CAS-004 exam

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time. Which of the following BEST describes the reason why utilizing a source code escrow...

An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations: - Protection from DoS attacks against its infrastructure and web applications is in place. - Highly...

A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization. Which of the following actions would BEST resolve the issue? (Choose two.)A . Conduct input sanitization. B. Deploy...

A vulnerability scanner detected an obsolete version of an open-source file-sharing application on one of a company’s Linux servers. While the software version is no longer supported by the OSS community, the company’s Linux vendor backported fixes, applied them for all current vulnerabilities, and agrees to support the software in...

An organization is implementing a new identity and access management architecture with the following objectives: Supporting MFA against on-premises infrastructure Improving the user experience by integrating with SaaS applications Applying risk-based policies based on location Performing just-in-time provisioning Which of the following authentication protocols should the organization implement to support...

A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application. Which of the following is the MOST likely cause?A . The user agent...

An organization’s assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the business via...

While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were...

A company just released a new video card. Due to limited supply and nigh demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's Intended customers are frustrated. A security engineer suggests implementing a...

A security analyst is reviewing the following output: Which of the following would BEST mitigate this type of attack?A . Installing a network firewallB . Placing a WAF inlineC . Implementing an IDSD . Deploying a honeypotView AnswerAnswer: B