CAS-004 exam

Topic 2, Exam Pool B A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following: The security engineer looks at the code with a developer, and they determine the log entry is created when...

During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The...

A security analyst is investigating a possible buffer overflow attack. The following output was found on a user’s workstation: graphic.linux_randomization.prg Which of the following technologies would mitigate the manipulation of memory segments?A . NX bitB . ASLRC . DEPD . HSMView AnswerAnswer: B Explanation: https://eklitzke.org/memory-protection-and-aslr ASLR (Address Space Layout Randomization)...

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements: Only users with corporate-owned devices can directly access servers hosted by the cloud provider. The company can control what...

A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company’s Chief Financial Officer loses a phone multiple times a year. Which of...

A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following. * Transactions being required by...

An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment. Which of the following BEST describes the reason why traditional...

An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports. Which of the following historian server locations will allow the business to get the required reports in an ОТ...

A threat analyst notices the following URL while going through the HTTP logs. Which of the following attack types is the threat analyst seeing?A . SQL injectionB . CSRFC . Session hijackingD . XSSView AnswerAnswer: D Explanation: XSS stands for cross-site scripting, which is a type of attack that injects...

UESTION NO: 36 Which of the following is a benefit of using steganalysis techniques in forensic response?A . Breaking a symmetric cipher used in secure voice communicationsB . Determining the frequency of unique attacks against DRM-protected mediaC . Maintaining chain of custody for acquired evidenceD . Identifying least significant bit...