CAS-004 exam

A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered data. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements. Which of the following would...

A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization. Which of the following actions would BEST resolve the issue? (Choose two.)A . Conduct input sanitization.B . Deploy...

Which of the following BEST sets expectation between the security team and business units within an organization?A . Risk assessmentB . Memorandum of understandingC . Business impact analysisD . Business partnership agreementE . Services level agreementView AnswerAnswer: E Explanation: A service level agreement (SLA) is the best option to set...

Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity?A . Key sharingB . Key distributionC . Key recoveryD . Key escrowView AnswerAnswer: D Explanation: Key escrow is a process that involves storing encryption keys with a trusted third party, such...

A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS and requires...

A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed. Which of the following will allow the inspection of the data without multiple certificate deployments? A. Include all available cipher suites. B. Create a wildcard certificate....

A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security. Which of...

An organization’s hunt team thinks a persistent threats exists and already has a foothold in the enterprise network. Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?A . Deploy a SOAR tool.B . Modify user password history...

A security is assisting the marketing department with ensuring the security of the organization’s social media platforms. The two main concerns are: The Chief marketing officer (CMO) email is being used department wide as the username The password has been shared within the department Which of the following controls would...

A company is preparing to deploy a global service. Which of the following must the company do to ensure GDPR compliance? (Choose two.)A . Inform users regarding what data is stored.B . Provide opt-in/out for marketing messages.C . Provide data deletion capabilities.D . Provide optional data encryption.E . Grant data...