A security engineer is implementing DLP. Which of the following should the security engineer include in the overall DLP strategy?
A. TokenizationAn organization has just been breached, and the attacker is exfiltrating data from workstations. The security analyst validates this information with the firewall logs and must stop the activity immediately. Which of the following steps should the security analyst perform NEXT?
A. Determine what data is being stolen and change the folder permissions to read only.The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:
1.Transaction being requested by unauthorized individuals.
2.Complete discretion regarding client names, account numbers, and investment information.
3.Malicious attackers using email to malware and ransomeware.
4.Exfiltration of sensitive company information.
The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing.
Which of the following is the BEST option to resolve the boar's concerns for this email migration?
A. Data loss preventionAn organization found a significant vulnerability associated with a commonly used package in a variety of operating systems.
The organization develops a registry of software dependencies to facilitate incident response activities. As part of the registry, the organization creates hashes of packages that have been formally vetted.
Which of the following attack vectors does this registry address?
A. Supply chain attackA security administrator at a global organization wants to update password complexity rules for a system containing personally identifiable information. Which of the following would be the best resource for this information?
A. NISTA security engineer needs to select the architecture for a cloud database that will protect an organization's sensitive data. The engineer has a choice between a single-tenant or a multitenant database architecture offered by a cloud vendor. Which of the following best describes the security benefits of the single-tenant option? (Select two).
A. Most cost-effectiveAs part of the customer registration process to access a new bank account, customers are required to upload a number of documents, including their passports and driver's licenses. The process also requires customers to take a current photo of themselves to be compared against provided documentation.
Which of the following BEST describes this process?
A. DeepfakeA recent DAST scan indicates an application has multiple issues with path traversal.
Which of the following is the best action for the development team to take?
A. Develop a secure library for file handling that normalizes and validates the input path.An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.
Which of the following describes the administrator's discovery?
A. A vulnerabilityA developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users. Which of the following would be BEST for the developer to perform? (Choose two.)
A. Utilize code signing by a trusted third party.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.