최신 CAS-004 무료덤프 - CompTIA Advanced Security Practitioner (CASP+)
An organization has an operational requirement with a specific equipment vendor The organization is located in the United States, but the vendor is located in another region Which of the following risks would be most concerning to the organization in the event of equipment failure?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
Which of the following is the primary reason that a risk practitioner determines the security boundary prior to conducting a risk assessment?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
A company with multiple locations has taken a cloud-only approach to its infrastructure The company does not have standard vendors or systems resulting in a mix of various solutions put in place by each location The Chief Information Security Officer wants to ensure that the internal security team has visibility into all platforms Which of the following best meets this objective?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
A company is developing a new service product offering that will involve the storage of personal health information. The Chief Information Security Officer (CISO) is researching the relevant compliance regulations. Which of the following best describes the CISO's action?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
Which of the following protocols is a low power, low data rate that allows for the creation of PAN networks?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
The Chief Information Security Officer of a large multinational organization has asked the security risk manager to use risk scenarios during a risk analysis. Which of the following is the most likely reason for this approach?
정답: B
A security engineer is re-architecting a network environment that provides regional electric distribution services. During a pretransition baseline assessment, the engineer identified the following security-relevant characteristics of the environment:
* Enterprise IT servers and supervisory industrial systems share the same subnet.
* Supervisory controllers use the 750MHz band to direct a portion of fielded PLCs.
* Command and telemetry messages from industrial control systems are unencrypted and unauthenticated.
Which of the following re-architecture approaches would be best to reduce the company's risk?
* Enterprise IT servers and supervisory industrial systems share the same subnet.
* Supervisory controllers use the 750MHz band to direct a portion of fielded PLCs.
* Command and telemetry messages from industrial control systems are unencrypted and unauthenticated.
Which of the following re-architecture approaches would be best to reduce the company's risk?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
A security administrator is assessing the risk associated with using a software tool built by a small start-up company to provide product pricing updates. Which of the following risks would most likely be a factor?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually. Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?
정답: B
A security engineer needs to implement a cost-effective authentication scheme for a new web-based application that requires:
*Rapid authentication
*Flexible authorization
*Ease of deployment
*Low cost but high functionality
Which of the following approaches best meets these objectives?
*Rapid authentication
*Flexible authorization
*Ease of deployment
*Low cost but high functionality
Which of the following approaches best meets these objectives?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
Which of the following are risks associated with vendor lock-in? (Choose two.)
정답: C,E
설명: (DumpTOP 회원만 볼 수 있음)
A development team needs terminal access to preproduction servers to verify settings and enter purchased license keys. To address the team's needs, the security administrator implements the following requirements:
*Only trusted accounts can access the preproduction servers.
*Developers cannot access the preproduction servers directly from their workstations.
*The trusted accounts should only have access to specific preproduction servers.
Which of the following are necessary to fulfill the security requirements? (Select two).
*Only trusted accounts can access the preproduction servers.
*Developers cannot access the preproduction servers directly from their workstations.
*The trusted accounts should only have access to specific preproduction servers.
Which of the following are necessary to fulfill the security requirements? (Select two).
정답: B,E
설명: (DumpTOP 회원만 볼 수 있음)
A vulnerability scanner detected an obsolete version of an open-source file-sharing application on one of a company's Linux servers. While the software version is no longer supported by the OSS community, the company's Linux vendor backported fixes, applied them for all current vulnerabilities, and agrees to support the software in the future.
Based on this agreement, this finding is BEST categorized as a:
Based on this agreement, this finding is BEST categorized as a:
정답: A
A company's product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company's reputation in the market.
Which of the following should the company implement to address the risk of system unavailability?
Which of the following should the company implement to address the risk of system unavailability?
정답: B
Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the must occur to ensure the integrity of the image?
정답: D
A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier in the development process in order to reduce the average time to identify serverless application vulnerabilities and the costs associated with remediation The startup began its early security testing efforts with DAST to cover public-facing application components and recently implemented a bug bounty program Which of the following will BEST accomplish the company's objectives?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)