A company has decided that only administrators are permitted to use PowerShell on their Windows computers. Which of the following is the BEST way for an administrator to implement this decision?
A. Monitor the Application and Services Logs group within Windows Event Log.
B. Uninstall PowerShell from all workstations.
C. Configure user settings In Group Policy.
D. Provide user education and training.
E. Block PowerShell via HIDS.
A security architect is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business. Which of the following techniques should have been implemented to prevent these types of risks?
A. Code reviews
B. Supply chain visibility
C. Software audits
D. Source code escrows
An organization has just been breached, and the attacker is exfiltrating data from workstations. The security analyst validates this information with the firewall logs and must stop the activity immediately. Which of the following steps should the security analyst perform NEXT?
A. Determine what data is being stolen and change the folder permissions to read only.
B. Determine which users may have clicked on a malicious email link and suspend their accounts.
C. Determine where the data is being transmitted and create a block rule.
D. Determine if a user inadvertently installed malware from a USB drive and update antivirus definitions.
E. Determine if users have been notified to save their work and turn off their workstations.
A security engineer is working for a service provider and analyzing logs and reports from a new EDR solution, which is installed on a small group of workstations. Later that day, another security engineer receives an email from two developers reporting the software being used for development activities is now blocked. The developers have not made any changes to the software being used. Which of the following is the EDR reporting?
A. True positive
B. False negative
C. False positive
D. True negative
A corporation discovered its internet connection is saturated with traffic originating from multiple IP addresses across the internet. A security analyst needs to find a solution to address future occurrences of this type of attack.
Which of the following would be the BEST solution to meet this goal?
A. Implementing cloud-scrubbing services
B. Upgrading the internet link
C. Deploying a web application firewall
D. Provisioning a reverse proxy
A mobile application developer is creating a global, highly scalable, secure chat application. The developer would like to ensure the application is not susceptible to on-path attacks while the user is traveling in potentially hostile regions. Which of the following would BEST achieve that goal?
A. Utilize the SAN certificate to enable a single certificate for all regions.
B. Deploy client certificates to all devices in the network.
C. Configure certificate pinning inside the application.
D. Enable HSTS on the application's server side for all communication.
A network administrator who manages a Linux web server notices the following traffic:
http://comptia.org/../../../../etc/shadow
Which of the following is the BEST action for the network administrator to take to defend against this type of web attack?
A. Validate the server certificate and trust chain.
B. Validate the server input and append the input to the base directory path.
C. Validate that the server is not deployed with default account credentials.
D. Validate that multifactor authentication is enabled on the server for all user accounts.
A cloud security architect has been tasked with selecting the appropriate solution given the following:
1.
The solution must allow the lowest RTO possible.
2.
The solution must have the least shared responsibility possible.
3.
Patching should be a responsibility of the CSP.
Which of the following solutions can BEST fulfil the requirements?
A. PaaS
B. IaaS
C. Private
D. SaaS
A company has instituted a new policy in which all outbound traffic must go over TCP ports 80 and 443 for all its managed mobile devices. No other IP traffic is allowed to be initiated from a device. Which of the following should the organization consider implementing to ensure internet access continues without interruption?
A. CYOD
B. MDM
C. WPA3
D. DoH
In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:
A. cloud-native applications.
B. containerization.
C. serverless configurations.
D. software-defined networking.
E. secure access service edge.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.