CAS-004 V2

A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relations employee who has...

A developer wants to develop a secure external-facing web application. The developer is looking for an online community that produces tools, methodologies, articles, and documentation in the field of web-application security. Which of the following is the BEST option?A . ICANNB . PCI DSSC . OWASPD . CSAE . NISTView...

An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should: * Be based on open-source Android for user familiarity and ease. * Provide a single application for inventory management of physical assets. * Permit use of the...

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code. Which of the following would BEST secure the company’s CI/CD pipeline?A . Utilizing a trusted secrets managerB . Performing DAST on a weekly basisC . Introducing the use of container orchestrationD . Deploying instance...

A security engineer is reviewing a record of events after a recent data breach incident that Involved the following: • A hacker conducted reconnaissance and developed a footprint of the company s Internet-facing web application assets. • A vulnerability in a third-party horary was exploited by the hacker, resulting in...

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times. Which of the following should the engineer report as the ARO for successful breaches?A . 0.5B . 8C . 50D . 36,500View...

A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a...

The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight. Which of the following testing methods would be BEST for the engineer to utilize in this situation?A . Software composition analysisB ....

An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information. Which of the following provides the BEST guidance for protecting such information while it is at...

An auditor Is reviewing the logs from a web application to determine the source of an Incident. The web application architecture Includes an Internet-accessible application load balancer, a number of web servers In a private subnet, application servers, and one database server In a tiered configuration. The application load balancer...