CAS-004 exam

An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should: * Be based on open-source Android for user familiarity and ease. * Provide a single application for inventory management of physical assets. * Permit use of the...

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code. Which of the following would BEST secure the company’s CI/CD pipeline?A . Utilizing a trusted secrets managerB . Performing DAST on a weekly basisC . Introducing the use of container orchestrationD . Deploying instance...

A security engineer is reviewing a record of events after a recent data breach incident that Involved the following: • A hacker conducted reconnaissance and developed a footprint of the company s Internet-facing web application assets. • A vulnerability in a third-party horary was exploited by the hacker, resulting in...

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times. Which of the following should the engineer report as the ARO for successful breaches?A . 0.5B . 8C . 50D . 36,500View...

A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a...

The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight. Which of the following testing methods would be BEST for the engineer to utilize in this situation?A . Software composition analysisB ....

An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information. Which of the following provides the BEST guidance for protecting such information while it is at...

An auditor Is reviewing the logs from a web application to determine the source of an Incident. The web application architecture Includes an Internet-accessible application load balancer, a number of web servers In a private subnet, application servers, and one database server In a tiered configuration. The application load balancer...

An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items. Which of the following phases establishes the identification and prioritization of critical systems and functions?A . Review a recent gap analysis.B . Perform a cost-benefit analysis.C . Conduct a business impact...

An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment. Which of the following BEST describes the reason why traditional...