CAS-005 exam

A security analyst received a report that an internal web page is down after a company-wide update to the web browser Given the following error message: Which of the following is the b«« way to fix this issue? A. Rewriting any legacy web functions B. Disabling all deprecated ciphers C....

You are a security analyst tasked with interpreting an Nmap scan output from company’s privileged network. The company’s hardening guidelines indicate the following: There should be one primary server or service per device. Only default ports should be used. Non-secure protocols should be disabled. INSTRUCTIONS Using the Nmap output, identify...

A security engineer wants to reduce the attack surface of a public-facing containerized application. Which of the following will best reduce the application's privilege escalation attack surface? A. Implementing the following commands in the Dockerfile: RUN echo user:x:1000:1000iuser:/home/user:/dew/null > /ete/passwd B. Installing an EDR on the container's host with reporting...

A global manufacturing company has an internal application mat is critical to making products This application cannot be updated and must Be available in the production area A security architect is implementing security for the application . Which of the following best describes the action the architect should take-? A....

An organization wants to implement a platform to better identify which specific assets are affected by a given vulnerability . Which of the following components provides the best foundation to achieve this goal?A . SASEB . CMDBC . SBoMD . SLMView AnswerAnswer: B Explanation: A Configuration Management Database (CMDB) provides...

A software development team requires valid data for internal tests. Company regulations, however do not allow the use of this data in cleartext . Which of the following solutions best meet these requirements?A . Configuring data hashingB . Deploying tokenizationC . Replacing data with null recordD . Implementing data obfuscationView...

A financial services organization is using Al lo fully automate the process of deciding client loan rates. Which of the following should the organization be most concerned about from a privacy perspective?A . Model explainabilityB . Credential TheftC . Possible prompt InjectionsD .   Exposure to social engineeringView AnswerAnswer: A...

A software company deployed a new application based on its internal code repository Several customers are reporting anti-malware alerts on workstations used to test the application. Which of the following is the most likely cause of the alerts? A. Misconfigured code commit B. Unsecure bundled libraries C. Invalid code signing...

A company wants to invest in research capabilities with the goal to operationalize the research output . Which of the following is the best option for a security architect to recommend? A. Dark web monitoring B. Threat intelligence platform C. Honeypots D. Continuous adversary emulationView AnswerAnswer: B Explanation: Investing in...

A central bank implements strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin . Which of the following best describes the cyberthreat to the bank?A . Ability to obtain components during wartimeB . Fragility and other availability attacksC . Physical Implants and...