CAS-004 Online Practice Questions and Answers

Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage. Which of the following should be created to prevent this type of issue in the future?

A. SLA

B. BIA

C. BCM

D. BCP

E. RTO

Given the following log snippet from a web server:

Which of the following BEST describes this type of attack?

A. SQL injection

B. Cross-site scripting

C. Brute-force

D. Cross-site request forgery

Following the most recent patch deployment, a security engineer receives reports that the ERP application is no longer accessible The security engineer reviews the situation and determines a critical secunty patch that was applied to the ERP server is the cause. The patch is subsequently backed out.

Which of the following security controls would be BEST to implement to mitigate the threat caused by the missing patch?

A. Anti-malware

B. Patch testing

C. HIPS

D. Vulnerability scanner

An administrator wants to ensure hard drives cannot be removed from hosts and men installed into and read by unauthorized hosts Which of the following techniques would BEST support this?

A. Access control lists

B. TACACS+ server for AAA

C. File-level encryption

D. TPM with sealed storage

A domestic, publicly traded, online retailer that sells makeup would like to reduce the risks to the most sensitive type of data within the organization but also the impact to compliance. A risk analyst is performing an assessment of the collection and processing of data used within business processes. Which of the following types of data pose the GREATEST risk? (Choose two.)

A. Financial data from transactions

B. Shareholder meeting minutes

C. Data of possible European customers

D. Customers' shipping addresses

E. Deidentified purchasing habits

F. Consumer product purchasing trends

A MSSP has taken on a large client that has government compliance requirements. Due to the sensitive nature of communications to its aerospace partners, the MSSP must ensure that all communications to and from the client web portal are secured by industry-standard asymmetric encryption methods. Which of the following should the MSSP configure to BEST meet this objective?

A. ChaCha20

B. RSA

C. AES256

D. RIPEMD

A security engineer is assessing a legacy server and needs to determine if FTP is running and on which port. The service cannot be turned off, as it would impact a critical application's ability to function. Which of the following commands would provide the information necessary to create a firewall rule to prevent that service from being exploited?

A. service --status-all | grep ftpd

B. chkconfig --list

C. netstat --tulpn

D. systemctl list-unit-file --type service ftpd

E. service ftpd status

A security engineer at a manufacturing facility is trying to determine whether any of the OT devices are susceptible to a recently announced vulnerability. Which of the following is the best way for the engineer to detect exploitable vulnerabilities?

A. Utilize a passive vulnerability scanner on the network.

B. Compare deployed equipment to the CVE disclosure.

C. Perform threat hunting on the OT segment.

D. Review software inventory for vulnerable versions.

A large organization is planning to migrate from on premises to the cloud. The Chief Information Security Officer (CISO) is concerned about security responsibilities. If the company decides to migrate to the cloud, which of the following describes who is responsible for the security of the new physical datacenter?

A. Third-party assessor

B. CSP

C. Organization

D. Shared responsibility

An application engineer is using the Swagger framework to leverage REST APIs to authenticate endpoints. The engineer is receiving HTTP 403 responses. Which of the following should the engineer do to correct this issue? (Choose two.)

A. Obtain a security token.

B. Obtain a public key.

C. Leverage Kerberos for authentication

D. Leverage OAuth for authentication.

E. Leverage LDAP for authentication.

F. Obtain a hash value.