run a malware scan against the host. B. Access 10.0.5.52 via EDR and identify processes that have network connections....

A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following. * Transactions being required by...

A company publishes several APIs for customers and is required to use keys to segregate customer data sets. Which of the following would be BEST to use to store customer keys?A . A trusted platform module B. A hardware security module C. A localized key store D. A public key...

A security engineer is hardening a company’s multihomed SFTP server. When scanning a public-facing network interface, the engineer finds the following ports are open: 22 25 110 137 138 139 445 Internal Windows clients are used to transferring files to the server to stage them for customer download as part...

A security architect is tasked with scoping a penetration test that will start next month. The architect wants to define what security controls will be impacted. Which of the following would be the BEST document to consult?A . Rules of engagement B. Master service agreement C. Statement of work D....

A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it...

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be: Leaked to the...