CAS-004 exam

A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line. Which of the following commands would be the BEST to run to view only active Internet connections?A . sudo netstat -antu | grep “LISTEN” | awk ‘{print$5}’B . sudo...

A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots. Which of the following would provide the BEST boot loader protection?A ....

Device event logs sources from MDM software as follows: Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?A . Malicious installation of an application; change the MDM configuration to remove application ID 1220.B . Resource leak; recover the...

An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the...

A vulnerability analyst identified a zero-day vulnerability in a company’s internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one. Which of the following would be BEST suited to meet these requirements?A . ARFB ....

A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users. Which of the following would be BEST for the developer to perform? (Choose two.)A . Utilize code signing by a trusted third party.B . Implement certificate-based authentication.C ....

A security engineer needs to recommend a solution that will meet the following requirements: Identify sensitive data in the provider’s network Maintain compliance with company and regulatory guidelines Detect and respond to insider threats, privileged user threats, and compromised accounts Enforce datacentric security, such as encryption, tokenization, and access control...

Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity?A . Key sharingB . Key distributionC . Key recoveryD . Key escrowView AnswerAnswer: D Explanation: Key escrow is a process that involves storing encryption keys with a trusted third party, such...

A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources. Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?A...

An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to...