Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

  1. Home
  2. CompTIA
  3. CompTIA CASP
  4. CAS-004 - CompTIA SecurityX Certification Exam

CAS-004 Exam Dumps - CompTIA SecurityX Certification Exam

Go to page:
Question # 105

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.

Which of the following should the organization perform NEXT?

A.

Assess the residual risk.

B.

Update the organization’s threat model.

C.

Move to the next risk in the register.

D.

Recalculate the magnitude of impact.

Full Access
Question # 106

As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.

Which of the following BEST describes this kind of risk response?

A.

Risk rejection

B.

Risk mitigation

C.

Risk transference

D.

Risk avoidance

Full Access
Question # 107

A security engineer is hardening a company’s multihomed SFTP server. When scanning a public-facing network interface, the engineer finds the following ports are open:

22

25

110

137

138

139

445

Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company’s distribution process.

Which of the following would be the BEST solution to harden the system?

A.

Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface.

B.

Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface.

C.

Close ports 22 and 139. Bind ports 137, 138, and 445 to only the internal interface.

D.

Close ports 22, 137, and 138. Bind ports 110 and 445 to only the internal interface.

Full Access
Question # 108

Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.

Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?

A.

Compile a list of firewall requests and compare than against interesting cloud services.

B.

Implement a CASB solution and track cloud service use cases for greater visibility.

C.

Implement a user-behavior system to associate user events and cloud service creation events.

D.

Capture all log and feed then to a SIEM and then for cloud service events

Full Access
Question # 109

Based on PCI DSS v3.4, One Particular database field can store data, but the data must be unreadable. which of the following data objects meets this requirement?

A.

PAN

B.

CVV2

C.

Cardholder name

D.

expiration date

Full Access
Question # 110

Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical according to CVSS to be fixed or mitigated. A security analyst notices that many vulnerabilities that were previously scored as medium are now breaching higher thresholds. Upon further investigation, the analyst notices certain ratings are not aligned with the approved system categorization. Which of the following can the analyst do to get a better picture of the risk while adhering to the organization's policy?

A.

Align the exploitability metrics to the predetermined system categorization.

B.

Align the remediation levels to the predetermined system categorization.

C.

Align the impact subscore requirements to the predetermined system categorization.

D.

Align the attack vectors to the predetermined system categorization.

Full Access
Question # 111

A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system. Which of the following security responsibilities will the DevOps team need to perform?

A.

Securely configure the authentication mechanisms

B.

Patch the infrastructure at the operating system

C.

Execute port scanning against the services

D.

Upgrade the service as part of life-cycle management

Full Access
Question # 112

A company provides guest WiFi access to the internet and physically separates the guest network from the company’s internal WIFI. Due to a recent incident in which an attacker gained access to the compay’s intend WIFI, the company plans to configure WPA2 Enterprise in an EAP- TLS configuration. Which of the following must be installed on authorized hosts for this new configuration to work properly?

A.

Active Directory OPOs

B.

PKI certificates

C.

Host-based firewall

D.

NAC persistent agent

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps