The IT team suggests the company would save money by using self-signed certificates, but the security team indicates the company must use digitally signed third-party certificates. Which of the following is a valid reason to pursue the security team's recommendation?
A. PKCS #10 is still preferred over PKCS #12.
B. Private-key CSR signage prevents on-path interception.
C. There is more control in using a local certificate over a third-party certificate.
D. There is minimal benefit in using a certificate revocation list.
A junior security researcher has identified a buffer overflow vulnerability leading to remote code execution in a former employer's software. The security researcher asks for the manager's advice on the vulnerability submission process. Which of the following is the best advice the current manager can provide the security researcher?
A. Collect proof that the exploit works in order to expedite the process.
B. Publish proof-of-concept exploit code on a personal blog.
C. Recommend legal consultation about the process.
D. Visit a bug bounty website for the latest information.
A company recently deployed new servers to create an additional cluster to support a new application. The corporate security policy states that all new servers must be resilient. The new cluster has a high-availability configuration for a smooth failover. The failover was successful following a recent power outage, but both clusters lost critical data, which impacted recovery time. Which of the following needs to be configured to help ensure minimal delays when power outages occur in the future?
A. Replication
B. Caching
C. Containerization
D. Redundancy
E. High availability
A security researcher identified the following messages while testing a web application:
/file/admin/myprofile.php ERROR file does not exist. /file/admin/userinfo.php ERROR file does not exist. /file/admin/adminprofile.php ERROR file does not exist. /file/admin/admininfo.php ERROR file does not exist. /file/admin/universalprofile.php ERROR file does not exist. /file/admin/universalinfo.php ERROR file does not exist. /file/admin/restrictedprofile.php ACCESS is denied. /file/admin/restrictedinfo.php ERROR file does not exist.
Which of the following should the researcher recommend to remediate the issue?
A. Software composition analysis
B. Packet inspection
C. Proper error handling
D. Elimination of the use of unsafe functions
A company has been the target of LDAP injections, as well as brute-force, whaling, and spear-phishing attacks. The company is concerned about ensuring continued system access. The company has already implemented a SSO system with strong passwords. Which of the following additional controls should the company deploy?
A. Two-factor authentication
B. Identity proofing
C. Challenge questions
D. Live identity verification
Two companies that recently merged would like to unify application access between the companies, without initially merging internal authentication stores. Which of the following technical strategies would best meet this objective?
A. Federation
B. RADIUS
C. TACACS+
D. MFA
E. ABAC
A security analyst is participating in a risk assessment and is helping to calculate the exposure factor associated with various systems and processes within the organization. Which of the following resources would be most useful to calculate the exposure factor in this scenario?
A. Gap analysis
B. Business impact analysis
C. Risk register
D. Information security policy
E. Lessons learned
A security architect is reviewing the following organizational specifications for a new application:
1.
Be sessionless and API-based
2.
Accept uploaded documents with PII, so all storage must be ephemeral
3.
Be able to scale on-demand across multiple nodes
4.
Restrict all network access except for the TLS port
Which of the following ways should the architect recommend the application be deployed in order to meet security and organizational infrastructure requirements?
A. Utilizing the cloud container service
B. On server instances with autoscaling groups
C. Using scripted delivery
D. With a content delivery network
A security engineer has learned that terminated employees' accounts are not being disabled. The termination dates are updated automatically in the human resources information system software by the appropriate human resources staff. Which of the following would best reduce risks to the organization?
A. Exporting reports from the system on a weekly basis to disable terminated employees' accounts
B. Granting permission to human resources staff to mark terminated employees' accounts as disabled
C. Configuring allowed login times for all staff to only work during business hours
D. Automating a process to disable the accounts by integrating Active Directory and human resources information systems
A company has identified a number of vulnerable, end-of-support systems with limited defensive capabilities. Which of the following would be the first step in reducing the attack surface in this environment?
A. Utilizing hardening recommendations
B. Deploying IPS/IDS throughout the environment
C. Installing and updating antivirus
D. Installing all available patches
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.