An application security engineer is performing a vulnerability assessment against a new web application that uses SAML. The engineer wants to identify potential authentication issues within the application. Which of the following methods would be most appropriate for the engineer to perform?
A. Fuzz testing
B. Static analysis
C. Side-channel analysis
D. Dynamic analysis
A DNS forward lookup zone named comptia.org must:
? Ensure the DNS is protected from on-path attacks.
? Ensure zone transfers use mutual authentication and are authenticated and negotiated.
Which of the following should the security architect configure to meet these requirements? (Choose two.)
A. Public keys
B. Conditional forwarders
C. Root hints
D. DNSSEC
E. CNAME records
F. SRV records
An accounting team member received a voicemail message from someone who sounded like the Chief Financial Officer (CFO). In the voicemail message, the caller requested a wire transfer to a bank account the organization had not used before. Which of the following best describes this type of attack?
A. The attacker used deepfake technology to simulate the CFO's voice.
B. The CFO tried to commit a form of embezzlement.
C. The attacker used caller ID spoofing to imitate the CFO's internal phone extension.
D. The attacker successfully phished someone in the accounts payable department.
A social media company wants to change encryption ciphers after identifying weaknesses in the implementation of the existing ciphers. The company needs the new ciphers to meet the following requirements:
? Utilize less RAM than competing ciphers.
? Be more CPU-efficient than previous ciphers.
? Require customers to use TLS 1.3 while broadcasting video or audio.
Which of the following is the best choice for the social media company?
A. IDEA-CBC
B. AES-GCM
C. ChaCha20-Poly1305
D. Camellia-CBC
The Chief Security Officer (CSO) requested the security team implement technical controls that meet the following requirements:
1.
Monitors traffic to and from both local NAS and cloud-based file repositories
2.
Prevents on-site staff who are accessing sensitive customer PII documents on file repositories from accidentally or deliberately sharing sensitive documents on personal SaaS solutions
3.
Uses document attributes to reduce false positives
4.
Is agentless and not installed on staff desktops or laptops
Which of the following when installed and configured would BEST meet the CSO's requirements? (Choose two.)
A. DLP
B. NGFW
C. UTM
D. UEBA
E. CASB
F. HIPS
A global financial firm wants to onboard a new vendor that sells a very specific SaaS application. The application is only hosted in the vendor's home country, and the firm cannot afford any significant downtime. Which of the following is the GREATEST risk to the firm, assuming the decision is made to work with the new vendor?
A. The application's performance will be different in regional offices.
B. There are regulatory concerns with using SaaS applications.
C. The SaaS application will only be available to users in one country.
D. There is no geographical redundancy in case of network outages.
An organization must implement controls that are aligned with its financial requirements; specifically, the organization is looking to implement the following:
1.
Financial transactions that require one reviewer
2.
Audits of funds disbursements
3.
Cross-training of employees
Which of the following controls will address the organization's requirements?
A. Change management
B. Job rotation
C. Least privilege
D. Separation of duties
The Chief Information Security Officer (CISO) has outlined a five-year plan for the company that includes the following:
1.
Implement an application security program.
2.
Reduce the click rate on phishing simulations from 73% to 8%.
3.
Deploy EDR to all workstations and servers.
4.
Ensure all systems are sending logs to the SIEM.
5.
Reduce the percentage of systems with vulnerabilities from 89% to 5%.
Which of the following would BEST aid the CISO in determining whether these goals are obtainable?
A. An asset inventory
B. A third-party audit
C. A risk assessment
D. An organizational CMMI
A security architect is designing a solution for a new customer who requires significant security capabilities in its environment. The customer has provided the architect with the following set of requirements:
1.
Capable of early detection of advanced persistent threats.
2.
Must be transparent to users and cause no performance degradation.
3.
Allow integration with production and development networks seamlessly.
4.
Enable the security team to hunt and investigate live exploitation techniques.
Which of the following technologies BEST meets the customer's requirements for security capabilities?
A. Threat Intelligence
B. Deception software
C. Centralized logging
D. Sandbox detonation
A web service provider has just taken on a very large contract that comes with requirements that are currently not being implemented. In order to meet contractual requirements, the company must achieve the following thresholds:
1.
99.99% uptime
2.
Load time in 3 seconds
3.
Response time = <1.0 seconds
Starting with the computing environment, which of the following should a security engineer recommend to BEST meet the requirements? (Choose three.)
A. Installing a firewall at corporate headquarters
B. Deploying a content delivery network
C. Implementing server clusters
D. Employing bare-metal loading of applications
E. Lowering storage input/output
F. Implementing RAID on the backup servers
G. Utilizing redundant power for all developer workstations
H. Ensuring technological diversity on critical servers
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.