The CI/CD pipeline requires code to have close to zero defects and zero vulnerabilities. The current process for any code releases into production uses two-week Agile sprints. Which of the following would BEST meet the requirement?
A. An open-source automation server
B. A static code analyzer
C. Trusted open-source libraries
D. A single code repository for all developers
A Chief Information Security Officer (CISO) is concerned that a company's current data disposal procedures could result in data remanence. The company uses only SSDs. Which of the following would be the MOST secure way to dispose of the SSDs given the CISO's concern?
A. Degaussing
B. Overwriting
C. Shredding
D. Formatting
E. Incinerating
A security analyst is evaluating the security of an online customer banking system. The analyst has a 12-character password for the test account. At the login screen, the analyst is asked to enter the third, eighth, and eleventh characters of the password. Which of the following describes why this request is a security concern? (Choose two.)
A. The request is evidence that the password is more open to being captured via a keylogger.
B. The request proves that salt has not been added to the password hash, thus making it vulnerable to rainbow tables.
C. The request proves the password is encoded rather than encrypted and thus less secure as it can be easily reversed.
D. The request proves a potential attacker only needs to be able to guess or brute force three characters rather than 12 characters of the password.
E. The request proves the password is stored in a reversible format, making it readable by anyone at the bank who is given access.
F. The request proves the password must be in cleartext during transit, making it open to on-path attacks.
An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform?
A. Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.
B. Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.
C. Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.
D. Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.
A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability. Which of the following would BEST resolve and mitigate the issue? (Choose two.)
A. Deploying a WAF signature
B. Fixing the PHP code
C. Changing the web server from HTTPS to HTTP
D. Using SSLv3
E. Changing the code from PHP to ColdFusion
F. Updating the OpenSSL library
The Chief Executive Officer (CEO) of a small wholesaler with low margins is concerned about the use of a newly developed artificial intelligence algorithm being used in the organization's marketing tool. The tool can make automated purchasing approval decisions based on data provided by customers and collected from the Internet. Which of the following is MOST likely the concern? (Choose two.)
A. Required computing power
B. Cost to maintain
C. Customer privacy
D. Adversarial attacks
E. Information bias
F. Customer approval speed
An organization collects personal data from its global customers. The organization determines how that data is going to be used, why it is going to be used, and how it is manipulated for business processes. Which of the following will the organization need in order to comply with GDPR? (Choose two.)
A. Data processor
B. Data custodian
C. Data owner
D. Data steward
E. Data controller
F. Data manager
Which of the following BEST describe the importance of maintaining chain of custody in forensic evidence collection? (Choose two.)
A. It increases the likelihood that evidence will be deemed admissible in court.
B. It authenticates personnel who come in contact with evidence after collection.
C. It ensures confidentiality and the need-to-know basis of forensically acquired evidence.
D. It attests to how recently evidence was collected by recording date/time attributes.
E. It provides automated attestation for the integrity of the collected evidence.
F. It ensures the integrity of the collected evidence.
A company would like to obfuscate PII data accessed by an application that is housed in a database to prevent unauthorized viewing. Which of the following should the company do to accomplish this goal?
A. Use cell-level encryption.
B. Mask the data.
C. Implement a DLP solution.
D. Utilize encryption at rest.
A BIA of a popular online retailer identified several mission-essential functions that would take more than seven days to recover in the event of an outage. Which of the following should be considered when setting priorities for the restoration of these functions?
A. Supply chain issues
B. Revenue generation
C. Warm-site operations
D. Scheduled impacts to future projects
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.