New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CAS-004 Exam Dumps - CompTIA Advanced Security Practitioner (CASP+) Exam

Go to page:
Question # 81

When implementing serverless computing an organization must still account for:

A.

the underlying computing network infrastructure

B.

hardware compatibility

C.

the security of its data

D.

patching the service

Full Access
Question # 82

A network security engineer is designing a three-tier web architecture that will allow a third-party vendor to perform the following audit functions within the organization's cloud environment

• Review communication between all infrastructure endpoints

• Identify unauthorized and malicious data patterns

• Perform automated, risk-mitigating configuration changes

Which of the following should the network security engineer include in the design to address these requirements?

A.

Network edge NIPS

B.

Centralized syslog

C.

Traffic mirroring

D.

Network flow

Full Access
Question # 83

Which of the following technologies would benefit the most from the use of biometric readers proximity badge entry systems, and the use of hardware security tokens to access various environments and data entry systems?

A.

Deep learning

B.

Machine learning

C.

Nanotechnology

D.

Passwordless authentication

E.

Biometric impersonation

Full Access
Question # 84

An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:

mbedTLS: ca certificate undefined

Which of the following is the root cause of this issue?

A.

iOS devices have an empty root certificate chain by default.

B.

OpenSSL is not configured to support PKCS#12 certificate files.

C.

The VPN client configuration is missing the CA private key.

D.

The iOS keychain imported only the client public and private keys.

Full Access
Question # 85

A security engineer is trying to identify instances of a vulnerability in an internally developed line of business software. The software is hosted at the company's internal data center. Although a standard vulnerability definition does not exist, the identification and remediation results should be tracked in the company's vulnerability management system. Which of the following should the engineer use to identify this vulnerability?

A.

SIEM

B.

CASB

C.

SCAP

D.

OVAL

Full Access
Question # 86

A software developer has been tasked with creating a unique threat detection mechanism that is based on machine learning. The information system for which the tool is being developed is on a rapid CI/CD pipeline, and the tool developer is considered a supplier to the process. Which of the following presents the most risk to the development life cycle and lo the ability to deliver the security tool on time?

A.

Deep learning language barriers

B.

Big Data processing required for maturity

C.

Secure, multiparty computation requirements

D.

Computing capabilities available to the developer

Full Access
Question # 87

An IDS was unable to detect malicious network traffic during a recent security incident, even though all traffic was being sent using HTTPS. As a result, a website used by employees was compromised. Which of the following detection mechanisms would allow the IDS to detect an attack like this one in the future?

A.

Deobfuscation

B.

Protocol decoding

C.

Inspection proxy

D.

Digital rights management

Full Access
Question # 88

A control systems analyst is reviewing the defensive posture of engineering workstations on the shop floor. Upon evaluation, the analyst makes the following observations:

• Unsupported, end-of-life operating systems were still prevalent on the shop floor.

• There are no security controls for systems with supported operating systems.

• There is little uniformity of installed software among the workstations.

Which of the following would have the greatest impact on the attack surface?

A.

Deploy antivirus software to all of the workstations.

B.

Increase the level of monitoring on the workstations.

C.

Utilize network-based allow and block lists.

D.

Harden all of the engineering workstations using a common strategy.

Full Access
Go to page: