Latest CAS-004 Exam Questions

A security analyst notices a number of SIEM events that show the following activity:

Which of the following response actions should the analyst take FIRST?

A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated. Which of the following techniques would be BEST suited for this requirement?

A company is looking to fortify its cybersecurity defenses and is focusing on its network
infrastructure. The solution cannot affect the availability of the company’s services to
ensure false positives do not drop legitimate traffic.
Which of the following would satisfy the requirement?

A networking team was asked to provide secure remote access to all company employees.
The team decided to use client-to-site VPN as a solution. During a discussion, the Chief
Information Security Officer raised a security concern and asked the networking team to
route the Internet traffic of remote users through the main office infrastructure. Doing this
would prevent remote users from accessing the Internet through their local networks while
connected to the VPN.
Which of the following solutions does this describe?

A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company’s website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?

A financial institution has several that currently employ the following controls:
* The severs follow a monthly patching cycle.
* All changes must go through a change management process.
* Developers and systems administrators must log into a jumpbox to access the servers
hosting the data using two-factor authentication.
* The servers are on an isolated VLAN and cannot be directly accessed from the internal
production network.
An outage recently occurred and lasted several days due to an upgrade that circumvented
the approval process. Once the security team discovered an unauthorized patch was
installed, they were able to resume operations within an hour. Which of the following should
the security administrator recommend to reduce the time to resolution if a similar incident
occurs in the future?

A security team received a regulatory notice asking for information regarding collusion and
pricing from staff members who are no longer with the organization. The legal department
provided the security team with a list of search terms to investigate.
This is an example of:

A company is implementing SSL inspection. During the next six months, multiple web
applications that will be separated out with subdomains will be deployed.
Which of the following will allow the inspection of the data without multiple certificate
deployments?

A security administrator configured the account policies per security implementation
guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The
following settings meet the existing compliance guidelines:
Must have a minimum of 15 characters
Must use one number
Must use one capital letter
Must not be one of the last 12 passwords used
Which of the following policies should be added to provide additional security?

Leveraging cryptographic solutions to protect data that is in use ensures the data is encrypted: