CAS-004 exam

An organization wants to perform a scan of all its systems against best practice security configurations. Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machine-readable checklist format for fill automation? (Choose two.)A . ARFB . XCCDFC ....

A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it...

Documents downloaded from websites must be scanned for malware. Which of the following solutions should the network architect implement to meet the requirements?A . Reverse proxy, stateful firewalls, and VPNs at the local sitesB . IDSs, WAFs, and forward proxy IDSC . DoS protection at the hub site, mutual certificate...

A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following: The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:...

A company requires a task to be carried by more than one person concurrently. This is an example of:A . separation of d duties.B . dual controlC . least privilegeD . job rotationView AnswerAnswer: B Explanation: Dual control is a security principle that requires two or more authorized individuals to...

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be: Leaked to the...

A threat analyst notices the following URL while going through the HTTP logs. Which of the following attack types is the threat analyst seeing?A . SQL injectionB . CSRFC . Session hijackingD . XSSView AnswerAnswer: D Explanation: XSS stands for cross-site scripting, which is a type of attack that injects...

During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The...

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location. Which of the following technologies can the developer enable...

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times. Which of the following should the engineer report as the ARO for successful breaches?A . 0.5B . 8C . 50D . 36,500View...