CAS-004 exam

An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items. Which of the following phases establishes the identification and prioritization of critical systems and functions?A . Review a recent gap analysis.B . Perform a cost-benefit analysis.C . Conduct a business impact...

An attack team performed a penetration test on a new smart card system. The team demonstrated that by subjecting the smart card to high temperatures, the secret key could be revealed. Which of the following side-channel attacks did the team use?A . Differential power analysisB . Differential fault analysisC ....

An auditor needs to scan documents at rest for sensitive text. These documents contain both text and Images . Which of the following software functionalities must be enabled in the DLP solution for the auditor to be able to fully read these documents? (Select TWO).A . Document interpolationB . Regular...

A host on a company’s network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis. Which of the following steps would be best to perform...

UESTION NO: 36 Which of the following is a benefit of using steganalysis techniques in forensic response?A . Breaking a symmetric cipher used in secure voice communicationsB . Determining the frequency of unique attacks against DRM-protected mediaC . Maintaining chain of custody for acquired evidenceD . Identifying least significant bit...

A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relations employee who has...

A developer wants to develop a secure external-facing web application. The developer is looking for an online community that produces tools, methodologies, articles, and documentation in the field of web-application security. Which of the following is the BEST option?A . ICANNB . PCI DSSC . OWASPD . CSAE . NISTView...

An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should: * Be based on open-source Android for user familiarity and ease. * Provide a single application for inventory management of physical assets. * Permit use of the...

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code. Which of the following would BEST secure the company’s CI/CD pipeline?A . Utilizing a trusted secrets managerB . Performing DAST on a weekly basisC . Introducing the use of container orchestrationD . Deploying instance...

A security engineer is reviewing a record of events after a recent data breach incident that Involved the following: • A hacker conducted reconnaissance and developed a footprint of the company s Internet-facing web application assets. • A vulnerability in a third-party horary was exploited by the hacker, resulting in...