CAS-004 exam

The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified . Which of the following should the incident response team perform to understand the crash and prevent it in the future?A . Root...

A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system . Which of the following security responsibilities will the DevOps team need to perform?A . Securely configure the authentication mechanismsB . Patch the infrastructure at the operating systemC...

A security engineer is hardening a company’s multihomed SFTP server. When scanning a public-facing network interface, the engineer finds the following ports are open: 22 25 110 137 138 139 445 Internal Windows clients are used to transferring files to the server to stage them for customer download as part...

An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports. Which of the following historian server locations will allow the business to get the required reports in an and...

A company security engineer arrives at work to face the following scenario: 1) Website defacement 2) Calls from the company president indicating the website needs to be fixed Immediately because It Is damaging the brand 3) A Job offer from the company's competitor 4) A security analyst's investigative report, based...

An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to-back firewalls separating the corporate and OT systems . Which of the following is the MOST likely security consequence of this attack?A . A turbine would overheat...

A threat analyst notices the following URL while going through the HTTP logs. Which of the following attack types is the threat analyst seeing?A . SQL injectionB . CSRFC . Session hijackingD . XSSView AnswerAnswer: D

A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following. * Transactions being required by...

An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment’s notice. Which of the following should the organization consider FIRST to address this requirement?A . Implement a change management plan to ensure systems are using the appropriate versions.B . Hire...

The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually . Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?A . Black-box testingB . Gray-box...