CAS-004 V2

An organization is implementing a new identity and access management architecture with the following objectives: Supporting MFA against on-premises infrastructure Improving the user experience by integrating with SaaS applications Applying risk-based policies based on location Performing just-in-time provisioning Which of the following authentication protocols should the organization implement to support...

A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application. Which of the following is the MOST likely cause?A . The user agent...

An organization’s assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the business via...

While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were...

A company just released a new video card. Due to limited supply and nigh demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's Intended customers are frustrated. A security engineer suggests implementing a...

A security analyst is reviewing the following output: Which of the following would BEST mitigate this type of attack?A . Installing a network firewallB . Placing a WAF inlineC . Implementing an IDSD . Deploying a honeypotView AnswerAnswer: B

A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals. Which of the following does the business’s IT manager need to consider?A . The availability of personal dataB . The right to personal data erasureC . The company’s annual...

Which of the following controls primarily detects abuse of privilege but does not prevent it?A . Off-boardingB . Separation of dutiesC . Least privilegeD . Job rotationView AnswerAnswer: A

A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users. Which of the following would be BEST for the developer to perform? (Choose two.)A . Utilize code signing by a trusted third party.B . Implement certificate-based authentication.C ....

A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The...